Google Git
Sign in
chromium / chromium / src / 52939ed422f481e2970edfa57a8bf24ca3dbacb8 / . / net / data / verify_certificate_chain_unittest / constrained-root-bad-eku.pem
blob: 5fe160a7264a594be5091074028598714943175e [file] [log] [blame]
[Created by: generate-constrained-root-bad-eku.py]
Certificate chain with 1 intermediate and a trust anchor. The trust anchor
has an EKU that restricts it to clientAuth. Verification is expected to fail as
the end-entity is verified for serverAuth, and the trust anchor enforces
constraints.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediate
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:f0:08:00:ea:5d:93:fb:9f:3d:fd:b5:ae:6f:89:
02:b9:7f:4b:75:b9:51:cb:ef:6f:dd:7b:50:b6:2a:
a7:fa:9c:41:88:6e:a1:be:2b:8b:54:2a:02:c8:c0:
2c:ed:c8:ad:75:9d:84:22:c5:12:d8:63:ac:60:85:
42:3d:e2:c5:59:00:01:c7:4d:63:08:bf:a2:63:cf:
dd:fc:48:e6:55:e6:2c:5c:d6:bf:e1:d1:19:09:56:
8b:43:f2:be:ba:04:81:33:7d:5c:ee:26:3b:f7:c2:
15:d5:57:11:4c:08:fc:48:e4:f5:8b:d1:62:cb:72:
10:7e:fe:ae:84:ff:f8:d6:35:20:80:f3:b9:59:a3:
7f:1d:bf:6f:f5:6d:6b:29:e4:b1:5e:2e:20:cc:80:
04:f8:6d:67:04:18:71:ac:c3:cf:53:4b:ca:1a:a1:
06:c1:7d:d7:fe:24:a8:6b:d2:52:18:4a:7a:ad:c4:
2f:70:e1:a8:66:9a:94:dc:13:b2:26:4d:e0:60:f1:
67:57:31:f1:00:d5:b2:3c:31:6a:34:52:75:2b:d2:
f3:d3:b0:d6:f7:54:be:9c:ba:99:39:82:50:02:ee:
b6:d8:c4:b7:ce:08:30:a7:8e:2d:b0:6b:78:f1:19:
27:cd:c5:c3:a4:f2:c7:91:b3:5e:61:94:e6:a7:94:
3b:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:29:C1:07:7D:FB:62:7D:1B:06:45:F8:E8:F4:FE:77:B2:8C:BC:AE
X509v3 Authority Key Identifier:
keyid:8B:3C:5F:76:85:CD:27:14:00:7B:0B:92:AF:4A:D5:52:9B:BA:53:BE
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediate.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediate.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
3a:2e:7b:e3:cd:20:6b:b0:dc:d6:a3:4f:00:98:53:76:bd:36:
82:12:c8:ed:11:8a:31:17:90:55:45:07:0d:72:4e:94:dd:a6:
22:ad:c0:b9:ee:4e:5f:d5:0d:1c:62:d8:04:5d:75:75:10:ed:
e1:4b:79:16:cf:bd:b1:2e:bc:0d:1b:10:0c:4b:77:8f:61:51:
7f:41:fb:35:2d:5c:2d:b4:51:15:01:68:51:72:ae:ec:eb:bb:
f8:e1:45:7a:80:5c:e5:5b:c5:c0:27:1d:12:7a:d5:80:be:06:
64:38:f7:59:57:f5:c8:54:aa:42:0f:71:f0:d5:b9:a3:dc:7e:
e0:e8:08:d2:d3:6d:12:aa:51:24:fa:5d:58:64:73:a7:8a:b6:
4a:83:9c:a2:12:04:4c:cb:2f:40:e6:6e:e1:b2:fe:1a:d0:7e:
2c:fd:e8:21:5c:08:fe:e8:d4:81:cd:07:2f:c1:ca:96:c8:79:
2e:53:30:36:41:8e:bd:49:95:76:1e:18:b6:53:a5:45:d0:08:
b4:e7:21:13:bc:f1:21:00:18:34:dc:d1:86:71:ea:05:70:54:
ac:42:89:20:e1:9f:4a:0e:11:09:00:bf:fd:46:91:3e:13:14:
7c:c6:68:e1:df:c1:16:5d:3f:e9:2f:91:dd:17:0a:e4:95:3d:
a6:96:e4:cf
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwCADq
XZP7nz39ta5viQK5f0t1uVHL72/de1C2Kqf6nEGIbqG+K4tUKgLIwCztyK11nYQi
xRLYY6xghUI94sVZAAHHTWMIv6Jjz938SOZV5ixc1r/h0RkJVotD8r66BIEzfVzu
Jjv3whXVVxFMCPxI5PWL0WLLchB+/q6E//jWNSCA87lZo38dv2/1bWsp5LFeLiDM
gAT4bWcEGHGsw89TS8oaoQbBfdf+JKhr0lIYSnqtxC9w4ahmmpTcE7ImTeBg8WdX
MfEA1bI8MWo0UnUr0vPTsNb3VL6cupk5glAC7rbYxLfOCDCnji2wa3jxGSfNxcOk
8seRs15hlOanlDvHAgMBAAGjgekwgeYwHQYDVR0OBBYEFPIpwQd9+2J9GwZF+Oj0
/neyjLyuMB8GA1UdIwQYMBaAFIs8X3aFzScUAHsLkq9K1VKbulO+MD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAOi57480ga7Dc1qNPAJhT
dr02ghLI7RGKMReQVUUHDXJOlN2mIq3Aue5OX9UNHGLYBF11dRDt4Ut5Fs+9sS68
DRsQDEt3j2FRf0H7NS1cLbRRFQFoUXKu7Ou7+OFFeoBc5VvFwCcdEnrVgL4GZDj3
WVf1yFSqQg9x8NW5o9x+4OgI0tNtEqpRJPpdWGRzp4q2SoOcohIETMsvQOZu4bL+
GtB+LP3oIVwI/ujUgc0HL8HKlsh5LlMwNkGOvUmVdh4YtlOlRdAItOchE7zxIQAY
NNzRhnHqBXBUrEKJIOGfSg4RCQC//UaRPhMUfMZo4d/BFl0/6S+R3RcK5JU9ppbk
zw==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b6:0a:f3:0b:43:2a:d8:e5:15:f6:48:94:21:e9:
23:61:0f:0e:cc:5a:a6:ba:45:b0:8b:99:54:44:0b:
56:4e:b1:13:e2:ce:b9:58:0a:dc:77:41:36:86:ac:
eb:b4:54:04:77:1f:cf:f6:1d:12:c5:58:38:65:ff:
20:41:f0:43:9d:a4:bf:fa:61:3b:75:52:f0:39:9d:
5b:fb:e2:88:fb:69:32:b2:b9:4d:a8:34:88:e3:ce:
e1:2f:f4:03:d5:1b:3f:1a:ab:95:98:a1:6f:87:2b:
10:76:02:4f:ba:67:7f:9a:23:5c:90:8a:dc:b3:27:
a5:28:14:98:1e:b2:06:92:0a:60:37:fe:56:b6:16:
84:59:01:a5:e9:1d:04:d5:46:66:e4:30:fa:0e:0e:
c2:d7:66:21:4a:fc:99:4f:85:33:96:36:7d:dc:5c:
04:16:bc:5c:ee:f3:6d:4d:b6:a2:0f:39:fc:e2:63:
96:bf:3d:5a:61:02:8f:db:d7:07:c4:24:02:f0:02:
52:e7:2c:08:78:b9:8d:d9:5f:2d:cc:6c:1e:9e:f9:
91:95:e8:be:13:77:02:b3:86:ab:cb:24:ed:4a:bf:
36:29:2d:66:36:1e:fc:3d:3a:c5:0f:23:5d:e9:2e:
41:d8:79:97:ee:8b:cc:75:2d:c7:3a:be:4d:e5:fd:
a2:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:3C:5F:76:85:CD:27:14:00:7B:0B:92:AF:4A:D5:52:9B:BA:53:BE
X509v3 Authority Key Identifier:
keyid:1A:DD:A6:8B:40:A4:5B:6A:1B:06:BF:9B:76:54:8A:9B:88:F8:8B:07
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
83:84:de:b3:56:ad:2a:16:56:6e:7b:64:3e:35:bd:39:38:2e:
6e:2a:fa:09:a9:c3:ea:86:30:8c:4e:e0:2b:13:80:a1:40:f3:
10:15:9d:4f:77:90:0f:12:c9:a5:60:2e:87:43:0b:c1:90:5a:
b3:95:fb:37:0c:c7:86:d0:2f:bb:4c:b8:97:40:d6:61:a6:47:
e6:30:42:9f:e6:28:ac:b7:99:83:52:a0:c0:4b:dd:e2:ad:1b:
e7:5d:c5:9a:fb:6c:d9:bc:7c:bc:64:1a:47:9b:01:9f:4e:10:
aa:f7:6a:25:a0:0b:64:6b:8f:54:42:74:23:d3:83:a8:b7:fc:
78:95:65:11:27:f2:b5:1e:90:78:31:9d:f3:5f:7f:8d:63:3f:
ce:cf:1e:11:bd:8b:01:a7:fa:33:d2:9b:ac:9c:c0:ee:b1:f2:
ee:02:ea:73:07:28:1d:8c:23:98:93:cc:23:92:26:35:a4:d7:
57:f7:d1:28:b0:4e:6a:9c:78:01:c9:f2:52:e0:1d:13:86:76:
7e:13:3c:07:69:a5:3f:d6:3e:2e:36:70:0a:be:4d:1a:14:ac:
73:bd:5a:ad:78:68:a6:35:a2:50:5b:ab:c1:e3:a1:f7:47:f2:
76:2b:e8:5d:4a:e4:f3:4a:dc:93:53:64:9c:83:f3:af:a5:0f:
e1:83:1d:89
-----BEGIN CERTIFICATE-----
MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgrzC0Mq
2OUV9kiUIekjYQ8OzFqmukWwi5lURAtWTrET4s65WArcd0E2hqzrtFQEdx/P9h0S
xVg4Zf8gQfBDnaS/+mE7dVLwOZ1b++KI+2kysrlNqDSI487hL/QD1Rs/GquVmKFv
hysQdgJPumd/miNckIrcsyelKBSYHrIGkgpgN/5WthaEWQGl6R0E1UZm5DD6Dg7C
12YhSvyZT4UzljZ93FwEFrxc7vNtTbaiDzn84mOWvz1aYQKP29cHxCQC8AJS5ywI
eLmN2V8tzGwenvmRlei+E3cCs4aryyTtSr82KS1mNh78PTrFDyNd6S5B2HmX7ovM
dS3HOr5N5f2iMwIDAQABo4HLMIHIMB0GA1UdDgQWBBSLPF92hc0nFAB7C5KvStVS
m7pTvjAfBgNVHSMEGDAWgBQa3aaLQKRbahsGv5t2VIqbiPiLBzA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
AIOE3rNWrSoWVm57ZD41vTk4Lm4q+gmpw+qGMIxO4CsTgKFA8xAVnU93kA8SyaVg
LodDC8GQWrOV+zcMx4bQL7tMuJdA1mGmR+YwQp/mKKy3mYNSoMBL3eKtG+ddxZr7
bNm8fLxkGkebAZ9OEKr3aiWgC2Rrj1RCdCPTg6i3/HiVZREn8rUekHgxnfNff41j
P87PHhG9iwGn+jPSm6ycwO6x8u4C6nMHKB2MI5iTzCOSJjWk11f30SiwTmqceAHJ
8lLgHROGdn4TPAdppT/WPi42cAq+TRoUrHO9Wq14aKY1olBbq8HjofdH8nYr6F1K
5PNK3JNTZJyD86+lD+GDHYk=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d9:e2:08:ac:46:4f:3e:c9:2c:0e:1b:2e:0d:cb:
05:2e:b2:60:dd:39:3b:31:90:3c:89:ee:6f:32:3f:
4e:9c:4a:93:d7:97:e5:e9:9d:0a:72:a5:77:c8:e6:
67:db:e0:e2:d7:35:ab:d5:7b:26:2a:97:39:4c:04:
e3:32:93:df:69:9e:5e:c7:fb:3a:53:70:18:91:39:
76:23:aa:65:5b:e0:87:32:cb:2c:6c:6f:e7:38:9f:
79:db:23:ea:3c:86:9b:f2:03:d3:df:15:5c:ce:58:
b5:46:77:5d:21:09:f9:e3:ae:16:ce:e6:d5:95:41:
d5:ee:c7:74:89:bf:dc:c8:80:47:e0:49:6e:ff:26:
6b:0a:d4:c2:04:21:a0:b5:b0:07:4d:1b:1c:e1:a8:
53:23:13:3f:01:31:d9:3f:dc:2d:70:8b:61:49:b1:
6d:6f:c6:4e:f7:35:45:17:40:39:9d:28:1d:77:68:
82:c2:75:9a:c2:9f:90:ab:4c:c9:8a:3e:68:2a:2c:
ba:62:ab:e1:58:c8:3b:fe:c0:95:8e:55:33:53:ca:
3f:fb:9a:ae:95:13:65:3f:a6:9a:d6:98:f1:ad:72:
74:ce:d8:65:12:9f:63:fd:63:c5:3f:90:3d:d8:b2:
2b:fe:48:fa:da:ab:f2:49:c6:1d:2a:ba:f8:73:e1:
50:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:DD:A6:8B:40:A4:5B:6A:1B:06:BF:9B:76:54:8A:9B:88:F8:8B:07
X509v3 Authority Key Identifier:
keyid:1A:DD:A6:8B:40:A4:5B:6A:1B:06:BF:9B:76:54:8A:9B:88:F8:8B:07
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Extended Key Usage:
TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
7f:58:39:4d:ec:e0:7e:11:fa:c1:29:d1:c8:56:42:19:33:f4:
8c:e0:a1:22:90:fc:9d:cc:d2:36:4f:f7:91:51:cc:0a:40:49:
da:cc:70:81:3e:59:ae:65:a3:c5:86:42:5f:df:fe:1d:51:93:
fb:77:99:01:b0:02:c5:95:1f:32:6f:a2:4a:21:28:50:f8:bc:
5d:67:01:28:a0:4f:6c:a0:43:ea:7b:7a:66:3a:33:a0:c2:0c:
a5:44:10:9b:e4:f9:4a:09:43:02:e0:01:ca:fd:c2:b1:07:31:
c8:6b:0d:ec:c8:c1:4f:53:2e:10:1b:d9:8a:42:00:74:d5:cc:
ec:47:51:c5:12:63:a7:f2:93:4f:0e:cd:82:3c:70:3b:9f:c8:
0c:9f:5b:fa:15:47:e5:e6:6d:5d:37:7c:fa:e2:a2:4b:aa:d8:
be:c4:2e:e5:3e:71:ae:c9:7b:79:86:1c:29:3c:00:e3:d5:9b:
30:23:12:c0:33:12:7d:36:8c:99:cb:6a:39:74:fa:8f:6e:8f:
5c:53:6e:53:94:59:c9:59:7d:1e:3c:e2:ac:32:43:5e:4c:14:
87:cf:39:c9:55:38:e0:29:a6:19:e9:62:21:8d:f0:1b:9d:31:
c9:c3:93:12:fd:b3:0e:83:fc:21:dc:bb:df:09:a6:57:6e:18:
58:ff:ad:73
-----BEGIN TRUST_ANCHOR_CONSTRAINED-----
MIIDejCCAmKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANniCKxGTz7JLA4bLg3L
BS6yYN05OzGQPInubzI/TpxKk9eX5emdCnKld8jmZ9vg4tc1q9V7JiqXOUwE4zKT
32meXsf7OlNwGJE5diOqZVvghzLLLGxv5zifedsj6jyGm/ID098VXM5YtUZ3XSEJ
+eOuFs7m1ZVB1e7HdIm/3MiAR+BJbv8mawrUwgQhoLWwB00bHOGoUyMTPwEx2T/c
LXCLYUmxbW/GTvc1RRdAOZ0oHXdogsJ1msKfkKtMyYo+aCosumKr4VjIO/7AlY5V
M1PKP/uarpUTZT+mmtaY8a1ydM7YZRKfY/1jxT+QPdiyK/5I+tqr8knGHSq6+HPh
UKECAwEAAaOB4DCB3TAdBgNVHQ4EFgQUGt2mi0CkW2obBr+bdlSKm4j4iwcwHwYD
VR0jBBgwFoAUGt2mi0CkW2obBr+bdlSKm4j4iwcwNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqG
SIb3DQEBCwUAA4IBAQB/WDlN7OB+EfrBKdHIVkIZM/SM4KEikPydzNI2T/eRUcwK
QEnazHCBPlmuZaPFhkJf3/4dUZP7d5kBsALFlR8yb6JKIShQ+LxdZwEooE9soEPq
e3pmOjOgwgylRBCb5PlKCUMC4AHK/cKxBzHIaw3syMFPUy4QG9mKQgB01czsR1HF
EmOn8pNPDs2CPHA7n8gMn1v6FUfl5m1dN3z64qJLqti+xC7lPnGuyXt5hhwpPADj
1ZswIxLAMxJ9NoyZy2o5dPqPbo9cU25TlFnJWX0ePOKsMkNeTBSHzznJVTjgKaYZ
6WIhjfAbnTHJw5MS/bMOg/wh3LvfCaZXbhhY/61z
-----END TRUST_ANCHOR_CONSTRAINED-----
150302120000Z
-----BEGIN TIME-----
MTUwMzAyMTIwMDAwWg==
-----END TIME-----
FAIL
-----BEGIN VERIFY_RESULT-----
RkFJTA==
-----END VERIFY_RESULT-----
serverAuth
-----BEGIN KEY_PURPOSE-----
c2VydmVyQXV0aA==
-----END KEY_PURPOSE-----
----- Certificate i=2 -----
ERROR: The extended key usage does not include server auth
-----BEGIN ERRORS-----
LS0tLS0gQ2VydGlmaWNhdGUgaT0yIC0tLS0tCkVSUk9SOiBUaGUgZXh0ZW5kZWQga2V5IHVzYWdlIGRvZXMgbm90IGluY2x1ZGUgc2VydmVyIGF1dGgKCg==
-----END ERRORS-----