@@ -16,7 +16,7 @@ package testdata
16
16
17
17
import _ "embed"
18
18
19
- // This file holds test certificates. It contain five issuance chains.
19
+ // This file holds test certificates. It contains six issuance chains.
20
20
// TODO(phboneff): clean this and make use of a single chain if possible.
21
21
22
22
// Issuance chain 1
@@ -287,6 +287,160 @@ var PreCertFromPreIntermediate string
287
287
288
288
// Issuance chain 3
289
289
// ================
290
+ // The next section holds:
291
+ // - an intermediate signed with the root above.
292
+ // - a pre-cert issued by this intermediate
293
+ // - a cert issued by this intermediate
294
+ //
295
+ // IntermediateFromRoot is an intermedidate cert signed by the root above.
296
+ //
297
+ // Certificate:
298
+ //
299
+ // Data:
300
+ // Version: 3 (0x2)
301
+ // Serial Number: 2 (0x2)
302
+ // Signature Algorithm: ecdsa-with-SHA384
303
+ // Issuer: C=GB, O=TrustFabric Transparency.dev Test Root Test CA, CN=TrustFabric Transparency.dev Test Root Test CA
304
+ // Validity
305
+ // Not Before: Dec 5 18:05:50 2024 GMT
306
+ // Not After : Dec 5 18:05:50 2029 GMT
307
+ // Subject: C=GB, O=TrustFabric Transparency.dev Test Intermediate Test CA, CN=TrustFabric Transparency.dev Test Intermediate Test CA
308
+ // Subject Public Key Info:
309
+ // Public Key Algorithm: id-ecPublicKey
310
+ // Public-Key: (384 bit)
311
+ // pub:
312
+ // 04:c6:3b:93:72:73:76:1b:f6:16:f6:93:2b:22:c0:
313
+ // 1d:8e:e3:c9:1a:64:b8:42:58:0e:72:0a:38:49:84:
314
+ // d2:d3:e7:23:52:ee:9d:8a:28:65:73:2e:2e:7e:05:
315
+ // 1c:d5:4f:5b:42:37:e3:bb:8f:54:3d:68:a9:c3:07:
316
+ // 31:aa:4a:cc:8b:93:d6:a4:31:b2:8e:d0:aa:56:3b:
317
+ // 49:ed:07:d3:36:ff:17:50:ad:6d:65:d7:5d:76:70:
318
+ // d5:08:f2:95:e0:11:0c
319
+ // ASN1 OID: secp384r1
320
+ // NIST CURVE: P-384
321
+ // X509v3 extensions:
322
+ // X509v3 Key Usage: critical
323
+ // Certificate Sign, CRL Sign
324
+ // X509v3 Basic Constraints: critical
325
+ // CA:TRUE
326
+ // X509v3 Subject Key Identifier:
327
+ // A0:D7:2B:CF:08:6F:C0:07:39:9B:C5:A9:87:1D:F7:CC:7D:6B:6F:29
328
+ // X509v3 Authority Key Identifier:
329
+ // 77:1D:7C:21:61:2D:C2:05:7D:AA:30:1E:6B:7F:8F:9B:DC:61:20:68
330
+ // Signature Algorithm: ecdsa-with-SHA384
331
+ // Signature Value:
332
+ // 30:65:02:30:13:7b:99:45:f5:f5:c2:8b:bf:b4:83:8c:10:27:
333
+ // 5e:50:a7:05:c0:61:8a:50:3f:76:2e:ec:88:71:d7:a7:a1:46:
334
+ // 56:3b:3a:bc:e7:74:22:94:56:91:95:80:a5:a1:43:08:02:31:
335
+ // 00:81:a0:12:84:45:6f:35:b3:3d:9b:98:ca:28:33:d2:b9:bf:
336
+ // 8b:82:f7:a9:77:ee:2e:9f:90:0f:36:00:3e:c8:63:4c:1c:6c:
337
+ // de:e8:79:1a:32:44:4a:4e:47:6e:af:a3:24
338
+ //
339
+ //go:embed test_intermediate_ca_cert.pem
340
+ var IntermediateFromRoot string
341
+
342
+ // CertFromIntermediate is a leaf cert signed by the intermediate above.
343
+ //
344
+ // Certificate:
345
+ //
346
+ // Data:
347
+ // Version: 3 (0x2)
348
+ // Serial Number: 100 (0x64)
349
+ // Signature Algorithm: ecdsa-with-SHA384
350
+ // Issuer: C=GB, O=TrustFabric Transparency.dev Test Intermediate Test CA, CN=TrustFabric Transparency.dev Test Intermediate Test CA
351
+ // Validity
352
+ // Not Before: Dec 5 18:05:50 2024 GMT
353
+ // Not After : Dec 5 18:05:50 2025 GMT
354
+ // Subject: C=GB, ST=London, L=London, O=TrustFabric Transparency.dev Test, OU=TrustFabric, CN=test.transparency.dev
355
+ // Subject Public Key Info:
356
+ // Public Key Algorithm: id-ecPublicKey
357
+ // Public-Key: (384 bit)
358
+ // pub:
359
+ // 04:f4:15:a1:50:6c:d3:96:ad:9c:a0:f6:c0:90:4f:
360
+ // 05:13:64:2d:bf:2f:7a:86:4e:c8:25:c3:7d:9e:6f:
361
+ // c3:44:b6:29:98:01:f4:d5:06:58:c9:cc:82:21:79:
362
+ // 97:88:3f:af:4c:bd:93:92:39:08:18:5f:81:c4:0b:
363
+ // a0:ea:83:f8:6d:81:9a:68:20:bf:ad:2c:9b:1f:02:
364
+ // 08:cc:c2:16:a3:18:92:62:fa:b5:b0:da:ba:8b:98:
365
+ // 89:0a:d1:8c:65:3f:62
366
+ // ASN1 OID: secp384r1
367
+ // NIST CURVE: P-384
368
+ // X509v3 extensions:
369
+ // X509v3 Key Usage: critical
370
+ // Digital Signature, Key Encipherment
371
+ // X509v3 Extended Key Usage:
372
+ // TLS Web Server Authentication
373
+ // X509v3 Basic Constraints: critical
374
+ // CA:FALSE
375
+ // X509v3 Authority Key Identifier:
376
+ // A0:D7:2B:CF:08:6F:C0:07:39:9B:C5:A9:87:1D:F7:CC:7D:6B:6F:29
377
+ // X509v3 Subject Alternative Name:
378
+ // DNS:test.transparency.dev
379
+ // Signature Algorithm: ecdsa-with-SHA384
380
+ // Signature Value:
381
+ // 30:66:02:31:00:fd:08:f9:21:b5:a6:e0:32:aa:d0:aa:e2:07:
382
+ // 9c:fd:cc:26:b5:9a:bc:27:60:4f:ea:52:76:9f:cd:5c:23:b0:
383
+ // fd:9e:5d:e9:73:a4:8a:1a:b5:b7:12:c2:69:e7:f1:bd:eb:02:
384
+ // 31:00:af:09:6b:61:78:6c:14:a3:9d:bd:e4:bf:91:43:a2:98:
385
+ // a2:50:27:5d:2c:df:12:38:cd:b7:3d:d6:73:69:3a:5d:54:9c:
386
+ // 58:63:35:3c:39:78:26:37:08:75:3f:4b:fb:68
387
+ //
388
+ //go:embed test_leaf_cert_signed_by_intermediate.pem
389
+ var CertFromIntermediate string
390
+
391
+ // PreCertFromIntrmediate is a pre-cert signed by the intermediate above.
392
+ //
393
+ // Certificate:
394
+ //
395
+ // Data:
396
+ // Version: 3 (0x2)
397
+ // Serial Number: 200 (0xc8)
398
+ // Signature Algorithm: ecdsa-with-SHA384
399
+ // Issuer: C=GB, O=TrustFabric Transparency.dev Test Intermediate Test CA, CN=TrustFabric Transparency.dev Test Intermediate Test CA
400
+ // Validity
401
+ // Not Before: Dec 5 18:05:50 2024 GMT
402
+ // Not After : Dec 5 18:05:50 2025 GMT
403
+ // Subject: C=GB, ST=London, L=London, O=TrustFabric Transparency.dev Test, OU=TrustFabric, CN=test.transparency.dev
404
+ // Subject Public Key Info:
405
+ // Public Key Algorithm: id-ecPublicKey
406
+ // Public-Key: (384 bit)
407
+ // pub:
408
+ // 04:f4:15:a1:50:6c:d3:96:ad:9c:a0:f6:c0:90:4f:
409
+ // 05:13:64:2d:bf:2f:7a:86:4e:c8:25:c3:7d:9e:6f:
410
+ // c3:44:b6:29:98:01:f4:d5:06:58:c9:cc:82:21:79:
411
+ // 97:88:3f:af:4c:bd:93:92:39:08:18:5f:81:c4:0b:
412
+ // a0:ea:83:f8:6d:81:9a:68:20:bf:ad:2c:9b:1f:02:
413
+ // 08:cc:c2:16:a3:18:92:62:fa:b5:b0:da:ba:8b:98:
414
+ // 89:0a:d1:8c:65:3f:62
415
+ // ASN1 OID: secp384r1
416
+ // NIST CURVE: P-384
417
+ // X509v3 extensions:
418
+ // X509v3 Key Usage: critical
419
+ // Digital Signature, Key Encipherment
420
+ // X509v3 Extended Key Usage:
421
+ // TLS Web Server Authentication
422
+ // X509v3 Basic Constraints: critical
423
+ // CA:FALSE
424
+ // X509v3 Authority Key Identifier:
425
+ // A0:D7:2B:CF:08:6F:C0:07:39:9B:C5:A9:87:1D:F7:CC:7D:6B:6F:29
426
+ // X509v3 Subject Alternative Name:
427
+ // DNS:test.transparency.dev
428
+ // CT Precertificate Poison: critical
429
+ // NULL
430
+ // Signature Algorithm: ecdsa-with-SHA384
431
+ // Signature Value:
432
+ // 30:64:02:30:51:d4:2e:f7:e0:50:06:e5:a5:97:1c:d2:f9:4f:
433
+ // 6e:c2:3b:e0:db:59:16:db:8d:1b:a8:c4:c6:b8:0a:4f:a3:0d:
434
+ // 38:43:72:d7:f8:e6:60:e3:b8:44:f2:1f:37:56:30:cb:02:30:
435
+ // 13:62:9c:60:c9:57:d1:b9:e0:43:f7:cf:2c:99:eb:04:84:f7:
436
+ // de:af:fd:d6:1a:63:90:14:4c:53:40:dd:28:0b:aa:69:59:87:
437
+ // 78:8b:65:9e:00:63:75:7a:4c:a0:9f:ca
438
+ //
439
+ //go:embed test_leaf_pre_cert_signed_by_intermediate.pem
440
+ var PreCertFromIntermediate string
441
+
442
+ // Issuance chain 4
443
+ // ================
290
444
// The next section holds a self signed root, an intermediate, and a leaf cert.
291
445
//
292
446
// FakeCACertPEM is a test CA cert for testing.
@@ -574,7 +728,7 @@ D0XUxs5PIdZZGInfeqymk5feReWHBuPHpPIUObKxmQt+hcw6YsHE+0B84Xtx9BMe
574
728
INV6z0j7hKQ6MPpE
575
729
-----END CERTIFICATE-----`
576
730
577
- // Issuance chain 4
731
+ // Issuance chain 5
578
732
// ================
579
733
// The next section holds a self signed root, intermediate certs
580
734
// with various policy constraints, and a leaf cert.
@@ -864,7 +1018,7 @@ Brd3sq2ogxuDOGReOiVR6VcfAFNy2wgRZT30AiEAoU5dtZqLEG4Voyq92YCRlnwa
864
1018
T4+R3ESfE/9X8F7OMjQ=
865
1019
-----END CERTIFICATE-----`
866
1020
867
- // Issuance chain 5
1021
+ // Issuance chain 6
868
1022
// ================
869
1023
// The next section holds a real world intermediate and leaf cert.
870
1024
0 commit comments