diff --git a/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months_test.go b/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months_test.go index e0d49252c..11b623bd2 100644 --- a/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months_test.go +++ b/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months_test.go @@ -38,3 +38,12 @@ func TestSubCertValidTimeGood(t *testing.T) { t.Errorf("%s: expected %s, got %s", inputPath, expected, out.Status) } } + +func TestSubCertValidTimeExactly39months(t *testing.T) { + inputPath := "39months.pem" + expected := lint.Pass + out := test.TestLint("e_sub_cert_valid_time_longer_than_39_months", inputPath) + if out.Status != expected { + t.Errorf("%s: expected %s, got %s", inputPath, expected, out.Status) + } +} diff --git a/v3/lints/cabf_ev/lint_ev_valid_time_too_long_test.go b/v3/lints/cabf_ev/lint_ev_valid_time_too_long_test.go index 7712cbeb8..08e1aa4e8 100644 --- a/v3/lints/cabf_ev/lint_ev_valid_time_too_long_test.go +++ b/v3/lints/cabf_ev/lint_ev_valid_time_too_long_test.go @@ -42,6 +42,11 @@ func TestEvValidTooLong(t *testing.T) { InputFilename: "evValidNotTooLong825Days.pem", ExpectedResult: lint.NA, }, + { + Name: "EV certificate issued after Ballot 193, valid for 825 days, which is >27 months", + InputFilename: "27monthsEv.pem", + ExpectedResult: lint.Pass, + }, } for _, tc := range testCases { t.Run(tc.Name, func(t *testing.T) { diff --git a/v3/testdata/27monthsEv.pem b/v3/testdata/27monthsEv.pem new file mode 100644 index 000000000..d455e9ec0 --- /dev/null +++ b/v3/testdata/27monthsEv.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5b:9b:6c:64:0c:88:e8:fa:af:28:f6:55 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = JLint Sub CA, O = Lint, C = DE + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Apr 1 00:00:00 2019 GMT + Subject: CN = 27 months, O = Lint, C = DE + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:d8:00:cb:b9:43:35:b3:84:5b:ab:a9:53:7f:38: + 64:4f:51:fc:c1:01:06:3e:32:52:20:98:4d:d7:99: + 83:9a:38:ce:a7:70:4c:44:0d:53:10:2f:5f:62:46: + 7a:94:ca:83:f8:c6:e5:34:f3:bf:1d:f7:7d:04:93: + 59:b0:e8:d5:2c:d7:3a:bf:a5:02:12:a6:da:f0:42: + de:71:c3:af:ea:c7:f6:6e:78:13:b8:50:b6:9f:c9: + 47:d4:5b:2c:1e:5f:d5:39:09:43:da:61:b4:49:cc: + 06:08:7c:dd:b2:bf:2b:cc:da:ae:52:c3:45:76:9f: + c9:f4:45:df:67:a0:f8:48:ef:7b:b3:81:a7:1e:c2: + 44:a3:f6:fe:fd:ab:b3:f2:d7:96:9b:c7:6a:6e:67: + aa:2f:69:67:d0:73:19:30:a3:da:c7:0b:c6:f9:73: + a1:00:c9:b6:eb:3c:f3:d2:0d:e0:c5:72:25:65:7d: + d7:13:1c:31:25:01:1d:92:f0:58:2c:02:02:16:6a: + 4c:74:b0:b1:4e:1e:98:fc:7b:13:f5:ae:31:86:f7: + 28:6a:88:cd:b4:a4:82:f0:22:47:06:92:54:75:ef: + 5f:5a:55:4d:33:79:30:a3:7d:41:3c:e9:f9:8e:44: + d9:9a:f9:b8:f7:19:69:f7:65:80:fa:a2:d6:41:d2: + ca:0b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:B5:42:27:78:AD:9F:06:6B:3D:14:5E:88:C6:34:6E:E0:94:4D:F2:A6 + + X509v3 Subject Key Identifier: + 2D:2F:C7:BE:9F:5E:54:F0:55:EA:5B:60:7F:37:CD:46:A5:19:1E:2E + X509v3 Certificate Policies: + Policy: 2.23.140.1.1 + + Signature Algorithm: sha256WithRSAEncryption + 50:73:5c:f5:4c:be:2c:26:a2:5a:0c:e8:3d:7a:99:ee:95:94: + 94:45:07:55:78:67:bf:bd:27:b3:e7:98:d4:75:a8:ba:49:68: + db:2f:c6:77:25:82:f0:5b:62:da:80:7c:7f:2b:c9:26:00:c4: + fd:be:6e:c6:84:97:20:ee:de:87:30:5d:11:91:2e:13:47:4b: + 10:61:63:9e:0b:5e:c7:ad:af:eb:5a:38:f0:88:81:ff:bc:6a: + 9e:1c:ab:18:67:54:4f:46:8a:80:75:c3:90:4e:1e:e8:d5:67: + 19:49:c2:3e:a3:43:53:2b:fa:8a:8c:4d:48:54:5d:55:31:15: + c0:4a:e8:59:c4:f9:ec:12:f7:5e:07:5d:b9:f7:60:23:b4:7c: + bd:c7:37:68:07:56:e5:95:a2:7f:2a:c5:63:ba:02:5b:e5:2d: + 15:c9:2f:83:b6:2f:13:57:9c:1b:8e:94:41:5a:79:94:d2:36: + f7:c8:d6:29:9f:98:46:d7:d9:d0:72:68:84:0d:58:ed:08:9c: + 98:ed:2f:2c:1c:b6:d4:8d:3f:7d:2b:54:3e:9f:82:e0:6d:72: + e0:28:1e:61:50:b6:7b:69:30:4c:17:b9:6f:2f:f5:81:cb:00: + b4:85:f1:0a:62:7a:f2:7d:a5:ff:68:44:36:59:57:b9:f9:07: + 2f:e1:95:ff +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIMW5tsZAyI6PqvKPZVMA0GCSqGSIb3DQEBCwUAMDMxFTAT +BgNVBAMMDEpMaW50IFN1YiBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUw +HhcNMTcwMTAxMDAwMDAwWhcNMTkwNDAxMDAwMDAwWjAwMRIwEAYDVQQDDAkyNyBt +b250aHMxDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA2ADLuUM1s4Rbq6lTfzhkT1H8wQEGPjJSIJhN15mD +mjjOp3BMRA1TEC9fYkZ6lMqD+MblNPO/Hfd9BJNZsOjVLNc6v6UCEqba8ELeccOv +6sf2bngTuFC2n8lH1FssHl/VOQlD2mG0ScwGCHzdsr8rzNquUsNFdp/J9EXfZ6D4 +SO97s4GnHsJEo/b+/auz8teWm8dqbmeqL2ln0HMZMKPaxwvG+XOhAMm26zzz0g3g +xXIlZX3XExwxJQEdkvBYLAICFmpMdLCxTh6Y/HsT9a4xhvcoaojNtKSC8CJHBpJU +de9fWlVNM3kwo31BPOn5jkTZmvm49xlp92WA+qLWQdLKCwIDAQABo1YwVDAfBgNV +HSMEGDAWgBS1Qid4rZ8Gaz0UXojGNG7glE3ypjAdBgNVHQ4EFgQULS/Hvp9eVPBV +6ltgfzfNRqUZHi4wEgYDVR0gBAswCTAHBgVngQwBATANBgkqhkiG9w0BAQsFAAOC +AQEAUHNc9Uy+LCaiWgzoPXqZ7pWUlEUHVXhnv70ns+eY1HWouklo2y/GdyWC8Fti +2oB8fyvJJgDE/b5uxoSXIO7ehzBdEZEuE0dLEGFjngtex62v61o48IiB/7xqnhyr +GGdUT0aKgHXDkE4e6NVnGUnCPqNDUyv6ioxNSFRdVTEVwEroWcT57BL3Xgddufdg +I7R8vcc3aAdW5ZWifyrFY7oCW+UtFckvg7YvE1ecG46UQVp5lNI298jWKZ+YRtfZ +0HJohA1Y7QicmO0vLBy21I0/fStUPp+C4G1y4CgeYVC2e2kwTBe5by/1gcsAtIXx +CmJ68n2l/2hENllXufkHL+GV/w== +-----END CERTIFICATE----- diff --git a/v3/testdata/39months.pem b/v3/testdata/39months.pem new file mode 100644 index 000000000..1104fcbe7 --- /dev/null +++ b/v3/testdata/39months.pem @@ -0,0 +1,75 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 03:d8:78:e2:20:05:78:6d:ae:a5:97:c4 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = JLint Sub CA, O = Lint, C = DE + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Apr 1 00:00:00 2020 GMT + Subject: CN = 39 months, O = Lint, C = DE + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:94:07:c4:d7:6e:ab:a7:69:da:00:be:cc:d6:c3: + b0:db:64:55:8a:4d:ee:32:43:36:d4:a1:50:08:e8: + e1:99:25:00:39:b7:c2:e3:7b:1a:69:17:cf:86:74: + cc:8e:ab:8a:51:8d:c4:d9:bb:30:1d:69:47:9b:84: + be:62:eb:4c:b3:3f:54:0f:ae:5f:a2:cd:1b:5c:57: + 91:26:58:c5:e8:b9:ed:71:ee:bf:57:6a:4b:21:c0: + 56:bd:49:78:9c:ab:4d:79:a8:bf:23:7d:68:63:5e: + ae:5c:d2:ae:33:90:0b:51:0c:68:1d:e1:44:69:61: + c6:62:9e:e8:01:39:9f:ae:f3:59:c7:92:0e:c9:89: + 9a:fa:84:d0:3d:3c:c5:d8:4f:bb:89:44:a2:4c:01: + 29:b3:68:0a:04:b5:7f:c6:a1:2d:b9:fc:b1:95:1e: + c4:ec:d4:6e:20:5a:ec:53:00:a3:da:2c:e1:d4:d4: + a5:50:6e:2d:b6:ed:1c:ab:c5:a6:d2:fa:3a:90:0b: + b8:6b:16:98:45:29:b0:8a:d3:bc:a0:d9:28:f7:a7: + 85:8f:77:47:64:ca:54:3b:53:cf:70:f0:95:8c:a2: + c7:aa:0b:67:3b:27:82:12:28:09:c2:da:e2:09:72: + e2:44:51:5a:02:01:14:35:8a:53:c9:8b:95:1e:08: + 21:ef + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:EA:F8:6D:8D:77:B0:16:56:C9:89:51:1B:8D:1D:A4:3B:4B:24:B0:DC + + X509v3 Subject Key Identifier: + 59:62:67:F3:8E:07:B5:2D:F4:1A:2D:0C:1D:5E:EF:B6:10:87:DC:0B + Signature Algorithm: sha256WithRSAEncryption + 09:67:cc:64:68:84:62:dc:74:62:f7:90:bc:10:96:13:19:f1: + 55:4f:fc:66:75:d2:11:7e:41:41:a3:8f:d8:f2:a8:26:1f:78: + 09:54:76:b3:d6:a7:8e:1c:73:1f:ae:bf:89:5f:2b:14:ed:74: + 6d:f7:63:c8:79:d1:d6:d1:31:5d:c0:4b:bf:6d:f8:61:82:13: + 9c:8e:b4:68:cf:2b:33:df:3c:78:3b:6a:12:ce:af:25:cd:af: + 86:e3:b6:0a:2d:7d:2a:62:fb:16:d5:bf:9f:3d:d3:ee:66:7f: + cc:13:77:e8:97:7a:8f:e3:08:70:26:49:1c:86:e1:e7:93:fb: + 46:34:4a:46:f5:82:a2:f6:1b:20:a7:e8:5e:e3:ff:58:e7:35: + 7b:5a:47:49:07:f7:fa:ee:dd:ec:90:16:89:7d:fc:05:5a:dc: + 1b:e0:f2:d8:6d:d7:f6:95:18:38:fd:ea:6c:a8:bf:b9:71:14: + 78:62:43:da:85:ba:e0:85:50:9a:de:bb:14:1c:21:c0:e2:47: + 66:f8:79:8c:48:e2:ad:c7:9d:da:36:a6:b2:b0:67:78:d4:ce: + 36:0c:e9:78:99:99:2b:bc:9e:20:bf:0e:7a:ba:51:9c:71:fd: + 96:df:c4:44:11:bf:87:4f:aa:eb:be:4a:9d:e0:9b:42:4a:4b: + fd:c0:2f:6d +-----BEGIN CERTIFICATE----- +MIIDKzCCAhOgAwIBAgIMA9h44iAFeG2upZfEMA0GCSqGSIb3DQEBCwUAMDMxFTAT +BgNVBAMMDEpMaW50IFN1YiBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUw +HhcNMTcwMTAxMDAwMDAwWhcNMjAwNDAxMDAwMDAwWjAwMRIwEAYDVQQDDAkzOSBt +b250aHMxDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAlAfE126rp2naAL7M1sOw22RVik3uMkM21KFQCOjh +mSUAObfC43saaRfPhnTMjquKUY3E2bswHWlHm4S+YutMsz9UD65fos0bXFeRJljF +6Lntce6/V2pLIcBWvUl4nKtNeai/I31oY16uXNKuM5ALUQxoHeFEaWHGYp7oATmf +rvNZx5IOyYma+oTQPTzF2E+7iUSiTAEps2gKBLV/xqEtufyxlR7E7NRuIFrsUwCj +2izh1NSlUG4ttu0cq8Wm0vo6kAu4axaYRSmwitO8oNko96eFj3dHZMpUO1PPcPCV +jKLHqgtnOyeCEigJwtriCXLiRFFaAgEUNYpTyYuVHggh7wIDAQABo0IwQDAfBgNV +HSMEGDAWgBTq+G2Nd7AWVsmJURuNHaQ7SySw3DAdBgNVHQ4EFgQUWWJn844HtS30 +Gi0MHV7vthCH3AswDQYJKoZIhvcNAQELBQADggEBAAlnzGRohGLcdGL3kLwQlhMZ +8VVP/GZ10hF+QUGjj9jyqCYfeAlUdrPWp44ccx+uv4lfKxTtdG33Y8h50dbRMV3A +S79t+GGCE5yOtGjPKzPfPHg7ahLOryXNr4bjtgotfSpi+xbVv5890+5mf8wTd+iX +eo/jCHAmSRyG4eeT+0Y0Skb1gqL2GyCn6F7j/1jnNXtaR0kH9/ru3eyQFol9/AVa +3Bvg8tht1/aVGDj96myov7lxFHhiQ9qFuuCFUJreuxQcIcDiR2b4eYxI4q3Hndo2 +prKwZ3jUzjYM6XiZmSu8niC/Dnq6UZxx/ZbfxEQRv4dPquu+Sp3gm0JKS/3AL20= +-----END CERTIFICATE-----