Google Git
Sign in
fuchsia / third_party / boringssl / 1f3d638076e49407b972c73aac1c095b20a53765 / . / src / pki / testdata / verify_certificate_chain_unittest / policies-inhibit-mapping-by-root-fail / chain.pem
blob: 7d3a7a7a25ee09bfa943adbccf8ffbcba9e64cb0 [file] [log] [blame]
[Created by: ./generate-chains.py]
Certificate chain with inhibitPolicyMapping=0 on the root, and an
intermediate that uses policy mappings. Should fail if the policyConstraints on
the root are enforced.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0b:76:f9:f2:35:f7:48:df:97:9c:e1:ca:67:ce:c0:01:f9:fb:00:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediate
Validity
Not Before: Oct 5 12:00:00 2021 GMT
Not After : Oct 5 12:00:00 2022 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ab:f0:76:27:78:8b:e7:3d:f6:6c:ce:3e:88:0b:
6a:fb:6d:7e:b0:d8:0b:45:91:ce:e5:d3:3f:70:3b:
0e:f7:c1:92:d6:a5:9d:53:5a:91:93:f5:53:c3:8b:
92:b5:f9:14:56:be:b7:81:c9:45:6f:a5:75:bf:5a:
e1:48:ba:03:eb:73:d6:50:27:de:f7:95:81:64:12:
54:53:3c:75:da:39:8d:47:2a:f4:00:fb:22:bd:96:
c6:5f:10:85:b4:80:8b:f3:05:f4:6e:5d:a7:4a:6a:
b7:c8:10:73:e0:d5:7d:20:18:86:79:64:41:1b:76:
da:5f:10:ea:f2:b1:f5:f2:dc:81:66:9e:0e:ae:4d:
01:bd:ac:76:96:d4:39:67:39:09:59:5e:71:7a:23:
6d:8f:e1:23:92:48:ca:43:94:3f:7f:f3:a0:fb:60:
2b:09:3c:e0:23:52:29:71:29:d3:c7:ba:31:28:61:
dd:d5:56:d8:b4:e8:c0:4a:b7:be:e9:39:c1:18:5e:
61:8f:b4:6b:9b:30:c1:f7:a0:c9:fb:9d:ce:50:6d:
57:39:9c:77:40:b8:eb:0a:63:76:eb:ca:d3:9c:b8:
b1:e5:46:9f:14:40:17:a2:98:3a:59:42:77:d6:b7:
e5:d9:78:cb:42:47:9b:dd:d2:05:ca:ef:24:78:66:
99:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:B8:54:52:BE:E6:8E:00:AF:96:42:DB:BB:3E:B0:86:0F:D6:4D:08
X509v3 Authority Key Identifier:
7C:76:D4:23:43:F9:F8:0B:19:60:61:1F:7B:E9:3C:20:0A:0C:43:DC
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediate.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediate.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies: critical
Policy: 1.2.3.5
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
8a:21:24:c8:76:6f:95:f9:3c:76:f0:be:90:20:74:dd:ef:6f:
23:2b:c0:a8:71:64:47:7a:a2:e5:57:c7:3c:9b:4d:e5:56:0f:
a6:ab:17:0c:1f:7b:c7:b9:92:86:01:ef:79:8c:cd:71:72:ff:
7c:e0:8e:b2:13:bf:70:56:4e:5d:e3:26:22:39:62:5c:a5:d6:
ef:a4:de:fa:b6:2c:0f:53:f9:d1:50:98:04:05:83:80:04:af:
d5:8c:9d:e5:85:5a:ba:f9:ca:29:0b:a4:90:3f:c6:74:e2:e5:
89:dd:23:1b:f1:83:32:0c:e4:d1:10:e2:c1:0e:3d:b7:66:cb:
aa:a5:76:aa:9b:68:21:c6:6c:75:b1:37:4f:98:85:6e:23:56:
09:58:d1:bf:ea:ff:ba:d0:82:43:2e:3a:7d:85:c3:17:5a:05:
79:cb:dc:6e:62:c6:64:b5:2b:84:0b:bb:eb:e7:2b:92:14:7b:
46:f2:2f:74:21:7b:8b:4d:3f:aa:46:b2:cd:57:ae:14:0a:a9:
a2:c3:7c:c2:1f:6e:33:76:df:8a:38:dc:07:7c:de:4d:82:3f:
3f:2a:74:7f:49:65:63:8f:d0:13:fd:db:bf:1f:17:27:1a:3b:
8d:5d:57:6a:26:91:b1:af:6d:42:8d:e8:8c:33:31:3d:ef:96:
5a:28:f9:44
-----BEGIN CERTIFICATE-----
MIIDtTCCAp2gAwIBAgIUC3b58jX3SN+XnOHKZ87AAfn7AIEwDQYJKoZIhvcNAQEL
BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy
MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAq/B2J3iL5z32bM4+iAtq+21+sNgLRZHO5dM/cDsO98GS
1qWdU1qRk/VTw4uStfkUVr63gclFb6V1v1rhSLoD63PWUCfe95WBZBJUUzx12jmN
Ryr0APsivZbGXxCFtICL8wX0bl2nSmq3yBBz4NV9IBiGeWRBG3baXxDq8rH18tyB
Zp4Ork0Bvax2ltQ5ZzkJWV5xeiNtj+EjkkjKQ5Q/f/Og+2ArCTzgI1IpcSnTx7ox
KGHd1VbYtOjASre+6TnBGF5hj7RrmzDB96DJ+53OUG1XOZx3QLjrCmN268rTnLix
5UafFEAXopg6WUJ31rfl2XjLQkeb3dIFyu8keGaZ+wIDAQABo4H+MIH7MB0GA1Ud
DgQWBBQSuFRSvuaOAK+WQtu7PrCGD9ZNCDAfBgNVHSMEGDAWgBR8dtQjQ/n4Cxlg
YR976TwgCgxD3DA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91
cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0
dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gAQH/BAkwBzAF
BgMqAwUwDQYJKoZIhvcNAQELBQADggEBAIohJMh2b5X5PHbwvpAgdN3vbyMrwKhx
ZEd6ouVXxzybTeVWD6arFwwfe8e5koYB73mMzXFy/3zgjrITv3BWTl3jJiI5Ylyl
1u+k3vq2LA9T+dFQmAQFg4AEr9WMneWFWrr5yikLpJA/xnTi5YndIxvxgzIM5NEQ
4sEOPbdmy6qldqqbaCHGbHWxN0+YhW4jVglY0b/q/7rQgkMuOn2FwxdaBXnL3G5i
xmS1K4QLu+vnK5IUe0byL3Qhe4tNP6pGss1XrhQKqaLDfMIfbjN234o43Ad83k2C
Pz8qdH9JZWOP0BP9278fFycaO41dV2omkbGvbUKN6IwzMT3vlloo+UQ=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0f:95:30:fc:3e:17:6a:62:ed:40:f3:c7:a6:75:62:19:01:11:d6:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Oct 5 12:00:00 2021 GMT
Not After : Oct 5 12:00:00 2022 GMT
Subject: CN=Intermediate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:97:4a:5c:fd:3a:bc:0a:ca:ac:d4:f4:32:8a:03:
0b:e2:23:d7:6c:51:ef:77:db:00:49:ea:ae:5c:80:
14:57:78:fb:d2:90:ed:56:07:6c:79:8f:d7:7f:2d:
e5:bc:f9:52:33:f7:b4:6f:55:49:68:10:cb:f2:50:
27:86:b7:2e:a3:a0:78:f9:03:99:e2:dc:dd:52:3b:
0d:6c:9d:b6:a0:c6:17:13:cb:9d:d1:1d:f9:f5:67:
64:89:42:af:4f:26:76:bf:26:23:5c:5e:90:8f:23:
97:4e:82:bf:10:cb:80:74:29:a1:07:b4:55:f8:75:
db:32:5d:fe:f6:ce:02:fb:16:a0:40:d8:40:85:ad:
1b:17:33:e1:4f:91:fd:80:43:89:5d:37:b6:fd:ae:
fa:e9:d6:04:5d:9a:d7:66:b4:74:c9:7f:ad:21:1a:
04:be:1b:5e:dc:7f:f6:e0:fe:9b:f7:44:60:2c:81:
82:13:e7:09:2c:78:16:42:35:22:16:1b:31:90:5d:
a4:7b:cf:9a:50:3d:64:c9:f8:40:85:1d:49:4c:93:
06:22:00:2f:3a:83:ee:fb:e8:ea:6d:cc:42:62:09:
99:72:6c:92:e7:a0:11:9d:4a:a1:3f:35:f6:bb:70:
34:c1:88:8b:2d:a4:7d:6e:d9:67:75:64:3b:98:f0:
27:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:76:D4:23:43:F9:F8:0B:19:60:61:1F:7B:E9:3C:20:0A:0C:43:DC
X509v3 Authority Key Identifier:
4C:F1:50:9D:B8:49:6B:D6:E6:96:99:11:02:34:1F:FB:7D:51:F8:D1
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Policy Constraints: critical
Require Explicit Policy:0
X509v3 Certificate Policies: critical
Policy: 1.2.3.4
X509v3 Policy Mappings: critical
1.2.3.4:1.2.3.5
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
c3:ed:96:d8:4c:4e:77:b3:6a:52:a7:93:d9:6a:02:b3:38:3e:
61:3f:dc:ad:bd:8c:2c:16:d8:4e:ec:2f:d7:de:06:d1:01:8a:
a2:ac:eb:83:f4:30:62:5f:ef:c2:48:51:f9:60:bf:73:c4:2f:
1a:9d:91:c8:fa:7a:5f:7c:b2:c2:72:b2:b8:f2:62:48:53:3d:
be:f2:1c:0e:1a:59:d0:fc:2e:38:99:40:7d:72:90:e1:58:35:
97:35:0a:65:18:3d:e3:12:a9:e7:43:2a:aa:47:05:76:e3:e0:
4e:6d:87:a4:95:65:04:52:33:e0:ef:53:5c:42:71:2b:06:15:
09:b2:cf:0c:9b:57:6e:2c:95:1d:b5:e4:cd:f0:68:83:14:ed:
f4:27:39:81:1e:45:fc:a0:d7:c5:22:e4:42:53:a4:3d:9e:0f:
8b:76:39:8c:c1:db:25:b9:b5:6e:40:44:24:71:44:db:16:e8:
02:c6:56:e1:81:5f:2e:43:7e:31:9e:6d:e2:ff:ca:66:6f:7c:
e3:36:34:fc:dc:63:cd:b5:db:39:7f:0a:6b:30:77:ed:6a:16:
0d:8f:ff:27:1d:cd:d1:d7:6a:30:0e:18:18:34:96:b8:aa:e7:
73:21:27:37:41:b7:5c:2a:e1:4d:9e:fa:46:2a:57:81:ab:f9:
a8:cd:14:52
-----BEGIN CERTIFICATE-----
MIIDwjCCAqqgAwIBAgIUD5Uw/D4XamLtQPPHpnViGQER1sMwDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJdKXP06vArKrNT0MooDC+Ij12xR73fbAEnqrlyAFFd4+9KQ
7VYHbHmP138t5bz5UjP3tG9VSWgQy/JQJ4a3LqOgePkDmeLc3VI7DWydtqDGFxPL
ndEd+fVnZIlCr08mdr8mI1xekI8jl06CvxDLgHQpoQe0Vfh12zJd/vbOAvsWoEDY
QIWtGxcz4U+R/YBDiV03tv2u+unWBF2a12a0dMl/rSEaBL4bXtx/9uD+m/dEYCyB
ghPnCSx4FkI1IhYbMZBdpHvPmlA9ZMn4QIUdSUyTBiIALzqD7vvo6m3MQmIJmXJs
kuegEZ1KoT819rtwNMGIiy2kfW7ZZ3VkO5jwJ0sCAwEAAaOCAQwwggEIMB0GA1Ud
DgQWBBR8dtQjQ/n4CxlgYR976TwgCgxD3DAfBgNVHSMEGDAWgBRM8VCduElr1uaW
mRECNB/7fVH40TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91
cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs
LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
Af8wDwYDVR0kAQH/BAUwA4ABADATBgNVHSABAf8ECTAHMAUGAyoDBDAYBgNVHSEB
Af8EDjAMMAoGAyoDBAYDKgMFMA0GCSqGSIb3DQEBCwUAA4IBAQDD7ZbYTE53s2pS
p5PZagKzOD5hP9ytvYwsFthO7C/X3gbRAYqirOuD9DBiX+/CSFH5YL9zxC8anZHI
+npffLLCcrK48mJIUz2+8hwOGlnQ/C44mUB9cpDhWDWXNQplGD3jEqnnQyqqRwV2
4+BObYeklWUEUjPg71NcQnErBhUJss8Mm1duLJUdteTN8GiDFO30JzmBHkX8oNfF
IuRCU6Q9ng+LdjmMwdslubVuQEQkcUTbFugCxlbhgV8uQ34xnm3i/8pmb3zjNjT8
3GPNtds5fwprMHftahYNj/8nHc3R12owDhgYNJa4qudzISc3QbdcKuFNnvpGKleB
q/mozRRS
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0f:95:30:fc:3e:17:6a:62:ed:40:f3:c7:a6:75:62:19:01:11:d6:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Oct 5 12:00:00 2021 GMT
Not After : Oct 5 12:00:00 2022 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ce:ca:2d:79:43:c4:eb:2a:86:64:22:6d:de:81:
34:8b:20:fc:0f:d5:60:89:76:9f:af:4f:95:c7:fe:
45:0f:fe:ab:93:a9:9d:02:08:f8:b1:ac:e2:d6:d0:
1a:ac:73:7b:a1:bf:cc:21:b5:96:52:94:97:b7:47:
16:eb:26:1f:7a:bd:72:2e:18:74:b6:39:67:26:b2:
bc:fa:06:17:72:f0:fd:62:48:cd:e2:0f:96:ad:f2:
02:d1:28:d9:67:2f:3f:0f:99:92:fe:12:3e:71:bc:
59:f6:3d:82:60:cd:65:b2:07:84:84:f2:2d:75:3c:
dd:07:00:43:89:ef:f4:97:01:b7:2b:a5:1b:1b:dd:
03:81:ba:b6:22:c6:ba:3b:67:82:5d:c9:27:3a:e0:
ea:82:90:b0:d3:25:e0:a0:79:22:d6:ed:2c:76:3e:
4b:b0:04:78:99:ae:6d:1c:c7:de:af:b2:34:46:86:
ff:f0:d4:35:2c:32:fe:ea:c5:19:45:73:a7:df:29:
8b:15:92:ca:6f:5e:2e:15:f4:bd:ad:64:36:94:c8:
8e:f7:32:e2:ef:60:df:fa:ac:d0:ff:3d:ba:36:8e:
ff:28:a5:bc:6a:2b:54:c3:d6:a6:6d:47:a4:48:2a:
b8:55:65:b3:7f:13:c4:58:86:fd:c1:f3:58:4f:51:
dc:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:F1:50:9D:B8:49:6B:D6:E6:96:99:11:02:34:1F:FB:7D:51:F8:D1
X509v3 Authority Key Identifier:
4C:F1:50:9D:B8:49:6B:D6:E6:96:99:11:02:34:1F:FB:7D:51:F8:D1
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Policy Constraints: critical
Inhibit Policy Mapping:0
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
b9:d6:0f:a0:e7:d9:ed:fb:ba:ab:bf:ea:c8:68:04:58:9a:8a:
cc:8f:e5:3d:28:c1:f8:68:ad:26:cb:72:dc:5d:a3:b5:3d:50:
1d:44:2c:72:5a:3a:c2:8a:fe:11:63:0b:d2:0d:f8:ea:df:d5:
ef:35:78:e7:0c:40:ef:a7:d4:a6:37:c7:2f:ba:d6:20:57:24:
b1:5e:b1:20:81:7d:b2:47:9a:31:86:39:e2:51:b3:dc:a6:47:
14:f9:82:25:45:fc:9e:7b:38:de:02:db:d9:3b:fb:79:5b:f9:
5a:40:f9:6e:f6:6b:8a:77:14:36:7e:53:90:6f:ec:40:c1:ec:
b5:f2:84:24:70:3a:30:95:8c:92:c5:a3:33:50:44:a8:04:ca:
bb:bf:1b:e6:ca:6b:7e:3a:29:54:c7:ba:d7:8f:b0:41:e6:d7:
be:c0:c7:d3:1f:a3:6f:d4:c2:29:ac:04:f6:be:46:1d:d2:ce:
25:8f:41:d0:d8:a8:9f:40:e3:93:63:b7:d0:f5:8a:53:37:02:
f2:02:d1:f3:8d:52:8a:35:41:e7:96:3f:07:3a:d9:01:cb:19:
1e:ab:9b:93:b0:10:e1:35:aa:56:eb:36:40:7a:b4:f3:54:60:
09:b4:d0:ed:a5:b6:63:ea:8c:b8:35:22:83:d4:a8:33:a6:98:
5f:14:5e:77
-----BEGIN CERTIFICATE-----
MIIDiTCCAnGgAwIBAgIUD5Uw/D4XamLtQPPHpnViGQER1sIwDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDOyi15Q8TrKoZkIm3egTSLIPwP1WCJdp+vT5XH/kUP/quTqZ0CCPixrOLW
0Bqsc3uhv8whtZZSlJe3RxbrJh96vXIuGHS2OWcmsrz6Bhdy8P1iSM3iD5at8gLR
KNlnLz8PmZL+Ej5xvFn2PYJgzWWyB4SE8i11PN0HAEOJ7/SXAbcrpRsb3QOBurYi
xro7Z4JdySc64OqCkLDTJeCgeSLW7Sx2PkuwBHiZrm0cx96vsjRGhv/w1DUsMv7q
xRlFc6ffKYsVkspvXi4V9L2tZDaUyI73MuLvYN/6rND/Pbo2jv8opbxqK1TD1qZt
R6RIKrhVZbN/E8RYhv3B81hPUdwvAgMBAAGjgdwwgdkwHQYDVR0OBBYEFEzxUJ24
SWvW5paZEQI0H/t9UfjRMB8GA1UdIwQYMBaAFEzxUJ24SWvW5paZEQI0H/t9UfjR
MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh
L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S
b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQB
Af8EBTADgQEAMA0GCSqGSIb3DQEBCwUAA4IBAQC51g+g59nt+7qrv+rIaARYmorM
j+U9KMH4aK0my3LcXaO1PVAdRCxyWjrCiv4RYwvSDfjq39XvNXjnDEDvp9SmN8cv
utYgVySxXrEggX2yR5oxhjniUbPcpkcU+YIlRfyeezjeAtvZO/t5W/laQPlu9muK
dxQ2flOQb+xAwey18oQkcDowlYySxaMzUESoBMq7vxvmymt+OilUx7rXj7BB5te+
wMfTH6Nv1MIprAT2vkYd0s4lj0HQ2KifQOOTY7fQ9YpTNwLyAtHzjVKKNUHnlj8H
OtkByxkeq5uTsBDhNapW6zZAerTzVGAJtNDtpbZj6oy4NSKD1KgzpphfFF53
-----END CERTIFICATE-----