From 6c2367080d148f4b8c01f96a4c80e3ac55d1ef26 Mon Sep 17 00:00:00 2001 From: mtg Date: Tue, 4 Feb 2020 17:45:58 +0100 Subject: [PATCH 1/7] lint about the encoding of qcstatements for PSD2 --- .../lint_qcstatem_psd2_psd2statem_encoding.go | 54 +++ ..._qcstatem_psd2_psd2statem_encoding_test.go | 57 ++++ .../EvAltRegNumCert56JurContryNotMatching.pem | 28 ++ .../EvAltRegNumCert57NtrJurSopMissing.pem | 28 ++ testdata/QcStmtPsd2Cert01InvalidRoles.pem | 29 ++ testdata/QcStmtPsd2Cert03MissingRolesOid.pem | 29 ++ testdata/QcStmtPsd2Cert05Valid.pem | 29 ++ testdata/QcStmtPsd2Cert07MissingRoleName.pem | 29 ++ testdata/QcStmtPsd2Cert08NcaNameMissing.pem | 28 ++ .../QcStmtPsd2Cert09NcaNameZeroLength.pem | 28 ++ testdata/QcStmtPsd2Cert10RoleNameMissing.pem | 29 ++ .../QcStmtPsd2Cert11RoleNameZeroLenght.pem | 29 ++ ...QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem | 29 ++ testdata/QcStmtPsd2Cert14Valid.pem | 28 ++ .../QcStmtPsd2Cert15NcaIdInconsistent.pem | 29 ++ .../QcStmtPsd2Cert17NcaIdInconsistent.pem | 28 ++ ...QcStmtPsd2Cert22NcaNameWrongStringType.pem | 29 ++ ...tPsd2Cert23Psd2ExtNcaIdWrongStringType.pem | 29 ++ .../QcStmtPsd2Cert24RoleNameIllegalChars.pem | 29 ++ testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem | 29 ++ testdata/QcStmtPsd2Cert27RoleNameNull.pem | 29 ++ testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem | 29 ++ testdata/QcStmtPsd2Cert30Valid.pem | 29 ++ testdata/QcStmtPsd2Cert31Valid.pem | 29 ++ testdata/QcStmtPsd2Cert39Valid.pem | 29 ++ testdata/QcStmtPsd2Cert40Valid.pem | 29 ++ util/alt_reg_num_ev.go | 137 ++++++++ util/misc.go | 22 ++ util/oid.go | 56 ++-- util/qc_stmt.go | 313 +++++++++++++----- 30 files changed, 1225 insertions(+), 104 deletions(-) create mode 100644 lints/etsi/lint_qcstatem_psd2_psd2statem_encoding.go create mode 100644 lints/etsi/lint_qcstatem_psd2_psd2statem_encoding_test.go create mode 100644 testdata/EvAltRegNumCert56JurContryNotMatching.pem create mode 100644 testdata/EvAltRegNumCert57NtrJurSopMissing.pem create mode 100644 testdata/QcStmtPsd2Cert01InvalidRoles.pem create mode 100644 testdata/QcStmtPsd2Cert03MissingRolesOid.pem create mode 100644 testdata/QcStmtPsd2Cert05Valid.pem create mode 100644 testdata/QcStmtPsd2Cert07MissingRoleName.pem create mode 100644 testdata/QcStmtPsd2Cert08NcaNameMissing.pem create mode 100644 testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem create mode 100644 testdata/QcStmtPsd2Cert10RoleNameMissing.pem create mode 100644 testdata/QcStmtPsd2Cert11RoleNameZeroLenght.pem create mode 100644 testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem create mode 100644 testdata/QcStmtPsd2Cert14Valid.pem create mode 100644 testdata/QcStmtPsd2Cert15NcaIdInconsistent.pem create mode 100644 testdata/QcStmtPsd2Cert17NcaIdInconsistent.pem create mode 100644 testdata/QcStmtPsd2Cert22NcaNameWrongStringType.pem create mode 100644 testdata/QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem create mode 100644 testdata/QcStmtPsd2Cert24RoleNameIllegalChars.pem create mode 100644 testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem create mode 100644 testdata/QcStmtPsd2Cert27RoleNameNull.pem create mode 100644 testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem create mode 100644 testdata/QcStmtPsd2Cert30Valid.pem create mode 100644 testdata/QcStmtPsd2Cert31Valid.pem create mode 100644 testdata/QcStmtPsd2Cert39Valid.pem create mode 100644 testdata/QcStmtPsd2Cert40Valid.pem create mode 100644 util/alt_reg_num_ev.go create mode 100644 util/misc.go diff --git a/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding.go b/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding.go new file mode 100644 index 000000000..c8e767b0c --- /dev/null +++ b/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding.go @@ -0,0 +1,54 @@ +package etsi + +/* + * ZLint Copyright 2020 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +import ( + "github.com/zmap/zcrypto/x509" + "github.com/zmap/zlint/lint" + "github.com/zmap/zlint/util" +) + +type qcStatemPsd2Pd2StatemEnc struct{} + +func (l *qcStatemPsd2Pd2StatemEnc) Initialize() error { + return nil +} + +func (l *qcStatemPsd2Pd2StatemEnc) CheckApplies(c *x509.Certificate) bool { + if !util.IsExtInCert(c, util.QcStateOid) { + return false + } + _, isPresent := util.IsQcStatemPresent(c, &util.IdEtsiPsd2Statem) + return isPresent +} + +func (l *qcStatemPsd2Pd2StatemEnc) Execute(c *x509.Certificate) *lint.LintResult { + qcs := util.ParseQcStatem(util.GetExtFromCert(c, util.QcStateOid).Value, util.IdEtsiPsd2Statem) + if qcs.GetErrorInfo() != "" { + return &lint.LintResult{Status: lint.Error, Details: qcs.GetErrorInfo()} + } + return &lint.LintResult{Status: lint.Pass} +} + +func init() { + lint.RegisterLint(&lint.Lint{ + Name: "e_qcstatem_psd2_psd2statem_encoding", + Description: "This test checks that a PSD2 QcStatement has the correct encoding.", + Citation: "ETSI TS 119 495, 'Annex A (normative): ASN.1 Declaration'", + Source: lint.EtsiEsi, + EffectiveDate: util.EtsiEn319_412_5_V2_2_1_Date, + Lint: &qcStatemPsd2Pd2StatemEnc{}, + }) +} diff --git a/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding_test.go b/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding_test.go new file mode 100644 index 000000000..4f4295a42 --- /dev/null +++ b/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding_test.go @@ -0,0 +1,57 @@ +package etsi + +/* + * ZLint Copyright 2020 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +import ( + "github.com/zmap/zlint/lint" + "github.com/zmap/zlint/test" + "testing" +) + +func TestQcStatemPsd2Encoding(t *testing.T) { + m := map[string]lint.LintStatus{ + "QcStmtPsd2Cert01InvalidRoles.pem": lint.Pass, + "QcStmtPsd2Cert03MissingRolesOid.pem": lint.Error, + "QcStmtPsd2Cert05Valid.pem": lint.Pass, + "QcStmtPsd2Cert07MissingRoleName.pem": lint.Error, + "QcStmtPsd2Cert08NcaNameMissing.pem": lint.Error, + "QcStmtPsd2Cert09NcaNameZeroLength.pem": lint.Error, + "QcStmtPsd2Cert10RoleNameMissing.pem": lint.Error, + "QcStmtPsd2Cert11RoleNameZeroLenght.pem": lint.Error, + "QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem": lint.Error, + "QcStmtPsd2Cert14Valid.pem": lint.Pass, + "QcStmtPsd2Cert15NcaIdInconsistent.pem": lint.Pass, + "QcStmtPsd2Cert17NcaIdInconsistent.pem": lint.Pass, + "QcStmtPsd2Cert22NcaNameWrongStringType.pem": lint.Error, + "QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem": lint.Error, + "QcStmtPsd2Cert24RoleNameIllegalChars.pem": lint.Error, + "QcStmtPsd2Cert26RoleOidAsUtf8Str.pem": lint.Error, + "QcStmtPsd2Cert27RoleNameNull.pem": lint.Error, + "QcStmtPsd2Cert28NcaNameIa5Str.pem": lint.Error, + "QcStmtPsd2Cert30Valid.pem": lint.Pass, + "QcStmtPsd2Cert31Valid.pem": lint.Pass, + "QcStmtPsd2Cert39Valid.pem": lint.Pass, + "QcStmtPsd2Cert40Valid.pem": lint.Pass, + "EvAltRegNumCert56JurContryNotMatching.pem": lint.NA, + "EvAltRegNumCert57NtrJurSopMissing.pem": lint.NA, + } + for inputPath, expected := range m { + out := test.TestLint("e_qcstatem_psd2_psd2statem_encoding", inputPath) + + if out.Status != expected { + t.Errorf("%s: expected %s, got %s", inputPath, expected, out.Status) + } + } +} diff --git a/testdata/EvAltRegNumCert56JurContryNotMatching.pem b/testdata/EvAltRegNumCert56JurContryNotMatching.pem new file mode 100644 index 000000000..222e0aced --- /dev/null +++ b/testdata/EvAltRegNumCert56JurContryNotMatching.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIExzCCA6+gAwIBAgINAmI1p32s9ypT5AANZzANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjCB +oDEMMAoGA1UECgwDTVRHMRIwEAYDVQQHDAlEYXJtc3RhZHQxDzANBgNVBAgMBkhl +c3NlbjELMAkGA1UEBhMCREUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9u +MRcwFQYDVQRhDA5OVFJERS0xMjM0NTY3ODERMA8GA1UEBRMIMTIzNDU2NzgxEzAR +BgsrBgEEAYI3PAIBAwwCR0IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQDCDYFxtJQFvM+ZiqpiCPIuY7IeRvkrhZjDg9DOJq12j1znWwUgJSYyGcIkirpp +o+vKEKTzz7XGHvZwWJZbiFJqiEIzhbjGFkhPAUU5P+FquQa17zfbeZ5QkFdDW4vD +NQ2zQfQbwkp/GDw5LU+/K6VxB3MzAOWNNp7+j3LFclYIzIa277ri/Ztcxi2U7S1k +JHfmZ01i25QuKY7dHXrKvGj7FSyAVtPd5zqPmBgUSxHZxAEfuXrQ2a1pEQX2Dq5f +/M3Gs8tNro5FGAqowEARKNzNn3omZ1pHgJvZTPfaX20TgxqRktG5RPdya5dHdHFw +gNPWc792M1xwuG+HNz5+jnXlAgMBAAGjggFcMIIBWDAfBgNVHSMEGDAWgBQMXpz+ +ukshbAQdwlq344hfWd5MEjAdBgNVHQ4EFgQUDmuqg6myTVyFzbHSL4f3IMs2Qzsw +DgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LmV4 +YW1wbGUuY29tMGIGCCsGAQUFBwEBBFYwVDAoBggrBgEFBQcwAoYcaHR0cDovL2Nh +LmV4YW1wbGUuY29tL2NhLmNydDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3AuZXhh +bXBsZS5jb20vb2NzcDBZBgNVHSAEUjBQMAcGBWeBDAEBMEUGCisGAQQBvUcNGAEw +NzA1BggrBgEFBQcCARYpaHR0cDovL3d3dy50ZWxlc2VjLmRlL3NlcnZlcnBhc3Mv +Y3BzLmh0bWwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4IBAQBftKEeTH458M79Zrhf9voF8wTGIh5AEuA8JT/bN2wQDuyqeqme +/QuUX7CIu2WwsPbz8CFe2Q1SKPM5gMlTGufb/beha4zCWqM8NXb4t/hSNDkD9226 +s5FW3lT3TzbDRwl+eykrsIUDWEIYyvg6JI7gK/512QbeTn131lIkUkBnuZ9b7kN3 +cPQ0ekicrCk8FjZz3/H21m7BdvSTF0OmBUseTcrH3azKwqn2AH/RAetJmI9W7HQE +hUunPKM+dSW/NQUD9B1DMs9c8W18vOWnnr5BfzS7kyIxh/Td77wQfyGlMaBeYoq7 +uoXjjS8CsVd+Avbhpda+47g9jZQ94Hcyg96o +-----END CERTIFICATE----- diff --git a/testdata/EvAltRegNumCert57NtrJurSopMissing.pem b/testdata/EvAltRegNumCert57NtrJurSopMissing.pem new file mode 100644 index 000000000..e4a944a98 --- /dev/null +++ b/testdata/EvAltRegNumCert57NtrJurSopMissing.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEyjCCA7KgAwIBAgINAlEr+EzD49s1YT1+/jANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjCB +ozEMMAoGA1UECgwDTVRHMRIwEAYDVQQHDAlEYXJtc3RhZHQxDzANBgNVBAgMBkhl +c3NlbjELMAkGA1UEBhMCREUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9u +MRowGAYDVQRhDBFOVFJERStIRS0xMjM0NTY3ODERMA8GA1UEBRMIMTIzNDU2Nzgx +EzARBgsrBgEEAYI3PAIBAwwCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDCDYFxtJQFvM+ZiqpiCPIuY7IeRvkrhZjDg9DOJq12j1znWwUgJSYyGcIk +irppo+vKEKTzz7XGHvZwWJZbiFJqiEIzhbjGFkhPAUU5P+FquQa17zfbeZ5QkFdD +W4vDNQ2zQfQbwkp/GDw5LU+/K6VxB3MzAOWNNp7+j3LFclYIzIa277ri/Ztcxi2U +7S1kJHfmZ01i25QuKY7dHXrKvGj7FSyAVtPd5zqPmBgUSxHZxAEfuXrQ2a1pEQX2 +Dq5f/M3Gs8tNro5FGAqowEARKNzNn3omZ1pHgJvZTPfaX20TgxqRktG5RPdya5dH +dHFwgNPWc792M1xwuG+HNz5+jnXlAgMBAAGjggFcMIIBWDAfBgNVHSMEGDAWgBQM +Xpz+ukshbAQdwlq344hfWd5MEjAdBgNVHQ4EFgQUDmuqg6myTVyFzbHSL4f3IMs2 +QzswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3 +LmV4YW1wbGUuY29tMGIGCCsGAQUFBwEBBFYwVDAoBggrBgEFBQcwAoYcaHR0cDov +L2NhLmV4YW1wbGUuY29tL2NhLmNydDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3Au +ZXhhbXBsZS5jb20vb2NzcDBZBgNVHSAEUjBQMAcGBWeBDAEBMEUGCisGAQQBvUcN +GAEwNzA1BggrBgEFBQcCARYpaHR0cDovL3d3dy50ZWxlc2VjLmRlL3NlcnZlcnBh +c3MvY3BzLmh0bWwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqG +SIb3DQEBCwUAA4IBAQBmq3MNz+GEqMIqOC1IB06DEjtAFHmbqr9uhxSpUM3VuK9y +jm+upuoZCwXFmEeyRXgjKbVFi6aLcMvyhLKfqntQKP517y/baEOeAV+GHUOYg+Gl +ihXze5o/nZAokPm9/b8D0hciqbxte7UlGaTu9wWKscVpDdjsuClNhaM7QD07LbTG +biAk5cbnQNTKqW0VCCU0LgEPBpbugydWDHkv8a5h0r13jiab3U7sfiX/Zq0rDP+i +MPNIYi/a9b/lxZ+TbFbZ1Q1PSW1dmhLvnXWcCVQ6VW2XwcbNkJyVvbJF3KJXMu7S +djvSAK3WrQazO/XhXQluDOMosMZYJZH4CuLLrHxe +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert01InvalidRoles.pem b/testdata/QcStmtPsd2Cert01InvalidRoles.pem new file mode 100644 index 000000000..f0af97ff8 --- /dev/null +++ b/testdata/QcStmtPsd2Cert01InvalidRoles.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE+TCCA+GgAwIBAgINDAL9Kp25SRT/zD2oHzANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEBDAZQU1BfUEkMJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI +hvcNAQELBQADggEBACBOt6QdjgWK2amsIFmmf9t7cnwtpigTe3BLnEmsPAPw0TBU +5G0pg1Utep7dvr0k++lMMqAHyxGZ8eUxjxXn/VUFTRisvwuk0GcDiYh7j9D/uyTH +sgD5IOvuADWcxHQ6kRyAWVqu5eLrUIy0l21SfpU1WGLiqCG14RzzljDe7jgWR4vu +KUbk4/LWavRCEXPejDJ7MvQ6Q8Jwj4tzdFZXUdwxQUJ/yp6pwNO3+qka7qi5rHD8 +8tNBPyUevV37humsLjfDzHFINs9D1BMDqZixdGAfOr/rMdw6pUlAUM0nFciYEK6z +sOJ9fnJcGTKWjJeC8XKoOPWyB0Ie0pPy21M5hxQ= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert03MissingRolesOid.pem b/testdata/QcStmtPsd2Cert03MissingRolesOid.pem new file mode 100644 index 000000000..957666e36 --- /dev/null +++ b/testdata/QcStmtPsd2Cert03MissingRolesOid.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8DCCA9igAwIBAgINCtgGQhhiIWmoUdvtzDANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbYwggGyMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkQYIKwYBBQUHAQMEgYQwgYEw +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwSQYGBACBmCcCMD8wCjAIDAZQU1BfUEkMJ0ZlZGVyYWwgRmluYW5jaWFs +IFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZIhvcNAQELBQAD +ggEBAAxFzpMwgr+aUxhBzrpsvpZDfaARHczbaPcJmi2h6rThbUFjYbrfssZmiZDq +e5g/4yaRPlKHZFU8yofcAs7hiFQNnKCgK4WlZ9gXe0yylXks6Hn2M2lDMWIk3HmF +ZwsTjyoNbbhW2x70Ewaa2NIWcf+4zK3qGBf4wXqmlhrWsA7EEzswFEUG25qoga2f +NXfJkBKWON7S4K3Bwddull8g2Sl+gJpGlwXlSu1hAV6tBqzH3JniV9AYP3SXAyRQ +S0TalMJ6wkEz+qBxao9+M4E64Q7jgVJbGKvoCgKiTKCbvd24AQDZPgGJspz+3NQR +0DINDw9My5opjNMyB+x4K+Hxtl0= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert05Valid.pem b/testdata/QcStmtPsd2Cert05Valid.pem new file mode 100644 index 000000000..cae24dcf4 --- /dev/null +++ b/testdata/QcStmtPsd2Cert05Valid.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE+TCCA+GgAwIBAgINCqVMvI3ItM3g3XV2cDANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEBDAZQU1BfQVMMJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI +hvcNAQELBQADggEBABmbFutzBZssZnMzUDMYf0bYgStey6CMddV4rKhhUDBqxG9s +xg+xLbXNmEHdJ6lScRK3h2mQ222vPsebLguitcisaqAMIDInYfRS657yEXmSedjy +WIVSrtCaAACYoCwOPEymnjra7WsRu2WZZ+5zk7floDx6o5QXLd73DOJrqr/r6pL9 +NPf5e7g+vlVqAGQhC6Z0s7ri5XInPBeZEMox2Au2ZF/UWNRf00MnRvnYAl2TkDSw +HcbU6L8BtzLxJlZmKw33BfTmi++QOmSPZjpELpnpUamrDmKuFlxu5/QBVz6RS/sX +5tZkQTPg6UtFlkStg9LLJEkEvdT0xMkRvczzTPM= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert07MissingRoleName.pem b/testdata/QcStmtPsd2Cert07MissingRoleName.pem new file mode 100644 index 000000000..2de38a3d8 --- /dev/null +++ b/testdata/QcStmtPsd2Cert07MissingRoleName.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8TCCA9mgAwIBAgINAn34kicX+AdEJqPEXDANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbcwggGzMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkgYIKwYBBQUHAQMEgYUwgYIw +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwSgYGBACBmCcCMEAwCzAJBgcEAIGYJwEEDCdGZWRlcmFsIEZpbmFuY2lh +bCBTdXBlcnZpc29yeSBBdXRob3JpdHkMCERFLWJhZmluMA0GCSqGSIb3DQEBCwUA +A4IBAQAHzTrdqGrwO0YNlzUBybkgaiaRR+iTfpe1gBHwOoL3hE6u1xowj3WozX6b +dXi+wT4jiy6ipsSCUE2sMwhBCIGRnuuJzlD6tIqJ88tAL0E13TvL2iW6IvH9pUM6 +ZMfEh7ejIXe2KRPX0lCuaiTwGXZy6B4EEt/vB5kdoqoDDLx7zDYUKyoUetN9bl75 +X5EjnpmZ1b+vgVCui261HFmwCg+ZxEFmbsmx3+CndOvFUygih9bdhIEj6Y6tlZS+ +S958XsWQwdwWnPIICt68yCxjYZfQ5fOiQa4OfoZ82uekJTr7pM63JwAk97GPt+MH +AFexiknCl6FRVuyRQHXkQkQMSfdG +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert08NcaNameMissing.pem b/testdata/QcStmtPsd2Cert08NcaNameMissing.pem new file mode 100644 index 000000000..f9dae78e9 --- /dev/null +++ b/testdata/QcStmtPsd2Cert08NcaNameMissing.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEzTCCA7WgAwIBAgINBgcQn55ngMeNmOZhpzANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAZMwggGPMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBvBggrBgEFBQcBAwRjMGEwCAYG +BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ +AQIwKQYGBACBmCcCMB8wEzARBgcEAIGYJwEDDAZQU1BfQUkMCERFLUJBRklOMA0G +CSqGSIb3DQEBCwUAA4IBAQBNkBaX1LmQuC7jw/X6iuBwYCvMwCUMjudBa3whU0U0 +jSh8VlzcBAu4dYGglyzhEjibGtHjBR+VW3mels1PCTIe6B4BPsIwnZ3zttjEBHM+ +H/uaShVU+61Cy6xOCGUR0NVyzWThwn0qwi6po0Qqn8+sW53tfTORsXmqaCzmlnDl +LiVJIY4eJYb1iuEucQdJ3KUWduJsJFJHOO+CoJKsoan+1g2cK/3NZC+eLR/e9aC/ +s8SnyGIBf2JxXXDQUY1Nx6Gb7b39Za/Ta6Hzu7Ue1FG/YY3vOwHnESAzmNYV1XiR +QLtIJbag45xPMWzQV5afp0gXRRX4hNE+DkZ52zWBMFTs +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem b/testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem new file mode 100644 index 000000000..3f4f4d268 --- /dev/null +++ b/testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEzzCCA7egAwIBAgINDsKzMgts5dOILcyZyzANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAZUwggGRMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBxBggrBgEFBQcBAwRlMGMwCAYG +BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ +AQIwKwYGBACBmCcCMCEwEzARBgcEAIGYJwECDAZQU1BfUEkMAAwIREUtQkFGSU4w +DQYJKoZIhvcNAQELBQADggEBAE+Iv9mf7sZBgnYSg739dk8uHRPpNnkkO6cxDvaq +q0CxylX66XdUoXMytvjVB1I+C2u5tmCVYcZYtv+Rm1ctA5FPsgbJNb8BkKH7wNC4 +Z64YSpdDA5hN3S1tudAKlG0JsXZUpOoevDVqqaONnBeQL9aZSF71nFDiRPWGy/Ox +CCYcQINdgRw6KU66b33Qez9oedRvv9SzAQv265H5ACZXJ+d8j0iVypGKUGxhqeQT +/6o1Eg35srYKyEtkYXBk3rOycxrz9Ux6ZhACzbi3v2MgiBVh5MdYuUn2WlBsb9tw +F7avtF38ETrRpx4q8AysD/vckODyvN6zB3PTEeJPS8o7Yr0= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert10RoleNameMissing.pem b/testdata/QcStmtPsd2Cert10RoleNameMissing.pem new file mode 100644 index 000000000..b6cf298bb --- /dev/null +++ b/testdata/QcStmtPsd2Cert10RoleNameMissing.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8DCCA9igAwIBAgINDxPCnUBqjv5Cn7YVoTANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbYwggGyMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkQYIKwYBBQUHAQMEgYQwgYEw +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwSQYGBACBmCcCMD8wCjAIDAZQU1BfQUkMJ0ZlZGVyYWwgRmluYW5jaWFs +IFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZIhvcNAQELBQAD +ggEBAAtdv0K46jF555M5IUa//iLMk6bXnqrlBEjbuVMAD2Rq6FvIE56ug4YQfYWI +85f07JhCnnKdw1npx9wF9avLWNggmNpXTPdF10iCXAE4vYEOtVy8xjYgMPk2swoc +VgAzDZQSPAj8nNQSEgYlpLv5o8IQPBMbP6uKjjDilVHEpIPclDlIhx7tfPtGG4/9 +Pvx2FKtnD52Zr5qQvL85IC5Qy2xIIiznLt2p5E131EssZ1zCHDqzo3mYp1YS81Jj +lowIZUtEICht7f0Ju2/RaKgdwivJ2jKHOh23DNkPWsQDbqgMZS2oQCEgikVu4f3d +6fHt4nGCpQGc6jJg2H3n2KR3O9w= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert11RoleNameZeroLenght.pem b/testdata/QcStmtPsd2Cert11RoleNameZeroLenght.pem new file mode 100644 index 000000000..934ed5e64 --- /dev/null +++ b/testdata/QcStmtPsd2Cert11RoleNameZeroLenght.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE7DCCA9SgAwIBAgINCGnzNrzLAvsCbWMwJjANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbIwggGuMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBjQYIKwYBBQUHAQMEgYAwfjAI +BgYEAI5GAQEwEwYGBACORgEGMAkGBwQAjkYBBgMwFQYIKwYBBQUHCwIwCQYHBACL +7EkBAjBGBgYEAIGYJwIwPDANMAsGBwQAgZgnAQEMAAwnRmVkZXJhbCBGaW5hbmNp +YWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAJERTANBgkqhkiG9w0BAQsFAAOCAQEA +PimK2OFIHTC2lWv6+xN0lUg6cdlyZk1T7N3iBF90WogG1HjDCKnYlILcvOM581p2 +xleu1orGL/VAcJg0Te9rl9Z4ju6z1b4XsjFXSY1QBMxI8gWP2axFYlxcjRS7sMjk +m7lzQL63qGAJm76Gr1Xatcx7peqwgOMmmLN9e0WES+4z2aw2CksUgsaQ2ouzER4r +hXJtVCemhzNKcbeA+8yROD0ROenqDCNqcAGIGJ4YNSp90Wlp63baxu6u3PJgMr9S +L6sZzaimaFEPY6ggiw7PiYAKxmsybKFBXGJBPEaZ5MB4fDGKbe4nEGiEsM56IMBq +7DMKNBB67j4txmUg2xtd6w== +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem b/testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem new file mode 100644 index 000000000..e723cbf4f --- /dev/null +++ b/testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8TCCA9mgAwIBAgINA3NeFoI2mquIfvSjvjANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbcwggGzMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkgYIKwYBBQUHAQMEgYUwgYIw +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwSgYGBACBmCcCMEAwEzARBgcEAIGYJwEEDAZQU1BfSUMMJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwAMA0GCSqGSIb3DQEBCwUA +A4IBAQBakOYgnqxhHxCk7/HBK5GOhLc3Cof9e//jriIvA1jjhFO+iO+e1pVMZ9tK +7VFMBSe+v0XzN9oVuSEGdldebMhAnLBzr+ERhzljvXaCuHzh96u2MDbSeErfF4h9 +25BAoeuaglKoUCR/q1w8QMiwW3IxlbdWMeUc3HAVFSSBZtxAqfh6WE5xUaBJBWw5 +b8dixcQcDN9XsedCiZsjIzPUNldc4uQBEplqFbetVjUGyPVgpzwMyHorCyE4kadi +UXX2GNt7erIUgEme0Egmu1J3/R7lkNjXKtfpejTuxLtV6YyF+K5l2ZsWKbDUHNFI +46Tksr06JcmMw6kpWU52vEAh+n4V +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert14Valid.pem b/testdata/QcStmtPsd2Cert14Valid.pem new file mode 100644 index 000000000..98c54da2b --- /dev/null +++ b/testdata/QcStmtPsd2Cert14Valid.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIE1DCCA7ygAwIBAgIND53/U08Ff4UyfPa79TANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAZowggGWMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB2BggrBgEFBQcBAwRqMGgwCAYG +BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ +AQIwMAYGBACBmCcCMCYwEzARBgcEAIGYJwEEDAZQU1BfSUMMBTEyMzQ1DAhERS1C +QUZJTjANBgkqhkiG9w0BAQsFAAOCAQEAHlh68mckSyslsm2Q+in8TW3yFhjZ2/6n +1D/vPzja0LUblklNwKN0Zxa3TsWkKCZh5E/CwaLps/oxNUXDf273I9EFTnaNY0wO +2bcTbwQxkeNKZ7OHcQll8swdD3vhl8koAKAvHPuGJC71orWoc4Cbz6utm2e+IU4X +U1t2PgMPH7GhN/TL/Cqz0xbIcRqkmfLI6dcmckQX+HNBenh546iT/kDY3k6g6tEH +IPHj50A1vgksji5LrLfFhiwMx0X5t/1bPYQaZMKwg8w/mr48ql0gLT48UnLPt2jg +hMklwbWsMn8tTAWqQ3CzGKtgmJO9RWWFyU/jct+Hr7kFrzPG+j4bPg== +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert15NcaIdInconsistent.pem b/testdata/QcStmtPsd2Cert15NcaIdInconsistent.pem new file mode 100644 index 000000000..1952466e3 --- /dev/null +++ b/testdata/QcStmtPsd2Cert15NcaIdInconsistent.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE6TCCA9GgAwIBAgINBXNwOIJE9ou2P9JaNzANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAa8wggGrMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBigYIKwYBBQUHAQMEfjB8MAgG +BgQAjkYBATATBgYEAI5GAQYwCQYHBACORgEGAzAVBggrBgEFBQcLAjAJBgcEAIvs +SQECMEQGBgQAgZgnAjA6MBMwEQYHBACBmCcBAgwGUFNQX1BJDBtGaW5hbmNpYWwg +Q29uZHVjdCBBdXRob3JpdHkMBkdCLUZDQTANBgkqhkiG9w0BAQsFAAOCAQEAcGLh +qmW9M1HA0kJnhoIcZddPgTSmKgoIhUwPrNJ1R7RJUMkRbJLOGZAOIMz82jUY2pAv +IvtrxSZ9Kj0WeXtNnQ/39TMUogy8rxD3COJCD/n7Jr4vNYYyEeE3WLFMiS9UNJI7 +HPVfknp22f8TRYKYdm7jNqZu8IjFmMp8rBZQgatkEOc01/M2ZlOmbZp4kMcR+QFy +j1emYPjdiT/Sbn2KWFGnbsC9zfSYMr+qri0N9QiS27NJ4Uaj13qj9cvkLHYxuBBp +0SQDYNiU5b10BhonOHuHnf3g9InsIuA6lZibMNIrm+mbJa0YprZBNFesx7gSlrn0 +mA9viD0AJ4F3YeNX4A== +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert17NcaIdInconsistent.pem b/testdata/QcStmtPsd2Cert17NcaIdInconsistent.pem new file mode 100644 index 000000000..1cb4a6195 --- /dev/null +++ b/testdata/QcStmtPsd2Cert17NcaIdInconsistent.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIE2zCCA8OgAwIBAgINDR5bwZZ7Cncsu6inkDANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAaEwggGdMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB9BggrBgEFBQcBAwRxMG8wCAYG +BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ +AQIwNwYGBACBmCcCMC0wEzARBgcEAIGYJwEBDAZQU1BfQVMMDU5hdGlvbmFsIEJh +bmsMB1hYLUJBTkswDQYJKoZIhvcNAQELBQADggEBAAhb9Cz45JCQPBJU8DjR7uJi +sCMn79Q3Pu+TbnmR29blkyx/xw3ZuunwgeNXr8hb7+fKRBfXPrtPw/2DtndCIb52 +hbXM98OYoDFyjI3jHhkylce0fyEMrUTGkch63AsI99J2+WPw29hI/tRDoyoX9B6o +YFMHwyEA0En8WzohlhmJ1pBRU3AVeZOB2iIwj4P4yMSw6GzO/JiVFKqiFNRUm4Tc +7bgWDyOJhqnmK0bC5FShD8MwcncBi8YXrtrOC3hiKI4ZM2VVzEtUowMa4ovPDvW+ +lYxzWRwGCFXs8yF/YByhKD5n7Ydj9TtGvLCY89BsI3lvqda19IZwCn70xdlEkUA= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert22NcaNameWrongStringType.pem b/testdata/QcStmtPsd2Cert22NcaNameWrongStringType.pem new file mode 100644 index 000000000..5730e39c8 --- /dev/null +++ b/testdata/QcStmtPsd2Cert22NcaNameWrongStringType.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE+TCCA+GgAwIBAgINDCggDdySs4DXGHyRDjANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEEDAZQU1BfSUMTJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI +hvcNAQELBQADggEBAD7xK3mri61c067i8K6ydtJ0iB/vNYWfP+6BJSPhK2idZ/n4 +MJJTJzJqLmyUrYUjP6QlQmwxS/El81y8VpuXpE3BoOGu7+GSSvcCv7zt9e7tRYmU +TFHK1+yZ18j3g7AzGJIpCT4eKTyGQVPJnhHuZBXdgLcepuyedQ/lg/CCCgVomKmv +04JIUdIoQWVKNGne3rcbjay3g93fnDQ3sWtZEF8j6rQdExBHjZtipkG5TxeOYpg4 +ybC71MTPx3TAa6qFDWUJCqa7oggjS4ew763UR43rvnm3NPwyWvUmnHD47LjzJwBG +KlRvIJttjr6046IX4LxCA+yCo1IdMOBdcaNonF0= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem b/testdata/QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem new file mode 100644 index 000000000..8a264eafb --- /dev/null +++ b/testdata/QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE+TCCA+GgAwIBAgINDbqKQigFQMGjP0MDWjANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwECDAZQU1BfUEkMJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eRMIREUtQkFGSU4wDQYJKoZI +hvcNAQELBQADggEBAAlJKsrS/tv3xWC+PcCYGZBLzpJTb1c0ZPrNWxlGOsv0RfTV +7ZTh+bE8G2wwfNKuNcJWbeRm+kj/FxjSMXYHsXyyeJ2mJflYD757DFNzT87o8fDh +wJL7UCTgbIx/OjOYdk0BF8FpLHcHHU/g38xiXQEHGnJx0gcOlUotues3m2j11rZD +IKsaRBYHbyt2Hm0taYCe/S+qGbXAEoTa2ViVvQs1b9XbOE1XQs3+Wfmgg7Pw9/V+ +xdvkg66JCUffw5JK/1YF+wX4ruU9/ZVYJ8izjZ8EqZwZc977LoE67EnOwP4gdk1D +uM2/4uA9EZY6ZriCaYfBAMugfwO8UWQWZhM4YWs= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert24RoleNameIllegalChars.pem b/testdata/QcStmtPsd2Cert24RoleNameIllegalChars.pem new file mode 100644 index 000000000..53374b6f2 --- /dev/null +++ b/testdata/QcStmtPsd2Cert24RoleNameIllegalChars.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE+TCCA+GgAwIBAgINB3QGTJaVm+8UTeHXtjANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEDEwZQU1BfQUkMJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI +hvcNAQELBQADggEBAFOtuuVU/X9VzoMqaHedrNYEc4QQKB02cE/fKNDBINQUSUru +QwJJP8cYsBRPGu2ZzLnCJrqKQZVkVqqhoNbMbIWxuGyqJFSBKrwvTiLcbr2HmIC9 +l/Tn/cfZbCjKURt6fX6UwMghanzcpeMWZqYG2KgpIeVSfvphO1qFryjfPTuxLUy/ +MpwNV1z5un8jizOLeqP0HICoc6i17vPtQGxh1+1DyE+LEU+f44oReVjXkK2p/l3p +43caPV2L371JZlm3GxelU6h6pjKFREpwC7HPQiLUyuHxHwEzRO1Bm+yF8DcFF+lr +68rNsX6FvYmLDvgskgMnM2OcFhHn4h/w1CGI78I= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem b/testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem new file mode 100644 index 000000000..dc77f6160 --- /dev/null +++ b/testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFATCCA+mgAwIBAgINBLJlq+HgwVbgQWY4ljANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAccwggHDMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBogYIKwYBBQUHAQMEgZUwgZIw +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwWgYGBACBmCcCMFAwGzAZDA8wLjQuMC4xOTQ5NS4xLjEMBlBTUF9BUwwn +RmVkZXJhbCBGaW5hbmNpYWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAhERS1CQUZJ +TjANBgkqhkiG9w0BAQsFAAOCAQEADwr7eFDj7TDp9oZvLXfQ4fOHGNkPT2IopGZA +XSWOVEQpTDZrmUbEG9VAZRWPQWrsVJBPGMKVSijGfyWOojw+Ybr/zf06udYfzU4z +foX2r2p5VcF7RaOP0I0IvUu7imVO5CGwAAgNwBWHVClxgHCG7HyPCVwfhuloEtBY +pMoYMwZIPQgjbpQv7a0l7sNyowUgvo2LEntgJ+AmYvjtiOril6cB51VjsJvIzhKG +pAUQ6wU9AMZcVrNxKBrBC/ZvBmpNwXWpqZQ0ht8ZLwAwQcFhlduqTj+RaIvKABTT +OdW8/iD8L/05ttgzUYk9hOBP0nvMp0q8YXAnZiLyjzE/b8xwdA== +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert27RoleNameNull.pem b/testdata/QcStmtPsd2Cert27RoleNameNull.pem new file mode 100644 index 000000000..aea0e3d68 --- /dev/null +++ b/testdata/QcStmtPsd2Cert27RoleNameNull.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8jCCA9qgAwIBAgINDT4Uv+ZLx36sX5lt6DANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbgwggG0MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkwYIKwYBBQUHAQMEgYYwgYMw +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwSwYGBACBmCcCMEEwDDAKBQAMBlBTUF9BUwwnRmVkZXJhbCBGaW5hbmNp +YWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAhERS1CQUZJTjANBgkqhkiG9w0BAQsF +AAOCAQEALJ21NMFW5+QNjpSsR9S1rWwPU1YH1BtQz492fWpY7Dyow9LyFGzmdR5u +9lvud43yXXkeKiOHNa9V5K9QJwFYlO0F4pj0owkmy1qHnsQqMJMfWjXDBY7wJQBh +ilGtKUAL8ideqJBcwS8GtOkC5uNcJ7IDW0elxbCO9aFPIwv34deM64o6QdwceqK9 +g3Cw+1ZwdL1R9b5Dy9AOuwEuljwN+MKh/uTiqA8oEpTgjwx0GsJuxaVLLcwPmw8u +iwS0g/mbdD8fphQzYW5Blrw4UaWc95rjyZ0p3ML13HXvzKbuvpORbVIu/I83YJ+7 +Ue4OIpzAHeEZCXkQnieJnLCeV7amZg== +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem b/testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem new file mode 100644 index 000000000..ebe3714ba --- /dev/null +++ b/testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE+TCCA+GgAwIBAgINCXyBm7L1aR4HaG0t+jANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwECDAZQU1BfUEkWJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI +hvcNAQELBQADggEBAB+ZT87A/50XIcJbEzJpullrjxpDRm/JFXAcXP8IzYmudG1u +bAQgzmxM60jv8amdE9iFWjO58kp8skX2J7meR8BaPPFZVMQ90RX2IjnUE/aoYlmH +eM9ykwNzTJP72P4i3s5IjKY1+5l9C4YWBHL+GXhdDQDdS6/LMxYjHbaMhjkHicWR +cDMiK16diYjBKn/cb2fjM1gBkwKiHxQj7uxOYn5vCpMQTT1CbQlCDbbzzNbIUvsk +vsUKcjSOV2eXeNZ/5PDh4Z6FY/nM3wiOIPy4A7MUB987Dv/sRJIwvpXubRMVenfe +UMRDoancxKOAp96XNRNlF3pxfsspOIQSASG5Cks= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert30Valid.pem b/testdata/QcStmtPsd2Cert30Valid.pem new file mode 100644 index 000000000..be1c0749f --- /dev/null +++ b/testdata/QcStmtPsd2Cert30Valid.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE9zCCA9+gAwIBAgINAbqL8/qvSod2/+EpMzANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAwWhcNMjAxMTAxMDgwMzAwWjBv +MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEeMBwGA1UEYQwVUFNEUEwt +UEZTQS0xMjM0NTY3ODkwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +wg2BcbSUBbzPmYqqYgjyLmOyHkb5K4WYw4PQziatdo9c51sFICUmMhnCJIq6aaPr +yhCk88+1xh72cFiWW4hSaohCM4W4xhZITwFFOT/harkGte8323meUJBXQ1uLwzUN +s0H0G8JKfxg8OS1PvyulcQdzMwDljTae/o9yxXJWCMyGtu+64v2bXMYtlO0tZCR3 +5mdNYtuULimO3R16yrxo+xUsgFbT3ec6j5gYFEsR2cQBH7l60NmtaREF9g6uX/zN +xrPLTa6ORRgKqMBAESjczZ96JmdaR4Cb2Uz32l9tE4MakZLRuUT3cmuXR3RxcIDT +1nO/djNccLhvhzc+fo515QIDAQABo4IBvjCCAbowHwYDVR0jBBgwFoAUDF6c/rpL +IWwEHcJat+OIX1neTBIwHQYDVR0OBBYEFA5rqoOpsk1chc2x0i+H9yDLNkM7MA4G +A1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCD3d3dy5leGFt +cGxlLmNvbTBiBggrBgEFBQcBAQRWMFQwKAYIKwYBBQUHMAKGHGh0dHA6Ly9jYS5l +eGFtcGxlLmNvbS9jYS5jcnQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwLmV4YW1w +bGUuY29tL29jc3AwHwYDVR0gBBgwFjAJBgcEAIvsQAEEMAkGBwQAgZgnAwEwHQYD +VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGZBggrBgEFBQcBAwSBjDCBiTAI +BgYEAI5GAQEwEwYGBACORgEGMAkGBwQAjkYBBgMwFQYIKwYBBQUHCwIwCQYHBACL +7EkBAjBRBgYEAIGYJwIwRzATMBEGBwQAgZgnAQQMBlBTUF9JQwwnRmVkZXJhbCBG +aW5hbmNpYWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAdQTC1QRlNBMA0GCSqGSIb3 +DQEBCwUAA4IBAQAO1okP2VXl7NmPbdWX9QtesVxlg5e1VDJrx1NA4gVlXPQi8thW +4JAYSmlOMb0IC3CrjcepmApCjBTJnx99Vn6NV9VbpJXdOKgOK+Kf01OPpjte7nV4 +3Q2IhWg75sJKEqMA2DrxCHQmBQ4HplRTE7EqmrM5Kn6QGUT3rjnqfFu9DYY1AeRc +NVxnqAe5TApePwsfqRsX3u2Ngv3rpF/dQgv78VYZbUMWqz2cxlXFKqEu3zWsRdd/ +kvHgNnPh399AzZrkiXzxz2A/eKJnz5ydxe5vswRZ43za4K/pLf/ftnYlbViK/xfk +2TfQdNdte0y60KireEsdNJ27KTEy5XTxast2 +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert31Valid.pem b/testdata/QcStmtPsd2Cert31Valid.pem new file mode 100644 index 000000000..b0cf61348 --- /dev/null +++ b/testdata/QcStmtPsd2Cert31Valid.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE9zCCA9+gAwIBAgINB1vxbHmAgLCe5oL7DTANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAwWhcNMjAxMTAxMDgwMzAwWjBw +MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEQkUt +TkJCLTEyMzQuNTY3Ljg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb0wggG5MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmAYIKwYBBQUHAQMEgYswgYgw +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwUAYGBACBmCcCMEYwEzARBgcEAIGYJwEEDAZQU1BfSUMMJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwGQkUtTkJCMA0GCSqGSIb3 +DQEBCwUAA4IBAQAPDX5qjIUhlenXeIiZ8uqRiAHEIfH+WAgtG1XwuP4SRL2ndF/g +5r12SLuRXyxaWsJ4qnpv3NFrmrs3yux7FSkk0mSC+67EIdhcA765HIDCKToR9RCN +6R6ZrRJl3DKfnzAA1r82ITtpPsmhhx4l1JJNC3LmAc7owAB1SB4bUw8zymPODlir +feNGECjGFyYi9zi+QN+RS++QAzu0XZsNuT5Ud6vGRPgK/jTjYJsHPW+OSgAC7GOo +Saz0E/uGfmopaYckWTU9UYoUNPjQjTeMWFnwCw8bpo+GUqkkxkFMWkpOHzLWRRXg +5+N8a4HuBcTkai8JKMKqhJ35q+KnF2/LXyM7 +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert39Valid.pem b/testdata/QcStmtPsd2Cert39Valid.pem new file mode 100644 index 000000000..45fb5357a --- /dev/null +++ b/testdata/QcStmtPsd2Cert39Valid.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE9DCCA9ygAwIBAgINBe1W3McubIstRtJQ2zANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAwWhcNMjAxMTAxMDgwMzAwWjBs +MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEbMBkGA1UEYQwSUFNETVQt +TUZTQS1BIDEyMzQ1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwg2B +cbSUBbzPmYqqYgjyLmOyHkb5K4WYw4PQziatdo9c51sFICUmMhnCJIq6aaPryhCk +88+1xh72cFiWW4hSaohCM4W4xhZITwFFOT/harkGte8323meUJBXQ1uLwzUNs0H0 +G8JKfxg8OS1PvyulcQdzMwDljTae/o9yxXJWCMyGtu+64v2bXMYtlO0tZCR35mdN +YtuULimO3R16yrxo+xUsgFbT3ec6j5gYFEsR2cQBH7l60NmtaREF9g6uX/zNxrPL +Ta6ORRgKqMBAESjczZ96JmdaR4Cb2Uz32l9tE4MakZLRuUT3cmuXR3RxcIDT1nO/ +djNccLhvhzc+fo515QIDAQABo4IBvjCCAbowHwYDVR0jBBgwFoAUDF6c/rpLIWwE +HcJat+OIX1neTBIwHQYDVR0OBBYEFA5rqoOpsk1chc2x0i+H9yDLNkM7MA4GA1Ud +DwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCD3d3dy5leGFtcGxl +LmNvbTBiBggrBgEFBQcBAQRWMFQwKAYIKwYBBQUHMAKGHGh0dHA6Ly9jYS5leGFt +cGxlLmNvbS9jYS5jcnQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwLmV4YW1wbGUu +Y29tL29jc3AwHwYDVR0gBBgwFjAJBgcEAIvsQAEEMAkGBwQAgZgnAwEwHQYDVR0l +BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGZBggrBgEFBQcBAwSBjDCBiTAIBgYE +AI5GAQEwEwYGBACORgEGMAkGBwQAjkYBBgMwFQYIKwYBBQUHCwIwCQYHBACL7EkB +AjBRBgYEAIGYJwIwRzATMBEGBwQAgZgnAQQMBlBTUF9JQwwnRmVkZXJhbCBGaW5h +bmNpYWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAdNVC1NRlNBMA0GCSqGSIb3DQEB +CwUAA4IBAQA4dTFubbQHH/I52KqmZH5lcPELQOXIylGxfAQxjMeWlkWsNYatZA5F +AkucP7KYtm4KOIMQR+xMreMGqmBGu0cS8HImBgjuld2N6sIgdUtUgWJjPWP2f8dX +Ymt7CMxeV4rPlk6OA3A7k5ymBO+NtK3RCiHluxf8J+vBf5OtuICF9xTkAqblbGFM +akOUy6s+gC085BbvG5gA4W8788WeQLKlPJOolzf21bWpNX+QgWugjHPAJIRdylBH +pwmR7Agg7+mGsPnDgY0955h/upg2TH41qUZw8vkw3LNw7Ij+RLl1ZL/Eni4Fo8xt +oLkacP2gWcr2k4mkJG4uKVyVAsnPIrPG +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert40Valid.pem b/testdata/QcStmtPsd2Cert40Valid.pem new file mode 100644 index 000000000..c3d4984c3 --- /dev/null +++ b/testdata/QcStmtPsd2Cert40Valid.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8TCCA9mgAwIBAgINAMgGzG3kIBYA+I8FATANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAwWhcNMjAxMTAxMDgwMzAwWjBq +MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEZMBcGA1UEYQwQVkFUQkUt +MDg3Njg2NjE0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMINgXG0 +lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj68oQpPPP +tcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1DbNB9BvC +Sn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQkd+ZnTWLb +lC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8zcazy02u +jkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA09Zzv3Yz +XHC4b4c3Pn6OdeUCAwEAAaOCAb0wggG5MB8GA1UdIwQYMBaAFAxenP66SyFsBB3C +WrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAOBgNVHQ8B +Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhhbXBsZS5j +b20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2EuZXhhbXBs +ZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFtcGxlLmNv +bS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0GA1UdJQQW +MBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmAYIKwYBBQUHAQMEgYswgYgwCAYGBACO +RgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJAQIw +UAYGBACBmCcCMEYwEzARBgcEAIGYJwEEDAZQU1BfSUMMJ0ZlZGVyYWwgRmluYW5j +aWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwGQkUtTkJCMA0GCSqGSIb3DQEBCwUA +A4IBAQBGHMv35/nt1N94zpYI5/zlBmp8zY4s0JMLmSYRDQCfoMd1CS+7m3JKIrjB +ll5TakTZ8gpY4U5Je/woS/08Lp0bR94Cq/nbMTas0OiOqmkmV8/Kw0mEWS/q2Jol +XUaa4TbvFB0PI7UOsm7tygjfvB9t0zJy+ytDqTiO9WEGouH5dbGDl4//0gq+JUs2 +IFUJi8UntfPnjD/mSmeqOvrsRlNLOgTkhURcLDV5Ch37moni6Mn2VSH/dXStaEUI +ISLK/dcMOBK69wTUXWOLr8HZ5xFPlP+F6gBnVHXSJGvYyE06MDZ2SqWNlS90kwcr +szINuPd+/+Kvij/xKUwX0tMisQ8y +-----END CERTIFICATE----- diff --git a/util/alt_reg_num_ev.go b/util/alt_reg_num_ev.go new file mode 100644 index 000000000..20982f6a2 --- /dev/null +++ b/util/alt_reg_num_ev.go @@ -0,0 +1,137 @@ +/* + * ZLint Copyright 2020 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +package util + +import ( + "encoding/asn1" + "reflect" + "regexp" + + "github.com/zmap/zcrypto/x509" +) + +type RDNSequence []RelativeDistinguishedNameSET + +type RelativeDistinguishedNameSET []AttributeTypeAndValue + +type AttributeTypeAndValue struct { + Type asn1.ObjectIdentifier + Value asn1.RawValue +} + +type parsedSubjectElement struct { + IsPresent bool + Value string + Asn1RawValue asn1.RawValue + ErrorString string +} + +type ParsedEvOrgId struct { + Rsi, Country, StateOrProvince, RegRef string +} + +type cabfOrgIdExt struct { + Rsi string `asn1:"printable"` + Country string `asn1:"printable"` + StateOrProvince string `asn1:"printable,optional,tag:0"` + RegRef string `asn1:"utf8"` +} + +func ParseCabfOrgIdExt(c *x509.Certificate) (string, ParsedEvOrgId) { + var result ParsedEvOrgId + + ext := GetExtFromCert(c, CabfExtensionOrganizationIdentifier) + var parsedExt cabfOrgIdExt + // check that we can parse the extension: + rest, err := asn1.Unmarshal(ext.Value, &parsedExt) + if len(rest) != 0 { + return "trailing bytes after extension", result + } + if err != nil { + return "could not parse extension value:" + err.Error(), result + } + errStr := CheckAsn1Reencoding(reflect.ValueOf(parsedExt).Interface(), ext.Value, "invalid string type in extension") + if errStr != "" { + return "", result + } + result.Country = parsedExt.Country + result.RegRef = parsedExt.RegRef + result.Rsi = parsedExt.Rsi + result.StateOrProvince = parsedExt.StateOrProvince + return "", result +} + +func ParseCabfOrgId(oi string, isEtsi bool) (string, ParsedEvOrgId) { + var result ParsedEvOrgId + re_ntr := regexp.MustCompile(`^(NTR)([A-Z]{2})([+]([A-Z]{2}))?-(.+)$`) + re_vat_psd := regexp.MustCompile(`^(VAT|PSD)([A-Z]{2})(())-(.+)$`) + re_lei := regexp.MustCompile(`^(LEI)(XG)(())-(.+)$`) + var sm []string + if re_ntr.MatchString(oi) { + sm = re_ntr.FindStringSubmatch(oi) + } else if re_vat_psd.MatchString(oi) { + sm = re_vat_psd.FindStringSubmatch(oi) + } else if re_lei.MatchString(oi) { + if isEtsi { + sm = re_lei.FindStringSubmatch(oi) + } else { + return "CAB/F subject:organizationIdentifier does not allow LEI", result + } + } else { + return "CAB/F subject:organizationIdentifier has an invalid format", result + } + result.Rsi = sm[1] + result.Country = sm[2] + result.StateOrProvince = sm[3] + result.RegRef = sm[5] + return "", result + +} + +func GetSubjectOrgId(rawSubject []byte) parsedSubjectElement { + return GetSubjectElement(rawSubject, CabfSubjectOrganizationIdentifier) +} +func GetSubjectElement(rawSubject []byte, soughtOid asn1.ObjectIdentifier) parsedSubjectElement { + result := parsedSubjectElement{IsPresent: false, Value: "", ErrorString: ""} + var nl RDNSequence + + rest, err := asn1.Unmarshal(rawSubject, &nl) // parse the sequence of sets, i.e. each list element in nl will be a set + if err != nil { + return parsedSubjectElement{IsPresent: false, Value: "", ErrorString: "error parsing outer SEQ of subject DN"} + } + if len(rest) != 0 { + return parsedSubjectElement{IsPresent: false, ErrorString: "rest len of outer seq != 0 in subject DN", Value: ""} + } + for _, item := range nl { + for _, typeAndValue := range item { + if typeAndValue.Type.Equal(soughtOid) { + if result.IsPresent { + AppendToStringSemicolonDelim(&result.ErrorString, "double AVA found in subject:... encountered, this is not expected") + return result + } + result.IsPresent = true + var parsedString string + _, _ = asn1.Unmarshal(typeAndValue.Value.FullBytes, &parsedString) + result.Value = parsedString + result.Asn1RawValue = typeAndValue.Value + } + } + } + return result +} + +type ParsedOrgId struct { + Rsi, Country, SubDiv, RegRef string +} diff --git a/util/misc.go b/util/misc.go new file mode 100644 index 000000000..34d273546 --- /dev/null +++ b/util/misc.go @@ -0,0 +1,22 @@ +/* + * ZLint Copyright 2020 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +package util + +func AppendToStringSemicolonDelim(this *string, s string) { + if len(*this) > 0 && len(s) > 0 { + (*this) += "; " + } + (*this) += s +} diff --git a/util/oid.go b/util/oid.go index f52b2fb75..d2e0101a9 100644 --- a/util/oid.go +++ b/util/oid.go @@ -71,27 +71,41 @@ var ( SHA384OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2} SHA512OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3} // other OIDs - OidRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} - OidRSASSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10} - OidMD2WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 2} - OidMD5WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4} - OidSHA1WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5} - OidSHA224WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 14} - OidSHA256WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11} - OidSHA384WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12} - OidSHA512WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13} - AnyPolicyOID = asn1.ObjectIdentifier{2, 5, 29, 32, 0} - UserNoticeOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 2} - CpsOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1} - IdEtsiQcsQcCompliance = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 1} - IdEtsiQcsQcLimitValue = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 2} - IdEtsiQcsQcRetentionPeriod = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 3} - IdEtsiQcsQcSSCD = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 4} - IdEtsiQcsQcEuPDS = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 5} - IdEtsiQcsQcType = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6} - IdEtsiQcsQctEsign = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 1} - IdEtsiQcsQctEseal = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 2} - IdEtsiQcsQctWeb = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 3} + OidRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} + OidRSASSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10} + OidMD2WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 2} + OidMD5WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4} + OidSHA1WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5} + OidSHA224WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 14} + OidSHA256WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11} + OidSHA384WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12} + OidSHA512WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13} + AnyPolicyOID = asn1.ObjectIdentifier{2, 5, 29, 32, 0} + UserNoticeOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 2} + CpsOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1} + IdEtsiQcsQcCompliance = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 1} + IdEtsiQcsQcLimitValue = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 2} + IdEtsiQcsQcRetentionPeriod = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 3} + IdEtsiQcsQcSSCD = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 4} + IdEtsiQcsQcEuPDS = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 5} + IdEtsiQcsQcType = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6} + IdEtsiQcsQctEsign = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 1} + IdEtsiQcsQctEseal = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 2} + IdEtsiQcsQctWeb = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 3} + IdEtsiPsd2Statem = asn1.ObjectIdentifier{0, 4, 0, 19495, 2} + IdEtsiPsd2RolePspAs = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 1} + IdEtsiPsd2RolePspPi = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 2} + IdEtsiPsd2RolePspAi = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 3} + IdEtsiPsd2RolePspIc = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 4} + IdEtsiQcsSemanticsIdLegal = asn1.ObjectIdentifier{0, 4, 0, 194121, 1, 2} + IdEtsiPolicyQcpNatural = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 0} + IdEtsiPolicyQcpLegal = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 1} + IdEtsiPolicyQcpNaturalQscd = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 2} + IdEtsiPolicyQcpLegalQscd = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 3} + IdEtsiPolicyQcpWeb = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 4} + IdQcsPkixQCSyntaxV2 = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 11, 2} + CabfSubjectOrganizationIdentifier = asn1.ObjectIdentifier{2, 5, 4, 97} + CabfExtensionOrganizationIdentifier = asn1.ObjectIdentifier{2, 23, 140, 3, 1} ) const ( diff --git a/util/qc_stmt.go b/util/qc_stmt.go index 156210f50..e2f3b3ab8 100644 --- a/util/qc_stmt.go +++ b/util/qc_stmt.go @@ -19,8 +19,21 @@ import ( "encoding/asn1" "fmt" "reflect" + "unicode" + + "github.com/zmap/zcrypto/x509" ) +var EtsiQcStmtOidList = [...]*asn1.ObjectIdentifier{ + &IdEtsiQcsQcCompliance, + &IdEtsiQcsQcLimitValue, + &IdEtsiQcsQcRetentionPeriod, + &IdEtsiQcsQcSSCD, + &IdEtsiQcsQcEuPDS, + &IdEtsiQcsQcType, + &IdEtsiPsd2Statem, +} + type anyContent struct { Raw asn1.RawContent } @@ -29,10 +42,12 @@ type qcStatementWithInfoField struct { Oid asn1.ObjectIdentifier Any asn1.RawValue } + type qcStatementWithoutInfoField struct { Oid asn1.ObjectIdentifier } +// === etsi base ==> type etsiBase struct { errorInfo string isPresent bool @@ -46,6 +61,8 @@ func (this etsiBase) IsPresent() bool { return this.isPresent } +// <== etsi base === + type EtsiQcStmtIf interface { GetErrorInfo() string IsPresent() bool @@ -97,16 +114,76 @@ type EtsiQcPds struct { PdsLocations []PdsLocation } -func AppendToStringSemicolonDelim(this *string, s string) { - if len(*this) > 0 && len(s) > 0 { - (*this) += "; " +// ==== QcStatement 2 (RFC3739)types ===> + +type DecodedQcS2 struct { + etsiBase + Decoded QcStatemt2 +} +type QcStatemt2 struct { + SemanticsId asn1.ObjectIdentifier `asn1:"optional"` + NameRegAuthorities NameRegistrationAuthorities `asn1:"optional"` +} + +type NameRegistrationAuthorities []asn1.RawValue + +// <=== QcStatement 2 (RFC3739)types ==== + +// ==== PSD2 QcStatement types ===> +type Psd2RoleOfPspType int + +const ( + RoleAs Psd2RoleOfPspType = 1 + RolePi Psd2RoleOfPspType = 2 + RoleAi Psd2RoleOfPspType = 3 + RoleIc Psd2RoleOfPspType = 4 +) + +// === ASN.1 Types ==> +type Psd2RoleOfPsp struct { + RoleType asn1.ObjectIdentifier + RoleOfPspName string `asn1:"utf8"` +} + +type EtsiPsd2QcStatem struct { + Roles []Psd2RoleOfPsp + NCAName string `asn1:"utf8"` + CountryAndNCAId string `asn1:"utf8"` +} + +// <== ASN.1 Types === + +type EtsiPsd2 struct { + etsiBase + DecodedPsd2Statm EtsiPsd2QcStatem +} + +func (this EtsiPsd2) getCountryAndNcaId() (string, string) { + runes := []rune(this.DecodedPsd2Statm.CountryAndNCAId) + if len(this.DecodedPsd2Statm.CountryAndNCAId) < 4 || !unicode.IsUpper(runes[0]) || !unicode.IsUpper(runes[1]) || runes[2] != '-' { + return "", "" } - (*this) += s + return string(runes[0:2]), string(runes[3:]) +} + +func (this EtsiPsd2) GetNcaCountry() string { + co, _ := this.getCountryAndNcaId() + return co } +func (this EtsiPsd2) GetNcaId() string { + _, ncaId := this.getCountryAndNcaId() + return ncaId +} + +// <=== PSD2 QcStatement types ==== -func checkAsn1Reencoding(i interface{}, originalEncoding []byte, appendIfComparisonFails string) string { +func CheckAsn1Reencoding(i interface{}, originalEncoding []byte, appendIfComparisonFails string) string { + return CheckAsn1ReencodingWithParams(i, originalEncoding, appendIfComparisonFails, "") +} + +func CheckAsn1ReencodingWithParams(i interface{}, originalEncoding []byte, appendIfComparisonFails string, params string) string { result := "" - reencoded, marshErr := asn1.Marshal(i) + reencoded, marshErr := asn1.MarshalWithParams(i, params) if marshErr != nil { AppendToStringSemicolonDelim(&result, fmt.Sprintf("error reencoding ASN1 value of statementInfo field: %s", marshErr)) @@ -117,15 +194,12 @@ func checkAsn1Reencoding(i interface{}, originalEncoding []byte, appendIfCompari return result } +type EtsiPsd2OrgId struct { + Rsi, Country, NcaId, PspId string +} + func IsAnyEtsiQcStatementPresent(extVal []byte) bool { - oidList := make([]*asn1.ObjectIdentifier, 6) - oidList[0] = &IdEtsiQcsQcCompliance - oidList[1] = &IdEtsiQcsQcLimitValue - oidList[2] = &IdEtsiQcsQcRetentionPeriod - oidList[3] = &IdEtsiQcsQcSSCD - oidList[4] = &IdEtsiQcsQcEuPDS - oidList[5] = &IdEtsiQcsQcType - for _, oid := range oidList { + for _, oid := range EtsiQcStmtOidList { r := ParseQcStatem(extVal, *oid) if r.IsPresent() { return true @@ -134,6 +208,17 @@ func IsAnyEtsiQcStatementPresent(extVal []byte) bool { return false } +func IsQcStatemPresent(c *x509.Certificate, oid *asn1.ObjectIdentifier) (string, bool) { + if !IsExtInCert(c, QcStateOid) { + return "", false + } + qcs := ParseQcStatem(GetExtFromCert(c, QcStateOid).Value, *oid) + if qcs.GetErrorInfo() != "" { + return qcs.GetErrorInfo(), qcs.IsPresent() + } + return "", qcs.IsPresent() +} + //nolint:gocyclo func ParseQcStatem(extVal []byte, sought asn1.ObjectIdentifier) EtsiQcStmtIf { sl := make([]anyContent, 0) @@ -169,85 +254,147 @@ func ParseQcStatem(extVal []byte, sought asn1.ObjectIdentifier) EtsiQcStmtIf { continue } if statem.Oid.Equal(IdEtsiQcsQcCompliance) { - etsiObj := Etsi421QualEuCert{etsiBase: etsiBase{isPresent: true}} - statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} - AppendToStringSemicolonDelim(&etsiObj.errorInfo, checkAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, - "invalid format of ETSI Complicance statement")) - return etsiObj + return handleIdEtsiQcsQcCompliance(statem, raw) } else if statem.Oid.Equal(IdEtsiQcsQcLimitValue) { - etsiObj := EtsiQcLimitValue{etsiBase: etsiBase{isPresent: true}} - numErr := false - alphErr := false - var numeric EtsiMonetaryValueNum - var alphabetic EtsiMonetaryValueAlph - restNum, errNum := asn1.Unmarshal(statem.Any.FullBytes, &numeric) - if len(restNum) != 0 || errNum != nil { - numErr = true - } else { - etsiObj.IsNum = true - etsiObj.Amount = numeric.Amount - etsiObj.Exponent = numeric.Exponent - etsiObj.CurrencyNum = numeric.Iso4217CurrencyCodeNum - - } - if numErr { - restAlph, errAlph := asn1.Unmarshal(statem.Any.FullBytes, &alphabetic) - if len(restAlph) != 0 || errAlph != nil { - alphErr = true - } else { - etsiObj.IsNum = false - etsiObj.Amount = alphabetic.Amount - etsiObj.Exponent = alphabetic.Exponent - etsiObj.CurrencyAlph = alphabetic.Iso4217CurrencyCodeAlph - AppendToStringSemicolonDelim(&etsiObj.errorInfo, - checkAsn1Reencoding(reflect.ValueOf(alphabetic).Interface(), - statem.Any.FullBytes, "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) - } - } - if numErr && alphErr { - etsiObj.errorInfo = "error parsing the ETSI Qc Statement statementInfo field" - } - return etsiObj - + return handleIdEtsiQcsQcLimitValue(statem) } else if statem.Oid.Equal(IdEtsiQcsQcRetentionPeriod) { - etsiObj := EtsiQcRetentionPeriod{etsiBase: etsiBase{isPresent: true}} - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.Period) - - if len(rest) != 0 || err != nil { - etsiObj.errorInfo = "error parsing the statementInfo field" - } - return etsiObj + return handleIdEtsiQcsQcRetentionPeriod(statem) } else if statem.Oid.Equal(IdEtsiQcsQcSSCD) { - etsiObj := EtsiQcSscd{etsiBase: etsiBase{isPresent: true}} - statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} - AppendToStringSemicolonDelim(&etsiObj.errorInfo, checkAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, - "invalid format of ETSI SCSD statement")) - return etsiObj + return handleIdEtsiQcsQcSSCD(statem, raw) } else if statem.Oid.Equal(IdEtsiQcsQcEuPDS) { - etsiObj := EtsiQcPds{etsiBase: etsiBase{isPresent: true}} - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.PdsLocations) - if len(rest) != 0 || err != nil { - etsiObj.errorInfo = "error parsing the statementInfo field" - } else { - AppendToStringSemicolonDelim(&etsiObj.errorInfo, - checkAsn1Reencoding(reflect.ValueOf(etsiObj.PdsLocations).Interface(), statem.Any.FullBytes, - "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) - } - return etsiObj + return handleIdEtsiQcsQcEuPDS(statem) } else if statem.Oid.Equal(IdEtsiQcsQcType) { - var qcType Etsi423QcType - qcType.isPresent = true - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &qcType.TypeOids) - if len(rest) != 0 || err != nil { - return etsiBase{errorInfo: "error parsing IdEtsiQcsQcType extension statementInfo field", isPresent: true} - } - return qcType + return handleIdEtsiQcsQcType(statem) + } else if statem.Oid.Equal(IdEtsiPsd2Statem) { + return handleIdEtsiPsd2Statem(statem) + } else if statem.Oid.Equal(IdQcsPkixQCSyntaxV2) { + return handleIdQcsPkixQCSyntaxV2(statem) } else { return etsiBase{errorInfo: "", isPresent: true} } - } return etsiBase{errorInfo: "", isPresent: false} +} + +func handleIdQcsPkixQCSyntaxV2(statem qcStatementWithInfoField) EtsiQcStmtIf { + var qcs2Statem DecodedQcS2 + qcs2Statem.isPresent = true + if len(statem.Any.FullBytes) == 0 { + return qcs2Statem + } + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &qcs2Statem.Decoded) + if err != nil { + AppendToStringSemicolonDelim(&qcs2Statem.errorInfo, "error parsing statement: "+err.Error()) + } + if len(rest) != 0 { + AppendToStringSemicolonDelim(&qcs2Statem.errorInfo, "trailing bytes after QcStatement") + } + return qcs2Statem +} + +func handleIdEtsiPsd2Statem(statem qcStatementWithInfoField) EtsiQcStmtIf { + var psd2Statem EtsiPsd2 + psd2Statem.isPresent = true + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &psd2Statem.DecodedPsd2Statm) + if len(rest) != 0 || err != nil { + return etsiBase{errorInfo: "error parsing IdEtsiPsd2Statem extension statementInfo field", isPresent: true} + } + if psd2Statem.DecodedPsd2Statm.CountryAndNCAId == "" || psd2Statem.DecodedPsd2Statm.NCAName == "" { + AppendToStringSemicolonDelim(&psd2Statem.errorInfo, "field has length 0") + } + for _, role := range psd2Statem.DecodedPsd2Statm.Roles { + if role.RoleOfPspName == "" { + AppendToStringSemicolonDelim(&psd2Statem.errorInfo, "field has length 0") + } + } + AppendToStringSemicolonDelim(&psd2Statem.errorInfo, + CheckAsn1Reencoding(reflect.ValueOf(psd2Statem.DecodedPsd2Statm).Interface(), statem.Any.FullBytes, + "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) + return psd2Statem +} + +func handleIdEtsiQcsQcType(statem qcStatementWithInfoField) EtsiQcStmtIf { + var qcType Etsi423QcType + qcType.isPresent = true + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &qcType.TypeOids) + if len(rest) != 0 || err != nil { + return etsiBase{errorInfo: "error parsing IdEtsiQcsQcType extension statementInfo field", isPresent: true} + } + return qcType +} + +func handleIdEtsiQcsQcEuPDS(statem qcStatementWithInfoField) EtsiQcStmtIf { + etsiObj := EtsiQcPds{etsiBase: etsiBase{isPresent: true}} + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.PdsLocations) + if len(rest) != 0 || err != nil { + etsiObj.errorInfo = "error parsing the statementInfo field" + } else { + AppendToStringSemicolonDelim(&etsiObj.errorInfo, + CheckAsn1Reencoding(reflect.ValueOf(etsiObj.PdsLocations).Interface(), statem.Any.FullBytes, + "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) + } + return etsiObj +} + +func handleIdEtsiQcsQcSSCD(statem qcStatementWithInfoField, raw anyContent) EtsiQcStmtIf { + etsiObj := EtsiQcSscd{etsiBase: etsiBase{isPresent: true}} + statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} + AppendToStringSemicolonDelim(&etsiObj.errorInfo, CheckAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, + "invalid format of ETSI SCSD statement")) + return etsiObj +} + +func handleIdEtsiQcsQcRetentionPeriod(statem qcStatementWithInfoField) EtsiQcStmtIf { + etsiObj := EtsiQcRetentionPeriod{etsiBase: etsiBase{isPresent: true}} + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.Period) + + if len(rest) != 0 || err != nil { + etsiObj.errorInfo = "error parsing the statementInfo field" + } + return etsiObj +} + +func handleIdEtsiQcsQcLimitValue(statem qcStatementWithInfoField) EtsiQcStmtIf { + etsiObj := EtsiQcLimitValue{etsiBase: etsiBase{isPresent: true}} + numErr := false + alphErr := false + var numeric EtsiMonetaryValueNum + var alphabetic EtsiMonetaryValueAlph + restNum, errNum := asn1.Unmarshal(statem.Any.FullBytes, &numeric) + if len(restNum) != 0 || errNum != nil { + numErr = true + } else { + etsiObj.IsNum = true + etsiObj.Amount = numeric.Amount + etsiObj.Exponent = numeric.Exponent + etsiObj.CurrencyNum = numeric.Iso4217CurrencyCodeNum + + } + if numErr { + restAlph, errAlph := asn1.Unmarshal(statem.Any.FullBytes, &alphabetic) + if len(restAlph) != 0 || errAlph != nil { + alphErr = true + } else { + etsiObj.IsNum = false + etsiObj.Amount = alphabetic.Amount + etsiObj.Exponent = alphabetic.Exponent + etsiObj.CurrencyAlph = alphabetic.Iso4217CurrencyCodeAlph + AppendToStringSemicolonDelim(&etsiObj.errorInfo, + CheckAsn1Reencoding(reflect.ValueOf(alphabetic).Interface(), + statem.Any.FullBytes, "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) + } + } + if numErr && alphErr { + etsiObj.errorInfo = "error parsing the ETSI Qc Statement statementInfo field" + } + return etsiObj +} +func handleIdEtsiQcsQcCompliance(statem qcStatementWithInfoField, raw anyContent) EtsiQcStmtIf { + etsiObj := Etsi421QualEuCert{etsiBase: etsiBase{isPresent: true}} + statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} + AppendToStringSemicolonDelim(&etsiObj.errorInfo, CheckAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, + "invalid format of ETSI Complicance statement")) + return etsiObj } From 4666bb74318f221c77ca69616603d2e897d7cd3e Mon Sep 17 00:00:00 2001 From: mtg Date: Tue, 4 Feb 2020 17:58:04 +0100 Subject: [PATCH 2/7] Revert "lint about the encoding of qcstatements for PSD2" This reverts commit 6c2367080d148f4b8c01f96a4c80e3ac55d1ef26. --- .../lint_qcstatem_psd2_psd2statem_encoding.go | 54 --- ..._qcstatem_psd2_psd2statem_encoding_test.go | 57 ---- .../EvAltRegNumCert56JurContryNotMatching.pem | 28 -- .../EvAltRegNumCert57NtrJurSopMissing.pem | 28 -- testdata/QcStmtPsd2Cert01InvalidRoles.pem | 29 -- testdata/QcStmtPsd2Cert03MissingRolesOid.pem | 29 -- testdata/QcStmtPsd2Cert05Valid.pem | 29 -- testdata/QcStmtPsd2Cert07MissingRoleName.pem | 29 -- testdata/QcStmtPsd2Cert08NcaNameMissing.pem | 28 -- .../QcStmtPsd2Cert09NcaNameZeroLength.pem | 28 -- testdata/QcStmtPsd2Cert10RoleNameMissing.pem | 29 -- .../QcStmtPsd2Cert11RoleNameZeroLenght.pem | 29 -- ...QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem | 29 -- testdata/QcStmtPsd2Cert14Valid.pem | 28 -- .../QcStmtPsd2Cert15NcaIdInconsistent.pem | 29 -- .../QcStmtPsd2Cert17NcaIdInconsistent.pem | 28 -- ...QcStmtPsd2Cert22NcaNameWrongStringType.pem | 29 -- ...tPsd2Cert23Psd2ExtNcaIdWrongStringType.pem | 29 -- .../QcStmtPsd2Cert24RoleNameIllegalChars.pem | 29 -- testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem | 29 -- testdata/QcStmtPsd2Cert27RoleNameNull.pem | 29 -- testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem | 29 -- testdata/QcStmtPsd2Cert30Valid.pem | 29 -- testdata/QcStmtPsd2Cert31Valid.pem | 29 -- testdata/QcStmtPsd2Cert39Valid.pem | 29 -- testdata/QcStmtPsd2Cert40Valid.pem | 29 -- util/alt_reg_num_ev.go | 137 -------- util/misc.go | 22 -- util/oid.go | 56 ++-- util/qc_stmt.go | 313 +++++------------- 30 files changed, 104 insertions(+), 1225 deletions(-) delete mode 100644 lints/etsi/lint_qcstatem_psd2_psd2statem_encoding.go delete mode 100644 lints/etsi/lint_qcstatem_psd2_psd2statem_encoding_test.go delete mode 100644 testdata/EvAltRegNumCert56JurContryNotMatching.pem delete mode 100644 testdata/EvAltRegNumCert57NtrJurSopMissing.pem delete mode 100644 testdata/QcStmtPsd2Cert01InvalidRoles.pem delete mode 100644 testdata/QcStmtPsd2Cert03MissingRolesOid.pem delete mode 100644 testdata/QcStmtPsd2Cert05Valid.pem delete mode 100644 testdata/QcStmtPsd2Cert07MissingRoleName.pem delete mode 100644 testdata/QcStmtPsd2Cert08NcaNameMissing.pem delete mode 100644 testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem delete mode 100644 testdata/QcStmtPsd2Cert10RoleNameMissing.pem delete mode 100644 testdata/QcStmtPsd2Cert11RoleNameZeroLenght.pem delete mode 100644 testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem delete mode 100644 testdata/QcStmtPsd2Cert14Valid.pem delete mode 100644 testdata/QcStmtPsd2Cert15NcaIdInconsistent.pem delete mode 100644 testdata/QcStmtPsd2Cert17NcaIdInconsistent.pem delete mode 100644 testdata/QcStmtPsd2Cert22NcaNameWrongStringType.pem delete mode 100644 testdata/QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem delete mode 100644 testdata/QcStmtPsd2Cert24RoleNameIllegalChars.pem delete mode 100644 testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem delete mode 100644 testdata/QcStmtPsd2Cert27RoleNameNull.pem delete mode 100644 testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem delete mode 100644 testdata/QcStmtPsd2Cert30Valid.pem delete mode 100644 testdata/QcStmtPsd2Cert31Valid.pem delete mode 100644 testdata/QcStmtPsd2Cert39Valid.pem delete mode 100644 testdata/QcStmtPsd2Cert40Valid.pem delete mode 100644 util/alt_reg_num_ev.go delete mode 100644 util/misc.go diff --git a/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding.go b/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding.go deleted file mode 100644 index c8e767b0c..000000000 --- a/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding.go +++ /dev/null @@ -1,54 +0,0 @@ -package etsi - -/* - * ZLint Copyright 2020 Regents of the University of Michigan - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. You may obtain a copy - * of the License at http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -import ( - "github.com/zmap/zcrypto/x509" - "github.com/zmap/zlint/lint" - "github.com/zmap/zlint/util" -) - -type qcStatemPsd2Pd2StatemEnc struct{} - -func (l *qcStatemPsd2Pd2StatemEnc) Initialize() error { - return nil -} - -func (l *qcStatemPsd2Pd2StatemEnc) CheckApplies(c *x509.Certificate) bool { - if !util.IsExtInCert(c, util.QcStateOid) { - return false - } - _, isPresent := util.IsQcStatemPresent(c, &util.IdEtsiPsd2Statem) - return isPresent -} - -func (l *qcStatemPsd2Pd2StatemEnc) Execute(c *x509.Certificate) *lint.LintResult { - qcs := util.ParseQcStatem(util.GetExtFromCert(c, util.QcStateOid).Value, util.IdEtsiPsd2Statem) - if qcs.GetErrorInfo() != "" { - return &lint.LintResult{Status: lint.Error, Details: qcs.GetErrorInfo()} - } - return &lint.LintResult{Status: lint.Pass} -} - -func init() { - lint.RegisterLint(&lint.Lint{ - Name: "e_qcstatem_psd2_psd2statem_encoding", - Description: "This test checks that a PSD2 QcStatement has the correct encoding.", - Citation: "ETSI TS 119 495, 'Annex A (normative): ASN.1 Declaration'", - Source: lint.EtsiEsi, - EffectiveDate: util.EtsiEn319_412_5_V2_2_1_Date, - Lint: &qcStatemPsd2Pd2StatemEnc{}, - }) -} diff --git a/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding_test.go b/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding_test.go deleted file mode 100644 index 4f4295a42..000000000 --- a/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding_test.go +++ /dev/null @@ -1,57 +0,0 @@ -package etsi - -/* - * ZLint Copyright 2020 Regents of the University of Michigan - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. You may obtain a copy - * of the License at http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -import ( - "github.com/zmap/zlint/lint" - "github.com/zmap/zlint/test" - "testing" -) - -func TestQcStatemPsd2Encoding(t *testing.T) { - m := map[string]lint.LintStatus{ - "QcStmtPsd2Cert01InvalidRoles.pem": lint.Pass, - "QcStmtPsd2Cert03MissingRolesOid.pem": lint.Error, - "QcStmtPsd2Cert05Valid.pem": lint.Pass, - "QcStmtPsd2Cert07MissingRoleName.pem": lint.Error, - "QcStmtPsd2Cert08NcaNameMissing.pem": lint.Error, - "QcStmtPsd2Cert09NcaNameZeroLength.pem": lint.Error, - "QcStmtPsd2Cert10RoleNameMissing.pem": lint.Error, - "QcStmtPsd2Cert11RoleNameZeroLenght.pem": lint.Error, - "QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem": lint.Error, - "QcStmtPsd2Cert14Valid.pem": lint.Pass, - "QcStmtPsd2Cert15NcaIdInconsistent.pem": lint.Pass, - "QcStmtPsd2Cert17NcaIdInconsistent.pem": lint.Pass, - "QcStmtPsd2Cert22NcaNameWrongStringType.pem": lint.Error, - "QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem": lint.Error, - "QcStmtPsd2Cert24RoleNameIllegalChars.pem": lint.Error, - "QcStmtPsd2Cert26RoleOidAsUtf8Str.pem": lint.Error, - "QcStmtPsd2Cert27RoleNameNull.pem": lint.Error, - "QcStmtPsd2Cert28NcaNameIa5Str.pem": lint.Error, - "QcStmtPsd2Cert30Valid.pem": lint.Pass, - "QcStmtPsd2Cert31Valid.pem": lint.Pass, - "QcStmtPsd2Cert39Valid.pem": lint.Pass, - "QcStmtPsd2Cert40Valid.pem": lint.Pass, - "EvAltRegNumCert56JurContryNotMatching.pem": lint.NA, - "EvAltRegNumCert57NtrJurSopMissing.pem": lint.NA, - } - for inputPath, expected := range m { - out := test.TestLint("e_qcstatem_psd2_psd2statem_encoding", inputPath) - - if out.Status != expected { - t.Errorf("%s: expected %s, got %s", inputPath, expected, out.Status) - } - } -} diff --git a/testdata/EvAltRegNumCert56JurContryNotMatching.pem b/testdata/EvAltRegNumCert56JurContryNotMatching.pem deleted file mode 100644 index 222e0aced..000000000 --- a/testdata/EvAltRegNumCert56JurContryNotMatching.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIExzCCA6+gAwIBAgINAmI1p32s9ypT5AANZzANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjCB -oDEMMAoGA1UECgwDTVRHMRIwEAYDVQQHDAlEYXJtc3RhZHQxDzANBgNVBAgMBkhl -c3NlbjELMAkGA1UEBhMCREUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9u -MRcwFQYDVQRhDA5OVFJERS0xMjM0NTY3ODERMA8GA1UEBRMIMTIzNDU2NzgxEzAR -BgsrBgEEAYI3PAIBAwwCR0IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQDCDYFxtJQFvM+ZiqpiCPIuY7IeRvkrhZjDg9DOJq12j1znWwUgJSYyGcIkirpp -o+vKEKTzz7XGHvZwWJZbiFJqiEIzhbjGFkhPAUU5P+FquQa17zfbeZ5QkFdDW4vD -NQ2zQfQbwkp/GDw5LU+/K6VxB3MzAOWNNp7+j3LFclYIzIa277ri/Ztcxi2U7S1k -JHfmZ01i25QuKY7dHXrKvGj7FSyAVtPd5zqPmBgUSxHZxAEfuXrQ2a1pEQX2Dq5f -/M3Gs8tNro5FGAqowEARKNzNn3omZ1pHgJvZTPfaX20TgxqRktG5RPdya5dHdHFw -gNPWc792M1xwuG+HNz5+jnXlAgMBAAGjggFcMIIBWDAfBgNVHSMEGDAWgBQMXpz+ -ukshbAQdwlq344hfWd5MEjAdBgNVHQ4EFgQUDmuqg6myTVyFzbHSL4f3IMs2Qzsw -DgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LmV4 -YW1wbGUuY29tMGIGCCsGAQUFBwEBBFYwVDAoBggrBgEFBQcwAoYcaHR0cDovL2Nh -LmV4YW1wbGUuY29tL2NhLmNydDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3AuZXhh -bXBsZS5jb20vb2NzcDBZBgNVHSAEUjBQMAcGBWeBDAEBMEUGCisGAQQBvUcNGAEw -NzA1BggrBgEFBQcCARYpaHR0cDovL3d3dy50ZWxlc2VjLmRlL3NlcnZlcnBhc3Mv -Y3BzLmh0bWwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 -DQEBCwUAA4IBAQBftKEeTH458M79Zrhf9voF8wTGIh5AEuA8JT/bN2wQDuyqeqme -/QuUX7CIu2WwsPbz8CFe2Q1SKPM5gMlTGufb/beha4zCWqM8NXb4t/hSNDkD9226 -s5FW3lT3TzbDRwl+eykrsIUDWEIYyvg6JI7gK/512QbeTn131lIkUkBnuZ9b7kN3 -cPQ0ekicrCk8FjZz3/H21m7BdvSTF0OmBUseTcrH3azKwqn2AH/RAetJmI9W7HQE -hUunPKM+dSW/NQUD9B1DMs9c8W18vOWnnr5BfzS7kyIxh/Td77wQfyGlMaBeYoq7 -uoXjjS8CsVd+Avbhpda+47g9jZQ94Hcyg96o ------END CERTIFICATE----- diff --git a/testdata/EvAltRegNumCert57NtrJurSopMissing.pem b/testdata/EvAltRegNumCert57NtrJurSopMissing.pem deleted file mode 100644 index e4a944a98..000000000 --- a/testdata/EvAltRegNumCert57NtrJurSopMissing.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEyjCCA7KgAwIBAgINAlEr+EzD49s1YT1+/jANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjCB -ozEMMAoGA1UECgwDTVRHMRIwEAYDVQQHDAlEYXJtc3RhZHQxDzANBgNVBAgMBkhl -c3NlbjELMAkGA1UEBhMCREUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9u -MRowGAYDVQRhDBFOVFJERStIRS0xMjM0NTY3ODERMA8GA1UEBRMIMTIzNDU2Nzgx -EzARBgsrBgEEAYI3PAIBAwwCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDCDYFxtJQFvM+ZiqpiCPIuY7IeRvkrhZjDg9DOJq12j1znWwUgJSYyGcIk -irppo+vKEKTzz7XGHvZwWJZbiFJqiEIzhbjGFkhPAUU5P+FquQa17zfbeZ5QkFdD -W4vDNQ2zQfQbwkp/GDw5LU+/K6VxB3MzAOWNNp7+j3LFclYIzIa277ri/Ztcxi2U -7S1kJHfmZ01i25QuKY7dHXrKvGj7FSyAVtPd5zqPmBgUSxHZxAEfuXrQ2a1pEQX2 -Dq5f/M3Gs8tNro5FGAqowEARKNzNn3omZ1pHgJvZTPfaX20TgxqRktG5RPdya5dH -dHFwgNPWc792M1xwuG+HNz5+jnXlAgMBAAGjggFcMIIBWDAfBgNVHSMEGDAWgBQM -Xpz+ukshbAQdwlq344hfWd5MEjAdBgNVHQ4EFgQUDmuqg6myTVyFzbHSL4f3IMs2 -QzswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3 -LmV4YW1wbGUuY29tMGIGCCsGAQUFBwEBBFYwVDAoBggrBgEFBQcwAoYcaHR0cDov -L2NhLmV4YW1wbGUuY29tL2NhLmNydDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3Au -ZXhhbXBsZS5jb20vb2NzcDBZBgNVHSAEUjBQMAcGBWeBDAEBMEUGCisGAQQBvUcN -GAEwNzA1BggrBgEFBQcCARYpaHR0cDovL3d3dy50ZWxlc2VjLmRlL3NlcnZlcnBh -c3MvY3BzLmh0bWwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqG -SIb3DQEBCwUAA4IBAQBmq3MNz+GEqMIqOC1IB06DEjtAFHmbqr9uhxSpUM3VuK9y -jm+upuoZCwXFmEeyRXgjKbVFi6aLcMvyhLKfqntQKP517y/baEOeAV+GHUOYg+Gl -ihXze5o/nZAokPm9/b8D0hciqbxte7UlGaTu9wWKscVpDdjsuClNhaM7QD07LbTG -biAk5cbnQNTKqW0VCCU0LgEPBpbugydWDHkv8a5h0r13jiab3U7sfiX/Zq0rDP+i -MPNIYi/a9b/lxZ+TbFbZ1Q1PSW1dmhLvnXWcCVQ6VW2XwcbNkJyVvbJF3KJXMu7S -djvSAK3WrQazO/XhXQluDOMosMZYJZH4CuLLrHxe ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert01InvalidRoles.pem b/testdata/QcStmtPsd2Cert01InvalidRoles.pem deleted file mode 100644 index f0af97ff8..000000000 --- a/testdata/QcStmtPsd2Cert01InvalidRoles.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE+TCCA+GgAwIBAgINDAL9Kp25SRT/zD2oHzANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEBDAZQU1BfUEkMJ0ZlZGVyYWwg -RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI -hvcNAQELBQADggEBACBOt6QdjgWK2amsIFmmf9t7cnwtpigTe3BLnEmsPAPw0TBU -5G0pg1Utep7dvr0k++lMMqAHyxGZ8eUxjxXn/VUFTRisvwuk0GcDiYh7j9D/uyTH -sgD5IOvuADWcxHQ6kRyAWVqu5eLrUIy0l21SfpU1WGLiqCG14RzzljDe7jgWR4vu -KUbk4/LWavRCEXPejDJ7MvQ6Q8Jwj4tzdFZXUdwxQUJ/yp6pwNO3+qka7qi5rHD8 -8tNBPyUevV37humsLjfDzHFINs9D1BMDqZixdGAfOr/rMdw6pUlAUM0nFciYEK6z -sOJ9fnJcGTKWjJeC8XKoOPWyB0Ie0pPy21M5hxQ= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert03MissingRolesOid.pem b/testdata/QcStmtPsd2Cert03MissingRolesOid.pem deleted file mode 100644 index 957666e36..000000000 --- a/testdata/QcStmtPsd2Cert03MissingRolesOid.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE8DCCA9igAwIBAgINCtgGQhhiIWmoUdvtzDANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbYwggGyMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkQYIKwYBBQUHAQMEgYQwgYEw -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwSQYGBACBmCcCMD8wCjAIDAZQU1BfUEkMJ0ZlZGVyYWwgRmluYW5jaWFs -IFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZIhvcNAQELBQAD -ggEBAAxFzpMwgr+aUxhBzrpsvpZDfaARHczbaPcJmi2h6rThbUFjYbrfssZmiZDq -e5g/4yaRPlKHZFU8yofcAs7hiFQNnKCgK4WlZ9gXe0yylXks6Hn2M2lDMWIk3HmF -ZwsTjyoNbbhW2x70Ewaa2NIWcf+4zK3qGBf4wXqmlhrWsA7EEzswFEUG25qoga2f -NXfJkBKWON7S4K3Bwddull8g2Sl+gJpGlwXlSu1hAV6tBqzH3JniV9AYP3SXAyRQ -S0TalMJ6wkEz+qBxao9+M4E64Q7jgVJbGKvoCgKiTKCbvd24AQDZPgGJspz+3NQR -0DINDw9My5opjNMyB+x4K+Hxtl0= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert05Valid.pem b/testdata/QcStmtPsd2Cert05Valid.pem deleted file mode 100644 index cae24dcf4..000000000 --- a/testdata/QcStmtPsd2Cert05Valid.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE+TCCA+GgAwIBAgINCqVMvI3ItM3g3XV2cDANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEBDAZQU1BfQVMMJ0ZlZGVyYWwg -RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI -hvcNAQELBQADggEBABmbFutzBZssZnMzUDMYf0bYgStey6CMddV4rKhhUDBqxG9s -xg+xLbXNmEHdJ6lScRK3h2mQ222vPsebLguitcisaqAMIDInYfRS657yEXmSedjy -WIVSrtCaAACYoCwOPEymnjra7WsRu2WZZ+5zk7floDx6o5QXLd73DOJrqr/r6pL9 -NPf5e7g+vlVqAGQhC6Z0s7ri5XInPBeZEMox2Au2ZF/UWNRf00MnRvnYAl2TkDSw -HcbU6L8BtzLxJlZmKw33BfTmi++QOmSPZjpELpnpUamrDmKuFlxu5/QBVz6RS/sX -5tZkQTPg6UtFlkStg9LLJEkEvdT0xMkRvczzTPM= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert07MissingRoleName.pem b/testdata/QcStmtPsd2Cert07MissingRoleName.pem deleted file mode 100644 index 2de38a3d8..000000000 --- a/testdata/QcStmtPsd2Cert07MissingRoleName.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE8TCCA9mgAwIBAgINAn34kicX+AdEJqPEXDANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbcwggGzMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkgYIKwYBBQUHAQMEgYUwgYIw -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwSgYGBACBmCcCMEAwCzAJBgcEAIGYJwEEDCdGZWRlcmFsIEZpbmFuY2lh -bCBTdXBlcnZpc29yeSBBdXRob3JpdHkMCERFLWJhZmluMA0GCSqGSIb3DQEBCwUA -A4IBAQAHzTrdqGrwO0YNlzUBybkgaiaRR+iTfpe1gBHwOoL3hE6u1xowj3WozX6b -dXi+wT4jiy6ipsSCUE2sMwhBCIGRnuuJzlD6tIqJ88tAL0E13TvL2iW6IvH9pUM6 -ZMfEh7ejIXe2KRPX0lCuaiTwGXZy6B4EEt/vB5kdoqoDDLx7zDYUKyoUetN9bl75 -X5EjnpmZ1b+vgVCui261HFmwCg+ZxEFmbsmx3+CndOvFUygih9bdhIEj6Y6tlZS+ -S958XsWQwdwWnPIICt68yCxjYZfQ5fOiQa4OfoZ82uekJTr7pM63JwAk97GPt+MH -AFexiknCl6FRVuyRQHXkQkQMSfdG ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert08NcaNameMissing.pem b/testdata/QcStmtPsd2Cert08NcaNameMissing.pem deleted file mode 100644 index f9dae78e9..000000000 --- a/testdata/QcStmtPsd2Cert08NcaNameMissing.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEzTCCA7WgAwIBAgINBgcQn55ngMeNmOZhpzANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAZMwggGPMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBvBggrBgEFBQcBAwRjMGEwCAYG -BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ -AQIwKQYGBACBmCcCMB8wEzARBgcEAIGYJwEDDAZQU1BfQUkMCERFLUJBRklOMA0G -CSqGSIb3DQEBCwUAA4IBAQBNkBaX1LmQuC7jw/X6iuBwYCvMwCUMjudBa3whU0U0 -jSh8VlzcBAu4dYGglyzhEjibGtHjBR+VW3mels1PCTIe6B4BPsIwnZ3zttjEBHM+ -H/uaShVU+61Cy6xOCGUR0NVyzWThwn0qwi6po0Qqn8+sW53tfTORsXmqaCzmlnDl -LiVJIY4eJYb1iuEucQdJ3KUWduJsJFJHOO+CoJKsoan+1g2cK/3NZC+eLR/e9aC/ -s8SnyGIBf2JxXXDQUY1Nx6Gb7b39Za/Ta6Hzu7Ue1FG/YY3vOwHnESAzmNYV1XiR -QLtIJbag45xPMWzQV5afp0gXRRX4hNE+DkZ52zWBMFTs ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem b/testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem deleted file mode 100644 index 3f4f4d268..000000000 --- a/testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEzzCCA7egAwIBAgINDsKzMgts5dOILcyZyzANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAZUwggGRMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBxBggrBgEFBQcBAwRlMGMwCAYG -BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ -AQIwKwYGBACBmCcCMCEwEzARBgcEAIGYJwECDAZQU1BfUEkMAAwIREUtQkFGSU4w -DQYJKoZIhvcNAQELBQADggEBAE+Iv9mf7sZBgnYSg739dk8uHRPpNnkkO6cxDvaq -q0CxylX66XdUoXMytvjVB1I+C2u5tmCVYcZYtv+Rm1ctA5FPsgbJNb8BkKH7wNC4 -Z64YSpdDA5hN3S1tudAKlG0JsXZUpOoevDVqqaONnBeQL9aZSF71nFDiRPWGy/Ox -CCYcQINdgRw6KU66b33Qez9oedRvv9SzAQv265H5ACZXJ+d8j0iVypGKUGxhqeQT -/6o1Eg35srYKyEtkYXBk3rOycxrz9Ux6ZhACzbi3v2MgiBVh5MdYuUn2WlBsb9tw -F7avtF38ETrRpx4q8AysD/vckODyvN6zB3PTEeJPS8o7Yr0= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert10RoleNameMissing.pem b/testdata/QcStmtPsd2Cert10RoleNameMissing.pem deleted file mode 100644 index b6cf298bb..000000000 --- a/testdata/QcStmtPsd2Cert10RoleNameMissing.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE8DCCA9igAwIBAgINDxPCnUBqjv5Cn7YVoTANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbYwggGyMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkQYIKwYBBQUHAQMEgYQwgYEw -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwSQYGBACBmCcCMD8wCjAIDAZQU1BfQUkMJ0ZlZGVyYWwgRmluYW5jaWFs -IFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZIhvcNAQELBQAD -ggEBAAtdv0K46jF555M5IUa//iLMk6bXnqrlBEjbuVMAD2Rq6FvIE56ug4YQfYWI -85f07JhCnnKdw1npx9wF9avLWNggmNpXTPdF10iCXAE4vYEOtVy8xjYgMPk2swoc -VgAzDZQSPAj8nNQSEgYlpLv5o8IQPBMbP6uKjjDilVHEpIPclDlIhx7tfPtGG4/9 -Pvx2FKtnD52Zr5qQvL85IC5Qy2xIIiznLt2p5E131EssZ1zCHDqzo3mYp1YS81Jj -lowIZUtEICht7f0Ju2/RaKgdwivJ2jKHOh23DNkPWsQDbqgMZS2oQCEgikVu4f3d -6fHt4nGCpQGc6jJg2H3n2KR3O9w= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert11RoleNameZeroLenght.pem b/testdata/QcStmtPsd2Cert11RoleNameZeroLenght.pem deleted file mode 100644 index 934ed5e64..000000000 --- a/testdata/QcStmtPsd2Cert11RoleNameZeroLenght.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE7DCCA9SgAwIBAgINCGnzNrzLAvsCbWMwJjANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbIwggGuMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBjQYIKwYBBQUHAQMEgYAwfjAI -BgYEAI5GAQEwEwYGBACORgEGMAkGBwQAjkYBBgMwFQYIKwYBBQUHCwIwCQYHBACL -7EkBAjBGBgYEAIGYJwIwPDANMAsGBwQAgZgnAQEMAAwnRmVkZXJhbCBGaW5hbmNp -YWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAJERTANBgkqhkiG9w0BAQsFAAOCAQEA -PimK2OFIHTC2lWv6+xN0lUg6cdlyZk1T7N3iBF90WogG1HjDCKnYlILcvOM581p2 -xleu1orGL/VAcJg0Te9rl9Z4ju6z1b4XsjFXSY1QBMxI8gWP2axFYlxcjRS7sMjk -m7lzQL63qGAJm76Gr1Xatcx7peqwgOMmmLN9e0WES+4z2aw2CksUgsaQ2ouzER4r -hXJtVCemhzNKcbeA+8yROD0ROenqDCNqcAGIGJ4YNSp90Wlp63baxu6u3PJgMr9S -L6sZzaimaFEPY6ggiw7PiYAKxmsybKFBXGJBPEaZ5MB4fDGKbe4nEGiEsM56IMBq -7DMKNBB67j4txmUg2xtd6w== ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem b/testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem deleted file mode 100644 index e723cbf4f..000000000 --- a/testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE8TCCA9mgAwIBAgINA3NeFoI2mquIfvSjvjANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbcwggGzMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkgYIKwYBBQUHAQMEgYUwgYIw -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwSgYGBACBmCcCMEAwEzARBgcEAIGYJwEEDAZQU1BfSUMMJ0ZlZGVyYWwg -RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwAMA0GCSqGSIb3DQEBCwUA -A4IBAQBakOYgnqxhHxCk7/HBK5GOhLc3Cof9e//jriIvA1jjhFO+iO+e1pVMZ9tK -7VFMBSe+v0XzN9oVuSEGdldebMhAnLBzr+ERhzljvXaCuHzh96u2MDbSeErfF4h9 -25BAoeuaglKoUCR/q1w8QMiwW3IxlbdWMeUc3HAVFSSBZtxAqfh6WE5xUaBJBWw5 -b8dixcQcDN9XsedCiZsjIzPUNldc4uQBEplqFbetVjUGyPVgpzwMyHorCyE4kadi -UXX2GNt7erIUgEme0Egmu1J3/R7lkNjXKtfpejTuxLtV6YyF+K5l2ZsWKbDUHNFI -46Tksr06JcmMw6kpWU52vEAh+n4V ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert14Valid.pem b/testdata/QcStmtPsd2Cert14Valid.pem deleted file mode 100644 index 98c54da2b..000000000 --- a/testdata/QcStmtPsd2Cert14Valid.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE1DCCA7ygAwIBAgIND53/U08Ff4UyfPa79TANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAZowggGWMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB2BggrBgEFBQcBAwRqMGgwCAYG -BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ -AQIwMAYGBACBmCcCMCYwEzARBgcEAIGYJwEEDAZQU1BfSUMMBTEyMzQ1DAhERS1C -QUZJTjANBgkqhkiG9w0BAQsFAAOCAQEAHlh68mckSyslsm2Q+in8TW3yFhjZ2/6n -1D/vPzja0LUblklNwKN0Zxa3TsWkKCZh5E/CwaLps/oxNUXDf273I9EFTnaNY0wO -2bcTbwQxkeNKZ7OHcQll8swdD3vhl8koAKAvHPuGJC71orWoc4Cbz6utm2e+IU4X -U1t2PgMPH7GhN/TL/Cqz0xbIcRqkmfLI6dcmckQX+HNBenh546iT/kDY3k6g6tEH -IPHj50A1vgksji5LrLfFhiwMx0X5t/1bPYQaZMKwg8w/mr48ql0gLT48UnLPt2jg -hMklwbWsMn8tTAWqQ3CzGKtgmJO9RWWFyU/jct+Hr7kFrzPG+j4bPg== ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert15NcaIdInconsistent.pem b/testdata/QcStmtPsd2Cert15NcaIdInconsistent.pem deleted file mode 100644 index 1952466e3..000000000 --- a/testdata/QcStmtPsd2Cert15NcaIdInconsistent.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE6TCCA9GgAwIBAgINBXNwOIJE9ou2P9JaNzANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAa8wggGrMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBigYIKwYBBQUHAQMEfjB8MAgG -BgQAjkYBATATBgYEAI5GAQYwCQYHBACORgEGAzAVBggrBgEFBQcLAjAJBgcEAIvs -SQECMEQGBgQAgZgnAjA6MBMwEQYHBACBmCcBAgwGUFNQX1BJDBtGaW5hbmNpYWwg -Q29uZHVjdCBBdXRob3JpdHkMBkdCLUZDQTANBgkqhkiG9w0BAQsFAAOCAQEAcGLh -qmW9M1HA0kJnhoIcZddPgTSmKgoIhUwPrNJ1R7RJUMkRbJLOGZAOIMz82jUY2pAv -IvtrxSZ9Kj0WeXtNnQ/39TMUogy8rxD3COJCD/n7Jr4vNYYyEeE3WLFMiS9UNJI7 -HPVfknp22f8TRYKYdm7jNqZu8IjFmMp8rBZQgatkEOc01/M2ZlOmbZp4kMcR+QFy -j1emYPjdiT/Sbn2KWFGnbsC9zfSYMr+qri0N9QiS27NJ4Uaj13qj9cvkLHYxuBBp -0SQDYNiU5b10BhonOHuHnf3g9InsIuA6lZibMNIrm+mbJa0YprZBNFesx7gSlrn0 -mA9viD0AJ4F3YeNX4A== ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert17NcaIdInconsistent.pem b/testdata/QcStmtPsd2Cert17NcaIdInconsistent.pem deleted file mode 100644 index 1cb4a6195..000000000 --- a/testdata/QcStmtPsd2Cert17NcaIdInconsistent.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE2zCCA8OgAwIBAgINDR5bwZZ7Cncsu6inkDANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAaEwggGdMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB9BggrBgEFBQcBAwRxMG8wCAYG -BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ -AQIwNwYGBACBmCcCMC0wEzARBgcEAIGYJwEBDAZQU1BfQVMMDU5hdGlvbmFsIEJh -bmsMB1hYLUJBTkswDQYJKoZIhvcNAQELBQADggEBAAhb9Cz45JCQPBJU8DjR7uJi -sCMn79Q3Pu+TbnmR29blkyx/xw3ZuunwgeNXr8hb7+fKRBfXPrtPw/2DtndCIb52 -hbXM98OYoDFyjI3jHhkylce0fyEMrUTGkch63AsI99J2+WPw29hI/tRDoyoX9B6o -YFMHwyEA0En8WzohlhmJ1pBRU3AVeZOB2iIwj4P4yMSw6GzO/JiVFKqiFNRUm4Tc -7bgWDyOJhqnmK0bC5FShD8MwcncBi8YXrtrOC3hiKI4ZM2VVzEtUowMa4ovPDvW+ -lYxzWRwGCFXs8yF/YByhKD5n7Ydj9TtGvLCY89BsI3lvqda19IZwCn70xdlEkUA= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert22NcaNameWrongStringType.pem b/testdata/QcStmtPsd2Cert22NcaNameWrongStringType.pem deleted file mode 100644 index 5730e39c8..000000000 --- a/testdata/QcStmtPsd2Cert22NcaNameWrongStringType.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE+TCCA+GgAwIBAgINDCggDdySs4DXGHyRDjANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEEDAZQU1BfSUMTJ0ZlZGVyYWwg -RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI -hvcNAQELBQADggEBAD7xK3mri61c067i8K6ydtJ0iB/vNYWfP+6BJSPhK2idZ/n4 -MJJTJzJqLmyUrYUjP6QlQmwxS/El81y8VpuXpE3BoOGu7+GSSvcCv7zt9e7tRYmU -TFHK1+yZ18j3g7AzGJIpCT4eKTyGQVPJnhHuZBXdgLcepuyedQ/lg/CCCgVomKmv -04JIUdIoQWVKNGne3rcbjay3g93fnDQ3sWtZEF8j6rQdExBHjZtipkG5TxeOYpg4 -ybC71MTPx3TAa6qFDWUJCqa7oggjS4ew763UR43rvnm3NPwyWvUmnHD47LjzJwBG -KlRvIJttjr6046IX4LxCA+yCo1IdMOBdcaNonF0= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem b/testdata/QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem deleted file mode 100644 index 8a264eafb..000000000 --- a/testdata/QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE+TCCA+GgAwIBAgINDbqKQigFQMGjP0MDWjANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwECDAZQU1BfUEkMJ0ZlZGVyYWwg -RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eRMIREUtQkFGSU4wDQYJKoZI -hvcNAQELBQADggEBAAlJKsrS/tv3xWC+PcCYGZBLzpJTb1c0ZPrNWxlGOsv0RfTV -7ZTh+bE8G2wwfNKuNcJWbeRm+kj/FxjSMXYHsXyyeJ2mJflYD757DFNzT87o8fDh -wJL7UCTgbIx/OjOYdk0BF8FpLHcHHU/g38xiXQEHGnJx0gcOlUotues3m2j11rZD -IKsaRBYHbyt2Hm0taYCe/S+qGbXAEoTa2ViVvQs1b9XbOE1XQs3+Wfmgg7Pw9/V+ -xdvkg66JCUffw5JK/1YF+wX4ruU9/ZVYJ8izjZ8EqZwZc977LoE67EnOwP4gdk1D -uM2/4uA9EZY6ZriCaYfBAMugfwO8UWQWZhM4YWs= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert24RoleNameIllegalChars.pem b/testdata/QcStmtPsd2Cert24RoleNameIllegalChars.pem deleted file mode 100644 index 53374b6f2..000000000 --- a/testdata/QcStmtPsd2Cert24RoleNameIllegalChars.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE+TCCA+GgAwIBAgINB3QGTJaVm+8UTeHXtjANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEDEwZQU1BfQUkMJ0ZlZGVyYWwg -RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI -hvcNAQELBQADggEBAFOtuuVU/X9VzoMqaHedrNYEc4QQKB02cE/fKNDBINQUSUru -QwJJP8cYsBRPGu2ZzLnCJrqKQZVkVqqhoNbMbIWxuGyqJFSBKrwvTiLcbr2HmIC9 -l/Tn/cfZbCjKURt6fX6UwMghanzcpeMWZqYG2KgpIeVSfvphO1qFryjfPTuxLUy/ -MpwNV1z5un8jizOLeqP0HICoc6i17vPtQGxh1+1DyE+LEU+f44oReVjXkK2p/l3p -43caPV2L371JZlm3GxelU6h6pjKFREpwC7HPQiLUyuHxHwEzRO1Bm+yF8DcFF+lr -68rNsX6FvYmLDvgskgMnM2OcFhHn4h/w1CGI78I= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem b/testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem deleted file mode 100644 index dc77f6160..000000000 --- a/testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFATCCA+mgAwIBAgINBLJlq+HgwVbgQWY4ljANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAccwggHDMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBogYIKwYBBQUHAQMEgZUwgZIw -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwWgYGBACBmCcCMFAwGzAZDA8wLjQuMC4xOTQ5NS4xLjEMBlBTUF9BUwwn -RmVkZXJhbCBGaW5hbmNpYWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAhERS1CQUZJ -TjANBgkqhkiG9w0BAQsFAAOCAQEADwr7eFDj7TDp9oZvLXfQ4fOHGNkPT2IopGZA -XSWOVEQpTDZrmUbEG9VAZRWPQWrsVJBPGMKVSijGfyWOojw+Ybr/zf06udYfzU4z -foX2r2p5VcF7RaOP0I0IvUu7imVO5CGwAAgNwBWHVClxgHCG7HyPCVwfhuloEtBY -pMoYMwZIPQgjbpQv7a0l7sNyowUgvo2LEntgJ+AmYvjtiOril6cB51VjsJvIzhKG -pAUQ6wU9AMZcVrNxKBrBC/ZvBmpNwXWpqZQ0ht8ZLwAwQcFhlduqTj+RaIvKABTT -OdW8/iD8L/05ttgzUYk9hOBP0nvMp0q8YXAnZiLyjzE/b8xwdA== ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert27RoleNameNull.pem b/testdata/QcStmtPsd2Cert27RoleNameNull.pem deleted file mode 100644 index aea0e3d68..000000000 --- a/testdata/QcStmtPsd2Cert27RoleNameNull.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE8jCCA9qgAwIBAgINDT4Uv+ZLx36sX5lt6DANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbgwggG0MB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkwYIKwYBBQUHAQMEgYYwgYMw -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwSwYGBACBmCcCMEEwDDAKBQAMBlBTUF9BUwwnRmVkZXJhbCBGaW5hbmNp -YWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAhERS1CQUZJTjANBgkqhkiG9w0BAQsF -AAOCAQEALJ21NMFW5+QNjpSsR9S1rWwPU1YH1BtQz492fWpY7Dyow9LyFGzmdR5u -9lvud43yXXkeKiOHNa9V5K9QJwFYlO0F4pj0owkmy1qHnsQqMJMfWjXDBY7wJQBh -ilGtKUAL8ideqJBcwS8GtOkC5uNcJ7IDW0elxbCO9aFPIwv34deM64o6QdwceqK9 -g3Cw+1ZwdL1R9b5Dy9AOuwEuljwN+MKh/uTiqA8oEpTgjwx0GsJuxaVLLcwPmw8u -iwS0g/mbdD8fphQzYW5Blrw4UaWc95rjyZ0p3ML13HXvzKbuvpORbVIu/I83YJ+7 -Ue4OIpzAHeEZCXkQnieJnLCeV7amZg== ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem b/testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem deleted file mode 100644 index ebe3714ba..000000000 --- a/testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE+TCCA+GgAwIBAgINCXyBm7L1aR4HaG0t+jANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwECDAZQU1BfUEkWJ0ZlZGVyYWwg -RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI -hvcNAQELBQADggEBAB+ZT87A/50XIcJbEzJpullrjxpDRm/JFXAcXP8IzYmudG1u -bAQgzmxM60jv8amdE9iFWjO58kp8skX2J7meR8BaPPFZVMQ90RX2IjnUE/aoYlmH -eM9ykwNzTJP72P4i3s5IjKY1+5l9C4YWBHL+GXhdDQDdS6/LMxYjHbaMhjkHicWR -cDMiK16diYjBKn/cb2fjM1gBkwKiHxQj7uxOYn5vCpMQTT1CbQlCDbbzzNbIUvsk -vsUKcjSOV2eXeNZ/5PDh4Z6FY/nM3wiOIPy4A7MUB987Dv/sRJIwvpXubRMVenfe -UMRDoancxKOAp96XNRNlF3pxfsspOIQSASG5Cks= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert30Valid.pem b/testdata/QcStmtPsd2Cert30Valid.pem deleted file mode 100644 index be1c0749f..000000000 --- a/testdata/QcStmtPsd2Cert30Valid.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE9zCCA9+gAwIBAgINAbqL8/qvSod2/+EpMzANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAwWhcNMjAxMTAxMDgwMzAwWjBv -MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEeMBwGA1UEYQwVUFNEUEwt -UEZTQS0xMjM0NTY3ODkwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -wg2BcbSUBbzPmYqqYgjyLmOyHkb5K4WYw4PQziatdo9c51sFICUmMhnCJIq6aaPr -yhCk88+1xh72cFiWW4hSaohCM4W4xhZITwFFOT/harkGte8323meUJBXQ1uLwzUN -s0H0G8JKfxg8OS1PvyulcQdzMwDljTae/o9yxXJWCMyGtu+64v2bXMYtlO0tZCR3 -5mdNYtuULimO3R16yrxo+xUsgFbT3ec6j5gYFEsR2cQBH7l60NmtaREF9g6uX/zN -xrPLTa6ORRgKqMBAESjczZ96JmdaR4Cb2Uz32l9tE4MakZLRuUT3cmuXR3RxcIDT -1nO/djNccLhvhzc+fo515QIDAQABo4IBvjCCAbowHwYDVR0jBBgwFoAUDF6c/rpL -IWwEHcJat+OIX1neTBIwHQYDVR0OBBYEFA5rqoOpsk1chc2x0i+H9yDLNkM7MA4G -A1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCD3d3dy5leGFt -cGxlLmNvbTBiBggrBgEFBQcBAQRWMFQwKAYIKwYBBQUHMAKGHGh0dHA6Ly9jYS5l -eGFtcGxlLmNvbS9jYS5jcnQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwLmV4YW1w -bGUuY29tL29jc3AwHwYDVR0gBBgwFjAJBgcEAIvsQAEEMAkGBwQAgZgnAwEwHQYD -VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGZBggrBgEFBQcBAwSBjDCBiTAI -BgYEAI5GAQEwEwYGBACORgEGMAkGBwQAjkYBBgMwFQYIKwYBBQUHCwIwCQYHBACL -7EkBAjBRBgYEAIGYJwIwRzATMBEGBwQAgZgnAQQMBlBTUF9JQwwnRmVkZXJhbCBG -aW5hbmNpYWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAdQTC1QRlNBMA0GCSqGSIb3 -DQEBCwUAA4IBAQAO1okP2VXl7NmPbdWX9QtesVxlg5e1VDJrx1NA4gVlXPQi8thW -4JAYSmlOMb0IC3CrjcepmApCjBTJnx99Vn6NV9VbpJXdOKgOK+Kf01OPpjte7nV4 -3Q2IhWg75sJKEqMA2DrxCHQmBQ4HplRTE7EqmrM5Kn6QGUT3rjnqfFu9DYY1AeRc -NVxnqAe5TApePwsfqRsX3u2Ngv3rpF/dQgv78VYZbUMWqz2cxlXFKqEu3zWsRdd/ -kvHgNnPh399AzZrkiXzxz2A/eKJnz5ydxe5vswRZ43za4K/pLf/ftnYlbViK/xfk -2TfQdNdte0y60KireEsdNJ27KTEy5XTxast2 ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert31Valid.pem b/testdata/QcStmtPsd2Cert31Valid.pem deleted file mode 100644 index b0cf61348..000000000 --- a/testdata/QcStmtPsd2Cert31Valid.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE9zCCA9+gAwIBAgINB1vxbHmAgLCe5oL7DTANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAwWhcNMjAxMTAxMDgwMzAwWjBw -MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEQkUt -TkJCLTEyMzQuNTY3Ljg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb0wggG5MB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmAYIKwYBBQUHAQMEgYswgYgw -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwUAYGBACBmCcCMEYwEzARBgcEAIGYJwEEDAZQU1BfSUMMJ0ZlZGVyYWwg -RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwGQkUtTkJCMA0GCSqGSIb3 -DQEBCwUAA4IBAQAPDX5qjIUhlenXeIiZ8uqRiAHEIfH+WAgtG1XwuP4SRL2ndF/g -5r12SLuRXyxaWsJ4qnpv3NFrmrs3yux7FSkk0mSC+67EIdhcA765HIDCKToR9RCN -6R6ZrRJl3DKfnzAA1r82ITtpPsmhhx4l1JJNC3LmAc7owAB1SB4bUw8zymPODlir -feNGECjGFyYi9zi+QN+RS++QAzu0XZsNuT5Ud6vGRPgK/jTjYJsHPW+OSgAC7GOo -Saz0E/uGfmopaYckWTU9UYoUNPjQjTeMWFnwCw8bpo+GUqkkxkFMWkpOHzLWRRXg -5+N8a4HuBcTkai8JKMKqhJ35q+KnF2/LXyM7 ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert39Valid.pem b/testdata/QcStmtPsd2Cert39Valid.pem deleted file mode 100644 index 45fb5357a..000000000 --- a/testdata/QcStmtPsd2Cert39Valid.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE9DCCA9ygAwIBAgINBe1W3McubIstRtJQ2zANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAwWhcNMjAxMTAxMDgwMzAwWjBs -MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEbMBkGA1UEYQwSUFNETVQt -TUZTQS1BIDEyMzQ1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwg2B -cbSUBbzPmYqqYgjyLmOyHkb5K4WYw4PQziatdo9c51sFICUmMhnCJIq6aaPryhCk -88+1xh72cFiWW4hSaohCM4W4xhZITwFFOT/harkGte8323meUJBXQ1uLwzUNs0H0 -G8JKfxg8OS1PvyulcQdzMwDljTae/o9yxXJWCMyGtu+64v2bXMYtlO0tZCR35mdN -YtuULimO3R16yrxo+xUsgFbT3ec6j5gYFEsR2cQBH7l60NmtaREF9g6uX/zNxrPL -Ta6ORRgKqMBAESjczZ96JmdaR4Cb2Uz32l9tE4MakZLRuUT3cmuXR3RxcIDT1nO/ -djNccLhvhzc+fo515QIDAQABo4IBvjCCAbowHwYDVR0jBBgwFoAUDF6c/rpLIWwE -HcJat+OIX1neTBIwHQYDVR0OBBYEFA5rqoOpsk1chc2x0i+H9yDLNkM7MA4GA1Ud -DwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCD3d3dy5leGFtcGxl -LmNvbTBiBggrBgEFBQcBAQRWMFQwKAYIKwYBBQUHMAKGHGh0dHA6Ly9jYS5leGFt -cGxlLmNvbS9jYS5jcnQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwLmV4YW1wbGUu -Y29tL29jc3AwHwYDVR0gBBgwFjAJBgcEAIvsQAEEMAkGBwQAgZgnAwEwHQYDVR0l -BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGZBggrBgEFBQcBAwSBjDCBiTAIBgYE -AI5GAQEwEwYGBACORgEGMAkGBwQAjkYBBgMwFQYIKwYBBQUHCwIwCQYHBACL7EkB -AjBRBgYEAIGYJwIwRzATMBEGBwQAgZgnAQQMBlBTUF9JQwwnRmVkZXJhbCBGaW5h -bmNpYWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAdNVC1NRlNBMA0GCSqGSIb3DQEB -CwUAA4IBAQA4dTFubbQHH/I52KqmZH5lcPELQOXIylGxfAQxjMeWlkWsNYatZA5F -AkucP7KYtm4KOIMQR+xMreMGqmBGu0cS8HImBgjuld2N6sIgdUtUgWJjPWP2f8dX -Ymt7CMxeV4rPlk6OA3A7k5ymBO+NtK3RCiHluxf8J+vBf5OtuICF9xTkAqblbGFM -akOUy6s+gC085BbvG5gA4W8788WeQLKlPJOolzf21bWpNX+QgWugjHPAJIRdylBH -pwmR7Agg7+mGsPnDgY0955h/upg2TH41qUZw8vkw3LNw7Ij+RLl1ZL/Eni4Fo8xt -oLkacP2gWcr2k4mkJG4uKVyVAsnPIrPG ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert40Valid.pem b/testdata/QcStmtPsd2Cert40Valid.pem deleted file mode 100644 index c3d4984c3..000000000 --- a/testdata/QcStmtPsd2Cert40Valid.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE8TCCA9mgAwIBAgINAMgGzG3kIBYA+I8FATANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAwWhcNMjAxMTAxMDgwMzAwWjBq -MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEZMBcGA1UEYQwQVkFUQkUt -MDg3Njg2NjE0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMINgXG0 -lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj68oQpPPP -tcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1DbNB9BvC -Sn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQkd+ZnTWLb -lC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8zcazy02u -jkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA09Zzv3Yz -XHC4b4c3Pn6OdeUCAwEAAaOCAb0wggG5MB8GA1UdIwQYMBaAFAxenP66SyFsBB3C -WrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAOBgNVHQ8B -Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhhbXBsZS5j -b20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2EuZXhhbXBs -ZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFtcGxlLmNv -bS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0GA1UdJQQW -MBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmAYIKwYBBQUHAQMEgYswgYgwCAYGBACO -RgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJAQIw -UAYGBACBmCcCMEYwEzARBgcEAIGYJwEEDAZQU1BfSUMMJ0ZlZGVyYWwgRmluYW5j -aWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwGQkUtTkJCMA0GCSqGSIb3DQEBCwUA -A4IBAQBGHMv35/nt1N94zpYI5/zlBmp8zY4s0JMLmSYRDQCfoMd1CS+7m3JKIrjB -ll5TakTZ8gpY4U5Je/woS/08Lp0bR94Cq/nbMTas0OiOqmkmV8/Kw0mEWS/q2Jol -XUaa4TbvFB0PI7UOsm7tygjfvB9t0zJy+ytDqTiO9WEGouH5dbGDl4//0gq+JUs2 -IFUJi8UntfPnjD/mSmeqOvrsRlNLOgTkhURcLDV5Ch37moni6Mn2VSH/dXStaEUI -ISLK/dcMOBK69wTUXWOLr8HZ5xFPlP+F6gBnVHXSJGvYyE06MDZ2SqWNlS90kwcr -szINuPd+/+Kvij/xKUwX0tMisQ8y ------END CERTIFICATE----- diff --git a/util/alt_reg_num_ev.go b/util/alt_reg_num_ev.go deleted file mode 100644 index 20982f6a2..000000000 --- a/util/alt_reg_num_ev.go +++ /dev/null @@ -1,137 +0,0 @@ -/* - * ZLint Copyright 2020 Regents of the University of Michigan - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. You may obtain a copy - * of the License at http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -package util - -import ( - "encoding/asn1" - "reflect" - "regexp" - - "github.com/zmap/zcrypto/x509" -) - -type RDNSequence []RelativeDistinguishedNameSET - -type RelativeDistinguishedNameSET []AttributeTypeAndValue - -type AttributeTypeAndValue struct { - Type asn1.ObjectIdentifier - Value asn1.RawValue -} - -type parsedSubjectElement struct { - IsPresent bool - Value string - Asn1RawValue asn1.RawValue - ErrorString string -} - -type ParsedEvOrgId struct { - Rsi, Country, StateOrProvince, RegRef string -} - -type cabfOrgIdExt struct { - Rsi string `asn1:"printable"` - Country string `asn1:"printable"` - StateOrProvince string `asn1:"printable,optional,tag:0"` - RegRef string `asn1:"utf8"` -} - -func ParseCabfOrgIdExt(c *x509.Certificate) (string, ParsedEvOrgId) { - var result ParsedEvOrgId - - ext := GetExtFromCert(c, CabfExtensionOrganizationIdentifier) - var parsedExt cabfOrgIdExt - // check that we can parse the extension: - rest, err := asn1.Unmarshal(ext.Value, &parsedExt) - if len(rest) != 0 { - return "trailing bytes after extension", result - } - if err != nil { - return "could not parse extension value:" + err.Error(), result - } - errStr := CheckAsn1Reencoding(reflect.ValueOf(parsedExt).Interface(), ext.Value, "invalid string type in extension") - if errStr != "" { - return "", result - } - result.Country = parsedExt.Country - result.RegRef = parsedExt.RegRef - result.Rsi = parsedExt.Rsi - result.StateOrProvince = parsedExt.StateOrProvince - return "", result -} - -func ParseCabfOrgId(oi string, isEtsi bool) (string, ParsedEvOrgId) { - var result ParsedEvOrgId - re_ntr := regexp.MustCompile(`^(NTR)([A-Z]{2})([+]([A-Z]{2}))?-(.+)$`) - re_vat_psd := regexp.MustCompile(`^(VAT|PSD)([A-Z]{2})(())-(.+)$`) - re_lei := regexp.MustCompile(`^(LEI)(XG)(())-(.+)$`) - var sm []string - if re_ntr.MatchString(oi) { - sm = re_ntr.FindStringSubmatch(oi) - } else if re_vat_psd.MatchString(oi) { - sm = re_vat_psd.FindStringSubmatch(oi) - } else if re_lei.MatchString(oi) { - if isEtsi { - sm = re_lei.FindStringSubmatch(oi) - } else { - return "CAB/F subject:organizationIdentifier does not allow LEI", result - } - } else { - return "CAB/F subject:organizationIdentifier has an invalid format", result - } - result.Rsi = sm[1] - result.Country = sm[2] - result.StateOrProvince = sm[3] - result.RegRef = sm[5] - return "", result - -} - -func GetSubjectOrgId(rawSubject []byte) parsedSubjectElement { - return GetSubjectElement(rawSubject, CabfSubjectOrganizationIdentifier) -} -func GetSubjectElement(rawSubject []byte, soughtOid asn1.ObjectIdentifier) parsedSubjectElement { - result := parsedSubjectElement{IsPresent: false, Value: "", ErrorString: ""} - var nl RDNSequence - - rest, err := asn1.Unmarshal(rawSubject, &nl) // parse the sequence of sets, i.e. each list element in nl will be a set - if err != nil { - return parsedSubjectElement{IsPresent: false, Value: "", ErrorString: "error parsing outer SEQ of subject DN"} - } - if len(rest) != 0 { - return parsedSubjectElement{IsPresent: false, ErrorString: "rest len of outer seq != 0 in subject DN", Value: ""} - } - for _, item := range nl { - for _, typeAndValue := range item { - if typeAndValue.Type.Equal(soughtOid) { - if result.IsPresent { - AppendToStringSemicolonDelim(&result.ErrorString, "double AVA found in subject:... encountered, this is not expected") - return result - } - result.IsPresent = true - var parsedString string - _, _ = asn1.Unmarshal(typeAndValue.Value.FullBytes, &parsedString) - result.Value = parsedString - result.Asn1RawValue = typeAndValue.Value - } - } - } - return result -} - -type ParsedOrgId struct { - Rsi, Country, SubDiv, RegRef string -} diff --git a/util/misc.go b/util/misc.go deleted file mode 100644 index 34d273546..000000000 --- a/util/misc.go +++ /dev/null @@ -1,22 +0,0 @@ -/* - * ZLint Copyright 2020 Regents of the University of Michigan - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. You may obtain a copy - * of the License at http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -package util - -func AppendToStringSemicolonDelim(this *string, s string) { - if len(*this) > 0 && len(s) > 0 { - (*this) += "; " - } - (*this) += s -} diff --git a/util/oid.go b/util/oid.go index d2e0101a9..f52b2fb75 100644 --- a/util/oid.go +++ b/util/oid.go @@ -71,41 +71,27 @@ var ( SHA384OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2} SHA512OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3} // other OIDs - OidRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} - OidRSASSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10} - OidMD2WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 2} - OidMD5WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4} - OidSHA1WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5} - OidSHA224WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 14} - OidSHA256WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11} - OidSHA384WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12} - OidSHA512WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13} - AnyPolicyOID = asn1.ObjectIdentifier{2, 5, 29, 32, 0} - UserNoticeOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 2} - CpsOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1} - IdEtsiQcsQcCompliance = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 1} - IdEtsiQcsQcLimitValue = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 2} - IdEtsiQcsQcRetentionPeriod = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 3} - IdEtsiQcsQcSSCD = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 4} - IdEtsiQcsQcEuPDS = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 5} - IdEtsiQcsQcType = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6} - IdEtsiQcsQctEsign = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 1} - IdEtsiQcsQctEseal = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 2} - IdEtsiQcsQctWeb = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 3} - IdEtsiPsd2Statem = asn1.ObjectIdentifier{0, 4, 0, 19495, 2} - IdEtsiPsd2RolePspAs = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 1} - IdEtsiPsd2RolePspPi = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 2} - IdEtsiPsd2RolePspAi = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 3} - IdEtsiPsd2RolePspIc = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 4} - IdEtsiQcsSemanticsIdLegal = asn1.ObjectIdentifier{0, 4, 0, 194121, 1, 2} - IdEtsiPolicyQcpNatural = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 0} - IdEtsiPolicyQcpLegal = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 1} - IdEtsiPolicyQcpNaturalQscd = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 2} - IdEtsiPolicyQcpLegalQscd = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 3} - IdEtsiPolicyQcpWeb = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 4} - IdQcsPkixQCSyntaxV2 = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 11, 2} - CabfSubjectOrganizationIdentifier = asn1.ObjectIdentifier{2, 5, 4, 97} - CabfExtensionOrganizationIdentifier = asn1.ObjectIdentifier{2, 23, 140, 3, 1} + OidRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} + OidRSASSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10} + OidMD2WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 2} + OidMD5WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4} + OidSHA1WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5} + OidSHA224WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 14} + OidSHA256WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11} + OidSHA384WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12} + OidSHA512WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13} + AnyPolicyOID = asn1.ObjectIdentifier{2, 5, 29, 32, 0} + UserNoticeOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 2} + CpsOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1} + IdEtsiQcsQcCompliance = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 1} + IdEtsiQcsQcLimitValue = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 2} + IdEtsiQcsQcRetentionPeriod = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 3} + IdEtsiQcsQcSSCD = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 4} + IdEtsiQcsQcEuPDS = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 5} + IdEtsiQcsQcType = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6} + IdEtsiQcsQctEsign = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 1} + IdEtsiQcsQctEseal = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 2} + IdEtsiQcsQctWeb = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 3} ) const ( diff --git a/util/qc_stmt.go b/util/qc_stmt.go index e2f3b3ab8..156210f50 100644 --- a/util/qc_stmt.go +++ b/util/qc_stmt.go @@ -19,21 +19,8 @@ import ( "encoding/asn1" "fmt" "reflect" - "unicode" - - "github.com/zmap/zcrypto/x509" ) -var EtsiQcStmtOidList = [...]*asn1.ObjectIdentifier{ - &IdEtsiQcsQcCompliance, - &IdEtsiQcsQcLimitValue, - &IdEtsiQcsQcRetentionPeriod, - &IdEtsiQcsQcSSCD, - &IdEtsiQcsQcEuPDS, - &IdEtsiQcsQcType, - &IdEtsiPsd2Statem, -} - type anyContent struct { Raw asn1.RawContent } @@ -42,12 +29,10 @@ type qcStatementWithInfoField struct { Oid asn1.ObjectIdentifier Any asn1.RawValue } - type qcStatementWithoutInfoField struct { Oid asn1.ObjectIdentifier } -// === etsi base ==> type etsiBase struct { errorInfo string isPresent bool @@ -61,8 +46,6 @@ func (this etsiBase) IsPresent() bool { return this.isPresent } -// <== etsi base === - type EtsiQcStmtIf interface { GetErrorInfo() string IsPresent() bool @@ -114,76 +97,16 @@ type EtsiQcPds struct { PdsLocations []PdsLocation } -// ==== QcStatement 2 (RFC3739)types ===> - -type DecodedQcS2 struct { - etsiBase - Decoded QcStatemt2 -} -type QcStatemt2 struct { - SemanticsId asn1.ObjectIdentifier `asn1:"optional"` - NameRegAuthorities NameRegistrationAuthorities `asn1:"optional"` -} - -type NameRegistrationAuthorities []asn1.RawValue - -// <=== QcStatement 2 (RFC3739)types ==== - -// ==== PSD2 QcStatement types ===> -type Psd2RoleOfPspType int - -const ( - RoleAs Psd2RoleOfPspType = 1 - RolePi Psd2RoleOfPspType = 2 - RoleAi Psd2RoleOfPspType = 3 - RoleIc Psd2RoleOfPspType = 4 -) - -// === ASN.1 Types ==> -type Psd2RoleOfPsp struct { - RoleType asn1.ObjectIdentifier - RoleOfPspName string `asn1:"utf8"` -} - -type EtsiPsd2QcStatem struct { - Roles []Psd2RoleOfPsp - NCAName string `asn1:"utf8"` - CountryAndNCAId string `asn1:"utf8"` -} - -// <== ASN.1 Types === - -type EtsiPsd2 struct { - etsiBase - DecodedPsd2Statm EtsiPsd2QcStatem -} - -func (this EtsiPsd2) getCountryAndNcaId() (string, string) { - runes := []rune(this.DecodedPsd2Statm.CountryAndNCAId) - if len(this.DecodedPsd2Statm.CountryAndNCAId) < 4 || !unicode.IsUpper(runes[0]) || !unicode.IsUpper(runes[1]) || runes[2] != '-' { - return "", "" +func AppendToStringSemicolonDelim(this *string, s string) { + if len(*this) > 0 && len(s) > 0 { + (*this) += "; " } - return string(runes[0:2]), string(runes[3:]) -} - -func (this EtsiPsd2) GetNcaCountry() string { - co, _ := this.getCountryAndNcaId() - return co + (*this) += s } -func (this EtsiPsd2) GetNcaId() string { - _, ncaId := this.getCountryAndNcaId() - return ncaId -} - -// <=== PSD2 QcStatement types ==== -func CheckAsn1Reencoding(i interface{}, originalEncoding []byte, appendIfComparisonFails string) string { - return CheckAsn1ReencodingWithParams(i, originalEncoding, appendIfComparisonFails, "") -} - -func CheckAsn1ReencodingWithParams(i interface{}, originalEncoding []byte, appendIfComparisonFails string, params string) string { +func checkAsn1Reencoding(i interface{}, originalEncoding []byte, appendIfComparisonFails string) string { result := "" - reencoded, marshErr := asn1.MarshalWithParams(i, params) + reencoded, marshErr := asn1.Marshal(i) if marshErr != nil { AppendToStringSemicolonDelim(&result, fmt.Sprintf("error reencoding ASN1 value of statementInfo field: %s", marshErr)) @@ -194,12 +117,15 @@ func CheckAsn1ReencodingWithParams(i interface{}, originalEncoding []byte, appen return result } -type EtsiPsd2OrgId struct { - Rsi, Country, NcaId, PspId string -} - func IsAnyEtsiQcStatementPresent(extVal []byte) bool { - for _, oid := range EtsiQcStmtOidList { + oidList := make([]*asn1.ObjectIdentifier, 6) + oidList[0] = &IdEtsiQcsQcCompliance + oidList[1] = &IdEtsiQcsQcLimitValue + oidList[2] = &IdEtsiQcsQcRetentionPeriod + oidList[3] = &IdEtsiQcsQcSSCD + oidList[4] = &IdEtsiQcsQcEuPDS + oidList[5] = &IdEtsiQcsQcType + for _, oid := range oidList { r := ParseQcStatem(extVal, *oid) if r.IsPresent() { return true @@ -208,17 +134,6 @@ func IsAnyEtsiQcStatementPresent(extVal []byte) bool { return false } -func IsQcStatemPresent(c *x509.Certificate, oid *asn1.ObjectIdentifier) (string, bool) { - if !IsExtInCert(c, QcStateOid) { - return "", false - } - qcs := ParseQcStatem(GetExtFromCert(c, QcStateOid).Value, *oid) - if qcs.GetErrorInfo() != "" { - return qcs.GetErrorInfo(), qcs.IsPresent() - } - return "", qcs.IsPresent() -} - //nolint:gocyclo func ParseQcStatem(extVal []byte, sought asn1.ObjectIdentifier) EtsiQcStmtIf { sl := make([]anyContent, 0) @@ -254,147 +169,85 @@ func ParseQcStatem(extVal []byte, sought asn1.ObjectIdentifier) EtsiQcStmtIf { continue } if statem.Oid.Equal(IdEtsiQcsQcCompliance) { - return handleIdEtsiQcsQcCompliance(statem, raw) + etsiObj := Etsi421QualEuCert{etsiBase: etsiBase{isPresent: true}} + statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} + AppendToStringSemicolonDelim(&etsiObj.errorInfo, checkAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, + "invalid format of ETSI Complicance statement")) + return etsiObj } else if statem.Oid.Equal(IdEtsiQcsQcLimitValue) { - return handleIdEtsiQcsQcLimitValue(statem) + etsiObj := EtsiQcLimitValue{etsiBase: etsiBase{isPresent: true}} + numErr := false + alphErr := false + var numeric EtsiMonetaryValueNum + var alphabetic EtsiMonetaryValueAlph + restNum, errNum := asn1.Unmarshal(statem.Any.FullBytes, &numeric) + if len(restNum) != 0 || errNum != nil { + numErr = true + } else { + etsiObj.IsNum = true + etsiObj.Amount = numeric.Amount + etsiObj.Exponent = numeric.Exponent + etsiObj.CurrencyNum = numeric.Iso4217CurrencyCodeNum + + } + if numErr { + restAlph, errAlph := asn1.Unmarshal(statem.Any.FullBytes, &alphabetic) + if len(restAlph) != 0 || errAlph != nil { + alphErr = true + } else { + etsiObj.IsNum = false + etsiObj.Amount = alphabetic.Amount + etsiObj.Exponent = alphabetic.Exponent + etsiObj.CurrencyAlph = alphabetic.Iso4217CurrencyCodeAlph + AppendToStringSemicolonDelim(&etsiObj.errorInfo, + checkAsn1Reencoding(reflect.ValueOf(alphabetic).Interface(), + statem.Any.FullBytes, "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) + } + } + if numErr && alphErr { + etsiObj.errorInfo = "error parsing the ETSI Qc Statement statementInfo field" + } + return etsiObj + } else if statem.Oid.Equal(IdEtsiQcsQcRetentionPeriod) { - return handleIdEtsiQcsQcRetentionPeriod(statem) + etsiObj := EtsiQcRetentionPeriod{etsiBase: etsiBase{isPresent: true}} + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.Period) + + if len(rest) != 0 || err != nil { + etsiObj.errorInfo = "error parsing the statementInfo field" + } + return etsiObj } else if statem.Oid.Equal(IdEtsiQcsQcSSCD) { - return handleIdEtsiQcsQcSSCD(statem, raw) + etsiObj := EtsiQcSscd{etsiBase: etsiBase{isPresent: true}} + statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} + AppendToStringSemicolonDelim(&etsiObj.errorInfo, checkAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, + "invalid format of ETSI SCSD statement")) + return etsiObj } else if statem.Oid.Equal(IdEtsiQcsQcEuPDS) { - return handleIdEtsiQcsQcEuPDS(statem) + etsiObj := EtsiQcPds{etsiBase: etsiBase{isPresent: true}} + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.PdsLocations) + if len(rest) != 0 || err != nil { + etsiObj.errorInfo = "error parsing the statementInfo field" + } else { + AppendToStringSemicolonDelim(&etsiObj.errorInfo, + checkAsn1Reencoding(reflect.ValueOf(etsiObj.PdsLocations).Interface(), statem.Any.FullBytes, + "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) + } + return etsiObj } else if statem.Oid.Equal(IdEtsiQcsQcType) { - return handleIdEtsiQcsQcType(statem) - } else if statem.Oid.Equal(IdEtsiPsd2Statem) { - return handleIdEtsiPsd2Statem(statem) - } else if statem.Oid.Equal(IdQcsPkixQCSyntaxV2) { - return handleIdQcsPkixQCSyntaxV2(statem) + var qcType Etsi423QcType + qcType.isPresent = true + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &qcType.TypeOids) + if len(rest) != 0 || err != nil { + return etsiBase{errorInfo: "error parsing IdEtsiQcsQcType extension statementInfo field", isPresent: true} + } + return qcType } else { return etsiBase{errorInfo: "", isPresent: true} } - } - - return etsiBase{errorInfo: "", isPresent: false} -} - -func handleIdQcsPkixQCSyntaxV2(statem qcStatementWithInfoField) EtsiQcStmtIf { - var qcs2Statem DecodedQcS2 - qcs2Statem.isPresent = true - if len(statem.Any.FullBytes) == 0 { - return qcs2Statem - } - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &qcs2Statem.Decoded) - if err != nil { - AppendToStringSemicolonDelim(&qcs2Statem.errorInfo, "error parsing statement: "+err.Error()) - } - if len(rest) != 0 { - AppendToStringSemicolonDelim(&qcs2Statem.errorInfo, "trailing bytes after QcStatement") - } - return qcs2Statem -} -func handleIdEtsiPsd2Statem(statem qcStatementWithInfoField) EtsiQcStmtIf { - var psd2Statem EtsiPsd2 - psd2Statem.isPresent = true - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &psd2Statem.DecodedPsd2Statm) - if len(rest) != 0 || err != nil { - return etsiBase{errorInfo: "error parsing IdEtsiPsd2Statem extension statementInfo field", isPresent: true} } - if psd2Statem.DecodedPsd2Statm.CountryAndNCAId == "" || psd2Statem.DecodedPsd2Statm.NCAName == "" { - AppendToStringSemicolonDelim(&psd2Statem.errorInfo, "field has length 0") - } - for _, role := range psd2Statem.DecodedPsd2Statm.Roles { - if role.RoleOfPspName == "" { - AppendToStringSemicolonDelim(&psd2Statem.errorInfo, "field has length 0") - } - } - AppendToStringSemicolonDelim(&psd2Statem.errorInfo, - CheckAsn1Reencoding(reflect.ValueOf(psd2Statem.DecodedPsd2Statm).Interface(), statem.Any.FullBytes, - "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) - return psd2Statem -} -func handleIdEtsiQcsQcType(statem qcStatementWithInfoField) EtsiQcStmtIf { - var qcType Etsi423QcType - qcType.isPresent = true - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &qcType.TypeOids) - if len(rest) != 0 || err != nil { - return etsiBase{errorInfo: "error parsing IdEtsiQcsQcType extension statementInfo field", isPresent: true} - } - return qcType -} - -func handleIdEtsiQcsQcEuPDS(statem qcStatementWithInfoField) EtsiQcStmtIf { - etsiObj := EtsiQcPds{etsiBase: etsiBase{isPresent: true}} - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.PdsLocations) - if len(rest) != 0 || err != nil { - etsiObj.errorInfo = "error parsing the statementInfo field" - } else { - AppendToStringSemicolonDelim(&etsiObj.errorInfo, - CheckAsn1Reencoding(reflect.ValueOf(etsiObj.PdsLocations).Interface(), statem.Any.FullBytes, - "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) - } - return etsiObj -} - -func handleIdEtsiQcsQcSSCD(statem qcStatementWithInfoField, raw anyContent) EtsiQcStmtIf { - etsiObj := EtsiQcSscd{etsiBase: etsiBase{isPresent: true}} - statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} - AppendToStringSemicolonDelim(&etsiObj.errorInfo, CheckAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, - "invalid format of ETSI SCSD statement")) - return etsiObj -} - -func handleIdEtsiQcsQcRetentionPeriod(statem qcStatementWithInfoField) EtsiQcStmtIf { - etsiObj := EtsiQcRetentionPeriod{etsiBase: etsiBase{isPresent: true}} - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.Period) - - if len(rest) != 0 || err != nil { - etsiObj.errorInfo = "error parsing the statementInfo field" - } - return etsiObj -} - -func handleIdEtsiQcsQcLimitValue(statem qcStatementWithInfoField) EtsiQcStmtIf { - etsiObj := EtsiQcLimitValue{etsiBase: etsiBase{isPresent: true}} - numErr := false - alphErr := false - var numeric EtsiMonetaryValueNum - var alphabetic EtsiMonetaryValueAlph - restNum, errNum := asn1.Unmarshal(statem.Any.FullBytes, &numeric) - if len(restNum) != 0 || errNum != nil { - numErr = true - } else { - etsiObj.IsNum = true - etsiObj.Amount = numeric.Amount - etsiObj.Exponent = numeric.Exponent - etsiObj.CurrencyNum = numeric.Iso4217CurrencyCodeNum - - } - if numErr { - restAlph, errAlph := asn1.Unmarshal(statem.Any.FullBytes, &alphabetic) - if len(restAlph) != 0 || errAlph != nil { - alphErr = true - } else { - etsiObj.IsNum = false - etsiObj.Amount = alphabetic.Amount - etsiObj.Exponent = alphabetic.Exponent - etsiObj.CurrencyAlph = alphabetic.Iso4217CurrencyCodeAlph - AppendToStringSemicolonDelim(&etsiObj.errorInfo, - CheckAsn1Reencoding(reflect.ValueOf(alphabetic).Interface(), - statem.Any.FullBytes, "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) - } - } - if numErr && alphErr { - etsiObj.errorInfo = "error parsing the ETSI Qc Statement statementInfo field" - } - return etsiObj -} + return etsiBase{errorInfo: "", isPresent: false} -func handleIdEtsiQcsQcCompliance(statem qcStatementWithInfoField, raw anyContent) EtsiQcStmtIf { - etsiObj := Etsi421QualEuCert{etsiBase: etsiBase{isPresent: true}} - statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} - AppendToStringSemicolonDelim(&etsiObj.errorInfo, CheckAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, - "invalid format of ETSI Complicance statement")) - return etsiObj } From e56e2a09361056ae4f3d9ed9e03624bfbe2fb0cb Mon Sep 17 00:00:00 2001 From: GitHub Date: Thu, 21 Oct 2021 07:26:00 +0000 Subject: [PATCH 3/7] util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC --- v3/util/gtld_map.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v3/util/gtld_map.go b/v3/util/gtld_map.go index 9b952c603..942f4b988 100644 --- a/v3/util/gtld_map.go +++ b/v3/util/gtld_map.go @@ -5161,7 +5161,7 @@ var tldMap = map[string]GTLDPeriod{ "qvc": { GTLD: "qvc", DelegationDate: "2016-08-04", - RemovalDate: "", + RemovalDate: "2021-10-07", }, "racing": { GTLD: "racing", From 92e659c5aefeeea3afd8a32cc768b112a9355218 Mon Sep 17 00:00:00 2001 From: mtgag Date: Thu, 27 Apr 2023 08:55:54 +0200 Subject: [PATCH 4/7] always check and perform the operation in the execution --- .../rfc/lint_cert_unique_identifier_version_not_2_or_3.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/v3/lints/rfc/lint_cert_unique_identifier_version_not_2_or_3.go b/v3/lints/rfc/lint_cert_unique_identifier_version_not_2_or_3.go index f6c982b7c..9aba2ba08 100644 --- a/v3/lints/rfc/lint_cert_unique_identifier_version_not_2_or_3.go +++ b/v3/lints/rfc/lint_cert_unique_identifier_version_not_2_or_3.go @@ -52,11 +52,11 @@ func NewCertUniqueIdVersion() lint.LintInterface { } func (l *certUniqueIdVersion) CheckApplies(c *x509.Certificate) bool { - return c.IssuerUniqueId.Bytes != nil || c.SubjectUniqueId.Bytes != nil + return true } func (l *certUniqueIdVersion) Execute(c *x509.Certificate) *lint.LintResult { - if (c.Version) != 2 && (c.Version) != 3 { + if (c.IssuerUniqueId.Bytes != nil || c.SubjectUniqueId.Bytes != nil) && (c.Version) != 2 && (c.Version) != 3 { return &lint.LintResult{Status: lint.Error} } else { return &lint.LintResult{Status: lint.Pass} From 3c634a7627542ab9eb841631ff8b31ab3fd445a9 Mon Sep 17 00:00:00 2001 From: mtgag Date: Wed, 17 May 2023 07:48:33 +0200 Subject: [PATCH 5/7] using the help method BeforeOrOn instead of simple Before, added certificates that cover the edge cases --- ...b_cert_valid_time_longer_than_39_months.go | 2 +- ...t_valid_time_longer_than_39_months_test.go | 9 +++ .../cabf_ev/lint_ev_valid_time_too_long.go | 2 +- .../lint_ev_valid_time_too_long_test.go | 5 ++ v3/testdata/27monthsEv.pem | 79 +++++++++++++++++++ v3/testdata/39months.pem | 75 ++++++++++++++++++ 6 files changed, 170 insertions(+), 2 deletions(-) create mode 100644 v3/testdata/27monthsEv.pem create mode 100644 v3/testdata/39months.pem diff --git a/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months.go b/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months.go index fbba31e95..1b99bda50 100644 --- a/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months.go +++ b/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months.go @@ -42,7 +42,7 @@ func (l *subCertValidTimeLongerThan39Months) CheckApplies(c *x509.Certificate) b } func (l *subCertValidTimeLongerThan39Months) Execute(c *x509.Certificate) *lint.LintResult { - if c.NotBefore.AddDate(0, 39, 0).Before(c.NotAfter) { + if util.BeforeOrOn(c.NotBefore.AddDate(0, 39, 0), c.NotAfter) { return &lint.LintResult{Status: lint.Error} } return &lint.LintResult{Status: lint.Pass} diff --git a/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months_test.go b/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months_test.go index 1e8c34a0c..539d56512 100644 --- a/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months_test.go +++ b/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months_test.go @@ -38,3 +38,12 @@ func TestSubCertValidTimeGood(t *testing.T) { t.Errorf("%s: expected %s, got %s", inputPath, expected, out.Status) } } + +func TestSubCertValidTimeExactly39months(t *testing.T) { + inputPath := "39months.pem" + expected := lint.Error + out := test.TestLint("e_sub_cert_valid_time_longer_than_39_months", inputPath) + if out.Status != expected { + t.Errorf("%s: expected %s, got %s", inputPath, expected, out.Status) + } +} diff --git a/v3/lints/cabf_ev/lint_ev_valid_time_too_long.go b/v3/lints/cabf_ev/lint_ev_valid_time_too_long.go index b207d027c..aad4c2f7b 100644 --- a/v3/lints/cabf_ev/lint_ev_valid_time_too_long.go +++ b/v3/lints/cabf_ev/lint_ev_valid_time_too_long.go @@ -47,7 +47,7 @@ func (l *evValidTooLong) CheckApplies(c *x509.Certificate) bool { } func (l *evValidTooLong) Execute(c *x509.Certificate) *lint.LintResult { - if c.NotBefore.AddDate(0, 27, 0).Before(c.NotAfter) { + if util.BeforeOrOn(c.NotBefore.AddDate(0, 27, 0), c.NotAfter) { return &lint.LintResult{Status: lint.Error} } return &lint.LintResult{Status: lint.Pass} diff --git a/v3/lints/cabf_ev/lint_ev_valid_time_too_long_test.go b/v3/lints/cabf_ev/lint_ev_valid_time_too_long_test.go index 19abc053e..1d8a65226 100644 --- a/v3/lints/cabf_ev/lint_ev_valid_time_too_long_test.go +++ b/v3/lints/cabf_ev/lint_ev_valid_time_too_long_test.go @@ -42,6 +42,11 @@ func TestEvValidTooLong(t *testing.T) { InputFilename: "evValidNotTooLong825Days.pem", ExpectedResult: lint.NA, }, + { + Name: "EV certificate issued after Ballot 193, valid for 825 days, which is >27 months", + InputFilename: "27monthsEv.pem", + ExpectedResult: lint.Error, + }, } for _, tc := range testCases { t.Run(tc.Name, func(t *testing.T) { diff --git a/v3/testdata/27monthsEv.pem b/v3/testdata/27monthsEv.pem new file mode 100644 index 000000000..d455e9ec0 --- /dev/null +++ b/v3/testdata/27monthsEv.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5b:9b:6c:64:0c:88:e8:fa:af:28:f6:55 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = JLint Sub CA, O = Lint, C = DE + Validity + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Apr 1 00:00:00 2019 GMT + Subject: CN = 27 months, O = Lint, C = DE + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:d8:00:cb:b9:43:35:b3:84:5b:ab:a9:53:7f:38: + 64:4f:51:fc:c1:01:06:3e:32:52:20:98:4d:d7:99: + 83:9a:38:ce:a7:70:4c:44:0d:53:10:2f:5f:62:46: + 7a:94:ca:83:f8:c6:e5:34:f3:bf:1d:f7:7d:04:93: + 59:b0:e8:d5:2c:d7:3a:bf:a5:02:12:a6:da:f0:42: + de:71:c3:af:ea:c7:f6:6e:78:13:b8:50:b6:9f:c9: + 47:d4:5b:2c:1e:5f:d5:39:09:43:da:61:b4:49:cc: + 06:08:7c:dd:b2:bf:2b:cc:da:ae:52:c3:45:76:9f: + c9:f4:45:df:67:a0:f8:48:ef:7b:b3:81:a7:1e:c2: + 44:a3:f6:fe:fd:ab:b3:f2:d7:96:9b:c7:6a:6e:67: + aa:2f:69:67:d0:73:19:30:a3:da:c7:0b:c6:f9:73: + a1:00:c9:b6:eb:3c:f3:d2:0d:e0:c5:72:25:65:7d: + d7:13:1c:31:25:01:1d:92:f0:58:2c:02:02:16:6a: + 4c:74:b0:b1:4e:1e:98:fc:7b:13:f5:ae:31:86:f7: + 28:6a:88:cd:b4:a4:82:f0:22:47:06:92:54:75:ef: + 5f:5a:55:4d:33:79:30:a3:7d:41:3c:e9:f9:8e:44: + d9:9a:f9:b8:f7:19:69:f7:65:80:fa:a2:d6:41:d2: + ca:0b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:B5:42:27:78:AD:9F:06:6B:3D:14:5E:88:C6:34:6E:E0:94:4D:F2:A6 + + X509v3 Subject Key Identifier: + 2D:2F:C7:BE:9F:5E:54:F0:55:EA:5B:60:7F:37:CD:46:A5:19:1E:2E + X509v3 Certificate Policies: + Policy: 2.23.140.1.1 + + Signature Algorithm: sha256WithRSAEncryption + 50:73:5c:f5:4c:be:2c:26:a2:5a:0c:e8:3d:7a:99:ee:95:94: + 94:45:07:55:78:67:bf:bd:27:b3:e7:98:d4:75:a8:ba:49:68: + db:2f:c6:77:25:82:f0:5b:62:da:80:7c:7f:2b:c9:26:00:c4: + fd:be:6e:c6:84:97:20:ee:de:87:30:5d:11:91:2e:13:47:4b: + 10:61:63:9e:0b:5e:c7:ad:af:eb:5a:38:f0:88:81:ff:bc:6a: + 9e:1c:ab:18:67:54:4f:46:8a:80:75:c3:90:4e:1e:e8:d5:67: + 19:49:c2:3e:a3:43:53:2b:fa:8a:8c:4d:48:54:5d:55:31:15: + c0:4a:e8:59:c4:f9:ec:12:f7:5e:07:5d:b9:f7:60:23:b4:7c: + bd:c7:37:68:07:56:e5:95:a2:7f:2a:c5:63:ba:02:5b:e5:2d: + 15:c9:2f:83:b6:2f:13:57:9c:1b:8e:94:41:5a:79:94:d2:36: + f7:c8:d6:29:9f:98:46:d7:d9:d0:72:68:84:0d:58:ed:08:9c: + 98:ed:2f:2c:1c:b6:d4:8d:3f:7d:2b:54:3e:9f:82:e0:6d:72: + e0:28:1e:61:50:b6:7b:69:30:4c:17:b9:6f:2f:f5:81:cb:00: + b4:85:f1:0a:62:7a:f2:7d:a5:ff:68:44:36:59:57:b9:f9:07: + 2f:e1:95:ff +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIMW5tsZAyI6PqvKPZVMA0GCSqGSIb3DQEBCwUAMDMxFTAT +BgNVBAMMDEpMaW50IFN1YiBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUw +HhcNMTcwMTAxMDAwMDAwWhcNMTkwNDAxMDAwMDAwWjAwMRIwEAYDVQQDDAkyNyBt +b250aHMxDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA2ADLuUM1s4Rbq6lTfzhkT1H8wQEGPjJSIJhN15mD +mjjOp3BMRA1TEC9fYkZ6lMqD+MblNPO/Hfd9BJNZsOjVLNc6v6UCEqba8ELeccOv +6sf2bngTuFC2n8lH1FssHl/VOQlD2mG0ScwGCHzdsr8rzNquUsNFdp/J9EXfZ6D4 +SO97s4GnHsJEo/b+/auz8teWm8dqbmeqL2ln0HMZMKPaxwvG+XOhAMm26zzz0g3g +xXIlZX3XExwxJQEdkvBYLAICFmpMdLCxTh6Y/HsT9a4xhvcoaojNtKSC8CJHBpJU +de9fWlVNM3kwo31BPOn5jkTZmvm49xlp92WA+qLWQdLKCwIDAQABo1YwVDAfBgNV +HSMEGDAWgBS1Qid4rZ8Gaz0UXojGNG7glE3ypjAdBgNVHQ4EFgQULS/Hvp9eVPBV +6ltgfzfNRqUZHi4wEgYDVR0gBAswCTAHBgVngQwBATANBgkqhkiG9w0BAQsFAAOC +AQEAUHNc9Uy+LCaiWgzoPXqZ7pWUlEUHVXhnv70ns+eY1HWouklo2y/GdyWC8Fti +2oB8fyvJJgDE/b5uxoSXIO7ehzBdEZEuE0dLEGFjngtex62v61o48IiB/7xqnhyr +GGdUT0aKgHXDkE4e6NVnGUnCPqNDUyv6ioxNSFRdVTEVwEroWcT57BL3Xgddufdg +I7R8vcc3aAdW5ZWifyrFY7oCW+UtFckvg7YvE1ecG46UQVp5lNI298jWKZ+YRtfZ +0HJohA1Y7QicmO0vLBy21I0/fStUPp+C4G1y4CgeYVC2e2kwTBe5by/1gcsAtIXx +CmJ68n2l/2hENllXufkHL+GV/w== +-----END CERTIFICATE----- diff --git a/v3/testdata/39months.pem b/v3/testdata/39months.pem new file mode 100644 index 000000000..16cf1b14e --- /dev/null +++ b/v3/testdata/39months.pem @@ -0,0 +1,75 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 62:c7:75:f5:14:ee:4d:35:4e:5e:8b:ac + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = JLint Sub CA, O = Lint, C = DE + Validity + Not Before: Apr 27 13:19:29 2023 GMT + Not After : Jul 27 13:19:29 2026 GMT + Subject: CN = 39 months, O = Lint, C = DE + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:8f:18:83:c8:07:97:3c:61:c1:ed:e3:b3:ec:82: + 40:d2:63:1d:38:44:99:f4:2e:10:0e:8b:95:9b:a3: + 94:d7:87:c5:71:77:67:18:61:cf:28:7a:bc:14:71: + 2b:8f:bd:24:c5:09:f5:5d:5f:d7:ed:2f:d5:2d:d0: + 1c:bb:18:62:70:63:ec:1e:e6:98:ce:e8:48:65:b2: + 8d:b3:12:d4:6e:5f:bb:d0:ff:49:b8:64:6a:00:e5: + 3c:e4:f3:e1:02:c3:e4:f0:b1:64:7a:31:9c:81:45: + 1c:d9:58:78:3e:59:32:6f:27:b3:50:a1:51:c9:5e: + 92:f1:39:6c:da:02:2c:c3:a1:94:56:5a:b0:8a:1a: + 2e:f7:b8:ea:6d:2d:eb:42:4b:d5:72:40:ee:96:af: + ef:88:68:87:9c:da:e2:2a:cc:6d:4f:50:de:ad:2a: + 7b:c6:5a:17:67:2c:3d:0f:04:9c:a5:89:1a:59:c2: + 40:92:20:c8:b1:15:f7:82:cd:29:05:ea:ae:d6:60: + f6:0f:c0:33:fc:5d:c7:27:01:87:da:21:96:61:da: + e3:c8:c8:e1:6c:0c:4e:67:24:91:2c:18:4d:0b:d7: + f0:fd:8c:0d:4a:97:27:3f:28:28:41:5a:e2:fd:d8: + 59:8c:b2:f4:84:a5:f8:7e:0a:a4:5e:cd:cc:22:45: + 68:cf + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:11:AD:76:DA:18:7C:7C:BB:61:71:AF:B9:BA:0C:39:D6:17:D0:5C:CD + + X509v3 Subject Key Identifier: + 86:80:F1:64:E4:62:CE:BF:A5:7F:E2:4E:4D:4B:CD:53:7D:7A:62:41 + Signature Algorithm: sha256WithRSAEncryption + 35:10:e4:3d:f7:04:dc:cc:ca:76:b0:ed:3d:fe:3a:be:65:d2: + 56:87:f7:51:06:b3:70:b8:92:02:5b:7d:4a:27:b6:43:0e:f1: + b2:a7:15:14:23:a0:4e:0b:5d:56:bc:a5:5e:7b:44:fd:62:b0: + ad:9b:22:8f:78:b6:19:15:5a:f4:3f:7a:77:b8:d8:49:3b:e4: + bc:80:ad:8e:08:23:b2:5a:92:71:1a:aa:38:9c:83:75:3f:dc: + d7:07:6f:20:52:d7:f7:02:bd:e5:91:c3:b2:14:3b:2b:7e:dc: + e4:e0:73:62:a1:a2:fb:f9:be:63:91:1c:e4:f5:67:43:dc:ca: + 67:d2:50:09:a1:10:30:cf:1e:6a:01:c4:6c:71:1c:7c:18:0c: + c0:32:6e:4e:89:f2:ae:56:75:a7:0c:1d:f7:c7:22:f6:70:40: + 1f:91:3b:ae:a4:48:7e:bf:a9:7e:4d:2b:91:6e:0f:c5:87:7a: + 32:ec:1e:19:46:d2:c8:02:cf:6f:2f:de:02:60:1e:a8:2d:f1: + 5a:17:35:23:bb:4f:ea:13:06:68:e6:9a:3f:2a:db:94:34:c5: + 4b:9c:ad:7e:3b:2f:2f:05:d0:a2:b1:73:0f:5e:a9:ec:48:0b: + 7b:3b:33:cb:5c:7a:e2:64:6e:df:42:7f:83:bc:43:9a:5d:5e: + 40:ee:45:b8 +-----BEGIN CERTIFICATE----- +MIIDKzCCAhOgAwIBAgIMYsd19RTuTTVOXousMA0GCSqGSIb3DQEBCwUAMDMxFTAT +BgNVBAMMDEpMaW50IFN1YiBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUw +HhcNMjMwNDI3MTMxOTI5WhcNMjYwNzI3MTMxOTI5WjAwMRIwEAYDVQQDDAkzOSBt +b250aHMxDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAjxiDyAeXPGHB7eOz7IJA0mMdOESZ9C4QDouVm6OU +14fFcXdnGGHPKHq8FHErj70kxQn1XV/X7S/VLdAcuxhicGPsHuaYzuhIZbKNsxLU +bl+70P9JuGRqAOU85PPhAsPk8LFkejGcgUUc2Vh4PlkybyezUKFRyV6S8Tls2gIs +w6GUVlqwihou97jqbS3rQkvVckDulq/viGiHnNriKsxtT1DerSp7xloXZyw9DwSc +pYkaWcJAkiDIsRX3gs0pBequ1mD2D8Az/F3HJwGH2iGWYdrjyMjhbAxOZySRLBhN +C9fw/YwNSpcnPygoQVri/dhZjLL0hKX4fgqkXs3MIkVozwIDAQABo0IwQDAfBgNV +HSMEGDAWgBQRrXbaGHx8u2Fxr7m6DDnWF9BczTAdBgNVHQ4EFgQUhoDxZORizr+l +f+JOTUvNU316YkEwDQYJKoZIhvcNAQELBQADggEBADUQ5D33BNzMynaw7T3+Or5l +0laH91EGs3C4kgJbfUontkMO8bKnFRQjoE4LXVa8pV57RP1isK2bIo94thkVWvQ/ +ene42Ek75LyArY4II7JaknEaqjicg3U/3NcHbyBS1/cCveWRw7IUOyt+3OTgc2Kh +ovv5vmORHOT1Z0PcymfSUAmhEDDPHmoBxGxxHHwYDMAybk6J8q5WdacMHffHIvZw +QB+RO66kSH6/qX5NK5FuD8WHejLsHhlG0sgCz28v3gJgHqgt8VoXNSO7T+oTBmjm +mj8q25Q0xUucrX47Ly8F0KKxcw9eqexIC3s7M8tceuJkbt9Cf4O8Q5pdXkDuRbg= +-----END CERTIFICATE----- From d08509357ec39401f94f4a91ecdcf39d8e581549 Mon Sep 17 00:00:00 2001 From: mtgag Date: Wed, 17 May 2023 08:24:15 +0200 Subject: [PATCH 6/7] update in integration data --- v3/integration/config.json | 4 ++-- v3/integration/small.config.json | 17 ++++++++++++----- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/v3/integration/config.json b/v3/integration/config.json index 3da787605..ac6a27111 100644 --- a/v3/integration/config.json +++ b/v3/integration/config.json @@ -340,7 +340,7 @@ "ErrCount": 1 }, "e_ev_valid_time_too_long": { - "ErrCount": 151 + "ErrCount": 195 }, "e_ext_aia_marked_critical": {}, "e_ext_authority_key_identifier_critical": {}, @@ -573,7 +573,7 @@ }, "e_sub_cert_street_address_should_not_exist": {}, "e_sub_cert_valid_time_longer_than_39_months": { - "ErrCount": 365 + "ErrCount": 650 }, "e_sub_cert_valid_time_longer_than_825_days": { "ErrCount": 21 diff --git a/v3/integration/small.config.json b/v3/integration/small.config.json index f8b92f1dd..6f0f6777e 100644 --- a/v3/integration/small.config.json +++ b/v3/integration/small.config.json @@ -264,7 +264,7 @@ "e_sub_cert_province_must_not_appear": {}, "e_sub_cert_street_address_should_not_exist": {}, "e_sub_cert_valid_time_longer_than_39_months": { - "ErrCount": 8 + "ErrCount": 18 }, "e_sub_cert_valid_time_longer_than_825_days": { "ErrCount": 2 @@ -289,9 +289,7 @@ }, "e_subject_email_max_length": {}, "e_subject_empty_without_san": {}, - "e_subject_given_name_max_length": { - "ErrCount": 1 - }, + "e_subject_given_name_max_length": {}, "e_subject_info_access_marked_critical": {}, "e_subject_locality_name_max_length": {}, "e_subject_not_dn": {}, @@ -322,6 +320,12 @@ "e_rsa_allowed_ku_ee": { "ErrCount": 11 }, + "e_no_underscores_before_1_6_2": { + "ErrCount": 13 + }, + "e_incorrect_ku_encoding": { + "ErrCount": 239 + }, "n_ca_digital_signature_not_set": { "NoticeCount": 29 }, @@ -423,6 +427,9 @@ "w_subject_dn_trailing_whitespace": { "WarnCount": 4 }, - "w_tls_server_cert_valid_time_longer_than_397_days": {} + "w_tls_server_cert_valid_time_longer_than_397_days": {}, + "w_rfc_dnsname_underscore_in_trd": { + "WarnCount": 13 + } } } \ No newline at end of file From 852f7dc6f1b8980728684c81b5c604f6530dc23e Mon Sep 17 00:00:00 2001 From: mtgag Date: Fri, 19 May 2023 16:01:21 +0200 Subject: [PATCH 7/7] reverted commit, kept certificates, changed assertion, after discussion in the pull request --- v3/integration/config.json | 4 +- v3/integration/small.config.json | 2 +- ...b_cert_valid_time_longer_than_39_months.go | 2 +- ...t_valid_time_longer_than_39_months_test.go | 2 +- .../cabf_ev/lint_ev_valid_time_too_long.go | 2 +- .../lint_ev_valid_time_too_long_test.go | 2 +- v3/testdata/39months.pem | 106 +++++++++--------- 7 files changed, 60 insertions(+), 60 deletions(-) diff --git a/v3/integration/config.json b/v3/integration/config.json index ac6a27111..3da787605 100644 --- a/v3/integration/config.json +++ b/v3/integration/config.json @@ -340,7 +340,7 @@ "ErrCount": 1 }, "e_ev_valid_time_too_long": { - "ErrCount": 195 + "ErrCount": 151 }, "e_ext_aia_marked_critical": {}, "e_ext_authority_key_identifier_critical": {}, @@ -573,7 +573,7 @@ }, "e_sub_cert_street_address_should_not_exist": {}, "e_sub_cert_valid_time_longer_than_39_months": { - "ErrCount": 650 + "ErrCount": 365 }, "e_sub_cert_valid_time_longer_than_825_days": { "ErrCount": 21 diff --git a/v3/integration/small.config.json b/v3/integration/small.config.json index 6f0f6777e..49671b9a5 100644 --- a/v3/integration/small.config.json +++ b/v3/integration/small.config.json @@ -264,7 +264,7 @@ "e_sub_cert_province_must_not_appear": {}, "e_sub_cert_street_address_should_not_exist": {}, "e_sub_cert_valid_time_longer_than_39_months": { - "ErrCount": 18 + "ErrCount": 8 }, "e_sub_cert_valid_time_longer_than_825_days": { "ErrCount": 2 diff --git a/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months.go b/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months.go index 1b99bda50..fbba31e95 100644 --- a/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months.go +++ b/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months.go @@ -42,7 +42,7 @@ func (l *subCertValidTimeLongerThan39Months) CheckApplies(c *x509.Certificate) b } func (l *subCertValidTimeLongerThan39Months) Execute(c *x509.Certificate) *lint.LintResult { - if util.BeforeOrOn(c.NotBefore.AddDate(0, 39, 0), c.NotAfter) { + if c.NotBefore.AddDate(0, 39, 0).Before(c.NotAfter) { return &lint.LintResult{Status: lint.Error} } return &lint.LintResult{Status: lint.Pass} diff --git a/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months_test.go b/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months_test.go index 539d56512..a2e6b17b2 100644 --- a/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months_test.go +++ b/v3/lints/cabf_br/lint_sub_cert_valid_time_longer_than_39_months_test.go @@ -41,7 +41,7 @@ func TestSubCertValidTimeGood(t *testing.T) { func TestSubCertValidTimeExactly39months(t *testing.T) { inputPath := "39months.pem" - expected := lint.Error + expected := lint.Pass out := test.TestLint("e_sub_cert_valid_time_longer_than_39_months", inputPath) if out.Status != expected { t.Errorf("%s: expected %s, got %s", inputPath, expected, out.Status) diff --git a/v3/lints/cabf_ev/lint_ev_valid_time_too_long.go b/v3/lints/cabf_ev/lint_ev_valid_time_too_long.go index aad4c2f7b..b207d027c 100644 --- a/v3/lints/cabf_ev/lint_ev_valid_time_too_long.go +++ b/v3/lints/cabf_ev/lint_ev_valid_time_too_long.go @@ -47,7 +47,7 @@ func (l *evValidTooLong) CheckApplies(c *x509.Certificate) bool { } func (l *evValidTooLong) Execute(c *x509.Certificate) *lint.LintResult { - if util.BeforeOrOn(c.NotBefore.AddDate(0, 27, 0), c.NotAfter) { + if c.NotBefore.AddDate(0, 27, 0).Before(c.NotAfter) { return &lint.LintResult{Status: lint.Error} } return &lint.LintResult{Status: lint.Pass} diff --git a/v3/lints/cabf_ev/lint_ev_valid_time_too_long_test.go b/v3/lints/cabf_ev/lint_ev_valid_time_too_long_test.go index 1d8a65226..f104b8f9e 100644 --- a/v3/lints/cabf_ev/lint_ev_valid_time_too_long_test.go +++ b/v3/lints/cabf_ev/lint_ev_valid_time_too_long_test.go @@ -45,7 +45,7 @@ func TestEvValidTooLong(t *testing.T) { { Name: "EV certificate issued after Ballot 193, valid for 825 days, which is >27 months", InputFilename: "27monthsEv.pem", - ExpectedResult: lint.Error, + ExpectedResult: lint.Pass, }, } for _, tc := range testCases { diff --git a/v3/testdata/39months.pem b/v3/testdata/39months.pem index 16cf1b14e..1104fcbe7 100644 --- a/v3/testdata/39months.pem +++ b/v3/testdata/39months.pem @@ -2,74 +2,74 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - 62:c7:75:f5:14:ee:4d:35:4e:5e:8b:ac + 03:d8:78:e2:20:05:78:6d:ae:a5:97:c4 Signature Algorithm: sha256WithRSAEncryption Issuer: CN = JLint Sub CA, O = Lint, C = DE Validity - Not Before: Apr 27 13:19:29 2023 GMT - Not After : Jul 27 13:19:29 2026 GMT + Not Before: Jan 1 00:00:00 2017 GMT + Not After : Apr 1 00:00:00 2020 GMT Subject: CN = 39 months, O = Lint, C = DE Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: - 00:8f:18:83:c8:07:97:3c:61:c1:ed:e3:b3:ec:82: - 40:d2:63:1d:38:44:99:f4:2e:10:0e:8b:95:9b:a3: - 94:d7:87:c5:71:77:67:18:61:cf:28:7a:bc:14:71: - 2b:8f:bd:24:c5:09:f5:5d:5f:d7:ed:2f:d5:2d:d0: - 1c:bb:18:62:70:63:ec:1e:e6:98:ce:e8:48:65:b2: - 8d:b3:12:d4:6e:5f:bb:d0:ff:49:b8:64:6a:00:e5: - 3c:e4:f3:e1:02:c3:e4:f0:b1:64:7a:31:9c:81:45: - 1c:d9:58:78:3e:59:32:6f:27:b3:50:a1:51:c9:5e: - 92:f1:39:6c:da:02:2c:c3:a1:94:56:5a:b0:8a:1a: - 2e:f7:b8:ea:6d:2d:eb:42:4b:d5:72:40:ee:96:af: - ef:88:68:87:9c:da:e2:2a:cc:6d:4f:50:de:ad:2a: - 7b:c6:5a:17:67:2c:3d:0f:04:9c:a5:89:1a:59:c2: - 40:92:20:c8:b1:15:f7:82:cd:29:05:ea:ae:d6:60: - f6:0f:c0:33:fc:5d:c7:27:01:87:da:21:96:61:da: - e3:c8:c8:e1:6c:0c:4e:67:24:91:2c:18:4d:0b:d7: - f0:fd:8c:0d:4a:97:27:3f:28:28:41:5a:e2:fd:d8: - 59:8c:b2:f4:84:a5:f8:7e:0a:a4:5e:cd:cc:22:45: - 68:cf + 00:94:07:c4:d7:6e:ab:a7:69:da:00:be:cc:d6:c3: + b0:db:64:55:8a:4d:ee:32:43:36:d4:a1:50:08:e8: + e1:99:25:00:39:b7:c2:e3:7b:1a:69:17:cf:86:74: + cc:8e:ab:8a:51:8d:c4:d9:bb:30:1d:69:47:9b:84: + be:62:eb:4c:b3:3f:54:0f:ae:5f:a2:cd:1b:5c:57: + 91:26:58:c5:e8:b9:ed:71:ee:bf:57:6a:4b:21:c0: + 56:bd:49:78:9c:ab:4d:79:a8:bf:23:7d:68:63:5e: + ae:5c:d2:ae:33:90:0b:51:0c:68:1d:e1:44:69:61: + c6:62:9e:e8:01:39:9f:ae:f3:59:c7:92:0e:c9:89: + 9a:fa:84:d0:3d:3c:c5:d8:4f:bb:89:44:a2:4c:01: + 29:b3:68:0a:04:b5:7f:c6:a1:2d:b9:fc:b1:95:1e: + c4:ec:d4:6e:20:5a:ec:53:00:a3:da:2c:e1:d4:d4: + a5:50:6e:2d:b6:ed:1c:ab:c5:a6:d2:fa:3a:90:0b: + b8:6b:16:98:45:29:b0:8a:d3:bc:a0:d9:28:f7:a7: + 85:8f:77:47:64:ca:54:3b:53:cf:70:f0:95:8c:a2: + c7:aa:0b:67:3b:27:82:12:28:09:c2:da:e2:09:72: + e2:44:51:5a:02:01:14:35:8a:53:c9:8b:95:1e:08: + 21:ef Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: - keyid:11:AD:76:DA:18:7C:7C:BB:61:71:AF:B9:BA:0C:39:D6:17:D0:5C:CD + keyid:EA:F8:6D:8D:77:B0:16:56:C9:89:51:1B:8D:1D:A4:3B:4B:24:B0:DC X509v3 Subject Key Identifier: - 86:80:F1:64:E4:62:CE:BF:A5:7F:E2:4E:4D:4B:CD:53:7D:7A:62:41 + 59:62:67:F3:8E:07:B5:2D:F4:1A:2D:0C:1D:5E:EF:B6:10:87:DC:0B Signature Algorithm: sha256WithRSAEncryption - 35:10:e4:3d:f7:04:dc:cc:ca:76:b0:ed:3d:fe:3a:be:65:d2: - 56:87:f7:51:06:b3:70:b8:92:02:5b:7d:4a:27:b6:43:0e:f1: - b2:a7:15:14:23:a0:4e:0b:5d:56:bc:a5:5e:7b:44:fd:62:b0: - ad:9b:22:8f:78:b6:19:15:5a:f4:3f:7a:77:b8:d8:49:3b:e4: - bc:80:ad:8e:08:23:b2:5a:92:71:1a:aa:38:9c:83:75:3f:dc: - d7:07:6f:20:52:d7:f7:02:bd:e5:91:c3:b2:14:3b:2b:7e:dc: - e4:e0:73:62:a1:a2:fb:f9:be:63:91:1c:e4:f5:67:43:dc:ca: - 67:d2:50:09:a1:10:30:cf:1e:6a:01:c4:6c:71:1c:7c:18:0c: - c0:32:6e:4e:89:f2:ae:56:75:a7:0c:1d:f7:c7:22:f6:70:40: - 1f:91:3b:ae:a4:48:7e:bf:a9:7e:4d:2b:91:6e:0f:c5:87:7a: - 32:ec:1e:19:46:d2:c8:02:cf:6f:2f:de:02:60:1e:a8:2d:f1: - 5a:17:35:23:bb:4f:ea:13:06:68:e6:9a:3f:2a:db:94:34:c5: - 4b:9c:ad:7e:3b:2f:2f:05:d0:a2:b1:73:0f:5e:a9:ec:48:0b: - 7b:3b:33:cb:5c:7a:e2:64:6e:df:42:7f:83:bc:43:9a:5d:5e: - 40:ee:45:b8 + 09:67:cc:64:68:84:62:dc:74:62:f7:90:bc:10:96:13:19:f1: + 55:4f:fc:66:75:d2:11:7e:41:41:a3:8f:d8:f2:a8:26:1f:78: + 09:54:76:b3:d6:a7:8e:1c:73:1f:ae:bf:89:5f:2b:14:ed:74: + 6d:f7:63:c8:79:d1:d6:d1:31:5d:c0:4b:bf:6d:f8:61:82:13: + 9c:8e:b4:68:cf:2b:33:df:3c:78:3b:6a:12:ce:af:25:cd:af: + 86:e3:b6:0a:2d:7d:2a:62:fb:16:d5:bf:9f:3d:d3:ee:66:7f: + cc:13:77:e8:97:7a:8f:e3:08:70:26:49:1c:86:e1:e7:93:fb: + 46:34:4a:46:f5:82:a2:f6:1b:20:a7:e8:5e:e3:ff:58:e7:35: + 7b:5a:47:49:07:f7:fa:ee:dd:ec:90:16:89:7d:fc:05:5a:dc: + 1b:e0:f2:d8:6d:d7:f6:95:18:38:fd:ea:6c:a8:bf:b9:71:14: + 78:62:43:da:85:ba:e0:85:50:9a:de:bb:14:1c:21:c0:e2:47: + 66:f8:79:8c:48:e2:ad:c7:9d:da:36:a6:b2:b0:67:78:d4:ce: + 36:0c:e9:78:99:99:2b:bc:9e:20:bf:0e:7a:ba:51:9c:71:fd: + 96:df:c4:44:11:bf:87:4f:aa:eb:be:4a:9d:e0:9b:42:4a:4b: + fd:c0:2f:6d -----BEGIN CERTIFICATE----- -MIIDKzCCAhOgAwIBAgIMYsd19RTuTTVOXousMA0GCSqGSIb3DQEBCwUAMDMxFTAT +MIIDKzCCAhOgAwIBAgIMA9h44iAFeG2upZfEMA0GCSqGSIb3DQEBCwUAMDMxFTAT BgNVBAMMDEpMaW50IFN1YiBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUw -HhcNMjMwNDI3MTMxOTI5WhcNMjYwNzI3MTMxOTI5WjAwMRIwEAYDVQQDDAkzOSBt +HhcNMTcwMTAxMDAwMDAwWhcNMjAwNDAxMDAwMDAwWjAwMRIwEAYDVQQDDAkzOSBt b250aHMxDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAjxiDyAeXPGHB7eOz7IJA0mMdOESZ9C4QDouVm6OU -14fFcXdnGGHPKHq8FHErj70kxQn1XV/X7S/VLdAcuxhicGPsHuaYzuhIZbKNsxLU -bl+70P9JuGRqAOU85PPhAsPk8LFkejGcgUUc2Vh4PlkybyezUKFRyV6S8Tls2gIs -w6GUVlqwihou97jqbS3rQkvVckDulq/viGiHnNriKsxtT1DerSp7xloXZyw9DwSc -pYkaWcJAkiDIsRX3gs0pBequ1mD2D8Az/F3HJwGH2iGWYdrjyMjhbAxOZySRLBhN -C9fw/YwNSpcnPygoQVri/dhZjLL0hKX4fgqkXs3MIkVozwIDAQABo0IwQDAfBgNV -HSMEGDAWgBQRrXbaGHx8u2Fxr7m6DDnWF9BczTAdBgNVHQ4EFgQUhoDxZORizr+l -f+JOTUvNU316YkEwDQYJKoZIhvcNAQELBQADggEBADUQ5D33BNzMynaw7T3+Or5l -0laH91EGs3C4kgJbfUontkMO8bKnFRQjoE4LXVa8pV57RP1isK2bIo94thkVWvQ/ -ene42Ek75LyArY4II7JaknEaqjicg3U/3NcHbyBS1/cCveWRw7IUOyt+3OTgc2Kh -ovv5vmORHOT1Z0PcymfSUAmhEDDPHmoBxGxxHHwYDMAybk6J8q5WdacMHffHIvZw -QB+RO66kSH6/qX5NK5FuD8WHejLsHhlG0sgCz28v3gJgHqgt8VoXNSO7T+oTBmjm -mj8q25Q0xUucrX47Ly8F0KKxcw9eqexIC3s7M8tceuJkbt9Cf4O8Q5pdXkDuRbg= +AQEFAAOCAQ8AMIIBCgKCAQEAlAfE126rp2naAL7M1sOw22RVik3uMkM21KFQCOjh +mSUAObfC43saaRfPhnTMjquKUY3E2bswHWlHm4S+YutMsz9UD65fos0bXFeRJljF +6Lntce6/V2pLIcBWvUl4nKtNeai/I31oY16uXNKuM5ALUQxoHeFEaWHGYp7oATmf +rvNZx5IOyYma+oTQPTzF2E+7iUSiTAEps2gKBLV/xqEtufyxlR7E7NRuIFrsUwCj +2izh1NSlUG4ttu0cq8Wm0vo6kAu4axaYRSmwitO8oNko96eFj3dHZMpUO1PPcPCV +jKLHqgtnOyeCEigJwtriCXLiRFFaAgEUNYpTyYuVHggh7wIDAQABo0IwQDAfBgNV +HSMEGDAWgBTq+G2Nd7AWVsmJURuNHaQ7SySw3DAdBgNVHQ4EFgQUWWJn844HtS30 +Gi0MHV7vthCH3AswDQYJKoZIhvcNAQELBQADggEBAAlnzGRohGLcdGL3kLwQlhMZ +8VVP/GZ10hF+QUGjj9jyqCYfeAlUdrPWp44ccx+uv4lfKxTtdG33Y8h50dbRMV3A +S79t+GGCE5yOtGjPKzPfPHg7ahLOryXNr4bjtgotfSpi+xbVv5890+5mf8wTd+iX +eo/jCHAmSRyG4eeT+0Y0Skb1gqL2GyCn6F7j/1jnNXtaR0kH9/ru3eyQFol9/AVa +3Bvg8tht1/aVGDj96myov7lxFHhiQ9qFuuCFUJreuxQcIcDiR2b4eYxI4q3Hndo2 +prKwZ3jUzjYM6XiZmSu8niC/Dnq6UZxx/ZbfxEQRv4dPquu+Sp3gm0JKS/3AL20= -----END CERTIFICATE-----