diff --git a/security/certverifier/ExtendedValidation.cpp b/security/certverifier/ExtendedValidation.cpp index 491b7094aa01..6d0730e0654b 100644 --- a/security/certverifier/ExtendedValidation.cpp +++ b/security/certverifier/ExtendedValidation.cpp @@ -11,6 +11,7 @@ #include "certdb.h" #include "hasht.h" #include "mozilla/ArrayUtils.h" +#include "mozilla/PodOperations.h" #include "pk11pub.h" #include "pkix/pkixtypes.h" #include "prerror.h" @@ -1271,9 +1272,15 @@ RegisterOID(const SECItem& oidItem, const char* oidName) return SECOID_AddEntry(&od); } +static SECOidTag sCABForumEVOIDTag = SEC_OID_UNKNOWN; + static bool isEVPolicy(SECOidTag policyOIDTag) { + if (policyOIDTag != SEC_OID_UNKNOWN && policyOIDTag == sCABForumEVOIDTag) { + return true; + } + for (const nsMyTrustedEVInfo& entry : myTrustedEVInfos) { if (policyOIDTag == entry.oid_tag) { return true; @@ -1294,11 +1301,17 @@ CertIsAuthoritativeForEVPolicy(const UniqueCERTCertificate& cert, return false; } + const SECOidData* cabforumOIDData = SECOID_FindOIDByTag(sCABForumEVOIDTag); for (const nsMyTrustedEVInfo& entry : myTrustedEVInfos) { if (entry.cert && CERT_CompareCerts(cert.get(), entry.cert.get())) { + if (cabforumOIDData && cabforumOIDData->oid.len == policy.numBytes && + mozilla::PodEqual(cabforumOIDData->oid.data, policy.bytes, + policy.numBytes)) { + return true; + } const SECOidData* oidData = SECOID_FindOIDByTag(entry.oid_tag); if (oidData && oidData->oid.len == policy.numBytes && - !memcmp(oidData->oid.data, policy.bytes, policy.numBytes)) { + mozilla::PodEqual(oidData->oid.data, policy.bytes, policy.numBytes)) { return true; } } @@ -1310,6 +1323,19 @@ CertIsAuthoritativeForEVPolicy(const UniqueCERTCertificate& cert, static PRStatus IdentityInfoInit() { + static const char* sCABForumOIDString = "2.23.140.1.1"; + static const char* sCABForumOIDDescription = "CA/Browser Forum EV OID"; + + mozilla::ScopedAutoSECItem cabforumOIDItem; + if (SEC_StringToOID(nullptr, &cabforumOIDItem, sCABForumOIDString, 0) + != SECSuccess) { + return PR_FAILURE; + } + sCABForumEVOIDTag = RegisterOID(cabforumOIDItem, sCABForumOIDDescription); + if (sCABForumEVOIDTag == SEC_OID_UNKNOWN) { + return PR_FAILURE; + } + for (size_t iEV = 0; iEV < mozilla::ArrayLength(myTrustedEVInfos); ++iEV) { nsMyTrustedEVInfo& entry = myTrustedEVInfos[iEV]; diff --git a/security/manager/ssl/tests/unit/pycert.py b/security/manager/ssl/tests/unit/pycert.py index 417562a16991..9c8efa915c0f 100755 --- a/security/manager/ssl/tests/unit/pycert.py +++ b/security/manager/ssl/tests/unit/pycert.py @@ -31,7 +31,7 @@ extKeyUsage:[serverAuth,clientAuth,codeSigning,emailProtection OCSPSigning,timeStamping] subjectAlternativeName:[,...] authorityInformationAccess: -certificatePolicies: +certificatePolicies:[,...] nameConstraints:{permitted,excluded}:[,...] nsCertType:sslServer TLSFeature:[,...] @@ -554,14 +554,15 @@ class Certificate(object): sequence.setComponentByPosition(0, accessDescription) self.addExtension(rfc2459.id_pe_authorityInfoAccess, sequence, critical) - def addCertificatePolicies(self, policyOID, critical): + def addCertificatePolicies(self, policyOIDs, critical): policies = rfc2459.CertificatePolicies() - policy = rfc2459.PolicyInformation() - if policyOID == 'any': - policyOID = '2.5.29.32.0' - policyIdentifier = rfc2459.CertPolicyId(policyOID) - policy.setComponentByName('policyIdentifier', policyIdentifier) - policies.setComponentByPosition(0, policy) + for pos, policyOID in enumerate(policyOIDs.split(',')): + if policyOID == 'any': + policyOID = '2.5.29.32.0' + policy = rfc2459.PolicyInformation() + policyIdentifier = rfc2459.CertPolicyId(policyOID) + policy.setComponentByName('policyIdentifier', policyIdentifier) + policies.setComponentByPosition(pos, policy) self.addExtension(rfc2459.id_ce_certificatePolicies, policies, critical) def addNameConstraints(self, constraints, critical): diff --git a/security/manager/ssl/tests/unit/test_ev_certs.js b/security/manager/ssl/tests/unit/test_ev_certs.js index 3912b639a902..d4aabd888f10 100644 --- a/security/manager/ssl/tests/unit/test_ev_certs.js +++ b/security/manager/ssl/tests/unit/test_ev_certs.js @@ -179,6 +179,15 @@ function ensureVerifiesAsDVWithVeryOldEndEntityOCSPResponse(testcase) { add_task(function* plainExpectSuccessEVTests() { yield ensureVerifiesAsEV("anyPolicy-int-path"); yield ensureVerifiesAsEV("test-oid-path"); + yield ensureVerifiesAsEV("cabforum-oid-path"); + yield ensureVerifiesAsEV("cabforum-and-test-oid-ee-path"); + yield ensureVerifiesAsEV("test-and-cabforum-oid-ee-path"); + yield ensureVerifiesAsEV("reverse-order-oids-path"); + // In this case, the end-entity has both the CA/B Forum OID and the test OID + // (in that order). The intermediate has the CA/B Forum OID. Since the + // implementation uses the first EV policy it encounters in the end-entity as + // the required one, this successfully verifies as EV. + yield ensureVerifiesAsEV("cabforum-and-test-oid-ee-cabforum-oid-int-path"); }); // These fail for various reasons to verify as EV, but fallback to DV should @@ -189,6 +198,15 @@ add_task(function* expectDVFallbackTests() { yield ensureVerifiesAsDV("no-ocsp-ee-path", gEVExpected ? [ "no-ocsp-ee-path-int" ] : []); yield ensureVerifiesAsDV("no-ocsp-int-path"); + // In this case, the end-entity has the test OID and the intermediate has the + // CA/B Forum OID. Since the CA/B Forum OID is not treated the same as the + // anyPolicy OID, this will not verify as EV. + yield ensureVerifiesAsDV("test-oid-ee-cabforum-oid-int-path"); + // In this case, the end-entity has both the test OID and the CA/B Forum OID + // (in that order). The intermediate has only the CA/B Forum OID. Since the + // implementation uses the first EV policy it encounters in the end-entity as + // the required one, this fails to verify as EV. + yield ensureVerifiesAsDV("test-and-cabforum-oid-ee-cabforum-oid-int-path"); }); // Test that removing the trust bits from an EV root causes verifications diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem new file mode 100644 index 000000000000..fc8512f49355 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqugAwIBAgIUOx1MEBSRFwRNyE/lVhLEutRPLFcwCwYJKoZIhvcNAQEL +MD0xOzA5BgNVBAMMMmNhYmZvcnVtLWFuZC10ZXN0LW9pZC1lZS1jYWJmb3J1bS1v +aWQtaW50LXBhdGgtaW50MCIYDzIwMTQxMTI3MDAwMDAwWhgPMjAxNzAyMDQwMDAw +MDBaMDwxOjA4BgNVBAMMMWNhYmZvcnVtLWFuZC10ZXN0LW9pZC1lZS1jYWJmb3J1 +bS1vaWQtaW50LXBhdGgtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24a +hvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7t +FYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+o +N9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0d +JdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4 +s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjgbkwgbYwagYIKwYBBQUHAQEEXjBcMFoG +CCsGAQUFBzABhk5odHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvY2FiZm9ydW0t +YW5kLXRlc3Qtb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1lZS8wKAYDVR0g +BCEwHzAHBgVngQwBATAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYIT +ZXYtdGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBAECIbLN4d1BnTH04 +EVbS/RSwOKR9KLqUsFY8Il1z4gRewC8NgqwrN6KcU+NELJeUHvkgUOLidkorWNmq +Ix2YYrU+b8k4gU8tPXpfdzmuiUoK6I1fB5JZN7U4ZZ+z+YqBPL2oGs3BRNgR5TFe +IY06MnGXvfOsG7V9btZVM5csXsxShnK+kAC7Gzu0GjmnzwmLJmC6JkM1k3wNYY6l +YTKx1b0ZBhDDSxy1+2o5HtOADBvJiMO8q/CKTWaHUsDqD6T/CKdg/Qprc+phuY2M +d3ymeb/b+2yLzE4GL/k1CMkPsWR1zkn4zWqqx3XQ9CRu8XlrVzBtoRdOutjx3hPh +AoDIaYE= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem.certspec new file mode 100644 index 000000000000..c72237e453e4 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:cabforum-and-test-oid-ee-cabforum-oid-int-path-int +subject:cabforum-and-test-oid-ee-cabforum-oid-int-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee/ +extension:certificatePolicies:2.23.140.1.1,1.3.6.1.4.1.13769.666.666.666.1.500.9.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem new file mode 100644 index 000000000000..fee292b441db --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfDCCAmagAwIBAgIUH3IgGS95xL4D72yo6ux5K7Ou8DQwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE0MTEyNzAwMDAwMFoYDzIwMTcwMjA0 +MDAwMDAwWjA9MTswOQYDVQQDDDJjYWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUtY2Fi +Zm9ydW0tb2lkLWludC1wYXRoLWludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x +nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM +wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF +4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20 +yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx +j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBnzCBnDAMBgNVHRMEBTADAQH/ +MAsGA1UdDwQEAwIBBjBrBggrBgEFBQcBAQRfMF0wWwYIKwYBBQUHMAGGT2h0dHA6 +Ly93d3cuZXhhbXBsZS5jb206ODg4OC9jYWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUt +Y2FiZm9ydW0tb2lkLWludC1wYXRoLWludC8wEgYDVR0gBAswCTAHBgVngQwBATAL +BgkqhkiG9w0BAQsDggEBABEz2gshOPDHlUj970qL22Fj4Lq5oKUGzXvmYGLKsBll +OeElIkdkZfoyc2mHk+Tst1Void2oKseBE4HXJ8zX6bs+ZNt+pfarodjYA27Y2Jyq +YE1EAOAFxtHInkrIoXUTVhk7a3HRdI+G9z279bo9TRsZoJyTjxPmIxGfFaRLlWIq +0to41nKrDKmmtHXsOC7QYxZA8JAfKVmQd+rfZRXZrKIbeN5lelWtPLmczKx5KLkO +17rYM/eKHjHxe0ODVdU3Swn8hbiFKifaIMW+lK6Ay3E5dN80z2s7w4vb061Vun0v +PWx3x8GbDdmf+VibNIG6IGbMTvsilpQXrzB1yNVHg2U= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem.certspec new file mode 100644 index 000000000000..92ebdb37fde5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:cabforum-and-test-oid-ee-cabforum-oid-int-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-cabforum-oid-int-path-int/ +extension:certificatePolicies:2.23.140.1.1 diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem new file mode 100644 index 000000000000..6a341d404381 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDjjCCAnigAwIBAgIUT41XsD/wd45NKGORdRRkahxwM5cwCwYJKoZIhvcNAQEL +MCwxKjAoBgNVBAMMIWNhYmZvcnVtLWFuZC10ZXN0LW9pZC1lZS1wYXRoLWludDAi +GA8yMDE0MTEyNzAwMDAwMFoYDzIwMTcwMjA0MDAwMDAwWjArMSkwJwYDVQQDDCBj +YWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUtcGF0aC1lZTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7 +wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp +k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh +eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW +EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc +JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBqDCBpTBZBggr +BgEFBQcBAQRNMEswSQYIKwYBBQUHMAGGPWh0dHA6Ly93d3cuZXhhbXBsZS5jb206 +ODg4OC9jYWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUtcGF0aC1lZS8wKAYDVR0gBCEw +HzAHBgVngQwBATAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYITZXYt +dGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBAGf/I4T4khYf9jUgi95x +GMjZo17bTulYt/twJj0VKCVrCrYPNESm+nqgyduQhJiMU16I+QwCBhbY2vOb7Dc8 +GAdZR7gP+J0SPFMjSNNQOxf+urAgd5O4GNdnBX2oY1pI7xpDhr/Fe10UpUBnW+gC +i3wFXJZge9m2ZvsPluAzrksiAH1xBDw9uIETgoAKymv0JXEqxGfvcI5SStO0uC7J +ePFrSJO/SuFQVAIpnShT5HEtJA31nogWtySaxMbfq9tLZ/s3Mm8/x/oXDGaRvD66 +IIhstpaonMewQJPOBFyZMK/61bf8kvLgOwl1Y8fYowdmZdQC/K5fOAm0msbG6/sd +hVI= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem.certspec new file mode 100644 index 000000000000..36f80e017bf4 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:cabforum-and-test-oid-ee-path-int +subject:cabforum-and-test-oid-ee-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-path-ee/ +extension:certificatePolicies:2.23.140.1.1,1.3.6.1.4.1.13769.666.666.666.1.500.9.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem new file mode 100644 index 000000000000..d58ec3505e6e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWTCCAkOgAwIBAgIUW8OzTnn8Bt8zhvBk9lvX+vNAlqIwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE0MTEyNzAwMDAwMFoYDzIwMTcwMjA0 +MDAwMDAwWjAsMSowKAYDVQQDDCFjYWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUtcGF0 +aC1pbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9 +braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI +eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6 +iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za +qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7 +LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs +2hgKNe2NAgMBAAGjgY0wgYowDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwWgYI +KwYBBQUHAQEETjBMMEoGCCsGAQUFBzABhj5odHRwOi8vd3d3LmV4YW1wbGUuY29t +Ojg4ODgvY2FiZm9ydW0tYW5kLXRlc3Qtb2lkLWVlLXBhdGgtaW50LzARBgNVHSAE +CjAIMAYGBFUdIAAwCwYJKoZIhvcNAQELA4IBAQCGg7HJv/88mU1/a9fiI+fM1mNv +yS2TfvDiq2c7ybaT/ITSGJEPDY6a5D+Jb1bHULu6gk6rKrQ3Ze2oRfykVdFXpYt9 +PgcHzJYxTHW9yElcsp7qEM5kR8UzgzvoU3nbFHLX6AwXYFI8J0ObHKB5A2IJ19hM +4bWEDNX+P7zBU0kz7x8/RV+Qnh+KMXlTfvLWQYRYoklfK0r/Vhz4pcF1ghjsy+mM +/1PGE9ODi/KJggMnu9jKNIs4z5ErhPcjQebGs0cDfzf0DmgHffT2qcnL7rOpNJzs +v/oqLCr35ejAScub6rYs0zm8WnP/ZIlyzWD8nNfeSlIHR7IbdPp/X1Km6/Kz +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem.certspec new file mode 100644 index 000000000000..79ae7ae80182 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:cabforum-and-test-oid-ee-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-path-int/ +extension:certificatePolicies:any diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem new file mode 100644 index 000000000000..a71e8d64ab98 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDVDCCAj6gAwIBAgIUA66/k+1WDtWyVI5P3m0fZH7rPv0wCwYJKoZIhvcNAQEL +MCAxHjAcBgNVBAMMFWNhYmZvcnVtLW9pZC1wYXRoLWludDAiGA8yMDE0MTEyNzAw +MDAwMFoYDzIwMTcwMjA0MDAwMDAwWjAfMR0wGwYDVQQDDBRjYWJmb3J1bS1vaWQt +cGF0aC1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW +Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk +cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT +AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3 +ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh +s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV +A6zaGAo17Y0CAwEAAaOBhjCBgzBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAGG +MWh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9jYWJmb3J1bS1vaWQtcGF0aC1l +ZS8wEgYDVR0gBAswCTAHBgVngQwBATAeBgNVHREEFzAVghNldi10ZXN0LmV4YW1w +bGUuY29tMAsGCSqGSIb3DQEBCwOCAQEAnnM+ymlJlBFHpNO1BA3SefbIfTlDcGoN +gLTI5QBgH8QIhWEUxfQJJOqASJA1gYUia96HD+WKXIyZKesjKRBTXh9wimts7wjk +wm33M6/7feS2t0aZzsWKcGVxvG3rjr2pYICZb0tLBe6p2dV+uut0mV/tjtbYb+a4 +RIQdVDPZqNyzB2fE9SN6zH23VuPlvpPdTMa6lEGajxAUM4N0cirHtxRsGrsCrO1K +ne0Q2ZjMXbM0WnJRPLNnz7jzeUGwA3780iIlJUuqq7CK7ilzJJv9lPIIIwUeYndn +qhBmhTGaYrKIjqD0MD2b24d8GIAMc8fvsH3aYjTpxMLjP3C1Ow5dXg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem.certspec new file mode 100644 index 000000000000..86fd9aca39d9 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:cabforum-oid-path-int +subject:cabforum-oid-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/cabforum-oid-path-ee/ +extension:certificatePolicies:2.23.140.1.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem new file mode 100644 index 000000000000..4d19d398561c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQTCCAiugAwIBAgIUcyiTXcKDMkOqMMltTMyBQVYObU4wCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE0MTEyNzAwMDAwMFoYDzIwMTcwMjA0 +MDAwMDAwWjAgMR4wHAYDVQQDDBVjYWJmb3J1bS1vaWQtcGF0aC1pbnQwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk +NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC +fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m +CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM +HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m +1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj +gYEwfzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBOBggrBgEFBQcBAQRCMEAw +PgYIKwYBBQUHMAGGMmh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9jYWJmb3J1 +bS1vaWQtcGF0aC1pbnQvMBIGA1UdIAQLMAkwBwYFZ4EMAQEwCwYJKoZIhvcNAQEL +A4IBAQAVTwBzJWNlukdnmi8a5L3EbmUh/lJaSC64Z56esQyI3TnRWesa1GVDZE8l +PmeRE/fn3ICVt4ciPYotezUbBqWaSlhiVpMsI47gYAxMdyCi+UStMFoBucF0q2Qc +Stqcxn/DvaA43pZDLC1O+SS5c6ukRVJtuPw/nwjDRw2cq6hs3hHlhD3qGqYajG7l +iaLdf44w1C3GAmtB6n3vGT6kDzIv13Ib9ZXayE9MVAbPDyCmQrBtzCirYo7k7rfi +cWqTw/shF/UFhx2OW2MmxE4GvYVmOi+E4LUHGqXwoaMYUyjoObLQnS5HKn5KYuin +zOryzV4Q3Nilu31lZa2wMTyHzLR1 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem.certspec new file mode 100644 index 000000000000..343307164b01 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:cabforum-oid-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/cabforum-oid-path-int/ +extension:certificatePolicies:2.23.140.1.1 diff --git a/security/manager/ssl/tests/unit/test_ev_certs/moz.build b/security/manager/ssl/tests/unit/test_ev_certs/moz.build index 1802ceb9fafe..286097c1cbef 100644 --- a/security/manager/ssl/tests/unit/test_ev_certs/moz.build +++ b/security/manager/ssl/tests/unit/test_ev_certs/moz.build @@ -10,6 +10,12 @@ # 'anyPolicy-ee-path-int.pem', # 'anyPolicy-int-path-ee.pem', # 'anyPolicy-int-path-int.pem', +# 'cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem', +# 'cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem', +# 'cabforum-and-test-oid-ee-path-ee.pem', +# 'cabforum-and-test-oid-ee-path-int.pem', +# 'cabforum-oid-path-ee.pem', +# 'cabforum-oid-path-int.pem', # 'evroot.pem', # 'no-ocsp-ee-path-ee.pem', # 'no-ocsp-ee-path-int.pem', @@ -18,6 +24,14 @@ # 'non-ev-root-path-ee.pem', # 'non-ev-root-path-int.pem', # 'non-evroot-ca.pem', +# 'reverse-order-oids-path-ee.pem', +# 'reverse-order-oids-path-int.pem', +# 'test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem', +# 'test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem', +# 'test-and-cabforum-oid-ee-path-ee.pem', +# 'test-and-cabforum-oid-ee-path-int.pem', +# 'test-oid-ee-cabforum-oid-int-path-ee.pem', +# 'test-oid-ee-cabforum-oid-int-path-int.pem', # 'test-oid-path-ee.pem', # 'test-oid-path-int.pem', #) diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem new file mode 100644 index 000000000000..4cc99e430a10 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfDCCAmagAwIBAgIUQ8ghAgsWqLQdi9QbN/oi49Skc7swCwYJKoZIhvcNAQEL +MCYxJDAiBgNVBAMMG3JldmVyc2Utb3JkZXItb2lkcy1wYXRoLWludDAiGA8yMDE0 +MTEyNzAwMDAwMFoYDzIwMTcwMjA0MDAwMDAwWjAlMSMwIQYDVQQDDBpyZXZlcnNl +LW9yZGVyLW9pZHMtcGF0aC1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab +bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts +Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI +H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8 +rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX +Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBojCBnzBTBggrBgEFBQcBAQRHMEUw +QwYIKwYBBQUHMAGGN2h0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9yZXZlcnNl +LW9yZGVyLW9pZHMtcGF0aC1lZS8wKAYDVR0gBCEwHzAHBgVngQwBATAUBhIrBgEE +AetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYITZXYtdGVzdC5leGFtcGxlLmNvbTAL +BgkqhkiG9w0BAQsDggEBAHXaI2gprZyBRve5WtTqIcIJU5KY2IaivlJU3ya77JeY +/izCZ3urDf/X4aV52wAJ5nks8PY48v5FdgFsDDiyyjuI/A5sCg8INy3ozBS6hiHb +J/1h+xrZE1e++ExiiRjIVsTo85uYONaU1swxMAmx1OuBMA1ktZB86n1lwCwXmh+/ +eWpehrgyZXSTDkOiYasEgbKxnLf+LNHRq/mizTdSdLCQwRYdhOjWe051iw/Zek+W +9Xc1ZhSWRGm25qocKzqMWo+PkXjuSSzriKYEjDvTndPdWL983I2uHow8pi4OfjyU +zsUqol0If8yWOTL1qavh145iHsMdIFKftziK2zi3NL4= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem.certspec new file mode 100644 index 000000000000..31e3e69e5305 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:reverse-order-oids-path-int +subject:reverse-order-oids-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/reverse-order-oids-path-ee/ +extension:certificatePolicies:2.23.140.1.1,1.3.6.1.4.1.13769.666.666.666.1.500.9.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem new file mode 100644 index 000000000000..388fd9ff69f5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDZDCCAk6gAwIBAgIUUboBUO/yd3/FprcrzAYSe5zX28gwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE0MTEyNzAwMDAwMFoYDzIwMTcwMjA0 +MDAwMDAwWjAmMSQwIgYDVQQDDBtyZXZlcnNlLW9yZGVyLW9pZHMtcGF0aC1pbnQw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ +PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH +9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw +4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86 +exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0 +ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N +AgMBAAGjgZ4wgZswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwVAYIKwYBBQUH +AQEESDBGMEQGCCsGAQUFBzABhjhodHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgv +cmV2ZXJzZS1vcmRlci1vaWRzLXBhdGgtaW50LzAoBgNVHSAEITAfMBQGEisGAQQB +60mFGoUahRoBg3QJATAHBgVngQwBATALBgkqhkiG9w0BAQsDggEBAGdCb9KbPBla +VK4F97mGBPQ7yJo/ggvQg5qqSnB90QoD1lBJwHHPDfwHH9pC+Wf0peZQf/YAg2yc +oDtZaZeddi6FBgSzaU82EsQsxI+Vj25G6tazFtkkX5x1mEQEb1TivhqspqQha+Zq +s0a/EUm5LnWyc9q4fg8bJm52hFaidijHTF+6p1KUeWnVma/hFfzY/WTFyV65blTb +1rqkDrHYDOFnkscILiaIepjAzceJvM8eeptPuxVy86cZVao0NLI0yN6rJred0wfv +/uxo/7w3SQggWQta89s8Gmo/QeglSx8m9QTzRpJryqMy0bNpHfl4iUAg+N+axNBw +3OQSjTr3o4s= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem.certspec new file mode 100644 index 000000000000..a2b523073e05 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:reverse-order-oids-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/reverse-order-oids-path-int/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1,2.23.140.1.1 diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem new file mode 100644 index 000000000000..c2497e5cce60 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqugAwIBAgIUcXWG5UHyfrNaIPc8Cx+A37nK7uQwCwYJKoZIhvcNAQEL +MD0xOzA5BgNVBAMMMnRlc3QtYW5kLWNhYmZvcnVtLW9pZC1lZS1jYWJmb3J1bS1v +aWQtaW50LXBhdGgtaW50MCIYDzIwMTQxMTI3MDAwMDAwWhgPMjAxNzAyMDQwMDAw +MDBaMDwxOjA4BgNVBAMMMXRlc3QtYW5kLWNhYmZvcnVtLW9pZC1lZS1jYWJmb3J1 +bS1vaWQtaW50LXBhdGgtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24a +hvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7t +FYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+o +N9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0d +JdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4 +s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjgbkwgbYwagYIKwYBBQUHAQEEXjBcMFoG +CCsGAQUFBzABhk5odHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvdGVzdC1hbmQt +Y2FiZm9ydW0tb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1lZS8wKAYDVR0g +BCEwHzAUBhIrBgEEAetJhRqFGoUaAYN0CQEwBwYFZ4EMAQEwHgYDVR0RBBcwFYIT +ZXYtdGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBAEAQ1s75nChdBAzq +Xq6AzMlgPPcHMBlweEHZD+3GJd/TlzCZXS3fXUYdYtsXUGg9jxDe8lj8K/Nspy7r +OOKO/NYAYLozIKQ6iavB13ffJq9tQSTwH/da6HWC/8v7KI9jvyL0Z7HN/STQlKry +np+s+IWYlV/lB6uq8YlhMJYLqRnxCFhVryZi5y70Ao+d4NdV8x8oDXf0PKowLPE+ +Wyg6HVpyQu8BdJj1BhP91RgHg4bX1gTWrca0iyTomvK/XRP3vDVWM+0CfhCILEme +3yBzQMOuqt9GhQqLcC9GhbNx8Rd3rs0/RBy708nbvJeu8qKjBxiQwEYQu3sNgHKU +N/nXL7U= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem.certspec new file mode 100644 index 000000000000..edac2fc1ad42 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:test-and-cabforum-oid-ee-cabforum-oid-int-path-int +subject:test-and-cabforum-oid-ee-cabforum-oid-int-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1,2.23.140.1.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem new file mode 100644 index 000000000000..4c20ebddd0c5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfDCCAmagAwIBAgIUf2ZzMx9K1HgD5vSZlURE9tj6xhQwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE0MTEyNzAwMDAwMFoYDzIwMTcwMjA0 +MDAwMDAwWjA9MTswOQYDVQQDDDJ0ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUtY2Fi +Zm9ydW0tb2lkLWludC1wYXRoLWludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x +nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM +wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF +4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20 +yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx +j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBnzCBnDAMBgNVHRMEBTADAQH/ +MAsGA1UdDwQEAwIBBjBrBggrBgEFBQcBAQRfMF0wWwYIKwYBBQUHMAGGT2h0dHA6 +Ly93d3cuZXhhbXBsZS5jb206ODg4OC90ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUt +Y2FiZm9ydW0tb2lkLWludC1wYXRoLWludC8wEgYDVR0gBAswCTAHBgVngQwBATAL +BgkqhkiG9w0BAQsDggEBAGsKlTLMWmc5j+tVmQ6TVzK0RhwBedkb7k1ti1wzt92P +13EPZ8+RwH7AU7MNMkX6Y7lsDsBFvO65KTQiICFtLPaHyy1lA5ML0sgrNhyxXw4n +wh0DMSMI3KNg6cLcz7XHjLJ3xU3WG2SPjoe9DeiEQUfY78+LFI3A1H4ybGotzmOH +rwpBQeOrW7IkvibUEA86KdYXmX9tnfY3VTEcWIJy4K8mKHOzWXw/gawU0L47EB8p +4YfpyGB2htUWz57Dr7EEqOGcjmY2yXYfgoDcbZ6fRHd/W0+JMUdcvhDdCfVj3DkU +DpZzpWaBr33Iyhe4rKXa0Pc5l+9gC9YccwVlOmCcEaQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem.certspec new file mode 100644 index 000000000000..68dfd00573b9 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:test-and-cabforum-oid-ee-cabforum-oid-int-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-cabforum-oid-int-path-int/ +extension:certificatePolicies:2.23.140.1.1 diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem new file mode 100644 index 000000000000..2aa9b4de5a19 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDjjCCAnigAwIBAgIUC/Dc55VfICdZspIza0S6Grgf1RowCwYJKoZIhvcNAQEL +MCwxKjAoBgNVBAMMIXRlc3QtYW5kLWNhYmZvcnVtLW9pZC1lZS1wYXRoLWludDAi +GA8yMDE0MTEyNzAwMDAwMFoYDzIwMTcwMjA0MDAwMDAwWjArMSkwJwYDVQQDDCB0 +ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUtcGF0aC1lZTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7 +wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp +k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh +eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW +EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc +JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBqDCBpTBZBggr +BgEFBQcBAQRNMEswSQYIKwYBBQUHMAGGPWh0dHA6Ly93d3cuZXhhbXBsZS5jb206 +ODg4OC90ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUtcGF0aC1lZS8wKAYDVR0gBCEw +HzAUBhIrBgEEAetJhRqFGoUaAYN0CQEwBwYFZ4EMAQEwHgYDVR0RBBcwFYITZXYt +dGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBAJnoapkgmRWQYP6anuT/ +faYrcruPB1DoLBgxCarbisc0xqkJw/oJ0lrBUVT7uPAABFIIX+zDzfKNQy+xEbbN +zv2MA7u6S9dvG2QytMHqY6bh15Y+LaDzV/Krj8HndlU7vSi/1RXWQxnahtvCIosG +VTpPjB9kIZtpLhw7AdcNewYab7uCAbS9P0ZVBEos7Nq/zr3dZkIVevbDdPSJxBT1 +p+cgdwyfS4TSWSi8Y3eWNWU6UxPL0spIJwRgxRM7+kCYBK/j1wWqTdoPFyYbqwFR +2AfiX7eRQ4ZS9vkcSGn5CY8O9rxxSsOcO6DIfTL8Ji1NiJhGuynDeg5JGr0blsV4 +Tv0= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem.certspec new file mode 100644 index 000000000000..affbd87458a2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:test-and-cabforum-oid-ee-path-int +subject:test-and-cabforum-oid-ee-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-path-ee/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1,2.23.140.1.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem new file mode 100644 index 000000000000..044b5e954c8c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWTCCAkOgAwIBAgIUWyFPTQyQUnNq/1f02LZZRnQV3JswCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE0MTEyNzAwMDAwMFoYDzIwMTcwMjA0 +MDAwMDAwWjAsMSowKAYDVQQDDCF0ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUtcGF0 +aC1pbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9 +braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI +eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6 +iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za +qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7 +LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs +2hgKNe2NAgMBAAGjgY0wgYowDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwWgYI +KwYBBQUHAQEETjBMMEoGCCsGAQUFBzABhj5odHRwOi8vd3d3LmV4YW1wbGUuY29t +Ojg4ODgvdGVzdC1hbmQtY2FiZm9ydW0tb2lkLWVlLXBhdGgtaW50LzARBgNVHSAE +CjAIMAYGBFUdIAAwCwYJKoZIhvcNAQELA4IBAQA5hjGsqHqWWwZXgt048pcAS+SJ +9FLZLRd/ZJtQVjB6Cyiuuc0PENs+fz0/NmYpTP/mK1JLEPLrnPp16pV/UnUXtqnJ +vIZFe1Cad3h7vwT9DckH7yXCtulYSM65ArJ0RQcPtXFUt/7Nj8Io/+mXp/J6Mmw1 +AqAEr7zTrxl9aISnUY73NEs9FeGrMWriOBMY0vzMw1Ie8MmxggycRZpBqrS7ay+b +MGRN+Xvz5aIX2rDoQCxeBarA5rs95kAbG4YueQn7Ya/ssls/mSKcfOcZLOscT/BX +7juX9os5+FD72O0ea5RDBR/SMbpGF+ZhG7FiHxLe0kR6JBIbcyMaVwnmnhlP +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem.certspec new file mode 100644 index 000000000000..11630b4b4f0d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:test-and-cabforum-oid-ee-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-path-int/ +extension:certificatePolicies:any diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem new file mode 100644 index 000000000000..916845fa386a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDkTCCAnugAwIBAgIUJ3aa69Urh5Shk48KME40l1lyOfUwCwYJKoZIhvcNAQEL +MDAxLjAsBgNVBAMMJXRlc3Qtb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1p +bnQwIhgPMjAxNDExMjcwMDAwMDBaGA8yMDE3MDIwNDAwMDAwMFowLzEtMCsGA1UE +AwwkdGVzdC1vaWQtZWUtY2FiZm9ydW0tb2lkLWludC1wYXRoLWVlMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK +tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N +Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr +sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs +l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl +nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4Gj +MIGgMF0GCCsGAQUFBwEBBFEwTzBNBggrBgEFBQcwAYZBaHR0cDovL3d3dy5leGFt +cGxlLmNvbTo4ODg4L3Rlc3Qtb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1l +ZS8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYIT +ZXYtdGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBAEiOoHZL1d5NODXn +DYqH0JJ+ic1/XeJrlPQZ6f8u77kpvfQlHnUV6HzOFsKrVkL1AZBxf+2JqfZHjA8Z +BvU5RVLQpYtXyi5J68tUigxlbwkHCJrMpWerT703P5VYNHcizA1vdggzN0U91eob +yZXJ7Iqm1JUI0Rs/9BiSwmv7n0LmFdpPpIhIJcb8L9q2a2NKc3MYggYoaFfQRf5N +84a65mGd1h9t4FdzPYdvJc/Q9Qhq5ytBwMVbDiYkH0UN+WNRBzslDjUN8Y/qKdWZ +f8jpCMwtcZvYvlkwfA7Ynadmfgtbm4radEc/nRGf/FYcd+PNJCre3EMh9C5sc5Bb +iEugyKY= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem.certspec new file mode 100644 index 000000000000..bd0f955adac9 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:test-oid-ee-cabforum-oid-int-path-int +subject:test-oid-ee-cabforum-oid-int-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/test-oid-ee-cabforum-oid-int-path-ee/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem new file mode 100644 index 000000000000..2f0b68287572 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDYjCCAkygAwIBAgIUY+HUS2XgWmoBZvgR3+yOq1uMEvowCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE0MTEyNzAwMDAwMFoYDzIwMTcwMjA0 +MDAwMDAwWjAwMS4wLAYDVQQDDCV0ZXN0LW9pZC1lZS1jYWJmb3J1bS1vaWQtaW50 +LXBhdGgtaW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO +FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr +amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka +sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY +VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n +aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE +MdUDrNoYCjXtjQIDAQABo4GSMIGPMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEG +MF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAYZCaHR0cDovL3d3dy5leGFtcGxl +LmNvbTo4ODg4L3Rlc3Qtb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1pbnQv +MBIGA1UdIAQLMAkwBwYFZ4EMAQEwCwYJKoZIhvcNAQELA4IBAQAVaZl+AtTPAT/W +ApdXikIXRPxkz3JQJLwLuWjCj8xMuhieqk9dERJHcT3l0HMSMakLGqQeXwHS2Yci +ZESyLUhOthIWyAT2zDtnW6cGEb4Q4ZpIsRC3MJNlNENd9/idYKpnO4S+C3dGuC4l +6KlzKdbX+OE8+5CiAhvrqbxn8I1Jlc7wawrNBEo6/56e1t05eBnCS9pHnRd81etj +y5uEuuZQ1QX/zYCpHL+PQJBnqNi9BhLD4gzHdYGjBLsKr/yMG4g6BTQ8XJNiRdlP +42UXYmqL+NLNpa7h8tfmcneM6Wb4K+AjpuNNqE/5mLmE16SV6qYmf5/5eVt1OJZM +DePzb7cw +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem.certspec new file mode 100644 index 000000000000..37d4d133a1e5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:test-oid-ee-cabforum-oid-int-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/test-oid-ee-cabforum-oid-int-path-int/ +extension:certificatePolicies:2.23.140.1.1