From e76cc77296612b97bb8df7a525b7cec68f77070f Mon Sep 17 00:00:00 2001 From: Adriano Santoni Date: Sun, 10 Mar 2024 18:36:37 +0100 Subject: [PATCH] Add lint for checking that Subject attributes (RDNs) appear in the order prescribed by CABF BR 7.1.4.2 (#813) * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Update lint_invalid_subject_rdn_order_test.go Added //nolint:all to comment block to avoid golangci-lint to complain about duplicate words in comment * Update lint_invalid_subject_rdn_order.go Fixed import block * Update v3/lints/cabf_br/lint_invalid_subject_rdn_order.go Fine to me. Co-authored-by: Christopher Henderson * Update lint_invalid_subject_rdn_order.go As per Chris Henderson's suggestion, to "improve readability". * Update lint_invalid_subject_rdn_order_test.go As per Chris Henderson's suggestion. --------- Co-authored-by: Christopher Henderson --- .../cabf_br/lint_invalid_subject_rdn_order.go | 145 ++++++++++++++++++ .../lint_invalid_subject_rdn_order_test.go | 122 +++++++++++++++ v3/testdata/subject_rdn_order_ko_01.pem | 92 +++++++++++ v3/testdata/subject_rdn_order_ko_02.pem | 92 +++++++++++ v3/testdata/subject_rdn_order_ko_03.pem | 93 +++++++++++ v3/testdata/subject_rdn_order_ko_04.pem | 93 +++++++++++ v3/testdata/subject_rdn_order_ko_05.pem | 92 +++++++++++ v3/testdata/subject_rdn_order_ko_06.pem | 95 ++++++++++++ v3/testdata/subject_rdn_order_ko_07.pem | 91 +++++++++++ v3/testdata/subject_rdn_order_ok_01.pem | 92 +++++++++++ v3/testdata/subject_rdn_order_ok_02.pem | 93 +++++++++++ v3/testdata/subject_rdn_order_ok_03.pem | 93 +++++++++++ v3/testdata/subject_rdn_order_ok_04.pem | 93 +++++++++++ v3/testdata/subject_rdn_order_ok_05.pem | 94 ++++++++++++ v3/testdata/subject_rdn_order_ok_06.pem | 92 +++++++++++ v3/testdata/subject_rdn_order_ok_07.pem | 91 +++++++++++ v3/util/time.go | 1 + 17 files changed, 1564 insertions(+) create mode 100644 v3/lints/cabf_br/lint_invalid_subject_rdn_order.go create mode 100644 v3/lints/cabf_br/lint_invalid_subject_rdn_order_test.go create mode 100644 v3/testdata/subject_rdn_order_ko_01.pem create mode 100644 v3/testdata/subject_rdn_order_ko_02.pem create mode 100644 v3/testdata/subject_rdn_order_ko_03.pem create mode 100644 v3/testdata/subject_rdn_order_ko_04.pem create mode 100644 v3/testdata/subject_rdn_order_ko_05.pem create mode 100644 v3/testdata/subject_rdn_order_ko_06.pem create mode 100644 v3/testdata/subject_rdn_order_ko_07.pem create mode 100644 v3/testdata/subject_rdn_order_ok_01.pem create mode 100644 v3/testdata/subject_rdn_order_ok_02.pem create mode 100644 v3/testdata/subject_rdn_order_ok_03.pem create mode 100644 v3/testdata/subject_rdn_order_ok_04.pem create mode 100644 v3/testdata/subject_rdn_order_ok_05.pem create mode 100644 v3/testdata/subject_rdn_order_ok_06.pem create mode 100644 v3/testdata/subject_rdn_order_ok_07.pem diff --git a/v3/lints/cabf_br/lint_invalid_subject_rdn_order.go b/v3/lints/cabf_br/lint_invalid_subject_rdn_order.go new file mode 100644 index 000000000..b4710e205 --- /dev/null +++ b/v3/lints/cabf_br/lint_invalid_subject_rdn_order.go @@ -0,0 +1,145 @@ +/* + * ZLint Copyright 2024 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +/* + * Contributed by Adriano Santoni + * of ACTALIS S.p.A. (www.actalis.com). + */ + +package cabf_br + +import ( + "crypto/x509/pkix" + "encoding/asn1" + + "github.com/zmap/zcrypto/x509" + "github.com/zmap/zlint/v3/lint" + "github.com/zmap/zlint/v3/util" +) + +func init() { + lint.RegisterCertificateLint(&lint.CertificateLint{ + LintMetadata: lint.LintMetadata{ + Name: "e_invalid_subject_rdn_order", + Description: "Subject field attributes (RDNs) SHALL be encoded in a specific order", + Citation: "BRs: 7.1.4.2", + Source: lint.CABFBaselineRequirements, + EffectiveDate: util.CABFBRs_2_0_0_Date, + }, + Lint: NewInvalidSubjectRDNOrder, + }) +} + +type invalidSubjectRDNOrder struct{} + +func NewInvalidSubjectRDNOrder() lint.LintInterface { + return &invalidSubjectRDNOrder{} +} + +func (l *invalidSubjectRDNOrder) CheckApplies(c *x509.Certificate) bool { + return util.IsSubscriberCert(c) +} + +func getShortOIDName(oid string) string { + switch oid { + case "0.9.2342.19200300.100.1.25": + return "DC" + case "2.5.4.6": + return "C" + case "2.5.4.8": + return "ST" + case "2.5.4.7": + return "L" + case "2.5.4.17": + return "postalCode" + case "2.5.4.9": + return "street" + case "2.5.4.10": + return "O" + case "2.5.4.4": + return "SN" + case "2.5.4.42": + return "givenName" + case "2.5.4.11": + return "OU" + case "2.5.4.3": + return "CN" + default: + return "" + } +} + +func findElement(arr []string, target string) (int, bool) { + for i, value := range arr { + if value == target { + return i, true + } + } + return -1, false +} + +func checkOrder(actualOrder []string, expectedOrder []string) bool { + var prevPosition int + prevPosition = 0 + + for _, targetElement := range actualOrder { + position, found := findElement(expectedOrder, targetElement) + if found { + if position < prevPosition { + return false + } + prevPosition = position + } + } + return true +} + +func checkSubjectRDNOrder(cert *x509.Certificate) bool { + + rawSubject := cert.RawSubject + + var rdnSequence pkix.RDNSequence + _, err := asn1.Unmarshal(rawSubject, &rdnSequence) + if err != nil { + return false + } + + var rdnOrder []string + + for _, rdn := range rdnSequence { + for _, atv := range rdn { + rdnShortName := getShortOIDName(atv.Type.String()) + if rdnShortName != "" { + rdnOrder = append(rdnOrder, rdnShortName) + } + } + } + + // Expected order of RDNs as per CABF BR section 7.1.4.2 + expectedRDNOrder := []string{"DC", "C", "ST", "L", "postalCode", "street", "O", "SN", "givenName", "OU", "CN"} + + return checkOrder(rdnOrder, expectedRDNOrder) +} + +func (l *invalidSubjectRDNOrder) Execute(c *x509.Certificate) *lint.LintResult { + + var out lint.LintResult + + if checkSubjectRDNOrder(c) { + out.Status = lint.Pass + } else { + out.Status = lint.Error + } + return &out +} diff --git a/v3/lints/cabf_br/lint_invalid_subject_rdn_order_test.go b/v3/lints/cabf_br/lint_invalid_subject_rdn_order_test.go new file mode 100644 index 000000000..3aa634a42 --- /dev/null +++ b/v3/lints/cabf_br/lint_invalid_subject_rdn_order_test.go @@ -0,0 +1,122 @@ +/* + * ZLint Copyright 2024 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +/* + * Contributed by Adriano Santoni + * of ACTALIS S.p.A. (www.actalis.com). + */ + +package cabf_br + +import ( + "testing" + + "github.com/zmap/zlint/v3/lint" + "github.com/zmap/zlint/v3/test" +) + +//nolint:all +/* + === Proper RDN order test cases + subject_rdn_order_ok_01.pem C, ST, L, O, CN + subject_rdn_order_ok_02.pem C, ST, L, postalCode, street, O, CN + subject_rdn_order_ok_03.pem + subject_rdn_order_ok_04.pem DC, DC, C, ST, L, O, CN + subject_rdn_order_ok_05.pem C, ST, L, street, O, CN, serialNumber, businessCategory, jurisdictionCountry + subject_rdn_order_ok_06.pem C, ST, L, SN, givenName, CN + subject_rdn_order_ok_07.pem CN + + === Wrong RDN order test cases + subject_rdn_order_ko_01.pem C, ST, L, CN, O + subject_rdn_order_ko_02.pem CN, O, L, ST, C + subject_rdn_order_ko_03.pem C, ST, L, O, CN, street + subject_rdn_order_ko_04.pem C, ST, L, O, CN, DC, DC + subject_rdn_order_ko_05.pem C, ST, L, givenName, SN, CN + subject_rdn_order_ko_06.pem C, ST, L, street, postalCode, O + subject_rdn_order_ko_07.pem CN, C +*/ + +func TestInvalidSubjectRDNOrder(t *testing.T) { + type Data struct { + input string + want lint.LintStatus + } + data := []Data{ + { + input: "subject_rdn_order_ok_01.pem", + want: lint.Pass, + }, + { + input: "subject_rdn_order_ok_02.pem", + want: lint.Pass, + }, + { + input: "subject_rdn_order_ok_03.pem", + want: lint.Pass, + }, + { + input: "subject_rdn_order_ok_04.pem", + want: lint.Pass, + }, + { + input: "subject_rdn_order_ok_05.pem", + want: lint.Pass, + }, + { + input: "subject_rdn_order_ok_06.pem", + want: lint.Pass, + }, + { + input: "subject_rdn_order_ok_07.pem", + want: lint.Pass, + }, + { + input: "subject_rdn_order_ko_01.pem", + want: lint.Error, + }, + { + input: "subject_rdn_order_ko_02.pem", + want: lint.Error, + }, + { + input: "subject_rdn_order_ko_03.pem", + want: lint.Error, + }, + { + input: "subject_rdn_order_ko_04.pem", + want: lint.Error, + }, + { + input: "subject_rdn_order_ko_05.pem", + want: lint.Error, + }, + { + input: "subject_rdn_order_ko_06.pem", + want: lint.Error, + }, + { + input: "subject_rdn_order_ko_07.pem", + want: lint.Error, + }, + } + for _, testData := range data { + testData := testData + t.Run(testData.input, func(t *testing.T) { + out := test.TestLint("e_invalid_subject_rdn_order", testData.input) + if out.Status != testData.want { + t.Errorf("expected %s, got %s", testData.want, out.Status) + } + }) + } +} diff --git a/v3/testdata/subject_rdn_order_ko_01.pem b/v3/testdata/subject_rdn_order_ko_01.pem new file mode 100644 index 000000000..e717ccf24 --- /dev/null +++ b/v3/testdata/subject_rdn_order_ko_01.pem @@ -0,0 +1,92 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9092871303437831039 (0x7e305e463dc14b7f) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = IT, ST = Milano, L = Santa Redegonda, O = Certificati Gratis S.p.A., CN = Certificati Gratis CA + Validity + Not Before: Mar 8 10:10:00 2024 GMT + Not After : Mar 8 08:50:00 2025 GMT + Subject: C = IT, ST = Milano, L = Milano, CN = example.org, O = Example + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bc:ae:30:0d:6a:39:0c:02:14:f6:98:c2:97:6e: + c3:e2:a3:27:f8:e1:48:da:66:17:d7:d4:23:f9:47: + e0:6c:67:ea:a4:7b:54:fa:b2:50:21:86:0b:69:7a: + 67:a2:e8:44:05:9d:fc:50:82:cc:91:3d:ef:22:d3: + af:83:aa:90:db:69:89:d4:9c:e3:97:81:cf:c3:59: + d9:c1:64:3c:aa:f3:42:25:3c:ae:3d:2a:48:cd:25: + 25:ae:59:d9:79:bb:e6:26:d3:cb:44:fa:21:5b:d5: + e3:89:9b:6f:96:f1:fc:3a:5b:c4:0c:52:89:46:48: + 7b:41:4c:84:9f:cf:79:10:05:52:74:9c:e1:12:29: + d7:3b:d8:10:b9:7d:44:73:da:f5:60:ce:1e:54:e9: + b1:1d:7f:4c:ac:2c:23:f3:91:59:12:df:f9:07:a3: + da:be:8e:18:a1:b5:74:60:e2:f9:64:52:30:65:f9: + e8:75:22:21:4d:f6:4f:e2:47:c4:5b:f7:ea:b2:be: + 90:3d:9a:13:f3:7e:51:c7:6e:3e:bb:3f:43:9c:c7: + aa:e1:26:11:e6:40:c5:ab:b2:4a:f3:44:36:19:8f: + 3d:d6:4a:45:1d:d2:db:03:53:ee:64:16:92:95:6e: + 92:ab:19:33:06:d8:ad:4d:a1:1e:39:4d:44:80:3c: + e9:23 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 6f:1f:bd:b4:2c:a6:67:95:07:73:cb:79:1a:a5:99:e1:c8:f6: + 73:6e:53:0e:15:a1:c3:3e:07:a8:0f:6b:31:09:89:f6:d1:2b: + 42:aa:f8:62:4e:0d:dc:fc:03:f3:de:8e:e3:bf:c8:3c:b0:69: + f6:23:11:01:fa:aa:9c:c8:24:4e:f0:7a:86:d9:dc:79:b7:96: + ec:f5:70:6e:f0:73:7c:3f:56:5b:a7:48:d8:da:bb:bc:2c:ba: + dc:c0:c1:f5:1b:76:5d:1a:1d:ad:e6:f2:22:50:3f:06:fa:06: + f9:ec:6c:05:a2:5f:22:62:ef:80:de:20:48:31:7f:90:c0:9b: + f6:1b:d8:4e:36:55:03:fb:c6:d2:bf:bd:d5:2c:55:37:f0:75: + 2f:e7:96:43:29:ea:01:f7:89:75:72:ef:af:f8:31:a6:9c:3a: + 13:68:77:54:7d:75:05:fe:d6:b2:33:9b:d1:07:24:9d:8f:20: + 34:7a:19:ed:ae:94:47:3d:65:42:3d:ba:87:0d:61:ce:aa:57: + 0e:c5:bc:da:8b:9e:23:42:d2:76:fb:4f:c6:7f:62:66:b2:38: + 67:2c:3f:32:4b:2f:0a:78:51:ae:8c:8f:4f:49:72:6e:c7:78: + 65:d5:8b:e3:da:2a:55:35:b4:31:71:4c:9c:48:a0:74:ca:4e: + a2:c6:12:a3:96:fb:dd:08:49:82:0b:2e:30:18:91:3c:e2:d2: + e5:22:8f:b3:f6:d6:11:88:b6:df:ba:3b:88:49:3d:92:c6:d0: + d2:b2:0c:2b:4d:60:3f:47:a0:a9:82:4b:c8:13:09:f3:f2:71: + 2b:d6:7d:cf:67:5c:a8:2c:0e:3f:a9:e8:a6:8b:17:41:9f:77: + a9:04:5c:65:a8:4d:40:17:6c:ef:07:ef:a1:4f:fa:2e:78:f5: + 64:71:44:9d:b6:b0:26:e7:20:1e:06:e1:7c:24:a4:5b:2d:4e: + 80:ee:69:27:1e:6e:4a:e1:33:be:8d:06:8c:14:61:50:98:7f: + 5e:d8:d2:58:37:21:8a:46:6a:0c:70:4f:22:4a:05:75:9e:00: + 72:e0:74:f4:f1:86:6f:3e:fa:88:0b:35:34:89:bb:53:80:b0: + 29:d7:af:5c:8c:9d:7a:a3:8e:04:c2:4c:22:7a:3d:ff:c9:50: + 24:8a:3a:19:62:9c:46:97:b6:aa:75:0a:d3:d5:88:eb:1a:ce: + df:fc:b8:89:f0:6c:a6:a7:7d:1c:72:49:6c:cf:5e:8b:32:f6: + e1:27:95:39:94:7c:6a:e2:9c:14:04:26:0f:45:6e:81:a2:fd: + 39:45:3c:1f:9b:ff:1b:ff:71:1a:d4:12:10:57:71:bb:ab:f4: + 5f:35:82:63:fb:59:b8:10 +-----BEGIN CERTIFICATE----- +MIIEbDCCAlSgAwIBAgIIfjBeRj3BS38wDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCSVQxDzANBgNVBAgTBk1pbGFubzEYMBYGA1UEBxMPU2FudGEgUmVkZWdvbmRh +MSIwIAYDVQQKExlDZXJ0aWZpY2F0aSBHcmF0aXMgUy5wLkEuMR4wHAYDVQQDExVD +ZXJ0aWZpY2F0aSBHcmF0aXMgQ0EwHhcNMjQwMzA4MTAxMDAwWhcNMjUwMzA4MDg1 +MDAwWjBXMQswCQYDVQQGEwJJVDEPMA0GA1UECBMGTWlsYW5vMQ8wDQYDVQQHEwZN +aWxhbm8xFDASBgNVBAMTC2V4YW1wbGUub3JnMRAwDgYDVQQKEwdFeGFtcGxlMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvK4wDWo5DAIU9pjCl27D4qMn ++OFI2mYX19Qj+UfgbGfqpHtU+rJQIYYLaXpnouhEBZ38UILMkT3vItOvg6qQ22mJ +1Jzjl4HPw1nZwWQ8qvNCJTyuPSpIzSUlrlnZebvmJtPLRPohW9XjiZtvlvH8OlvE +DFKJRkh7QUyEn895EAVSdJzhEinXO9gQuX1Ec9r1YM4eVOmxHX9MrCwj85FZEt/5 +B6Pavo4YobV0YOL5ZFIwZfnodSIhTfZP4kfEW/fqsr6QPZoT835Rx24+uz9DnMeq +4SYR5kDFq7JK80Q2GY891kpFHdLbA1PuZBaSlW6SqxkzBtitTaEeOU1EgDzpIwID +AQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEA +bx+9tCymZ5UHc8t5GqWZ4cj2c25TDhWhwz4HqA9rMQmJ9tErQqr4Yk4N3PwD896O +47/IPLBp9iMRAfqqnMgkTvB6htncebeW7PVwbvBzfD9WW6dI2Nq7vCy63MDB9Rt2 +XRodrebyIlA/BvoG+exsBaJfImLvgN4gSDF/kMCb9hvYTjZVA/vG0r+91SxVN/B1 +L+eWQynqAfeJdXLvr/gxppw6E2h3VH11Bf7WsjOb0QcknY8gNHoZ7a6URz1lQj26 +hw1hzqpXDsW82oueI0LSdvtPxn9iZrI4Zyw/MksvCnhRroyPT0lybsd4ZdWL49oq +VTW0MXFMnEigdMpOosYSo5b73QhJggsuMBiRPOLS5SKPs/bWEYi237o7iEk9ksbQ +0rIMK01gP0egqYJLyBMJ8/JxK9Z9z2dcqCwOP6noposXQZ93qQRcZahNQBds7wfv +oU/6Lnj1ZHFEnbawJucgHgbhfCSkWy1OgO5pJx5uSuEzvo0GjBRhUJh/XtjSWDch +ikZqDHBPIkoFdZ4AcuB09PGGbz76iAs1NIm7U4CwKdevXIydeqOOBMJMIno9/8lQ +JIo6GWKcRpe2qnUK09WI6xrO3/y4ifBspqd9HHJJbM9eizL24SeVOZR8auKcFAQm +D0VugaL9OUU8H5v/G/9xGtQSEFdxu6v0XzWCY/tZuBA= +-----END CERTIFICATE----- diff --git a/v3/testdata/subject_rdn_order_ko_02.pem b/v3/testdata/subject_rdn_order_ko_02.pem new file mode 100644 index 000000000..f508b42a4 --- /dev/null +++ b/v3/testdata/subject_rdn_order_ko_02.pem @@ -0,0 +1,92 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 766384265038364412 (0xaa2be6db70f7efc) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = IT, ST = Milano, L = Santa Redegonda, O = Certificati Gratis S.p.A., CN = Certificati Gratis CA + Validity + Not Before: Mar 8 13:59:00 2024 GMT + Not After : Mar 8 08:50:00 2025 GMT + Subject: CN = example.org, O = Example, L = Milano, ST = Milano, C = IT + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c1:0a:81:60:21:e7:7b:a3:ec:6f:e4:e0:fc:2f: + 61:47:88:69:01:58:9b:a3:89:98:0b:42:17:47:87: + 87:b2:0e:1f:74:22:28:e5:cf:9a:d2:7f:26:db:4f: + 1d:e8:8d:19:fa:cd:e6:dd:4c:c0:da:38:93:f6:bf: + e8:f4:9d:1f:00:c8:bf:cb:f5:4f:b0:fa:c3:24:ce: + 2f:04:3b:fa:27:dd:8c:3b:f7:44:09:89:16:19:0e: + 95:0a:8d:eb:0e:54:3f:81:c0:e7:62:b0:d9:6b:5a: + 89:93:78:08:db:8c:18:3d:24:81:6b:2e:b9:ff:0d: + 5a:71:24:b7:53:1f:c2:96:57:cd:49:98:b6:21:35: + 47:6b:83:19:2d:a9:4b:e2:17:a2:bd:1e:ab:16:4f: + d4:9a:9b:01:d8:e1:bf:d5:27:75:f2:09:78:63:1b: + 24:5e:2d:fe:66:fa:32:96:60:51:9c:46:0e:0b:aa: + e8:57:22:d4:16:38:11:96:d0:fe:63:56:f1:e8:7e: + eb:99:75:ce:4b:d2:e2:f9:71:26:62:31:2a:03:5d: + b4:d4:04:fb:33:9f:34:de:a1:39:85:cf:48:d0:a1: + 16:d5:95:c7:20:38:ba:24:d9:de:98:31:01:0b:1c: + be:6e:bb:16:0d:f5:06:42:27:82:49:57:32:f3:67: + 02:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 0a:eb:9d:c0:96:17:e6:9b:d4:49:91:07:f4:30:3f:f4:89:49: + d0:85:e3:45:94:13:2d:d7:e6:fd:9b:1c:76:9f:80:d6:2b:98: + de:46:f5:bd:a4:95:06:d5:4d:45:f2:1a:b2:a8:ec:9f:d5:77: + 8a:70:af:d9:3f:e4:77:f0:ae:d9:de:6d:86:68:5b:1d:1e:a6: + f4:2e:f0:a9:c9:a8:a6:cf:f6:03:d2:c5:d1:87:a1:d0:77:1c: + 93:9d:f3:22:90:00:16:83:9f:8d:ac:fb:f1:17:45:12:f3:28: + f0:6a:d3:67:d7:7c:6b:13:18:98:3b:13:31:c1:83:c5:63:9b: + 4d:19:cd:bb:da:32:89:e4:c8:b3:60:bf:0c:86:58:8e:51:04: + c9:4d:fa:f6:02:9b:2a:8a:d3:bc:26:92:24:84:1e:36:37:f0: + 27:78:6b:48:8a:18:07:95:6c:99:00:37:b3:37:46:e2:f4:01: + f9:b5:f9:76:a2:78:d4:2e:44:71:ba:36:87:b4:19:43:7d:ce: + a2:bd:b9:69:f8:ea:56:c0:e2:d6:55:89:c6:80:3c:0a:bb:1f: + 5e:3d:9a:bd:f1:f8:b9:92:84:6e:22:da:d2:a8:01:17:33:1c: + 44:a6:0d:22:20:e1:f7:5e:42:60:06:9e:dc:5a:3b:3e:63:b8: + d8:db:0a:e8:bf:32:ca:bb:34:fd:d2:a5:27:89:af:46:af:2d: + 5b:e4:4c:f5:c6:e2:d1:a1:60:4f:e6:50:63:4f:9d:87:c2:e4: + 65:6d:4c:15:fa:60:84:c8:d5:f1:47:60:48:9a:e7:dc:70:1c: + 67:78:b4:e2:3d:3d:0b:7f:3f:33:32:dd:0a:dc:97:30:c0:d9: + 5b:0f:7c:a5:c7:70:23:64:b5:7c:0c:ba:67:67:71:b9:28:53: + 28:08:c6:1a:ae:d1:69:4f:aa:39:78:57:fd:02:50:de:de:73: + a9:51:f0:d2:4b:e9:9e:20:fd:96:55:70:37:5c:55:11:c1:a8: + 2b:1a:c1:4e:30:f5:b0:7d:09:3b:2b:4b:e6:73:d0:ca:d2:80: + 01:bd:57:81:e0:6b:4b:04:27:a8:fe:27:cb:d0:37:2b:78:1d: + c6:71:f1:ec:0e:b1:ac:db:d5:bb:d0:e2:94:84:04:a0:23:d0: + 2e:29:49:77:92:36:d1:8b:d2:aa:02:af:ca:8b:f4:0c:54:fa: + b3:56:90:a8:2a:54:ad:b2:2f:c5:8d:2c:7d:c5:55:99:d7:51: + c8:6d:a4:60:60:79:3f:f1:56:06:1b:a8:71:0d:8b:5f:b7:f7: + be:81:19:15:67:3d:c8:4b:8d:d0:90:2a:d6:d1:a4:c0:d8:9a: + 79:b9:1a:1b:92:40:ab:7c +-----BEGIN CERTIFICATE----- +MIIEbDCCAlSgAwIBAgIICqK+bbcPfvwwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCSVQxDzANBgNVBAgTBk1pbGFubzEYMBYGA1UEBxMPU2FudGEgUmVkZWdvbmRh +MSIwIAYDVQQKExlDZXJ0aWZpY2F0aSBHcmF0aXMgUy5wLkEuMR4wHAYDVQQDExVD +ZXJ0aWZpY2F0aSBHcmF0aXMgQ0EwHhcNMjQwMzA4MTM1OTAwWhcNMjUwMzA4MDg1 +MDAwWjBXMRQwEgYDVQQDEwtleGFtcGxlLm9yZzEQMA4GA1UEChMHRXhhbXBsZTEP +MA0GA1UEBxMGTWlsYW5vMQ8wDQYDVQQIEwZNaWxhbm8xCzAJBgNVBAYTAklUMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQqBYCHne6Psb+Tg/C9hR4hp +AVibo4mYC0IXR4eHsg4fdCIo5c+a0n8m208d6I0Z+s3m3UzA2jiT9r/o9J0fAMi/ +y/VPsPrDJM4vBDv6J92MO/dECYkWGQ6VCo3rDlQ/gcDnYrDZa1qJk3gI24wYPSSB +ay65/w1acSS3Ux/CllfNSZi2ITVHa4MZLalL4heivR6rFk/UmpsB2OG/1Sd18gl4 +YxskXi3+ZvoylmBRnEYOC6roVyLUFjgRltD+Y1bx6H7rmXXOS9Li+XEmYjEqA120 +1AT7M5803qE5hc9I0KEW1ZXHIDi6JNnemDEBCxy+brsWDfUGQieCSVcy82cCqwID +AQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEA +CuudwJYX5pvUSZEH9DA/9IlJ0IXjRZQTLdfm/Zscdp+A1iuY3kb1vaSVBtVNRfIa +sqjsn9V3inCv2T/kd/Cu2d5thmhbHR6m9C7wqcmops/2A9LF0Yeh0Hcck53zIpAA +FoOfjaz78RdFEvMo8GrTZ9d8axMYmDsTMcGDxWObTRnNu9oyieTIs2C/DIZYjlEE +yU369gKbKorTvCaSJIQeNjfwJ3hrSIoYB5VsmQA3szdG4vQB+bX5dqJ41C5Ecbo2 +h7QZQ33Oor25afjqVsDi1lWJxoA8CrsfXj2avfH4uZKEbiLa0qgBFzMcRKYNIiDh +915CYAae3Fo7PmO42NsK6L8yyrs0/dKlJ4mvRq8tW+RM9cbi0aFgT+ZQY0+dh8Lk +ZW1MFfpghMjV8UdgSJrn3HAcZ3i04j09C38/MzLdCtyXMMDZWw98pcdwI2S1fAy6 +Z2dxuShTKAjGGq7RaU+qOXhX/QJQ3t5zqVHw0kvpniD9llVwN1xVEcGoKxrBTjD1 +sH0JOytL5nPQytKAAb1XgeBrSwQnqP4ny9A3K3gdxnHx7A6xrNvVu9DilIQEoCPQ +LilJd5I20YvSqgKvyov0DFT6s1aQqCpUrbIvxY0sfcVVmddRyG2kYGB5P/FWBhuo +cQ2LX7f3voEZFWc9yEuN0JAq1tGkwNiaebkaG5JAq3w= +-----END CERTIFICATE----- diff --git a/v3/testdata/subject_rdn_order_ko_03.pem b/v3/testdata/subject_rdn_order_ko_03.pem new file mode 100644 index 000000000..12b9fd809 --- /dev/null +++ b/v3/testdata/subject_rdn_order_ko_03.pem @@ -0,0 +1,93 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3065546558357960659 (0x2a8b025a5558f7d3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = IT, ST = Milano, L = Santa Redegonda, O = Certificati Gratis S.p.A., CN = Certificati Gratis CA + Validity + Not Before: Mar 8 14:02:00 2024 GMT + Not After : Mar 8 08:50:00 2025 GMT + Subject: C = IT, ST = Milano, L = Milano, O = Example, CN = example.org, street = Via Carducci + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c1:0a:81:60:21:e7:7b:a3:ec:6f:e4:e0:fc:2f: + 61:47:88:69:01:58:9b:a3:89:98:0b:42:17:47:87: + 87:b2:0e:1f:74:22:28:e5:cf:9a:d2:7f:26:db:4f: + 1d:e8:8d:19:fa:cd:e6:dd:4c:c0:da:38:93:f6:bf: + e8:f4:9d:1f:00:c8:bf:cb:f5:4f:b0:fa:c3:24:ce: + 2f:04:3b:fa:27:dd:8c:3b:f7:44:09:89:16:19:0e: + 95:0a:8d:eb:0e:54:3f:81:c0:e7:62:b0:d9:6b:5a: + 89:93:78:08:db:8c:18:3d:24:81:6b:2e:b9:ff:0d: + 5a:71:24:b7:53:1f:c2:96:57:cd:49:98:b6:21:35: + 47:6b:83:19:2d:a9:4b:e2:17:a2:bd:1e:ab:16:4f: + d4:9a:9b:01:d8:e1:bf:d5:27:75:f2:09:78:63:1b: + 24:5e:2d:fe:66:fa:32:96:60:51:9c:46:0e:0b:aa: + e8:57:22:d4:16:38:11:96:d0:fe:63:56:f1:e8:7e: + eb:99:75:ce:4b:d2:e2:f9:71:26:62:31:2a:03:5d: + b4:d4:04:fb:33:9f:34:de:a1:39:85:cf:48:d0:a1: + 16:d5:95:c7:20:38:ba:24:d9:de:98:31:01:0b:1c: + be:6e:bb:16:0d:f5:06:42:27:82:49:57:32:f3:67: + 02:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 09:82:cd:65:23:8d:a9:1c:b2:c2:10:a2:ee:44:4c:03:d4:e0: + 69:b3:bf:cc:43:10:d7:a7:6c:3a:cf:8d:9f:61:0c:38:8a:09: + b2:f0:73:41:2f:07:94:7a:d3:38:ba:75:d7:4c:63:a8:2d:48: + c5:56:80:d7:3c:62:ba:c5:15:43:cd:de:60:33:2b:42:0b:e2: + 7c:65:f6:d9:ae:0b:9a:0b:54:c0:5a:1c:9b:95:91:17:6d:e9: + c5:7d:cc:52:47:35:65:16:10:45:81:58:45:3e:bf:35:15:b4: + 30:d2:ba:6a:75:3e:68:9c:2e:d5:aa:2c:07:ea:ae:71:74:78: + 63:63:3d:9f:15:08:5a:0f:80:cf:7a:f1:cc:ba:48:d5:a1:f7: + da:b8:c0:1c:c3:7c:94:fc:fd:d7:5b:56:ec:5a:a8:33:23:6a: + 18:74:d0:9a:a4:91:6e:3d:53:d0:ff:d3:a2:81:c2:74:50:44: + 4a:57:92:cd:8e:4b:d4:b0:08:22:9e:20:13:b0:0b:eb:9c:ce: + c2:b7:e9:d6:28:c6:d2:ea:29:3e:2f:7f:b1:02:16:7f:74:b3: + 4a:09:88:b9:ef:ce:74:60:18:cd:7b:37:03:07:45:d6:63:2d: + af:d2:df:80:b5:00:af:27:d0:f2:18:2b:b1:8a:68:ec:7e:f9: + 0e:cf:f1:4e:e0:89:03:1b:be:36:d4:a0:a7:f5:f3:76:b8:10: + 92:99:5c:00:08:85:c2:68:9c:47:5d:5a:f1:fa:29:ee:29:df: + 44:9a:bb:97:1d:cf:89:80:c2:4b:b0:39:68:07:48:e2:51:23: + 2e:d7:4b:49:5e:11:ad:60:c4:e3:1b:08:2e:01:7e:85:d0:76: + a3:5e:09:92:0f:0c:a0:9f:e5:d4:75:9e:f8:a6:f3:ac:43:6d: + 26:ca:29:5d:3a:e3:b1:33:2d:60:9b:a7:ea:d8:62:43:11:38: + c9:0b:f9:c1:ae:fb:c2:37:2a:65:62:21:6f:ba:49:33:98:5a: + c0:a0:8a:16:16:e6:56:29:e6:e8:f7:54:f5:68:48:aa:66:e0: + 90:17:42:ac:64:77:09:39:d7:e1:ba:c8:e3:9d:89:76:d3:bb: + ea:f7:64:23:8c:7e:24:ff:0d:7a:0e:49:5d:b9:1f:26:92:5f: + 64:a3:e5:07:40:27:f3:2b:6a:e8:4b:7c:95:7b:3e:9d:42:db: + 8d:03:04:f5:ab:1a:8d:13:93:fb:92:80:e0:1f:c2:49:70:22: + 25:b9:6f:bb:b7:49:6c:6c:05:59:6d:db:81:91:14:1d:92:9b: + 73:50:a6:80:3e:dd:a8:13:fe:df:3c:a3:92:fd:d4:95:ed:f6: + 57:84:a0:7f:1d:1f:05:13 +-----BEGIN CERTIFICATE----- +MIIEgzCCAmugAwIBAgIIKosCWlVY99MwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCSVQxDzANBgNVBAgTBk1pbGFubzEYMBYGA1UEBxMPU2FudGEgUmVkZWdvbmRh +MSIwIAYDVQQKExlDZXJ0aWZpY2F0aSBHcmF0aXMgUy5wLkEuMR4wHAYDVQQDExVD +ZXJ0aWZpY2F0aSBHcmF0aXMgQ0EwHhcNMjQwMzA4MTQwMjAwWhcNMjUwMzA4MDg1 +MDAwWjBuMQswCQYDVQQGEwJJVDEPMA0GA1UECBMGTWlsYW5vMQ8wDQYDVQQHEwZN +aWxhbm8xEDAOBgNVBAoTB0V4YW1wbGUxFDASBgNVBAMTC2V4YW1wbGUub3JnMRUw +EwYDVQQJEwxWaWEgQ2FyZHVjY2kwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDBCoFgIed7o+xv5OD8L2FHiGkBWJujiZgLQhdHh4eyDh90Iijlz5rSfybb +Tx3ojRn6zebdTMDaOJP2v+j0nR8AyL/L9U+w+sMkzi8EO/on3Yw790QJiRYZDpUK +jesOVD+BwOdisNlrWomTeAjbjBg9JIFrLrn/DVpxJLdTH8KWV81JmLYhNUdrgxkt +qUviF6K9HqsWT9SamwHY4b/VJ3XyCXhjGyReLf5m+jKWYFGcRg4LquhXItQWOBGW +0P5jVvHofuuZdc5L0uL5cSZiMSoDXbTUBPsznzTeoTmFz0jQoRbVlccgOLok2d6Y +MQELHL5uuxYN9QZCJ4JJVzLzZwKrAgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUF +BwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJgs1lI42pHLLCEKLuREwD1OBps7/MQxDX +p2w6z42fYQw4igmy8HNBLweUetM4unXXTGOoLUjFVoDXPGK6xRVDzd5gMytCC+J8 +ZfbZrguaC1TAWhyblZEXbenFfcxSRzVlFhBFgVhFPr81FbQw0rpqdT5onC7VqiwH +6q5xdHhjYz2fFQhaD4DPevHMukjVoffauMAcw3yU/P3XW1bsWqgzI2oYdNCapJFu +PVPQ/9OigcJ0UERKV5LNjkvUsAginiATsAvrnM7Ct+nWKMbS6ik+L3+xAhZ/dLNK +CYi57850YBjNezcDB0XWYy2v0t+AtQCvJ9DyGCuximjsfvkOz/FO4IkDG7421KCn +9fN2uBCSmVwACIXCaJxHXVrx+inuKd9EmruXHc+JgMJLsDloB0jiUSMu10tJXhGt +YMTjGwguAX6F0HajXgmSDwygn+XUdZ74pvOsQ20myildOuOxMy1gm6fq2GJDETjJ +C/nBrvvCNyplYiFvukkzmFrAoIoWFuZWKebo91T1aEiqZuCQF0KsZHcJOdfhusjj +nYl207vq92QjjH4k/w16DklduR8mkl9ko+UHQCfzK2roS3yVez6dQtuNAwT1qxqN +E5P7koDgH8JJcCIluW+7t0lsbAVZbduBkRQdkptzUKaAPt2oE/7fPKOS/dSV7fZX +hKB/HR8FEw== +-----END CERTIFICATE----- diff --git a/v3/testdata/subject_rdn_order_ko_04.pem b/v3/testdata/subject_rdn_order_ko_04.pem new file mode 100644 index 000000000..1ea0791fc --- /dev/null +++ b/v3/testdata/subject_rdn_order_ko_04.pem @@ -0,0 +1,93 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3792628805646187502 (0x34a21fcdf5747bee) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = IT, ST = Milano, L = Santa Redegonda, O = Certificati Gratis S.p.A., CN = Certificati Gratis CA + Validity + Not Before: Mar 8 14:05:00 2024 GMT + Not After : Mar 8 08:50:00 2025 GMT + Subject: C = IT, ST = Milano, L = Milano, O = Example, CN = example.org, DC = org, DC = example + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c1:0a:81:60:21:e7:7b:a3:ec:6f:e4:e0:fc:2f: + 61:47:88:69:01:58:9b:a3:89:98:0b:42:17:47:87: + 87:b2:0e:1f:74:22:28:e5:cf:9a:d2:7f:26:db:4f: + 1d:e8:8d:19:fa:cd:e6:dd:4c:c0:da:38:93:f6:bf: + e8:f4:9d:1f:00:c8:bf:cb:f5:4f:b0:fa:c3:24:ce: + 2f:04:3b:fa:27:dd:8c:3b:f7:44:09:89:16:19:0e: + 95:0a:8d:eb:0e:54:3f:81:c0:e7:62:b0:d9:6b:5a: + 89:93:78:08:db:8c:18:3d:24:81:6b:2e:b9:ff:0d: + 5a:71:24:b7:53:1f:c2:96:57:cd:49:98:b6:21:35: + 47:6b:83:19:2d:a9:4b:e2:17:a2:bd:1e:ab:16:4f: + d4:9a:9b:01:d8:e1:bf:d5:27:75:f2:09:78:63:1b: + 24:5e:2d:fe:66:fa:32:96:60:51:9c:46:0e:0b:aa: + e8:57:22:d4:16:38:11:96:d0:fe:63:56:f1:e8:7e: + eb:99:75:ce:4b:d2:e2:f9:71:26:62:31:2a:03:5d: + b4:d4:04:fb:33:9f:34:de:a1:39:85:cf:48:d0:a1: + 16:d5:95:c7:20:38:ba:24:d9:de:98:31:01:0b:1c: + be:6e:bb:16:0d:f5:06:42:27:82:49:57:32:f3:67: + 02:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 5a:12:f1:b2:6e:5f:cc:89:31:18:08:57:82:40:eb:4a:1f:41: + 5c:ef:7d:9d:d8:3f:eb:1f:7f:49:17:cf:9e:4b:69:76:85:6d: + 28:af:1b:09:c8:e0:98:3d:41:36:7a:24:e3:e9:39:8d:e3:c6: + 7c:c2:03:f8:81:1a:c8:7c:de:4f:94:c1:4c:8c:8d:0b:63:d7: + 09:d7:87:74:b2:a3:3d:8c:15:f3:a9:0e:3b:45:5e:21:01:84: + d5:ca:b9:39:0d:9b:fb:e8:52:3b:6d:ed:6d:6d:33:d5:08:ff: + 6c:cc:4f:43:81:f0:46:cb:b0:84:80:5c:e4:67:9b:ee:a7:f4: + 9c:94:19:13:3e:cd:8a:8d:7c:45:79:cc:bf:55:86:48:3a:d3: + 51:f3:92:d1:ec:91:40:bf:57:7b:84:1d:20:b5:3f:a8:39:a0: + a3:67:66:12:4a:c2:eb:d2:74:33:10:2b:82:fb:ea:61:68:33: + 42:a9:27:c2:ca:ce:6b:cc:d3:57:f8:27:66:26:a7:18:ff:6c: + 63:93:a2:a3:f8:ca:55:b6:06:65:f2:db:c9:8b:41:0c:bc:3f: + ca:b8:b7:3a:d6:a2:e5:9e:08:17:33:c8:bd:85:e2:2f:71:60: + 30:9c:79:ec:90:4c:c8:ef:73:49:a3:6b:56:8d:25:c1:4a:2f: + c5:ef:03:43:cd:fe:cb:9f:cb:b9:73:06:33:45:81:ab:85:da: + a5:5b:9f:9f:9e:60:6a:98:95:71:c1:27:06:ed:c4:d5:dd:ca: + 42:f2:12:cb:bb:c6:eb:ec:2b:ad:15:5a:91:cb:fd:d2:f1:f6: + ef:a4:00:86:c1:96:1b:59:58:6f:83:e1:3b:3a:2e:f0:d2:b4: + 8d:55:5a:82:4e:9a:8b:62:ed:a6:99:97:a3:aa:b6:ad:08:45: + 01:04:2c:1e:ec:f3:5b:f8:9c:15:0e:24:b0:60:94:b4:2c:86: + 97:7a:42:18:f8:d9:25:d4:8b:b4:5c:87:a9:8d:13:82:c6:f5: + 68:94:39:ab:63:26:85:37:e5:ca:d0:be:de:79:6a:97:5e:35: + 08:9b:83:76:14:18:81:c3:e9:76:60:42:9a:f8:be:02:35:9f: + e1:f0:81:e9:2d:be:58:fa:29:c0:67:59:45:f6:7f:a0:49:0c: + 93:37:48:aa:08:cf:6a:ca:c7:d4:58:25:c9:4d:01:cc:19:65: + 4c:de:52:e9:2b:2a:8c:94:0c:1c:f0:67:f0:9f:75:c0:32:b7: + d7:9c:e4:f9:99:a0:8a:0e:8a:6c:ff:4c:74:18:6c:43:40:3c: + f9:1a:94:76:a0:25:c3:1b:71:7b:36:64:8f:44:97:08:52:fe: + c5:2c:a6:64:d2:1e:00:ec +-----BEGIN CERTIFICATE----- +MIIEmzCCAoOgAwIBAgIINKIfzfV0e+4wDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCSVQxDzANBgNVBAgTBk1pbGFubzEYMBYGA1UEBxMPU2FudGEgUmVkZWdvbmRh +MSIwIAYDVQQKExlDZXJ0aWZpY2F0aSBHcmF0aXMgUy5wLkEuMR4wHAYDVQQDExVD +ZXJ0aWZpY2F0aSBHcmF0aXMgQ0EwHhcNMjQwMzA4MTQwNTAwWhcNMjUwMzA4MDg1 +MDAwWjCBhTELMAkGA1UEBhMCSVQxDzANBgNVBAgTBk1pbGFubzEPMA0GA1UEBxMG +TWlsYW5vMRAwDgYDVQQKEwdFeGFtcGxlMRQwEgYDVQQDEwtleGFtcGxlLm9yZzET +MBEGCgmSJomT8ixkARkWA29yZzEXMBUGCgmSJomT8ixkARkWB2V4YW1wbGUwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBCoFgIed7o+xv5OD8L2FHiGkB +WJujiZgLQhdHh4eyDh90Iijlz5rSfybbTx3ojRn6zebdTMDaOJP2v+j0nR8AyL/L +9U+w+sMkzi8EO/on3Yw790QJiRYZDpUKjesOVD+BwOdisNlrWomTeAjbjBg9JIFr +Lrn/DVpxJLdTH8KWV81JmLYhNUdrgxktqUviF6K9HqsWT9SamwHY4b/VJ3XyCXhj +GyReLf5m+jKWYFGcRg4LquhXItQWOBGW0P5jVvHofuuZdc5L0uL5cSZiMSoDXbTU +BPsznzTeoTmFz0jQoRbVlccgOLok2d6YMQELHL5uuxYN9QZCJ4JJVzLzZwKrAgMB +AAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQBa +EvGybl/MiTEYCFeCQOtKH0Fc732d2D/rH39JF8+eS2l2hW0orxsJyOCYPUE2eiTj +6TmN48Z8wgP4gRrIfN5PlMFMjI0LY9cJ14d0sqM9jBXzqQ47RV4hAYTVyrk5DZv7 +6FI7be1tbTPVCP9szE9DgfBGy7CEgFzkZ5vup/SclBkTPs2KjXxFecy/VYZIOtNR +85LR7JFAv1d7hB0gtT+oOaCjZ2YSSsLr0nQzECuC++phaDNCqSfCys5rzNNX+Cdm +JqcY/2xjk6Kj+MpVtgZl8tvJi0EMvD/KuLc61qLlnggXM8i9heIvcWAwnHnskEzI +73NJo2tWjSXBSi/F7wNDzf7Ln8u5cwYzRYGrhdqlW5+fnmBqmJVxwScG7cTV3cpC +8hLLu8br7CutFVqRy/3S8fbvpACGwZYbWVhvg+E7Oi7w0rSNVVqCTpqLYu2mmZej +qratCEUBBCwe7PNb+JwVDiSwYJS0LIaXekIY+Nkl1Iu0XIepjROCxvVolDmrYyaF +N+XK0L7eeWqXXjUIm4N2FBiBw+l2YEKa+L4CNZ/h8IHpLb5Y+inAZ1lF9n+gSQyT +N0iqCM9qysfUWCXJTQHMGWVM3lLpKyqMlAwc8Gfwn3XAMrfXnOT5maCKDops/0x0 +GGxDQDz5GpR2oCXDG3F7NmSPRJcIUv7FLKZk0h4A7A== +-----END CERTIFICATE----- diff --git a/v3/testdata/subject_rdn_order_ko_05.pem b/v3/testdata/subject_rdn_order_ko_05.pem new file mode 100644 index 000000000..728f80bce --- /dev/null +++ b/v3/testdata/subject_rdn_order_ko_05.pem @@ -0,0 +1,92 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3989736575603356219 (0x375e6446e838b23b) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = IT, ST = Milano, L = Santa Redegonda, O = Certificati Gratis S.p.A., CN = Certificati Gratis CA + Validity + Not Before: Mar 8 14:07:00 2024 GMT + Not After : Mar 8 08:50:00 2025 GMT + Subject: C = IT, ST = Milano, L = Milano, GN = Flash, SN = Gordon, CN = example.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c1:0a:81:60:21:e7:7b:a3:ec:6f:e4:e0:fc:2f: + 61:47:88:69:01:58:9b:a3:89:98:0b:42:17:47:87: + 87:b2:0e:1f:74:22:28:e5:cf:9a:d2:7f:26:db:4f: + 1d:e8:8d:19:fa:cd:e6:dd:4c:c0:da:38:93:f6:bf: + e8:f4:9d:1f:00:c8:bf:cb:f5:4f:b0:fa:c3:24:ce: + 2f:04:3b:fa:27:dd:8c:3b:f7:44:09:89:16:19:0e: + 95:0a:8d:eb:0e:54:3f:81:c0:e7:62:b0:d9:6b:5a: + 89:93:78:08:db:8c:18:3d:24:81:6b:2e:b9:ff:0d: + 5a:71:24:b7:53:1f:c2:96:57:cd:49:98:b6:21:35: + 47:6b:83:19:2d:a9:4b:e2:17:a2:bd:1e:ab:16:4f: + d4:9a:9b:01:d8:e1:bf:d5:27:75:f2:09:78:63:1b: + 24:5e:2d:fe:66:fa:32:96:60:51:9c:46:0e:0b:aa: + e8:57:22:d4:16:38:11:96:d0:fe:63:56:f1:e8:7e: + eb:99:75:ce:4b:d2:e2:f9:71:26:62:31:2a:03:5d: + b4:d4:04:fb:33:9f:34:de:a1:39:85:cf:48:d0:a1: + 16:d5:95:c7:20:38:ba:24:d9:de:98:31:01:0b:1c: + be:6e:bb:16:0d:f5:06:42:27:82:49:57:32:f3:67: + 02:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 89:58:5c:be:7f:1e:6f:91:36:9c:cd:ec:e0:c2:5d:89:62:9a: + 74:37:de:b1:ba:12:7e:86:bb:33:0f:b9:78:fb:f1:b2:fd:bf: + 54:4f:f2:7c:ac:92:e8:5f:26:e9:fe:18:51:86:12:c9:d5:1e: + 81:4c:1b:16:f5:e2:b9:f5:5d:7e:82:0f:bd:f0:ec:07:8c:81: + 92:ab:81:a4:5e:37:cb:f1:a4:b7:d5:de:14:9d:d2:62:76:b5: + e7:58:4f:70:8e:dc:61:10:9b:be:f3:56:3b:77:12:87:08:c7: + 75:f3:45:17:74:2a:23:16:f4:4e:20:65:60:60:45:04:b2:45: + 3c:8d:65:d8:b6:f8:85:8f:cc:d0:3f:73:21:98:a5:27:87:b4: + d5:69:51:4b:86:88:c1:a0:86:dc:e6:0b:6a:e1:6a:02:30:ef: + 5b:b6:73:74:a7:f2:ec:92:d2:e2:60:f0:fd:cc:af:ae:8a:fd: + fa:2e:91:85:99:69:b2:6f:b1:84:f3:c2:dd:fb:1d:30:e8:c7: + bc:d4:10:c9:ff:be:38:95:c4:13:c4:22:50:5f:99:3c:2f:78: + cf:c7:6f:4c:99:20:dc:4a:d1:e7:8b:ec:ab:08:b8:0c:14:5e: + 42:27:06:86:17:6c:41:53:d2:38:30:17:49:3d:22:3e:25:1c: + d5:94:5d:aa:eb:01:6b:9e:9c:fc:8a:a9:7b:f4:56:8e:a8:2c: + bc:2c:19:ce:1b:f6:4e:88:ec:1e:62:1e:ab:cb:53:ab:38:02: + f7:ee:33:fa:c2:a3:80:97:57:88:7b:fb:6c:6d:7f:de:93:42: + 27:b1:91:73:2c:3f:f6:44:41:2c:d9:44:55:9d:3f:57:1c:6c: + 83:89:8d:74:77:c1:81:f4:1d:69:ff:e9:38:b9:fa:fe:e6:ec: + 38:a3:52:1d:df:ff:bd:f3:80:fd:e7:52:84:2c:f7:6c:42:54: + c0:a6:24:13:90:95:8d:91:11:40:6d:b9:1e:f6:04:fa:ab:58: + 41:2b:26:e3:bd:88:30:4e:82:d0:6f:a2:91:ff:05:58:08:9d: + 02:d0:cd:c5:94:16:ed:75:3c:3c:e0:0b:02:af:e7:ff:9a:71: + 5b:2e:df:dc:e7:24:14:c5:91:70:d0:de:b9:52:89:44:9b:8f: + 29:10:c6:eb:86:29:66:e3:12:62:96:f1:0c:b3:1a:71:68:73: + 91:77:83:1c:d1:64:47:9c:13:ca:ef:84:1e:04:23:82:25:12: + b6:54:a1:c4:a8:3d:37:e4:f6:b3:e5:e3:c3:1d:6e:5d:a6:73: + 36:8d:aa:82:2c:35:6a:69:99:ea:24:7b:f2:e5:ce:2b:8f:5a: + a1:c2:ce:d6:d4:dc:0f:06 +-----BEGIN CERTIFICATE----- +MIIEezCCAmOgAwIBAgIIN15kRug4sjswDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCSVQxDzANBgNVBAgTBk1pbGFubzEYMBYGA1UEBxMPU2FudGEgUmVkZWdvbmRh +MSIwIAYDVQQKExlDZXJ0aWZpY2F0aSBHcmF0aXMgUy5wLkEuMR4wHAYDVQQDExVD +ZXJ0aWZpY2F0aSBHcmF0aXMgQ0EwHhcNMjQwMzA4MTQwNzAwWhcNMjUwMzA4MDg1 +MDAwWjBmMQswCQYDVQQGEwJJVDEPMA0GA1UECBMGTWlsYW5vMQ8wDQYDVQQHEwZN +aWxhbm8xDjAMBgNVBCoTBUZsYXNoMQ8wDQYDVQQEEwZHb3Jkb24xFDASBgNVBAMT +C2V4YW1wbGUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQqB +YCHne6Psb+Tg/C9hR4hpAVibo4mYC0IXR4eHsg4fdCIo5c+a0n8m208d6I0Z+s3m +3UzA2jiT9r/o9J0fAMi/y/VPsPrDJM4vBDv6J92MO/dECYkWGQ6VCo3rDlQ/gcDn +YrDZa1qJk3gI24wYPSSBay65/w1acSS3Ux/CllfNSZi2ITVHa4MZLalL4heivR6r +Fk/UmpsB2OG/1Sd18gl4YxskXi3+ZvoylmBRnEYOC6roVyLUFjgRltD+Y1bx6H7r +mXXOS9Li+XEmYjEqA1201AT7M5803qE5hc9I0KEW1ZXHIDi6JNnemDEBCxy+brsW +DfUGQieCSVcy82cCqwIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDATANBgkq +hkiG9w0BAQsFAAOCAgEAiVhcvn8eb5E2nM3s4MJdiWKadDfesboSfoa7Mw+5ePvx +sv2/VE/yfKyS6F8m6f4YUYYSydUegUwbFvXiufVdfoIPvfDsB4yBkquBpF43y/Gk +t9XeFJ3SYna151hPcI7cYRCbvvNWO3cShwjHdfNFF3QqIxb0TiBlYGBFBLJFPI1l +2Lb4hY/M0D9zIZilJ4e01WlRS4aIwaCG3OYLauFqAjDvW7ZzdKfy7JLS4mDw/cyv +ror9+i6RhZlpsm+xhPPC3fsdMOjHvNQQyf++OJXEE8QiUF+ZPC94z8dvTJkg3ErR +54vsqwi4DBReQicGhhdsQVPSODAXST0iPiUc1ZRdqusBa56c/Iqpe/RWjqgsvCwZ +zhv2TojsHmIeq8tTqzgC9+4z+sKjgJdXiHv7bG1/3pNCJ7GRcyw/9kRBLNlEVZ0/ +Vxxsg4mNdHfBgfQdaf/pOLn6/ubsOKNSHd//vfOA/edShCz3bEJUwKYkE5CVjZER +QG25HvYE+qtYQSsm472IME6C0G+ikf8FWAidAtDNxZQW7XU8POALAq/n/5pxWy7f +3OckFMWRcNDeuVKJRJuPKRDG64YpZuMSYpbxDLMacWhzkXeDHNFkR5wTyu+EHgQj +giUStlShxKg9N+T2s+Xjwx1uXaZzNo2qgiw1ammZ6iR78uXOK49aocLO1tTcDwY= +-----END CERTIFICATE----- diff --git a/v3/testdata/subject_rdn_order_ko_06.pem b/v3/testdata/subject_rdn_order_ko_06.pem new file mode 100644 index 000000000..d143b65e5 --- /dev/null +++ b/v3/testdata/subject_rdn_order_ko_06.pem @@ -0,0 +1,95 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6256546164417316078 (0x56d3b79682ed44ee) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = IT, ST = Milano, L = Santa Redegonda, O = Certificati Gratis S.p.A., CN = Certificati Gratis CA + Validity + Not Before: Mar 8 14:12:00 2024 GMT + Not After : Mar 8 08:50:00 2025 GMT + Subject: C = IT, ST = Milano, L = Milano, street = Via Carducci, postalCode = 20100, O = Example + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c1:0a:81:60:21:e7:7b:a3:ec:6f:e4:e0:fc:2f: + 61:47:88:69:01:58:9b:a3:89:98:0b:42:17:47:87: + 87:b2:0e:1f:74:22:28:e5:cf:9a:d2:7f:26:db:4f: + 1d:e8:8d:19:fa:cd:e6:dd:4c:c0:da:38:93:f6:bf: + e8:f4:9d:1f:00:c8:bf:cb:f5:4f:b0:fa:c3:24:ce: + 2f:04:3b:fa:27:dd:8c:3b:f7:44:09:89:16:19:0e: + 95:0a:8d:eb:0e:54:3f:81:c0:e7:62:b0:d9:6b:5a: + 89:93:78:08:db:8c:18:3d:24:81:6b:2e:b9:ff:0d: + 5a:71:24:b7:53:1f:c2:96:57:cd:49:98:b6:21:35: + 47:6b:83:19:2d:a9:4b:e2:17:a2:bd:1e:ab:16:4f: + d4:9a:9b:01:d8:e1:bf:d5:27:75:f2:09:78:63:1b: + 24:5e:2d:fe:66:fa:32:96:60:51:9c:46:0e:0b:aa: + e8:57:22:d4:16:38:11:96:d0:fe:63:56:f1:e8:7e: + eb:99:75:ce:4b:d2:e2:f9:71:26:62:31:2a:03:5d: + b4:d4:04:fb:33:9f:34:de:a1:39:85:cf:48:d0:a1: + 16:d5:95:c7:20:38:ba:24:d9:de:98:31:01:0b:1c: + be:6e:bb:16:0d:f5:06:42:27:82:49:57:32:f3:67: + 02:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Alternative Name: + DNS:example.org + Signature Algorithm: sha256WithRSAEncryption + 4f:c8:a4:cf:30:8f:2b:6b:f8:98:ac:b2:38:d3:6a:97:2a:a8: + 12:d0:cc:b6:c9:bd:96:5b:96:f5:67:94:d0:00:a7:5c:06:c6: + ab:96:ed:27:3a:67:41:0c:25:61:6d:58:f0:a5:94:93:41:b4: + 9c:4b:fa:08:27:7d:d8:a1:a0:15:77:77:e2:84:54:f2:60:4f: + 5b:02:11:4a:e9:ec:d2:97:00:9c:b1:f0:5e:b4:b1:da:27:41: + 27:49:8c:17:f0:3c:3f:c2:60:9d:3c:d2:20:1e:3d:ad:bf:6e: + 07:b7:ed:5f:cf:23:01:4f:26:9e:ed:0d:e5:a8:c1:c0:10:2c: + 72:8a:fd:b9:14:32:73:c6:f8:8f:a4:20:ef:ee:8f:c5:b7:81: + be:80:df:a5:ac:81:e4:60:22:23:46:9d:81:23:17:4e:42:1e: + 3f:d8:8e:59:7b:6b:18:02:71:98:34:f7:12:db:d6:f8:51:2a: + b4:3f:2f:15:47:78:1c:71:96:18:22:44:c6:97:75:ca:2e:b5: + d1:ff:3b:6b:80:57:fb:67:88:ea:9b:9e:cd:e5:28:bc:ef:44: + 67:be:70:d4:cc:a2:5b:b4:7f:3b:6e:0b:fc:23:7c:3d:f7:30: + bb:1f:07:c1:77:fb:58:13:71:20:1c:22:eb:63:05:9b:5d:8a: + 9d:e0:9c:3f:8b:32:34:ba:10:72:fa:36:e8:4c:0d:76:c3:2a: + 67:c9:70:ec:a9:1a:d7:84:c2:e2:a5:d3:e4:06:28:26:0b:94: + c6:7b:88:5f:27:02:75:55:ee:26:ee:55:36:38:35:43:0f:8c: + 71:48:c2:7f:45:01:d5:b9:28:93:d6:26:31:43:53:25:33:98: + e0:df:03:b3:db:6a:b9:a6:7c:3a:0f:d8:50:af:0d:56:e8:87: + 4a:a5:a0:da:91:db:19:4f:78:48:08:48:66:0a:9c:24:82:14: + f0:a2:b0:6b:cc:fa:f4:1a:bf:b1:fa:ff:0a:45:d7:e3:df:66: + 60:0e:d5:75:a5:1f:94:09:0f:3a:98:06:d2:4b:7c:d3:fd:6e: + 7b:a1:ad:23:e0:d5:5e:0a:5e:96:a7:a0:97:8b:90:6e:29:ec: + 2e:7f:7a:bf:9c:a2:c8:3a:dc:fc:48:51:e8:05:bd:a3:5b:b5: + 4a:6d:73:62:1d:f4:a1:1b:d9:28:77:79:4b:a5:5c:0b:b5:61: + 4c:4c:c7:20:f5:6d:78:29:3e:5d:56:ef:4d:ca:45:6b:fb:70: + 48:e0:74:b9:89:a7:4b:30:29:59:3e:c2:33:97:35:d9:f3:2a: + 1b:96:d5:6b:fc:4d:09:a8:99:7b:7f:bc:44:d4:1e:30:f5:34: + be:e6:e3:79:77:f0:3a:53 +-----BEGIN CERTIFICATE----- +MIIElTCCAn2gAwIBAgIIVtO3loLtRO4wDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCSVQxDzANBgNVBAgTBk1pbGFubzEYMBYGA1UEBxMPU2FudGEgUmVkZWdvbmRh +MSIwIAYDVQQKExlDZXJ0aWZpY2F0aSBHcmF0aXMgUy5wLkEuMR4wHAYDVQQDExVD +ZXJ0aWZpY2F0aSBHcmF0aXMgQ0EwHhcNMjQwMzA4MTQxMjAwWhcNMjUwMzA4MDg1 +MDAwWjBoMQswCQYDVQQGEwJJVDEPMA0GA1UECBMGTWlsYW5vMQ8wDQYDVQQHEwZN +aWxhbm8xFTATBgNVBAkTDFZpYSBDYXJkdWNjaTEOMAwGA1UEERMFMjAxMDAxEDAO +BgNVBAoTB0V4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB +CoFgIed7o+xv5OD8L2FHiGkBWJujiZgLQhdHh4eyDh90Iijlz5rSfybbTx3ojRn6 +zebdTMDaOJP2v+j0nR8AyL/L9U+w+sMkzi8EO/on3Yw790QJiRYZDpUKjesOVD+B +wOdisNlrWomTeAjbjBg9JIFrLrn/DVpxJLdTH8KWV81JmLYhNUdrgxktqUviF6K9 +HqsWT9SamwHY4b/VJ3XyCXhjGyReLf5m+jKWYFGcRg4LquhXItQWOBGW0P5jVvHo +fuuZdc5L0uL5cSZiMSoDXbTUBPsznzTeoTmFz0jQoRbVlccgOLok2d6YMQELHL5u +uxYN9QZCJ4JJVzLzZwKrAgMBAAGjLzAtMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBYG +A1UdEQQPMA2CC2V4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQBPyKTPMI8r +a/iYrLI402qXKqgS0My2yb2WW5b1Z5TQAKdcBsarlu0nOmdBDCVhbVjwpZSTQbSc +S/oIJ33YoaAVd3fihFTyYE9bAhFK6ezSlwCcsfBetLHaJ0EnSYwX8Dw/wmCdPNIg +Hj2tv24Ht+1fzyMBTyae7Q3lqMHAECxyiv25FDJzxviPpCDv7o/Ft4G+gN+lrIHk +YCIjRp2BIxdOQh4/2I5Ze2sYAnGYNPcS29b4USq0Py8VR3gccZYYIkTGl3XKLrXR +/ztrgFf7Z4jqm57N5Si870RnvnDUzKJbtH87bgv8I3w99zC7HwfBd/tYE3EgHCLr +YwWbXYqd4Jw/izI0uhBy+jboTA12wypnyXDsqRrXhMLipdPkBigmC5TGe4hfJwJ1 +Ve4m7lU2ODVDD4xxSMJ/RQHVuSiT1iYxQ1MlM5jg3wOz22q5pnw6D9hQrw1W6IdK +paDakdsZT3hICEhmCpwkghTworBrzPr0Gr+x+v8KRdfj32ZgDtV1pR+UCQ86mAbS +S3zT/W57oa0j4NVeCl6Wp6CXi5BuKewuf3q/nKLIOtz8SFHoBb2jW7VKbXNiHfSh +G9kod3lLpVwLtWFMTMcg9W14KT5dVu9NykVr+3BI4HS5iadLMClZPsIzlzXZ8yob +ltVr/E0JqJl7f7xE1B4w9TS+5uN5d/A6Uw== +-----END CERTIFICATE----- diff --git a/v3/testdata/subject_rdn_order_ko_07.pem b/v3/testdata/subject_rdn_order_ko_07.pem new file mode 100644 index 000000000..0d185a38c --- /dev/null +++ b/v3/testdata/subject_rdn_order_ko_07.pem @@ -0,0 +1,91 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 204622961721394657 (0x2d6f77fe24ac5e1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = IT, ST = Milano, L = Santa Redegonda, O = Certificati Gratis S.p.A., CN = Certificati Gratis CA + Validity + Not Before: Mar 8 14:15:00 2024 GMT + Not After : Mar 8 08:50:00 2025 GMT + Subject: CN = example.org, C = IT + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c1:0a:81:60:21:e7:7b:a3:ec:6f:e4:e0:fc:2f: + 61:47:88:69:01:58:9b:a3:89:98:0b:42:17:47:87: + 87:b2:0e:1f:74:22:28:e5:cf:9a:d2:7f:26:db:4f: + 1d:e8:8d:19:fa:cd:e6:dd:4c:c0:da:38:93:f6:bf: + e8:f4:9d:1f:00:c8:bf:cb:f5:4f:b0:fa:c3:24:ce: + 2f:04:3b:fa:27:dd:8c:3b:f7:44:09:89:16:19:0e: + 95:0a:8d:eb:0e:54:3f:81:c0:e7:62:b0:d9:6b:5a: + 89:93:78:08:db:8c:18:3d:24:81:6b:2e:b9:ff:0d: + 5a:71:24:b7:53:1f:c2:96:57:cd:49:98:b6:21:35: + 47:6b:83:19:2d:a9:4b:e2:17:a2:bd:1e:ab:16:4f: + d4:9a:9b:01:d8:e1:bf:d5:27:75:f2:09:78:63:1b: + 24:5e:2d:fe:66:fa:32:96:60:51:9c:46:0e:0b:aa: + e8:57:22:d4:16:38:11:96:d0:fe:63:56:f1:e8:7e: + eb:99:75:ce:4b:d2:e2:f9:71:26:62:31:2a:03:5d: + b4:d4:04:fb:33:9f:34:de:a1:39:85:cf:48:d0:a1: + 16:d5:95:c7:20:38:ba:24:d9:de:98:31:01:0b:1c: + be:6e:bb:16:0d:f5:06:42:27:82:49:57:32:f3:67: + 02:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 9f:e6:50:72:f3:e3:a3:4c:2a:83:33:fa:84:7b:20:4a:db:fd: + d7:5c:c0:57:07:35:fd:3f:b6:6b:14:61:69:69:f4:c4:ed:cf: + c0:d2:6c:07:b9:48:da:93:1b:54:25:d1:5b:62:2c:0e:67:95: + 3f:50:20:ac:fd:bf:82:c4:19:9c:3a:77:0b:c5:05:d6:6c:f2: + c0:37:f0:db:f9:81:f6:bd:23:f6:1f:b5:f0:14:4c:65:8d:fa: + ac:6c:22:d7:3f:92:34:e7:a6:bf:15:0c:b4:88:33:95:ec:70: + 04:75:e9:0a:e1:da:de:f3:46:10:c7:81:6f:9c:28:1c:cd:89: + 99:2e:0c:1b:c9:87:fc:b0:dc:bc:fd:81:e5:ac:5b:5c:23:1b: + eb:c9:32:22:55:b9:3e:bb:67:93:59:13:e8:50:f8:3e:83:0d: + de:3b:6e:89:d6:39:fe:49:dd:d1:ad:0f:42:92:54:10:2c:9d: + 9e:04:cf:db:5c:1a:b6:96:8a:77:6f:e1:75:4c:d3:36:57:a1: + 81:b0:12:ad:76:0a:11:d3:99:9b:49:1f:52:be:9f:7e:d2:c0: + 66:f0:1c:e1:a7:34:ad:bb:c5:55:cd:d0:c1:2c:12:6a:46:6b: + 83:32:e7:c3:d5:0f:80:04:c6:35:4f:61:35:45:87:17:c2:97: + e3:51:fd:c6:77:96:16:b4:e3:22:d2:f5:ea:dd:c4:c3:0b:61: + d4:2d:3b:46:81:eb:d5:38:3c:a1:90:b1:f7:ef:dd:31:a1:12: + c8:2b:7b:12:20:84:b8:85:72:20:3e:a5:fc:97:57:eb:ed:55: + 6a:70:69:c4:dd:14:60:65:a9:17:e9:d2:ba:a6:57:3c:9c:2b: + 6e:de:8b:b8:ab:52:15:82:e3:ce:f5:a0:60:21:c1:72:11:0f: + f9:ea:af:fd:c7:99:bb:83:97:b8:93:30:1f:65:4f:38:d1:4f: + cb:ce:64:9f:35:3a:e7:3d:0e:09:ba:a7:ac:4e:75:7d:37:aa: + d6:e5:38:d2:4b:e2:73:fb:39:f8:2b:62:08:96:f2:2a:d1:6b: + ef:9f:af:00:a9:b8:56:f5:be:d1:bb:c6:37:cf:9e:6b:40:9f: + 15:66:4e:99:5b:ce:89:0d:7a:9b:8f:af:31:cd:85:ab:67:10: + 05:82:f4:0f:e5:4f:fb:46:f6:12:ed:6c:cb:38:a7:eb:4c:ae: + 2b:7f:b3:b1:65:c4:d7:46:46:50:a8:a4:79:bb:75:e2:aa:d5: + c0:33:9e:37:54:a3:04:ba:fa:9e:ee:07:b3:ae:e8:dd:f8:53: + 45:f0:16:d2:f2:0c:a8:87:80:92:a8:7d:72:60:f1:a5:42:f4: + 9f:16:d4:c5:a1:0f:7f:d7 +-----BEGIN CERTIFICATE----- +MIIEODCCAiCgAwIBAgIIAtb3f+JKxeEwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCSVQxDzANBgNVBAgTBk1pbGFubzEYMBYGA1UEBxMPU2FudGEgUmVkZWdvbmRh +MSIwIAYDVQQKExlDZXJ0aWZpY2F0aSBHcmF0aXMgUy5wLkEuMR4wHAYDVQQDExVD +ZXJ0aWZpY2F0aSBHcmF0aXMgQ0EwHhcNMjQwMzA4MTQxNTAwWhcNMjUwMzA4MDg1 +MDAwWjAjMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCSVQwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBCoFgIed7o+xv5OD8L2FHiGkBWJuj +iZgLQhdHh4eyDh90Iijlz5rSfybbTx3ojRn6zebdTMDaOJP2v+j0nR8AyL/L9U+w ++sMkzi8EO/on3Yw790QJiRYZDpUKjesOVD+BwOdisNlrWomTeAjbjBg9JIFrLrn/ +DVpxJLdTH8KWV81JmLYhNUdrgxktqUviF6K9HqsWT9SamwHY4b/VJ3XyCXhjGyRe +Lf5m+jKWYFGcRg4LquhXItQWOBGW0P5jVvHofuuZdc5L0uL5cSZiMSoDXbTUBPsz +nzTeoTmFz0jQoRbVlccgOLok2d6YMQELHL5uuxYN9QZCJ4JJVzLzZwKrAgMBAAGj +FzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQCf5lBy +8+OjTCqDM/qEeyBK2/3XXMBXBzX9P7ZrFGFpafTE7c/A0mwHuUjakxtUJdFbYiwO +Z5U/UCCs/b+CxBmcOncLxQXWbPLAN/Db+YH2vSP2H7XwFExljfqsbCLXP5I056a/ +FQy0iDOV7HAEdekK4dre80YQx4FvnCgczYmZLgwbyYf8sNy8/YHlrFtcIxvryTIi +Vbk+u2eTWRPoUPg+gw3eO26J1jn+Sd3RrQ9CklQQLJ2eBM/bXBq2lop3b+F1TNM2 +V6GBsBKtdgoR05mbSR9Svp9+0sBm8BzhpzStu8VVzdDBLBJqRmuDMufD1Q+ABMY1 +T2E1RYcXwpfjUf3Gd5YWtOMi0vXq3cTDC2HULTtGgevVODyhkLH3790xoRLIK3sS +IIS4hXIgPqX8l1fr7VVqcGnE3RRgZakX6dK6plc8nCtu3ou4q1IVguPO9aBgIcFy +EQ/56q/9x5m7g5e4kzAfZU840U/LzmSfNTrnPQ4JuqesTnV9N6rW5TjSS+Jz+zn4 +K2IIlvIq0Wvvn68AqbhW9b7Ru8Y3z55rQJ8VZk6ZW86JDXqbj68xzYWrZxAFgvQP +5U/7RvYS7WzLOKfrTK4rf7OxZcTXRkZQqKR5u3XiqtXAM543VKMEuvqe7gezrujd ++FNF8BbS8gyoh4CSqH1yYPGlQvSfFtTFoQ9/1w== +-----END CERTIFICATE----- diff --git a/v3/testdata/subject_rdn_order_ok_01.pem b/v3/testdata/subject_rdn_order_ok_01.pem new file mode 100644 index 000000000..2c5b9dc86 --- /dev/null +++ b/v3/testdata/subject_rdn_order_ok_01.pem @@ -0,0 +1,92 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6076550832111709079 (0x54543ec96f9f6b97) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = IT, ST = Milano, L = Santa Redegonda, O = Certificati Gratis S.p.A., CN = Certificati Gratis CA + Validity + Not Before: Mar 8 09:41:00 2024 GMT + Not After : Mar 8 08:50:00 2025 GMT + Subject: C = IT, ST = Milano, L = Milano, O = Example, CN = example.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b4:a3:ea:46:45:d7:d9:9a:04:ab:00:77:7e:df: + 14:c9:ac:f3:b7:3e:da:75:a1:6b:20:d7:89:ec:55: + 9d:03:e1:27:47:bf:cc:1b:e0:01:e8:b5:d0:ad:ff: + ff:19:e1:eb:f5:ae:7f:7f:35:a4:09:98:6a:17:87: + 76:d3:36:e1:8c:25:c2:17:a7:5e:32:12:4e:c4:9a: + b7:c4:d5:cb:f8:fe:28:66:b5:e0:d6:bf:d3:b7:2e: + 55:30:5d:ec:7b:5e:ef:c0:32:0d:89:44:2b:67:8c: + 1e:bd:88:b0:50:cb:18:22:e7:42:4a:c3:82:5f:4b: + 3a:b3:47:8c:08:f1:cf:dd:d3:e4:a1:f4:68:29:76: + 30:f9:bc:43:5d:90:a0:38:cc:be:73:04:10:42:1f: + 9c:75:b1:5f:2f:af:95:4d:98:87:36:13:16:cf:18: + 3e:cd:fd:f4:1d:42:b7:10:ee:4f:11:1c:4d:74:1a: + 2f:58:9f:4e:29:35:0d:9a:af:55:0c:11:23:81:50: + ad:7f:2b:13:fc:95:af:a7:68:fe:7f:af:97:4a:85: + a5:a2:b5:a9:cf:96:63:3e:84:8b:f2:c6:61:a4:f9: + 26:13:9e:1b:5f:79:06:7b:8e:c5:f6:d5:6c:52:bb: + 3c:40:ff:03:f2:e2:ee:d8:a5:7f:d4:25:f7:52:45: + 7f:e7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 3f:a4:2a:b5:7a:99:11:c0:a0:4b:3b:b4:5f:14:38:7e:1b:ef: + 6d:c8:b9:8d:c6:74:7d:09:ce:7b:84:9c:88:47:db:e1:20:fd: + 35:d3:ac:5e:ba:ff:89:77:88:86:9e:d5:74:b4:72:28:94:35: + 01:1b:5e:b4:26:d1:e3:3c:e1:93:57:0d:09:ab:7a:14:36:3d: + 7a:5d:ed:01:4a:57:cf:2c:b9:4d:61:70:b4:f7:6c:c1:60:74: + fa:68:7a:08:0f:23:84:3a:e8:f9:1d:96:ca:7c:75:66:62:25: + e3:d5:45:f9:e1:a5:ab:a3:54:c8:4c:53:c4:4f:0e:b5:39:45: + 2c:a0:45:f5:fc:6e:49:3d:eb:f4:70:75:6a:68:e3:ed:fc:64: + 82:56:e9:c0:be:31:1e:a8:a4:92:22:6e:c6:94:03:49:ae:21: + e9:77:52:4f:5a:de:59:9a:d9:a1:ea:bb:00:3e:0c:62:c1:8a: + 81:4d:e8:46:29:00:f6:23:83:c2:d3:df:b5:b3:cf:16:7e:d8: + 35:53:5b:8a:d2:85:a9:45:78:0c:d3:de:e8:3c:ba:8c:96:23: + 43:1e:53:35:36:de:0b:4a:29:63:0c:d9:e1:b4:52:67:01:94: + 98:75:34:5b:90:7f:6b:88:f9:9e:e4:73:08:1a:41:93:df:b4: + 39:bf:ae:d8:b4:b6:92:77:45:76:9f:98:78:14:c5:32:62:1d: + 40:2b:b1:a6:c9:63:67:94:5f:ce:08:50:9b:98:2f:d7:b6:d3: + 4f:66:1b:4f:85:dd:d9:6d:48:43:72:d5:a3:8e:13:bd:43:56: + 75:22:21:6d:dd:9a:6f:7c:13:45:ac:30:a2:6d:57:82:ef:11: + 94:a4:0c:d8:7b:f2:28:47:82:2d:5a:48:b8:a0:af:95:06:e1: + 3f:24:10:a0:cc:17:72:d1:cd:05:34:98:9d:05:98:38:74:22: + 9c:4f:72:37:a4:8e:41:c7:30:d5:ad:3f:f1:8b:a5:f3:76:05: + f3:3a:fd:fd:2d:94:01:5e:6a:61:11:1c:e8:67:63:23:69:17: + 08:44:37:96:60:b8:e0:5e:eb:de:a7:66:49:55:13:90:bd:ec: + 80:bd:ca:ac:08:ce:d7:18:e3:fc:5f:eb:73:46:7f:e4:f8:e4: + b2:bf:09:1b:36:32:89:93:ac:aa:96:e4:fb:47:69:79:b7:fa: + 21:c0:5c:9c:24:4e:ff:8e:6a:2d:24:24:e1:71:04:19:39:37: + 89:41:a3:b8:4a:2f:60:a0:e4:f8:12:87:9e:37:d6:15:5a:b2: + d0:46:75:7b:c7:07:0e:8e:40:36:b6:1f:dd:5d:5b:06:a9:f8: + 53:76:15:a0:76:3f:50:e3 +-----BEGIN CERTIFICATE----- +MIIEbDCCAlSgAwIBAgIIVFQ+yW+fa5cwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCSVQxDzANBgNVBAgTBk1pbGFubzEYMBYGA1UEBxMPU2FudGEgUmVkZWdvbmRh +MSIwIAYDVQQKExlDZXJ0aWZpY2F0aSBHcmF0aXMgUy5wLkEuMR4wHAYDVQQDExVD +ZXJ0aWZpY2F0aSBHcmF0aXMgQ0EwHhcNMjQwMzA4MDk0MTAwWhcNMjUwMzA4MDg1 +MDAwWjBXMQswCQYDVQQGEwJJVDEPMA0GA1UECBMGTWlsYW5vMQ8wDQYDVQQHEwZN +aWxhbm8xEDAOBgNVBAoTB0V4YW1wbGUxFDASBgNVBAMTC2V4YW1wbGUub3JnMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKPqRkXX2ZoEqwB3ft8Uyazz +tz7adaFrINeJ7FWdA+EnR7/MG+AB6LXQrf//GeHr9a5/fzWkCZhqF4d20zbhjCXC +F6deMhJOxJq3xNXL+P4oZrXg1r/Tty5VMF3se17vwDINiUQrZ4wevYiwUMsYIudC +SsOCX0s6s0eMCPHP3dPkofRoKXYw+bxDXZCgOMy+cwQQQh+cdbFfL6+VTZiHNhMW +zxg+zf30HUK3EO5PERxNdBovWJ9OKTUNmq9VDBEjgVCtfysT/JWvp2j+f6+XSoWl +orWpz5ZjPoSL8sZhpPkmE54bX3kGe47F9tVsUrs8QP8D8uLu2KV/1CX3UkV/5wID +AQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEA +P6QqtXqZEcCgSzu0XxQ4fhvvbci5jcZ0fQnOe4SciEfb4SD9NdOsXrr/iXeIhp7V +dLRyKJQ1ARtetCbR4zzhk1cNCat6FDY9el3tAUpXzyy5TWFwtPdswWB0+mh6CA8j +hDro+R2Wynx1ZmIl49VF+eGlq6NUyExTxE8OtTlFLKBF9fxuST3r9HB1amjj7fxk +glbpwL4xHqikkiJuxpQDSa4h6XdST1reWZrZoeq7AD4MYsGKgU3oRikA9iODwtPf +tbPPFn7YNVNbitKFqUV4DNPe6Dy6jJYjQx5TNTbeC0opYwzZ4bRSZwGUmHU0W5B/ +a4j5nuRzCBpBk9+0Ob+u2LS2kndFdp+YeBTFMmIdQCuxpsljZ5RfzghQm5gv17bT +T2YbT4Xd2W1IQ3LVo44TvUNWdSIhbd2ab3wTRawwom1Xgu8RlKQM2HvyKEeCLVpI +uKCvlQbhPyQQoMwXctHNBTSYnQWYOHQinE9yN6SOQccw1a0/8Yul83YF8zr9/S2U +AV5qYREc6GdjI2kXCEQ3lmC44F7r3qdmSVUTkL3sgL3KrAjO1xjj/F/rc0Z/5Pjk +sr8JGzYyiZOsqpbk+0dpebf6IcBcnCRO/45qLSQk4XEEGTk3iUGjuEovYKDk+BKH +njfWFVqy0EZ1e8cHDo5ANrYf3V1bBqn4U3YVoHY/UOM= +-----END CERTIFICATE----- diff --git a/v3/testdata/subject_rdn_order_ok_02.pem b/v3/testdata/subject_rdn_order_ok_02.pem new file mode 100644 index 000000000..3642d66df --- /dev/null +++ b/v3/testdata/subject_rdn_order_ok_02.pem @@ -0,0 +1,93 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8707574737929004705 (0x78d78516e56c66a1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = IT, ST = Milano, L = Santa Redegonda, O = Certificati Gratis S.p.A., CN = Certificati Gratis CA + Validity + Not Before: Mar 8 10:20:00 2024 GMT + Not After : Mar 8 08:50:00 2025 GMT + Subject: C = IT, ST = Milano, L = Milano, postalCode = 20100, street = Via Carducci, O = Example, CN = example.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c1:0a:81:60:21:e7:7b:a3:ec:6f:e4:e0:fc:2f: + 61:47:88:69:01:58:9b:a3:89:98:0b:42:17:47:87: + 87:b2:0e:1f:74:22:28:e5:cf:9a:d2:7f:26:db:4f: + 1d:e8:8d:19:fa:cd:e6:dd:4c:c0:da:38:93:f6:bf: + e8:f4:9d:1f:00:c8:bf:cb:f5:4f:b0:fa:c3:24:ce: + 2f:04:3b:fa:27:dd:8c:3b:f7:44:09:89:16:19:0e: + 95:0a:8d:eb:0e:54:3f:81:c0:e7:62:b0:d9:6b:5a: + 89:93:78:08:db:8c:18:3d:24:81:6b:2e:b9:ff:0d: + 5a:71:24:b7:53:1f:c2:96:57:cd:49:98:b6:21:35: + 47:6b:83:19:2d:a9:4b:e2:17:a2:bd:1e:ab:16:4f: + d4:9a:9b:01:d8:e1:bf:d5:27:75:f2:09:78:63:1b: + 24:5e:2d:fe:66:fa:32:96:60:51:9c:46:0e:0b:aa: + e8:57:22:d4:16:38:11:96:d0:fe:63:56:f1:e8:7e: + eb:99:75:ce:4b:d2:e2:f9:71:26:62:31:2a:03:5d: + b4:d4:04:fb:33:9f:34:de:a1:39:85:cf:48:d0:a1: + 16:d5:95:c7:20:38:ba:24:d9:de:98:31:01:0b:1c: + be:6e:bb:16:0d:f5:06:42:27:82:49:57:32:f3:67: + 02:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 62:89:12:5f:aa:93:da:26:e6:4e:6c:79:93:74:8d:2b:c3:3f: + 8f:7e:cc:0f:6c:8a:19:79:5b:2f:55:41:cf:28:ca:cb:78:06: + 51:ef:a5:01:8c:4d:d3:43:74:53:37:05:af:6b:26:39:81:b3: + d2:86:d0:c8:20:37:2e:ed:7b:f4:55:ba:44:22:2c:bf:3b:81: + f9:ac:bf:a8:94:15:d9:96:cd:38:32:39:82:c2:a9:69:ba:eb: + 61:a6:0a:72:b1:0b:dd:8e:8e:56:5f:71:64:12:5f:62:98:f1: + 52:88:0f:ff:b0:76:5d:5d:e2:52:74:2b:1f:62:f5:10:74:89: + cf:4e:0b:a9:0d:3c:20:40:9c:59:10:d8:c7:78:b9:82:22:fa: + 3b:6e:92:16:e7:07:90:3f:26:ef:d1:11:d5:04:0a:8b:8f:2c: + 9a:19:f3:03:aa:aa:93:6d:9c:97:65:b0:ff:cd:1d:44:ac:7e: + f0:ee:6a:b1:df:2f:77:f2:a4:c8:fb:ab:e6:b9:9d:30:44:74: + 06:d5:53:22:87:1e:bc:d2:cf:9f:12:53:02:88:dc:42:0c:a3: + fe:f8:55:0f:3c:a0:a7:69:58:b0:9c:a4:bb:47:24:62:da:d2: + 76:0f:eb:f3:c1:f8:4e:7f:79:e1:b8:45:6a:95:41:9b:f8:75: + 41:c3:e4:96:da:1d:a3:f4:03:8c:61:ce:95:86:d2:ce:02:79: + 2c:cf:4e:a2:17:03:7d:72:13:ed:b9:a3:85:a3:05:b5:a6:a0: + f5:7a:78:39:9b:81:9c:4d:b7:6b:ce:90:89:c5:d7:2b:28:27: + f3:fb:2a:cb:5a:42:79:b0:59:f8:c4:0a:ef:67:c3:21:83:93: + 46:fa:a8:9c:4b:a2:57:1b:3d:6a:69:99:1b:ce:c8:ad:30:75: + 35:14:29:0d:5e:ae:1d:db:16:1e:a3:7f:0c:cf:26:b5:6d:17: + a3:a8:42:d6:ff:5b:49:5a:57:57:4f:4b:cd:b7:bc:06:4d:59: + 6b:75:b3:92:d4:89:91:dd:70:93:ec:d2:06:72:61:2b:f3:23: + 1e:e8:7e:62:c1:ea:5b:94:4d:d6:24:4a:66:07:33:fb:c2:a5: + 30:b5:0a:b0:11:ce:90:39:b9:fe:c7:74:6a:13:9a:c7:09:cd: + 5d:49:af:95:c9:eb:4f:02:1c:c9:fd:1a:d6:12:9e:3d:d2:36: + 95:62:d1:1e:66:8f:85:2c:14:46:ac:a2:36:b8:a0:05:95:d1: + 98:72:d9:68:a3:25:ef:1c:31:01:7d:b6:cc:82:2b:04:98:0a: + 07:53:a8:03:bd:70:af:29:8b:2f:e0:de:16:6f:36:0e:99:aa: + 68:09:72:49:9f:61:1b:ad +-----BEGIN CERTIFICATE----- +MIIEkzCCAnugAwIBAgIIeNeFFuVsZqEwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCSVQxDzANBgNVBAgTBk1pbGFubzEYMBYGA1UEBxMPU2FudGEgUmVkZWdvbmRh +MSIwIAYDVQQKExlDZXJ0aWZpY2F0aSBHcmF0aXMgUy5wLkEuMR4wHAYDVQQDExVD +ZXJ0aWZpY2F0aSBHcmF0aXMgQ0EwHhcNMjQwMzA4MTAyMDAwWhcNMjUwMzA4MDg1 +MDAwWjB+MQswCQYDVQQGEwJJVDEPMA0GA1UECBMGTWlsYW5vMQ8wDQYDVQQHEwZN +aWxhbm8xDjAMBgNVBBETBTIwMTAwMRUwEwYDVQQJEwxWaWEgQ2FyZHVjY2kxEDAO +BgNVBAoTB0V4YW1wbGUxFDASBgNVBAMTC2V4YW1wbGUub3JnMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQqBYCHne6Psb+Tg/C9hR4hpAVibo4mYC0IX +R4eHsg4fdCIo5c+a0n8m208d6I0Z+s3m3UzA2jiT9r/o9J0fAMi/y/VPsPrDJM4v +BDv6J92MO/dECYkWGQ6VCo3rDlQ/gcDnYrDZa1qJk3gI24wYPSSBay65/w1acSS3 +Ux/CllfNSZi2ITVHa4MZLalL4heivR6rFk/UmpsB2OG/1Sd18gl4YxskXi3+Zvoy +lmBRnEYOC6roVyLUFjgRltD+Y1bx6H7rmXXOS9Li+XEmYjEqA1201AT7M5803qE5 +hc9I0KEW1ZXHIDi6JNnemDEBCxy+brsWDfUGQieCSVcy82cCqwIDAQABoxcwFTAT +BgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAYokSX6qT2ibm +Tmx5k3SNK8M/j37MD2yKGXlbL1VBzyjKy3gGUe+lAYxN00N0UzcFr2smOYGz0obQ +yCA3Lu179FW6RCIsvzuB+ay/qJQV2ZbNODI5gsKpabrrYaYKcrEL3Y6OVl9xZBJf +YpjxUogP/7B2XV3iUnQrH2L1EHSJz04LqQ08IECcWRDYx3i5giL6O26SFucHkD8m +79ER1QQKi48smhnzA6qqk22cl2Ww/80dRKx+8O5qsd8vd/KkyPur5rmdMER0BtVT +IocevNLPnxJTAojcQgyj/vhVDzygp2lYsJyku0ckYtrSdg/r88H4Tn954bhFapVB +m/h1QcPkltodo/QDjGHOlYbSzgJ5LM9OohcDfXIT7bmjhaMFtaag9Xp4OZuBnE23 +a86QicXXKygn8/sqy1pCebBZ+MQK72fDIYOTRvqonEuiVxs9ammZG87IrTB1NRQp +DV6uHdsWHqN/DM8mtW0Xo6hC1v9bSVpXV09Lzbe8Bk1Za3WzktSJkd1wk+zSBnJh +K/MjHuh+YsHqW5RN1iRKZgcz+8KlMLUKsBHOkDm5/sd0ahOaxwnNXUmvlcnrTwIc +yf0a1hKePdI2lWLRHmaPhSwURqyiNrigBZXRmHLZaKMl7xwxAX22zIIrBJgKB1Oo +A71wrymLL+DeFm82DpmqaAlySZ9hG60= +-----END CERTIFICATE----- diff --git a/v3/testdata/subject_rdn_order_ok_03.pem b/v3/testdata/subject_rdn_order_ok_03.pem new file mode 100644 index 000000000..f685bc3b5 --- /dev/null +++ b/v3/testdata/subject_rdn_order_ok_03.pem @@ -0,0 +1,93 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3787884309683191120 (0x349144b5e8f13d50) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = IT, ST = Milano, L = Santa Redegonda, O = Certificati Gratis S.p.A., CN = Certificati Gratis CA + Validity + Not Before: Mar 8 10:29:00 2024 GMT + Not After : Mar 8 08:50:00 2025 GMT + Subject: + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c1:0a:81:60:21:e7:7b:a3:ec:6f:e4:e0:fc:2f: + 61:47:88:69:01:58:9b:a3:89:98:0b:42:17:47:87: + 87:b2:0e:1f:74:22:28:e5:cf:9a:d2:7f:26:db:4f: + 1d:e8:8d:19:fa:cd:e6:dd:4c:c0:da:38:93:f6:bf: + e8:f4:9d:1f:00:c8:bf:cb:f5:4f:b0:fa:c3:24:ce: + 2f:04:3b:fa:27:dd:8c:3b:f7:44:09:89:16:19:0e: + 95:0a:8d:eb:0e:54:3f:81:c0:e7:62:b0:d9:6b:5a: + 89:93:78:08:db:8c:18:3d:24:81:6b:2e:b9:ff:0d: + 5a:71:24:b7:53:1f:c2:96:57:cd:49:98:b6:21:35: + 47:6b:83:19:2d:a9:4b:e2:17:a2:bd:1e:ab:16:4f: + d4:9a:9b:01:d8:e1:bf:d5:27:75:f2:09:78:63:1b: + 24:5e:2d:fe:66:fa:32:96:60:51:9c:46:0e:0b:aa: + e8:57:22:d4:16:38:11:96:d0:fe:63:56:f1:e8:7e: + eb:99:75:ce:4b:d2:e2:f9:71:26:62:31:2a:03:5d: + b4:d4:04:fb:33:9f:34:de:a1:39:85:cf:48:d0:a1: + 16:d5:95:c7:20:38:ba:24:d9:de:98:31:01:0b:1c: + be:6e:bb:16:0d:f5:06:42:27:82:49:57:32:f3:67: + 02:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Alternative Name: critical + DNS:example.org + Signature Algorithm: sha256WithRSAEncryption + 14:1d:17:7b:5e:e0:bc:fd:b5:cb:c0:3c:0e:ba:c9:e4:c3:89: + d9:c1:8e:37:13:5d:dc:c3:b1:2e:b6:93:77:a6:7e:54:e4:62: + 28:ce:77:e2:c9:83:42:26:51:59:f4:31:83:db:d9:d1:0f:45: + 9a:2a:a0:23:d3:29:dc:7c:0b:58:d9:36:db:8a:e0:78:c0:23: + ee:2c:8d:f6:5a:16:44:77:70:b2:07:15:08:e4:db:8b:96:24: + 46:2d:36:46:64:8d:39:17:65:e2:cd:d1:62:a4:03:3a:b0:ba: + 96:28:fb:2e:67:13:24:26:ed:17:08:30:56:d2:a8:6e:21:25: + 26:e4:fe:44:b0:3f:08:3b:53:a6:06:36:b7:66:4f:f4:83:27: + 35:e7:15:98:3b:0f:3a:1b:b4:28:53:4b:2c:78:0b:bb:64:a5: + bf:e4:bf:d3:4f:87:dc:86:e7:a5:ea:0d:e2:01:b9:c2:f7:95: + 72:9b:6c:2d:7d:58:3b:f5:b7:3d:b7:e0:6a:3f:07:fa:5a:9d: + 56:c0:f9:51:e0:ed:d2:94:27:e8:dd:d6:8b:b4:39:ba:0f:f8: + 99:ea:25:e5:3a:04:11:07:ca:3f:b0:49:5d:09:a3:6d:f6:d5: + 0b:f7:76:dd:1b:39:aa:13:ba:77:56:37:a8:21:cf:ba:99:da: + 55:dd:84:26:03:e5:f2:cf:32:08:3f:cf:a6:47:5d:3e:aa:66: + 80:34:8d:45:5e:cf:59:d9:f8:00:68:09:94:bd:72:ee:93:b4: + ab:6d:d3:e6:4d:b7:82:f0:84:fb:2c:3d:27:61:51:d1:2d:03: + 9e:bd:d2:f3:20:4f:08:b9:6d:ca:a3:5d:23:6d:9a:07:54:31: + cf:aa:bd:cc:05:c9:f4:be:83:5f:13:ce:a6:a9:ae:42:73:96: + c4:b5:05:ee:61:49:78:8b:65:46:2a:64:ae:8c:44:9e:3b:e5: + 2d:b4:fc:9a:79:50:cb:c1:39:3f:7b:78:3b:09:9a:aa:29:69: + 46:a4:a0:10:c5:33:39:66:0e:42:bf:f1:f3:02:3d:d8:56:d0: + e8:80:e2:f9:54:cc:74:9d:52:67:32:73:eb:cf:c8:d5:15:10: + da:78:08:cb:71:a1:73:1a:55:1c:65:30:17:d2:49:b8:ae:ac: + 33:6a:6f:81:10:63:26:1d:fe:51:ef:e7:1c:55:d9:41:cb:7f: + d1:bc:36:80:1f:fe:c1:1b:6c:e6:ba:27:b7:78:f5:29:1d:b0: + 30:57:b3:e3:9a:da:5e:17:71:8a:ef:dd:b6:52:9a:f3:1f:fb: + f3:91:2e:fb:5a:c3:a3:a3:1a:73:bc:8e:45:56:96:e6:7c:58: + 5c:e4:85:96:a8:57:e4:ea +-----BEGIN CERTIFICATE----- +MIIEMDCCAhigAwIBAgIINJFEtejxPVAwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCSVQxDzANBgNVBAgTBk1pbGFubzEYMBYGA1UEBxMPU2FudGEgUmVkZWdvbmRh +MSIwIAYDVQQKExlDZXJ0aWZpY2F0aSBHcmF0aXMgUy5wLkEuMR4wHAYDVQQDExVD +ZXJ0aWZpY2F0aSBHcmF0aXMgQ0EwHhcNMjQwMzA4MTAyOTAwWhcNMjUwMzA4MDg1 +MDAwWjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQqBYCHne6Ps +b+Tg/C9hR4hpAVibo4mYC0IXR4eHsg4fdCIo5c+a0n8m208d6I0Z+s3m3UzA2jiT +9r/o9J0fAMi/y/VPsPrDJM4vBDv6J92MO/dECYkWGQ6VCo3rDlQ/gcDnYrDZa1qJ +k3gI24wYPSSBay65/w1acSS3Ux/CllfNSZi2ITVHa4MZLalL4heivR6rFk/UmpsB +2OG/1Sd18gl4YxskXi3+ZvoylmBRnEYOC6roVyLUFjgRltD+Y1bx6H7rmXXOS9Li ++XEmYjEqA1201AT7M5803qE5hc9I0KEW1ZXHIDi6JNnemDEBCxy+brsWDfUGQieC +SVcy82cCqwIDAQABozIwMDATBgNVHSUEDDAKBggrBgEFBQcDATAZBgNVHREBAf8E +DzANggtleGFtcGxlLm9yZzANBgkqhkiG9w0BAQsFAAOCAgEAFB0Xe17gvP21y8A8 +DrrJ5MOJ2cGONxNd3MOxLraTd6Z+VORiKM534smDQiZRWfQxg9vZ0Q9FmiqgI9Mp +3HwLWNk224rgeMAj7iyN9loWRHdwsgcVCOTbi5YkRi02RmSNORdl4s3RYqQDOrC6 +lij7LmcTJCbtFwgwVtKobiElJuT+RLA/CDtTpgY2t2ZP9IMnNecVmDsPOhu0KFNL +LHgLu2Slv+S/00+H3IbnpeoN4gG5wveVcptsLX1YO/W3Pbfgaj8H+lqdVsD5UeDt +0pQn6N3Wi7Q5ug/4meol5ToEEQfKP7BJXQmjbfbVC/d23Rs5qhO6d1Y3qCHPupna +Vd2EJgPl8s8yCD/PpkddPqpmgDSNRV7PWdn4AGgJlL1y7pO0q23T5k23gvCE+yw9 +J2FR0S0Dnr3S8yBPCLltyqNdI22aB1Qxz6q9zAXJ9L6DXxPOpqmuQnOWxLUF7mFJ +eItlRipkroxEnjvlLbT8mnlQy8E5P3t4OwmaqilpRqSgEMUzOWYOQr/x8wI92FbQ +6IDi+VTMdJ1SZzJz68/I1RUQ2ngIy3GhcxpVHGUwF9JJuK6sM2pvgRBjJh3+Ue/n +HFXZQct/0bw2gB/+wRts5ront3j1KR2wMFez45raXhdxiu/dtlKa8x/785Eu+1rD +o6Mac7yORVaW5nxYXOSFlqhX5Oo= +-----END CERTIFICATE----- diff --git a/v3/testdata/subject_rdn_order_ok_04.pem b/v3/testdata/subject_rdn_order_ok_04.pem new file mode 100644 index 000000000..e5e80f802 --- /dev/null +++ b/v3/testdata/subject_rdn_order_ok_04.pem @@ -0,0 +1,93 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5917778588860444809 (0x52202c45d8707089) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = IT, ST = Milano, L = Santa Redegonda, O = Certificati Gratis S.p.A., CN = Certificati Gratis CA + Validity + Not Before: Mar 8 10:50:00 2024 GMT + Not After : Mar 8 08:50:00 2025 GMT + Subject: DC = org, DC = example, C = IT, ST = Milano, L = Milano, O = Example, CN = example.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c1:0a:81:60:21:e7:7b:a3:ec:6f:e4:e0:fc:2f: + 61:47:88:69:01:58:9b:a3:89:98:0b:42:17:47:87: + 87:b2:0e:1f:74:22:28:e5:cf:9a:d2:7f:26:db:4f: + 1d:e8:8d:19:fa:cd:e6:dd:4c:c0:da:38:93:f6:bf: + e8:f4:9d:1f:00:c8:bf:cb:f5:4f:b0:fa:c3:24:ce: + 2f:04:3b:fa:27:dd:8c:3b:f7:44:09:89:16:19:0e: + 95:0a:8d:eb:0e:54:3f:81:c0:e7:62:b0:d9:6b:5a: + 89:93:78:08:db:8c:18:3d:24:81:6b:2e:b9:ff:0d: + 5a:71:24:b7:53:1f:c2:96:57:cd:49:98:b6:21:35: + 47:6b:83:19:2d:a9:4b:e2:17:a2:bd:1e:ab:16:4f: + d4:9a:9b:01:d8:e1:bf:d5:27:75:f2:09:78:63:1b: + 24:5e:2d:fe:66:fa:32:96:60:51:9c:46:0e:0b:aa: + e8:57:22:d4:16:38:11:96:d0:fe:63:56:f1:e8:7e: + eb:99:75:ce:4b:d2:e2:f9:71:26:62:31:2a:03:5d: + b4:d4:04:fb:33:9f:34:de:a1:39:85:cf:48:d0:a1: + 16:d5:95:c7:20:38:ba:24:d9:de:98:31:01:0b:1c: + be:6e:bb:16:0d:f5:06:42:27:82:49:57:32:f3:67: + 02:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 11:f4:93:85:4a:d1:7d:d4:28:5b:fa:c5:79:99:8f:e5:2c:74: + bd:13:c9:35:4d:92:2d:84:a5:aa:b1:63:83:4e:99:3b:c3:bb: + 03:51:f8:f2:9e:42:c3:7d:e1:e5:4c:da:67:cd:c9:3c:d6:68: + 0c:1e:2b:70:80:4a:81:0b:d2:b5:82:0f:6f:93:5d:48:2e:29: + d9:52:45:8d:91:29:26:b6:69:e8:0f:f7:29:4d:83:da:e9:5a: + f6:71:57:4e:b2:4a:e7:7e:b6:68:f1:56:5d:41:d8:03:94:d1: + 46:7b:b3:d8:38:42:26:80:18:ef:4c:42:30:66:2a:a2:de:fe: + e0:2e:e8:74:79:16:b1:a2:9a:bc:93:3e:5c:30:68:6e:38:83: + f0:b2:51:e9:a0:ab:8b:43:d8:1f:15:98:86:fe:e0:34:69:27: + bb:65:12:26:dd:0c:56:53:86:c3:33:0d:da:b5:70:73:39:67: + 6d:55:84:2b:bb:71:5e:93:c1:29:ee:bc:37:78:39:c3:74:80: + 04:8d:ff:29:af:48:ec:a9:34:5a:d4:7b:d4:f2:cf:a4:81:13: + f7:3c:03:6c:73:cf:1b:f1:d7:cd:2e:fd:ea:9c:9e:98:63:29: + aa:90:02:91:68:28:aa:ec:4e:f7:12:05:73:b9:32:f0:17:ca: + a5:d1:68:dd:b2:8a:56:be:7b:73:57:b9:2b:7e:58:7d:3b:f4: + 74:ae:b5:88:c1:88:0d:6e:d4:23:78:4b:36:fe:21:b2:d8:7a: + 57:90:95:47:c1:a1:c5:15:65:02:50:cf:11:f1:8e:94:b7:f8: + 46:9c:2e:b2:db:78:69:e8:a8:c8:43:57:be:cb:82:f2:65:3c: + 49:f3:f9:b1:95:57:50:4c:53:ce:21:55:42:06:b4:bd:91:67: + 21:5f:c9:c8:b6:d4:f7:e8:8d:f9:67:c3:08:4b:7e:60:86:79: + 7f:d2:70:75:fa:b0:af:90:39:e3:f3:f9:69:8f:a8:9e:3f:16: + af:e7:46:fd:07:fe:77:13:7a:41:8e:f4:a9:60:45:ba:c0:4a: + 51:ce:bf:fe:e4:e6:04:01:b1:e1:d0:60:3a:4c:f0:bf:d5:9f: + b4:6d:e8:06:9a:21:01:8e:ae:d3:bf:d8:29:1b:ec:5f:d3:5d: + 4e:22:37:6a:05:c9:30:8b:41:58:38:64:21:f0:a0:77:28:66: + 95:32:1f:f6:5b:42:48:84:4d:a6:d6:bf:81:d0:5c:3c:89:40: + 75:74:f6:fb:de:16:7c:9b:d6:7a:76:3a:37:c1:04:68:e9:7d: + 14:c5:8f:6c:6c:70:d5:c3:c6:d1:08:cc:6d:a1:5f:8b:d2:16: + 3a:58:53:2e:3f:9c:f1:cc +-----BEGIN CERTIFICATE----- +MIIEmzCCAoOgAwIBAgIIUiAsRdhwcIkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCSVQxDzANBgNVBAgTBk1pbGFubzEYMBYGA1UEBxMPU2FudGEgUmVkZWdvbmRh +MSIwIAYDVQQKExlDZXJ0aWZpY2F0aSBHcmF0aXMgUy5wLkEuMR4wHAYDVQQDExVD +ZXJ0aWZpY2F0aSBHcmF0aXMgQ0EwHhcNMjQwMzA4MTA1MDAwWhcNMjUwMzA4MDg1 +MDAwWjCBhTETMBEGCgmSJomT8ixkARkWA29yZzEXMBUGCgmSJomT8ixkARkWB2V4 +YW1wbGUxCzAJBgNVBAYTAklUMQ8wDQYDVQQIEwZNaWxhbm8xDzANBgNVBAcTBk1p +bGFubzEQMA4GA1UEChMHRXhhbXBsZTEUMBIGA1UEAxMLZXhhbXBsZS5vcmcwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBCoFgIed7o+xv5OD8L2FHiGkB +WJujiZgLQhdHh4eyDh90Iijlz5rSfybbTx3ojRn6zebdTMDaOJP2v+j0nR8AyL/L +9U+w+sMkzi8EO/on3Yw790QJiRYZDpUKjesOVD+BwOdisNlrWomTeAjbjBg9JIFr +Lrn/DVpxJLdTH8KWV81JmLYhNUdrgxktqUviF6K9HqsWT9SamwHY4b/VJ3XyCXhj +GyReLf5m+jKWYFGcRg4LquhXItQWOBGW0P5jVvHofuuZdc5L0uL5cSZiMSoDXbTU +BPsznzTeoTmFz0jQoRbVlccgOLok2d6YMQELHL5uuxYN9QZCJ4JJVzLzZwKrAgMB +AAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAR +9JOFStF91Chb+sV5mY/lLHS9E8k1TZIthKWqsWODTpk7w7sDUfjynkLDfeHlTNpn +zck81mgMHitwgEqBC9K1gg9vk11ILinZUkWNkSkmtmnoD/cpTYPa6Vr2cVdOskrn +frZo8VZdQdgDlNFGe7PYOEImgBjvTEIwZiqi3v7gLuh0eRaxopq8kz5cMGhuOIPw +slHpoKuLQ9gfFZiG/uA0aSe7ZRIm3QxWU4bDMw3atXBzOWdtVYQru3Fek8Ep7rw3 +eDnDdIAEjf8pr0jsqTRa1HvU8s+kgRP3PANsc88b8dfNLv3qnJ6YYymqkAKRaCiq +7E73EgVzuTLwF8ql0WjdsopWvntzV7krflh9O/R0rrWIwYgNbtQjeEs2/iGy2HpX +kJVHwaHFFWUCUM8R8Y6Ut/hGnC6y23hp6KjIQ1e+y4LyZTxJ8/mxlVdQTFPOIVVC +BrS9kWchX8nIttT36I35Z8MIS35ghnl/0nB1+rCvkDnj8/lpj6iePxav50b9B/53 +E3pBjvSpYEW6wEpRzr/+5OYEAbHh0GA6TPC/1Z+0begGmiEBjq7Tv9gpG+xf011O +IjdqBckwi0FYOGQh8KB3KGaVMh/2W0JIhE2m1r+B0Fw8iUB1dPb73hZ8m9Z6djo3 +wQRo6X0UxY9sbHDVw8bRCMxtoV+L0hY6WFMuP5zxzA== +-----END CERTIFICATE----- diff --git a/v3/testdata/subject_rdn_order_ok_05.pem b/v3/testdata/subject_rdn_order_ok_05.pem new file mode 100644 index 000000000..d335363e9 --- /dev/null +++ b/v3/testdata/subject_rdn_order_ok_05.pem @@ -0,0 +1,94 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3973831062308419373 (0x3725e24c024e772d) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = IT, ST = Milano, L = Santa Redegonda, O = Certificati Gratis S.p.A., CN = Certificati Gratis CA + Validity + Not Before: Mar 8 11:11:00 2024 GMT + Not After : Mar 8 08:50:00 2025 GMT + Subject: C = IT, ST = Milano, L = Milano, street = Via Carducci, O = Example, CN = example.org, serialNumber = 1234567890, businessCategory = Private Organization, jurisdictionC = IT + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c1:0a:81:60:21:e7:7b:a3:ec:6f:e4:e0:fc:2f: + 61:47:88:69:01:58:9b:a3:89:98:0b:42:17:47:87: + 87:b2:0e:1f:74:22:28:e5:cf:9a:d2:7f:26:db:4f: + 1d:e8:8d:19:fa:cd:e6:dd:4c:c0:da:38:93:f6:bf: + e8:f4:9d:1f:00:c8:bf:cb:f5:4f:b0:fa:c3:24:ce: + 2f:04:3b:fa:27:dd:8c:3b:f7:44:09:89:16:19:0e: + 95:0a:8d:eb:0e:54:3f:81:c0:e7:62:b0:d9:6b:5a: + 89:93:78:08:db:8c:18:3d:24:81:6b:2e:b9:ff:0d: + 5a:71:24:b7:53:1f:c2:96:57:cd:49:98:b6:21:35: + 47:6b:83:19:2d:a9:4b:e2:17:a2:bd:1e:ab:16:4f: + d4:9a:9b:01:d8:e1:bf:d5:27:75:f2:09:78:63:1b: + 24:5e:2d:fe:66:fa:32:96:60:51:9c:46:0e:0b:aa: + e8:57:22:d4:16:38:11:96:d0:fe:63:56:f1:e8:7e: + eb:99:75:ce:4b:d2:e2:f9:71:26:62:31:2a:03:5d: + b4:d4:04:fb:33:9f:34:de:a1:39:85:cf:48:d0:a1: + 16:d5:95:c7:20:38:ba:24:d9:de:98:31:01:0b:1c: + be:6e:bb:16:0d:f5:06:42:27:82:49:57:32:f3:67: + 02:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 33:90:f2:a3:3f:3a:7b:cf:f6:ce:c9:1c:05:40:58:90:07:a5: + 13:15:f1:5c:cb:35:22:95:be:a0:29:fe:cb:7a:29:eb:d5:91: + 95:94:f4:73:cd:2e:fb:92:ec:a4:6e:b9:3d:d1:a9:1a:9b:d9: + 1d:cb:68:1b:a9:36:03:4a:62:d3:1b:cd:a1:2a:8f:ca:1e:8b: + 27:e0:22:d8:a6:02:cb:fd:e5:91:ff:30:0f:98:a7:33:b6:b5: + c4:75:7e:87:63:20:86:57:8f:7e:10:48:fe:76:0e:d0:6c:6d: + d9:e5:a7:d8:31:c8:cc:c6:3b:40:4e:56:dc:fc:40:2d:4a:7c: + 46:b3:67:c3:a9:6c:e4:23:d1:12:48:96:37:39:a8:7d:50:b4: + 07:57:ff:50:74:d9:82:84:1a:ff:b0:c6:11:0d:da:65:4b:27: + 50:64:a6:d6:48:66:52:d4:49:f1:44:08:2b:6b:96:76:b4:94: + eb:0e:b3:29:57:77:e2:69:08:66:81:31:d3:c5:69:c9:ae:cb: + 9e:08:99:55:7d:fc:20:51:a5:4a:95:24:5a:66:2a:70:6a:ee: + f2:cb:ad:04:fd:54:71:a7:68:a4:55:ee:1b:db:7e:44:03:99: + 74:72:bb:15:84:d0:f5:e1:84:8d:df:7d:d0:fb:92:b1:22:5d: + d1:8f:b6:fd:c3:aa:ab:c0:87:c4:71:af:17:63:5e:f3:21:8c: + 89:94:b9:e0:52:5c:5c:69:67:b3:10:fd:12:8b:a3:a2:fa:ec: + e7:b9:85:a9:b7:a6:06:5e:d4:23:52:c9:87:92:41:4e:a5:eb: + ea:71:9a:b5:ef:54:0d:46:04:f9:18:5a:4b:25:9a:74:a5:9b: + 73:08:f4:d6:55:1f:12:07:67:ff:26:26:e4:ea:30:7b:34:6e: + 39:a1:57:71:fc:91:fd:ea:2c:f5:c8:bf:ee:db:d9:12:2c:24: + bf:c1:09:f5:0e:ca:d3:86:e5:da:d5:58:42:dc:5a:b5:6f:c7: + 6e:45:6c:97:15:18:fc:5d:f6:58:20:e4:60:08:50:45:75:3a: + 94:d0:ba:d7:aa:5f:30:02:6d:6a:85:56:06:3b:1e:75:6f:91: + 5b:5c:e0:07:a5:9c:56:32:b7:81:e8:c5:9a:55:20:47:64:e8: + 68:b9:76:c4:e3:e1:db:80:b6:ee:e7:35:2d:d2:38:bb:52:ac: + 32:99:90:9b:d4:33:27:51:dc:f1:26:bc:90:95:82:c3:ab:28: + 92:a2:6b:e3:f7:1b:f4:5e:9b:3d:98:61:e0:c3:69:2a:26:af: + 89:88:dc:ad:86:12:18:93:04:6c:83:7f:af:7b:5c:f3:87:7a: + e0:5a:c5:2e:70:f1:9d:27 +-----BEGIN CERTIFICATE----- +MIIEzTCCArWgAwIBAgIINyXiTAJOdy0wDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCSVQxDzANBgNVBAgTBk1pbGFubzEYMBYGA1UEBxMPU2FudGEgUmVkZWdvbmRh +MSIwIAYDVQQKExlDZXJ0aWZpY2F0aSBHcmF0aXMgUy5wLkEuMR4wHAYDVQQDExVD +ZXJ0aWZpY2F0aSBHcmF0aXMgQ0EwHhcNMjQwMzA4MTExMTAwWhcNMjUwMzA4MDg1 +MDAwWjCBtzELMAkGA1UEBhMCSVQxDzANBgNVBAgTBk1pbGFubzEPMA0GA1UEBxMG +TWlsYW5vMRUwEwYDVQQJEwxWaWEgQ2FyZHVjY2kxEDAOBgNVBAoTB0V4YW1wbGUx +FDASBgNVBAMTC2V4YW1wbGUub3JnMRMwEQYDVQQFEwoxMjM0NTY3ODkwMR0wGwYD +VQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJJVDCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEKgWAh53uj7G/k4PwvYUeI +aQFYm6OJmAtCF0eHh7IOH3QiKOXPmtJ/JttPHeiNGfrN5t1MwNo4k/a/6PSdHwDI +v8v1T7D6wyTOLwQ7+ifdjDv3RAmJFhkOlQqN6w5UP4HA52Kw2WtaiZN4CNuMGD0k +gWsuuf8NWnEkt1MfwpZXzUmYtiE1R2uDGS2pS+IXor0eqxZP1JqbAdjhv9UndfIJ +eGMbJF4t/mb6MpZgUZxGDguq6Fci1BY4EZbQ/mNW8eh+65l1zkvS4vlxJmIxKgNd +tNQE+zOfNN6hOYXPSNChFtWVxyA4uiTZ3pgxAQscvm67Fg31BkIngklXMvNnAqsC +AwEAAaMXMBUwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIB +ADOQ8qM/OnvP9s7JHAVAWJAHpRMV8VzLNSKVvqAp/st6KevVkZWU9HPNLvuS7KRu +uT3RqRqb2R3LaBupNgNKYtMbzaEqj8oeiyfgItimAsv95ZH/MA+YpzO2tcR1fodj +IIZXj34QSP52DtBsbdnlp9gxyMzGO0BOVtz8QC1KfEazZ8OpbOQj0RJIljc5qH1Q +tAdX/1B02YKEGv+wxhEN2mVLJ1BkptZIZlLUSfFECCtrlna0lOsOsylXd+JpCGaB +MdPFacmuy54ImVV9/CBRpUqVJFpmKnBq7vLLrQT9VHGnaKRV7hvbfkQDmXRyuxWE +0PXhhI3ffdD7krEiXdGPtv3DqqvAh8RxrxdjXvMhjImUueBSXFxpZ7MQ/RKLo6L6 +7Oe5ham3pgZe1CNSyYeSQU6l6+pxmrXvVA1GBPkYWkslmnSlm3MI9NZVHxIHZ/8m +JuTqMHs0bjmhV3H8kf3qLPXIv+7b2RIsJL/BCfUOytOG5drVWELcWrVvx25FbJcV +GPxd9lgg5GAIUEV1OpTQuteqXzACbWqFVgY7HnVvkVtc4AelnFYyt4HoxZpVIEdk +6Gi5dsTj4duAtu7nNS3SOLtSrDKZkJvUMydR3PEmvJCVgsOrKJKia+P3G/Remz2Y +YeDDaSomr4mI3K2GEhiTBGyDf697XPOHeuBaxS5w8Z0n +-----END CERTIFICATE----- diff --git a/v3/testdata/subject_rdn_order_ok_06.pem b/v3/testdata/subject_rdn_order_ok_06.pem new file mode 100644 index 000000000..471cc77a4 --- /dev/null +++ b/v3/testdata/subject_rdn_order_ok_06.pem @@ -0,0 +1,92 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3991351525678630817 (0x37642110c5c9c7a1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = IT, ST = Milano, L = Santa Redegonda, O = Certificati Gratis S.p.A., CN = Certificati Gratis CA + Validity + Not Before: Mar 8 13:34:00 2024 GMT + Not After : Mar 8 08:50:00 2025 GMT + Subject: C = IT, ST = Milano, L = Milano, SN = Flash, GN = Gordon, CN = example.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c1:0a:81:60:21:e7:7b:a3:ec:6f:e4:e0:fc:2f: + 61:47:88:69:01:58:9b:a3:89:98:0b:42:17:47:87: + 87:b2:0e:1f:74:22:28:e5:cf:9a:d2:7f:26:db:4f: + 1d:e8:8d:19:fa:cd:e6:dd:4c:c0:da:38:93:f6:bf: + e8:f4:9d:1f:00:c8:bf:cb:f5:4f:b0:fa:c3:24:ce: + 2f:04:3b:fa:27:dd:8c:3b:f7:44:09:89:16:19:0e: + 95:0a:8d:eb:0e:54:3f:81:c0:e7:62:b0:d9:6b:5a: + 89:93:78:08:db:8c:18:3d:24:81:6b:2e:b9:ff:0d: + 5a:71:24:b7:53:1f:c2:96:57:cd:49:98:b6:21:35: + 47:6b:83:19:2d:a9:4b:e2:17:a2:bd:1e:ab:16:4f: + d4:9a:9b:01:d8:e1:bf:d5:27:75:f2:09:78:63:1b: + 24:5e:2d:fe:66:fa:32:96:60:51:9c:46:0e:0b:aa: + e8:57:22:d4:16:38:11:96:d0:fe:63:56:f1:e8:7e: + eb:99:75:ce:4b:d2:e2:f9:71:26:62:31:2a:03:5d: + b4:d4:04:fb:33:9f:34:de:a1:39:85:cf:48:d0:a1: + 16:d5:95:c7:20:38:ba:24:d9:de:98:31:01:0b:1c: + be:6e:bb:16:0d:f5:06:42:27:82:49:57:32:f3:67: + 02:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + a7:1d:bd:b0:9e:f1:16:d7:ec:76:90:d4:97:37:dd:d4:64:f7: + 4f:fe:2e:31:83:a9:9f:3f:d3:d6:49:f6:d3:0a:89:06:8e:dc: + 25:4c:3c:c9:0b:04:69:b3:f3:1c:2a:38:28:71:89:7d:5a:04: + b4:c9:1e:e7:03:45:7c:ed:04:f1:1e:0f:95:f4:fa:e8:04:0c: + 25:1b:05:34:85:ab:e8:b2:7e:aa:9b:1a:45:ae:d4:24:d6:ae: + 77:ab:11:9c:2c:fd:a7:63:3f:30:52:85:ae:3d:7c:b6:9b:e6: + d3:b0:b2:6c:d7:4d:1d:89:b5:9b:b3:c3:2d:1c:24:38:ca:4c: + f4:fb:70:bf:86:bb:a2:e6:85:0e:4e:70:90:62:dc:6d:86:83: + b9:43:5d:6a:bb:79:88:8a:cb:ac:dc:28:91:5b:6e:d3:06:81: + a5:d0:36:52:d7:49:b4:3c:f5:d2:8d:ac:1a:9d:80:e7:1e:42: + 13:ce:2d:ef:ea:ed:6e:8a:28:e7:5e:a2:57:22:a7:a5:21:67: + 42:43:47:9e:a0:a8:50:e9:0f:f5:32:37:a0:2f:42:66:c8:6b: + 0a:d8:ac:18:19:67:7e:e5:45:9a:1d:f5:5b:4a:91:2d:07:d0: + af:fc:3e:35:91:f4:e8:41:b4:ec:5b:7f:41:1c:f7:04:6e:78: + 8f:bc:79:47:c5:59:a7:98:35:c3:19:3a:06:f0:53:0f:e1:e7: + 2b:28:40:ac:c0:09:2f:42:43:0c:56:23:09:62:06:e9:c2:0f: + 27:6b:90:09:8a:fe:6a:ed:c3:cb:ba:4c:be:0c:af:a4:30:5c: + 60:90:ba:41:fa:8b:fc:39:ad:95:2f:81:8b:e9:ba:d8:db:1f: + e9:95:47:a5:90:d7:2a:b9:48:e3:e9:16:59:2a:ae:7e:0c:e6: + ff:0c:f3:e5:91:15:b3:97:fc:46:93:ec:a1:e3:93:5f:e5:4c: + 3a:ed:8b:a6:f1:f3:b6:c9:af:41:fa:23:2d:e6:1c:96:a0:48: + 86:1a:9d:99:e4:68:0b:3b:33:94:3d:98:c1:1f:c8:48:81:32: + 6a:7c:c6:51:06:a0:72:bd:8a:00:13:0a:c6:17:46:e4:3c:44: + 42:d8:ee:c2:03:34:cf:3e:21:13:c9:4f:ab:27:de:1c:bb:d3: + 44:a3:d9:fc:8c:ea:62:20:ee:d3:7f:2c:1f:1b:40:6e:d2:af: + fb:81:af:52:39:34:41:e3:99:ce:f5:04:c2:a5:97:eb:16:18: + c6:fd:46:46:97:6a:26:1b:7a:18:27:47:f2:3a:b1:bd:f1:21: + 67:a6:98:e5:6f:b9:d6:c1:11:cb:ce:ee:43:32:f3:31:b3:35: + d3:c8:1d:4a:97:d0:e7:16 +-----BEGIN CERTIFICATE----- +MIIEezCCAmOgAwIBAgIIN2QhEMXJx6EwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCSVQxDzANBgNVBAgTBk1pbGFubzEYMBYGA1UEBxMPU2FudGEgUmVkZWdvbmRh +MSIwIAYDVQQKExlDZXJ0aWZpY2F0aSBHcmF0aXMgUy5wLkEuMR4wHAYDVQQDExVD +ZXJ0aWZpY2F0aSBHcmF0aXMgQ0EwHhcNMjQwMzA4MTMzNDAwWhcNMjUwMzA4MDg1 +MDAwWjBmMQswCQYDVQQGEwJJVDEPMA0GA1UECBMGTWlsYW5vMQ8wDQYDVQQHEwZN +aWxhbm8xDjAMBgNVBAQTBUZsYXNoMQ8wDQYDVQQqEwZHb3Jkb24xFDASBgNVBAMT +C2V4YW1wbGUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQqB +YCHne6Psb+Tg/C9hR4hpAVibo4mYC0IXR4eHsg4fdCIo5c+a0n8m208d6I0Z+s3m +3UzA2jiT9r/o9J0fAMi/y/VPsPrDJM4vBDv6J92MO/dECYkWGQ6VCo3rDlQ/gcDn +YrDZa1qJk3gI24wYPSSBay65/w1acSS3Ux/CllfNSZi2ITVHa4MZLalL4heivR6r +Fk/UmpsB2OG/1Sd18gl4YxskXi3+ZvoylmBRnEYOC6roVyLUFjgRltD+Y1bx6H7r +mXXOS9Li+XEmYjEqA1201AT7M5803qE5hc9I0KEW1ZXHIDi6JNnemDEBCxy+brsW +DfUGQieCSVcy82cCqwIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDATANBgkq +hkiG9w0BAQsFAAOCAgEApx29sJ7xFtfsdpDUlzfd1GT3T/4uMYOpnz/T1kn20wqJ +Bo7cJUw8yQsEabPzHCo4KHGJfVoEtMke5wNFfO0E8R4PlfT66AQMJRsFNIWr6LJ+ +qpsaRa7UJNaud6sRnCz9p2M/MFKFrj18tpvm07CybNdNHYm1m7PDLRwkOMpM9Ptw +v4a7ouaFDk5wkGLcbYaDuUNdart5iIrLrNwokVtu0waBpdA2UtdJtDz10o2sGp2A +5x5CE84t7+rtbooo516iVyKnpSFnQkNHnqCoUOkP9TI3oC9CZshrCtisGBlnfuVF +mh31W0qRLQfQr/w+NZH06EG07Ft/QRz3BG54j7x5R8VZp5g1wxk6BvBTD+HnKyhA +rMAJL0JDDFYjCWIG6cIPJ2uQCYr+au3Dy7pMvgyvpDBcYJC6QfqL/DmtlS+Bi+m6 +2Nsf6ZVHpZDXKrlI4+kWWSqufgzm/wzz5ZEVs5f8RpPsoeOTX+VMOu2LpvHztsmv +QfojLeYclqBIhhqdmeRoCzszlD2YwR/ISIEyanzGUQagcr2KABMKxhdG5DxEQtju +wgM0zz4hE8lPqyfeHLvTRKPZ/IzqYiDu038sHxtAbtKv+4GvUjk0QeOZzvUEwqWX +6xYYxv1GRpdqJht6GCdH8jqxvfEhZ6aY5W+51sERy87uQzLzMbM108gdSpfQ5xY= +-----END CERTIFICATE----- diff --git a/v3/testdata/subject_rdn_order_ok_07.pem b/v3/testdata/subject_rdn_order_ok_07.pem new file mode 100644 index 000000000..3ae297ff5 --- /dev/null +++ b/v3/testdata/subject_rdn_order_ok_07.pem @@ -0,0 +1,91 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2032570151512653799 (0x1c3523c8a5f93fe7) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = IT, ST = Milano, L = Santa Redegonda, O = Certificati Gratis S.p.A., CN = Certificati Gratis CA + Validity + Not Before: Mar 8 13:44:00 2024 GMT + Not After : Mar 8 08:50:00 2025 GMT + Subject: CN = example.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c1:0a:81:60:21:e7:7b:a3:ec:6f:e4:e0:fc:2f: + 61:47:88:69:01:58:9b:a3:89:98:0b:42:17:47:87: + 87:b2:0e:1f:74:22:28:e5:cf:9a:d2:7f:26:db:4f: + 1d:e8:8d:19:fa:cd:e6:dd:4c:c0:da:38:93:f6:bf: + e8:f4:9d:1f:00:c8:bf:cb:f5:4f:b0:fa:c3:24:ce: + 2f:04:3b:fa:27:dd:8c:3b:f7:44:09:89:16:19:0e: + 95:0a:8d:eb:0e:54:3f:81:c0:e7:62:b0:d9:6b:5a: + 89:93:78:08:db:8c:18:3d:24:81:6b:2e:b9:ff:0d: + 5a:71:24:b7:53:1f:c2:96:57:cd:49:98:b6:21:35: + 47:6b:83:19:2d:a9:4b:e2:17:a2:bd:1e:ab:16:4f: + d4:9a:9b:01:d8:e1:bf:d5:27:75:f2:09:78:63:1b: + 24:5e:2d:fe:66:fa:32:96:60:51:9c:46:0e:0b:aa: + e8:57:22:d4:16:38:11:96:d0:fe:63:56:f1:e8:7e: + eb:99:75:ce:4b:d2:e2:f9:71:26:62:31:2a:03:5d: + b4:d4:04:fb:33:9f:34:de:a1:39:85:cf:48:d0:a1: + 16:d5:95:c7:20:38:ba:24:d9:de:98:31:01:0b:1c: + be:6e:bb:16:0d:f5:06:42:27:82:49:57:32:f3:67: + 02:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + a1:49:74:57:6e:4d:64:95:5e:9e:a5:03:98:2a:87:e2:2d:3f: + b5:c2:67:8d:d6:13:d2:ba:0f:c5:e0:8c:6b:fe:1a:66:49:7d: + f3:c7:6c:ef:68:91:d7:0e:7b:a0:71:dd:9e:33:36:8a:04:09: + c9:ce:ab:fb:c3:f2:39:82:e3:f3:44:17:b0:31:a4:8a:27:73: + 60:31:9f:de:7a:6a:8a:da:44:9e:70:e1:37:37:12:55:99:37: + 10:81:79:06:d0:7e:02:0d:8b:0d:8f:eb:1d:e3:08:9c:04:70: + 1b:31:f0:53:a6:08:3f:6c:20:8d:0b:51:eb:f4:96:7c:96:e6: + 54:34:86:bf:7e:75:c8:09:e7:ff:78:7c:35:69:ac:f1:0b:33: + 53:2c:3a:a1:66:05:35:61:81:82:4f:c8:2d:7d:a8:0e:04:76: + 49:20:c7:1e:85:c8:2d:c4:45:ae:0b:d2:d1:54:b2:3e:48:1c: + e7:b5:fb:34:ae:dd:1e:4f:83:30:0a:18:82:47:2b:2c:ce:44: + 79:27:fc:a6:e9:08:a7:74:5c:c0:e2:9f:c4:2d:df:e8:9d:fb: + e5:33:b2:06:26:9f:60:b6:eb:05:d0:21:de:e9:02:9a:79:5b: + 3e:29:db:f7:b5:73:89:d1:f6:d7:39:a4:45:0a:82:e9:c1:06: + 4d:2b:6d:fe:16:b3:4d:11:7e:12:2e:19:89:9e:05:1d:d5:ae: + 7b:17:3a:75:c7:3e:17:33:d4:35:23:63:20:bd:ea:6e:57:52: + ba:d7:55:45:67:0b:b5:55:82:d1:f2:4f:20:21:b7:8a:49:7b: + 43:37:a7:5c:7c:1f:67:83:15:bf:ff:22:c8:da:06:8d:fb:11: + 06:7b:7c:b8:9b:2f:bf:0e:91:a7:c8:7e:e8:a9:68:6c:09:b5: + f0:b9:86:ce:12:12:3d:ef:9f:45:1e:e0:b8:eb:23:d9:39:b3: + 7d:99:e9:92:3e:83:84:88:2d:ae:81:71:ff:af:20:a5:fd:ad: + d3:00:40:64:fb:58:77:80:7a:07:7b:29:20:bc:9f:51:29:ad: + 72:72:8a:03:03:dd:c5:51:ec:f9:8f:a7:9e:2e:ad:3e:e9:b2: + 24:c7:af:46:81:01:0d:7a:f2:41:1b:b3:4d:97:52:ca:c0:e9: + ed:74:c1:e3:27:d5:e3:48:55:1e:95:2a:25:b8:f8:c8:ba:8d: + 90:0a:6d:d1:ec:37:9e:63:04:d2:ae:33:aa:29:42:07:e7:37: + be:24:be:be:65:30:cd:c2:e3:a0:b4:d5:bb:81:e1:03:7a:fd: + 91:96:2b:69:e9:e9:57:64:e1:52:19:fd:7c:8c:a7:a6:08:d8: + 6c:da:c3:8c:1d:0e:3e:35 +-----BEGIN CERTIFICATE----- +MIIEKzCCAhOgAwIBAgIIHDUjyKX5P+cwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCSVQxDzANBgNVBAgTBk1pbGFubzEYMBYGA1UEBxMPU2FudGEgUmVkZWdvbmRh +MSIwIAYDVQQKExlDZXJ0aWZpY2F0aSBHcmF0aXMgUy5wLkEuMR4wHAYDVQQDExVD +ZXJ0aWZpY2F0aSBHcmF0aXMgQ0EwHhcNMjQwMzA4MTM0NDAwWhcNMjUwMzA4MDg1 +MDAwWjAWMRQwEgYDVQQDEwtleGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMEKgWAh53uj7G/k4PwvYUeIaQFYm6OJmAtCF0eHh7IOH3Qi +KOXPmtJ/JttPHeiNGfrN5t1MwNo4k/a/6PSdHwDIv8v1T7D6wyTOLwQ7+ifdjDv3 +RAmJFhkOlQqN6w5UP4HA52Kw2WtaiZN4CNuMGD0kgWsuuf8NWnEkt1MfwpZXzUmY +tiE1R2uDGS2pS+IXor0eqxZP1JqbAdjhv9UndfIJeGMbJF4t/mb6MpZgUZxGDguq +6Fci1BY4EZbQ/mNW8eh+65l1zkvS4vlxJmIxKgNdtNQE+zOfNN6hOYXPSNChFtWV +xyA4uiTZ3pgxAQscvm67Fg31BkIngklXMvNnAqsCAwEAAaMXMBUwEwYDVR0lBAww +CgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBAKFJdFduTWSVXp6lA5gqh+It +P7XCZ43WE9K6D8XgjGv+GmZJffPHbO9okdcOe6Bx3Z4zNooECcnOq/vD8jmC4/NE +F7AxpIonc2Axn956aoraRJ5w4Tc3ElWZNxCBeQbQfgINiw2P6x3jCJwEcBsx8FOm +CD9sII0LUev0lnyW5lQ0hr9+dcgJ5/94fDVprPELM1MsOqFmBTVhgYJPyC19qA4E +dkkgxx6FyC3ERa4L0tFUsj5IHOe1+zSu3R5PgzAKGIJHKyzORHkn/KbpCKd0XMDi +n8Qt3+id++UzsgYmn2C26wXQId7pApp5Wz4p2/e1c4nR9tc5pEUKgunBBk0rbf4W +s00RfhIuGYmeBR3VrnsXOnXHPhcz1DUjYyC96m5XUrrXVUVnC7VVgtHyTyAht4pJ +e0M3p1x8H2eDFb//IsjaBo37EQZ7fLibL78OkafIfuipaGwJtfC5hs4SEj3vn0Ue +4LjrI9k5s32Z6ZI+g4SILa6Bcf+vIKX9rdMAQGT7WHeAegd7KSC8n1EprXJyigMD +3cVR7PmPp54urT7psiTHr0aBAQ168kEbs02XUsrA6e10weMn1eNIVR6VKiW4+Mi6 +jZAKbdHsN55jBNKuM6opQgfnN74kvr5lMM3C46C01buB4QN6/ZGWK2np6Vdk4VIZ +/XyMp6YI2Gzaw4wdDj41 +-----END CERTIFICATE----- diff --git a/v3/util/time.go b/v3/util/time.go index cd740a951..b702449ce 100644 --- a/v3/util/time.go +++ b/v3/util/time.go @@ -74,6 +74,7 @@ var ( AppleReducedLifetimeDate = time.Date(2020, time.September, 1, 0, 0, 0, 0, time.UTC) CABFBRs_1_7_9_Date = time.Date(2021, time.August, 16, 0, 0, 0, 0, time.UTC) CABFBRs_1_8_0_Date = time.Date(2021, time.August, 25, 0, 0, 0, 0, time.UTC) + CABFBRs_2_0_0_Date = time.Date(2023, time.September, 15, 0, 0, 0, 0, time.UTC) NoReservedDomainLabelsDate = time.Date(2021, time.October, 1, 0, 0, 0, 0, time.UTC) CABFBRs_OU_Prohibited_Date = time.Date(2022, time.September, 1, 0, 0, 0, 0, time.UTC) CABF_SMIME_BRs_1_0_0_Date = time.Date(2023, time.September, 1, 0, 0, 0, 0, time.UTC)