Google Git
Sign in
chromium / chromium / src / e6d181417ea462ac221d768c960a21018266a4a8 / . / net / data / verify_certificate_chain_unittest / target-has-keycertsign-but-not-ca.pem
blob: f008c4e87279349cd2ed33358a2e8feaa67adace [file] [log] [blame]
[Created by: ./generate-target-has-keycertsign-but-not-ca.py]
Certificate chain with 1 intermediary, a trusted root, and a target
certificate that is not a CA, and yet has the keyCertSign bit set. Verification
is expected to fail, since keyCertSign should only be asserted when CA is
true.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediary
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a6:ec:9f:55:56:11:c4:7a:fc:00:75:b9:b4:bb:
08:8f:8f:88:ad:df:22:e4:5d:b4:f1:7d:af:a4:62:
df:64:86:46:34:cb:a4:32:21:b0:53:7c:94:5e:8a:
e6:6d:56:8b:28:93:23:79:ef:0b:7f:96:5a:19:09:
3a:b7:30:77:e3:db:54:a5:c0:f7:df:3c:bd:f5:26:
9f:ab:73:f9:c5:02:e8:67:cf:4d:d5:0e:31:4d:ab:
b7:d5:55:1a:f2:dc:1a:87:45:61:3c:ea:56:19:a3:
a7:f7:34:82:30:6f:48:54:fd:ce:05:cc:fe:95:2b:
a3:d8:b5:8f:20:26:60:e9:22:07:2e:e3:54:22:fe:
e2:2e:fc:33:2b:9d:6d:ed:1f:56:6d:7b:4a:69:15:
c0:f3:d5:0a:f8:c2:9b:82:b0:91:36:7c:5a:06:6b:
eb:02:85:58:5c:15:14:c4:c9:72:8c:21:29:29:e7:
23:ca:56:07:7e:28:fa:f0:99:69:ad:10:bc:6c:43:
31:1c:d1:bc:79:51:dd:92:54:f9:f3:0c:f8:ee:a4:
8a:96:1d:17:ef:70:64:71:f4:30:54:b5:77:53:26:
11:80:ce:dc:cb:38:98:98:69:20:e1:ae:f7:1b:61:
53:32:59:27:8d:e9:84:b8:6f:c1:9f:03:95:ac:9a:
8c:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:67:70:1F:EA:D4:3D:30:5E:54:D3:BF:DF:83:3D:14:94:C3:DD:58
X509v3 Authority Key Identifier:
keyid:F3:98:98:C6:42:9E:AB:03:53:76:3F:43:FB:C9:9D:E4:0B:FF:BF:B5
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediary.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediary.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Certificate Sign
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
65:55:d3:04:1b:96:89:b8:44:32:01:15:ee:43:85:c0:c9:ee:
f9:19:6c:ef:f4:5a:92:22:b2:62:b1:18:38:c5:42:06:e5:c7:
be:83:9c:96:6b:72:d7:2a:0c:68:40:d6:30:91:4b:4e:e1:d4:
13:05:c5:5a:91:c1:11:ce:57:2e:31:87:2a:f3:70:e4:77:3a:
60:82:fa:58:56:18:1f:bf:4a:dd:89:48:c6:ab:4c:01:06:d5:
ec:8d:aa:55:eb:07:0f:bd:bd:2b:67:f6:3f:43:15:c7:a4:77:
88:fa:f8:9f:3b:fa:0b:a2:fe:55:7c:f1:0b:49:da:b7:08:24:
34:68:db:a8:76:37:60:02:be:32:54:29:b4:b7:69:c4:05:66:
60:a4:86:9f:a1:13:d7:c3:f6:ed:a0:97:37:17:35:97:05:c9:
ce:f9:af:e0:42:c3:e5:32:15:d7:1e:6c:3b:41:93:df:ba:b0:
aa:60:e8:66:46:55:b3:00:65:e2:1c:70:85:c7:81:21:3f:8e:
41:69:19:a0:ac:8b:54:bc:d0:4b:78:db:f8:11:d7:93:eb:a4:
48:04:1b:76:96:e2:ae:d5:2b:dd:ea:e4:a5:02:ca:02:86:11:
82:cc:3c:70:10:3a:35:81:0e:52:ad:71:11:be:d9:f2:9c:3f:
85:53:b8:df
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm7J9V
VhHEevwAdbm0uwiPj4it3yLkXbTxfa+kYt9khkY0y6QyIbBTfJReiuZtVosokyN5
7wt/lloZCTq3MHfj21SlwPffPL31Jp+rc/nFAuhnz03VDjFNq7fVVRry3BqHRWE8
6lYZo6f3NIIwb0hU/c4FzP6VK6PYtY8gJmDpIgcu41Qi/uIu/DMrnW3tH1Zte0pp
FcDz1Qr4wpuCsJE2fFoGa+sChVhcFRTEyXKMISkp5yPKVgd+KPrwmWmtELxsQzEc
0bx5Ud2SVPnzDPjupIqWHRfvcGRx9DBUtXdTJhGAztzLOJiYaSDhrvcbYVMyWSeN
6YS4b8GfA5Wsmow1AgMBAAGjgekwgeYwHQYDVR0OBBYEFGRncB/q1D0wXlTTv9+D
PRSUw91YMB8GA1UdIwQYMBaAFPOYmMZCnqsDU3Y/Q/vJneQL/7+1MD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAZVXTBBuWibhEMgEV7kOF
wMnu+Rls7/RakiKyYrEYOMVCBuXHvoOclmty1yoMaEDWMJFLTuHUEwXFWpHBEc5X
LjGHKvNw5Hc6YIL6WFYYH79K3YlIxqtMAQbV7I2qVesHD729K2f2P0MVx6R3iPr4
nzv6C6L+VXzxC0natwgkNGjbqHY3YAK+MlQptLdpxAVmYKSGn6ET18P27aCXNxc1
lwXJzvmv4ELD5TIV1x5sO0GT37qwqmDoZkZVswBl4hxwhceBIT+OQWkZoKyLVLzQ
S3jb+BHXk+ukSAQbdpbirtUr3erkpQLKAoYRgsw8cBA6NYEOUq1xEb7Z8pw/hVO4
3w==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediary
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a8:d0:63:48:13:03:82:fe:27:31:f5:c0:25:67:
0e:46:56:3b:d0:db:01:06:88:ae:64:12:2a:b3:8f:
79:c1:20:87:75:e7:11:2d:97:09:b4:55:e6:c4:14:
7e:61:4e:98:6c:1d:dc:ec:2c:ef:16:40:99:d1:29:
dd:0d:74:77:c7:f9:2f:5f:bd:55:63:35:3c:a2:36:
e1:42:12:49:a1:83:0b:7b:53:f1:9d:53:02:97:3e:
cf:27:50:2e:41:63:3a:6f:c2:b0:2a:b6:f9:bd:bb:
d8:0a:42:0d:99:e5:5a:ea:c8:26:bc:54:6f:b6:36:
d2:28:d4:d6:53:b5:f6:0e:8d:dd:e0:46:98:32:61:
42:20:ee:44:f0:a1:06:e4:9e:8c:c3:b6:cd:1b:7e:
ef:3c:68:d6:80:5e:49:b4:66:3f:2a:5c:e1:c3:fd:
43:ce:b7:c7:ec:fa:1f:1d:94:e4:21:4e:51:5f:5d:
5a:fd:3f:84:a5:15:2a:64:2c:d5:70:4f:24:dd:96:
67:43:c6:1d:62:53:ed:2f:ef:64:8c:a9:b2:c3:c7:
f3:a2:55:08:ed:dc:2a:5f:51:50:05:59:e8:e2:0e:
cf:8d:06:5b:7b:19:56:b9:3b:dc:75:ce:b0:4e:74:
62:d7:31:a4:7b:1f:44:ca:3f:79:8d:5c:b7:41:a6:
c0:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:98:98:C6:42:9E:AB:03:53:76:3F:43:FB:C9:9D:E4:0B:FF:BF:B5
X509v3 Authority Key Identifier:
keyid:97:E9:16:F3:C4:AD:14:F3:56:CD:F3:E6:E5:60:D4:8F:EF:F7:BA:06
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
05:1f:e8:41:f2:76:1f:cd:2a:92:f9:cc:61:a9:6f:14:40:12:
69:19:1c:44:1d:3e:2e:c5:d0:a8:25:e3:bc:62:a3:6c:0f:e8:
b9:dc:b0:92:cd:7a:ae:1d:4e:de:cc:90:3f:97:98:d4:d4:b0:
a2:73:f7:b4:83:94:fb:ac:83:d3:39:af:13:64:61:bd:80:8d:
dc:de:af:50:1a:15:12:c2:99:04:d4:c6:b8:31:12:2c:15:0a:
7c:13:ad:c8:be:37:fb:fa:43:ae:70:fd:64:70:a8:fb:77:fd:
09:7e:7e:e1:ff:27:e6:91:d8:c4:62:54:ad:cd:04:51:b0:da:
09:df:99:ac:91:0b:f8:31:e3:2e:18:64:f4:76:55:dd:d9:b3:
90:3a:07:91:e5:89:f7:83:48:15:5d:b3:bb:76:e6:d6:4a:1f:
3b:a4:3e:89:36:de:a8:80:09:2c:1f:23:a7:8a:cb:c3:e7:46:
f3:f3:1e:0f:8b:88:bb:a9:87:9e:a7:64:2e:64:be:48:c1:91:
d2:ef:c1:82:b9:1a:f4:08:d9:b1:a0:1f:ff:16:af:c4:b2:bc:
01:0f:e4:a0:f0:eb:81:aa:37:32:70:61:16:52:01:f6:39:10:
a3:b0:8c:ec:2c:3f:ac:1b:cd:12:91:44:2f:6a:2e:4f:d4:8d:
92:a5:55:1b
-----BEGIN CERTIFICATE-----
MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNBjSBMD
gv4nMfXAJWcORlY70NsBBoiuZBIqs495wSCHdecRLZcJtFXmxBR+YU6YbB3c7Czv
FkCZ0SndDXR3x/kvX71VYzU8ojbhQhJJoYMLe1PxnVMClz7PJ1AuQWM6b8KwKrb5
vbvYCkINmeVa6sgmvFRvtjbSKNTWU7X2Do3d4EaYMmFCIO5E8KEG5J6Mw7bNG37v
PGjWgF5JtGY/Klzhw/1DzrfH7PofHZTkIU5RX11a/T+EpRUqZCzVcE8k3ZZnQ8Yd
YlPtL+9kjKmyw8fzolUI7dwqX1FQBVno4g7PjQZbexlWuTvcdc6wTnRi1zGkex9E
yj95jVy3QabAvwIDAQABo4HLMIHIMB0GA1UdDgQWBBTzmJjGQp6rA1N2P0P7yZ3k
C/+/tTAfBgNVHSMEGDAWgBSX6RbzxK0U81bN8+blYNSP7/e6BjA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
AAUf6EHydh/NKpL5zGGpbxRAEmkZHEQdPi7F0Kgl47xio2wP6LncsJLNeq4dTt7M
kD+XmNTUsKJz97SDlPusg9M5rxNkYb2Ajdzer1AaFRLCmQTUxrgxEiwVCnwTrci+
N/v6Q65w/WRwqPt3/Ql+fuH/J+aR2MRiVK3NBFGw2gnfmayRC/gx4y4YZPR2Vd3Z
s5A6B5HlifeDSBVds7t25tZKHzukPok23qiACSwfI6eKy8PnRvPzHg+LiLuph56n
ZC5kvkjBkdLvwYK5GvQI2bGgH/8Wr8SyvAEP5KDw64GqNzJwYRZSAfY5EKOwjOws
P6wbzRKRRC9qLk/UjZKlVRs=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ba:52:6a:89:3e:75:9b:d6:ed:f4:d1:1c:fb:aa:
99:8f:5e:89:59:2a:75:5a:54:77:9c:b5:91:d5:2a:
f8:8a:a3:74:d2:75:39:24:cc:c5:f7:42:83:11:a7:
6c:cd:c2:2b:e1:18:84:b6:26:d8:12:fd:e2:a8:6a:
4d:4d:8f:a1:25:07:08:d2:73:a0:17:c7:54:11:a5:
fb:0e:36:cd:e2:24:a8:dc:85:a1:22:a2:7c:c3:20:
02:60:ec:40:ba:1e:5b:03:51:68:d7:f2:28:f6:3d:
3f:b3:30:34:0e:33:6c:44:c4:31:a9:ee:cf:42:96:
c2:eb:06:52:92:86:80:b9:0b:99:41:4b:64:aa:b7:
55:2b:21:25:92:46:1d:e2:31:3d:0b:54:ad:a9:c7:
2a:29:be:5c:bb:ba:99:59:69:70:71:75:bb:9a:a1:
7c:fa:36:79:bd:b4:f3:6c:4b:6c:c9:ea:32:03:dd:
64:9e:94:82:33:d1:d9:f8:48:04:ae:79:35:5c:a4:
43:54:c1:ec:3c:97:bf:3a:40:f6:e6:9d:7b:bf:a1:
67:b0:59:de:78:ff:33:94:f2:2b:15:d0:0a:89:0c:
2c:ee:9f:dc:f8:48:f0:68:0c:19:59:86:86:41:1c:
19:02:89:4f:0c:ea:43:b2:a8:b9:c9:c1:1d:76:c0:
3d:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:E9:16:F3:C4:AD:14:F3:56:CD:F3:E6:E5:60:D4:8F:EF:F7:BA:06
X509v3 Authority Key Identifier:
keyid:97:E9:16:F3:C4:AD:14:F3:56:CD:F3:E6:E5:60:D4:8F:EF:F7:BA:06
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
a5:32:dc:be:9a:58:7d:66:69:99:07:13:d9:ec:20:99:72:37:
c1:8b:4d:e1:8e:79:0b:7f:ed:1c:89:a1:9b:18:66:bd:1b:fe:
ec:74:f6:aa:7b:57:71:06:07:ea:02:41:6e:83:b4:68:39:15:
c8:c5:16:d7:4e:10:75:f5:05:b4:f2:c6:e4:bd:b4:64:21:16:
c8:14:dd:06:88:f7:81:89:76:44:c8:70:99:70:f2:67:e6:4c:
72:3e:75:24:d7:2f:83:b2:4e:6b:f8:4d:f0:e7:16:25:02:16:
c3:fa:8a:9c:c2:75:60:6b:ed:40:1d:b2:14:97:6a:26:a1:72:
b9:53:f1:95:fb:6e:d9:11:b3:d4:67:ff:ba:0a:06:c3:5b:fb:
84:e7:b1:48:07:fb:db:d7:6f:c9:7e:6f:e6:b4:3b:8c:e0:3c:
73:fe:80:8e:cd:35:3c:4f:51:f8:ac:fc:b4:d0:0a:5e:b9:d7:
95:f2:e6:fb:a8:de:25:ab:20:da:d5:e6:e2:d3:5b:6b:9b:db:
2c:77:0e:59:01:7a:29:07:1f:53:72:2b:f3:06:86:1b:04:a0:
01:82:aa:59:4f:a5:e6:8b:2a:01:24:8b:77:5b:bb:8d:36:94:
4a:02:ab:61:5c:0a:ba:87:ee:53:53:a7:5d:e3:6a:bc:73:9f:
fe:e9:fc:9f
-----BEGIN TRUSTED_CERTIFICATE-----
MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpSaok+dZvW7fTRHPuq
mY9eiVkqdVpUd5y1kdUq+IqjdNJ1OSTMxfdCgxGnbM3CK+EYhLYm2BL94qhqTU2P
oSUHCNJzoBfHVBGl+w42zeIkqNyFoSKifMMgAmDsQLoeWwNRaNfyKPY9P7MwNA4z
bETEManuz0KWwusGUpKGgLkLmUFLZKq3VSshJZJGHeIxPQtUranHKim+XLu6mVlp
cHF1u5qhfPo2eb2082xLbMnqMgPdZJ6UgjPR2fhIBK55NVykQ1TB7DyXvzpA9uad
e7+hZ7BZ3nj/M5TyKxXQCokMLO6f3PhI8GgMGVmGhkEcGQKJTwzqQ7KoucnBHXbA
PRkCAwEAAaOByzCByDAdBgNVHQ4EFgQUl+kW88StFPNWzfPm5WDUj+/3ugYwHwYD
VR0jBBgwFoAUl+kW88StFPNWzfPm5WDUj+/3ugYwNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQClMty+mlh9
ZmmZBxPZ7CCZcjfBi03hjnkLf+0ciaGbGGa9G/7sdPaqe1dxBgfqAkFug7RoORXI
xRbXThB19QW08sbkvbRkIRbIFN0GiPeBiXZEyHCZcPJn5kxyPnUk1y+Dsk5r+E3w
5xYlAhbD+oqcwnVga+1AHbIUl2omoXK5U/GV+27ZEbPUZ/+6CgbDW/uE57FIB/vb
12/Jfm/mtDuM4Dxz/oCOzTU8T1H4rPy00ApeudeV8ub7qN4lqyDa1ebi01trm9ss
dw5ZAXopBx9TcivzBoYbBKABgqpZT6XmiyoBJIt3W7uNNpRKAqthXAq6h+5TU6dd
42q8c5/+6fyf
-----END TRUSTED_CERTIFICATE-----
-----BEGIN TIME-----
MTUwMzAyMTIwMDAwWg==
-----END TIME-----
-----BEGIN VERIFY_RESULT-----
RkFJTA==
-----END VERIFY_RESULT-----