github.com/zmap/zcrypto@v0.0.0-20240512203510-0fef58d9a9db/x509/verify_test.go (about) 1 // Copyright 2011 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package x509 6 7 import ( 8 "encoding/pem" 9 "errors" 10 "strings" 11 "testing" 12 "time" 13 14 "github.com/zmap/zcrypto/x509/pkix" 15 ) 16 17 type verifyTest struct { 18 leaf string 19 intermediates []string 20 roots []string 21 currentTime int64 22 dnsName string 23 keyUsages []ExtKeyUsage 24 25 errorCallback func(*testing.T, int, error) bool 26 expectedChains [][]string 27 expiredChains [][]string 28 } 29 30 var verifyTests = []verifyTest{ 31 { 32 leaf: googleLeaf, 33 intermediates: []string{giag2Intermediate}, 34 roots: []string{geoTrustRoot}, 35 currentTime: 1395785200, 36 dnsName: "www.google.com", 37 38 expectedChains: [][]string{ 39 {"Google", "Google Internet Authority", "GeoTrust"}, 40 }, 41 }, 42 { 43 leaf: googleLeaf, 44 intermediates: []string{giag2Intermediate}, 45 roots: []string{geoTrustRoot}, 46 currentTime: 1395785200, 47 dnsName: "WwW.GooGLE.coM", 48 49 expectedChains: [][]string{ 50 {"Google", "Google Internet Authority", "GeoTrust"}, 51 }, 52 }, 53 { 54 leaf: googleLeaf, 55 intermediates: []string{giag2Intermediate}, 56 roots: []string{geoTrustRoot}, 57 currentTime: 1, 58 dnsName: "WwW.GooGLE.coM", 59 60 errorCallback: expectExpired, 61 }, 62 { 63 leaf: googleLeaf, 64 intermediates: []string{giag2Intermediate}, 65 roots: []string{geoTrustRoot}, 66 currentTime: 1395785200, 67 dnsName: "www.example.com", 68 69 expectedChains: [][]string{ 70 {"Google", "Google Internet Authority", "GeoTrust"}, 71 }, 72 errorCallback: expectHostnameError, 73 }, 74 { 75 leaf: googleLeaf, 76 intermediates: []string{giag2Intermediate}, 77 roots: []string{geoTrustRoot}, 78 currentTime: 1, 79 dnsName: "www.example.com", 80 81 errorCallback: expectExpired, 82 }, 83 { 84 leaf: googleLeaf, 85 roots: []string{geoTrustRoot}, 86 currentTime: 1395785200, 87 dnsName: "www.google.com", 88 errorCallback: expectAuthorityUnknown, 89 }, 90 { 91 leaf: googleLeaf, 92 intermediates: []string{geoTrustRoot, giag2Intermediate}, 93 roots: []string{geoTrustRoot}, 94 currentTime: 1395785200, 95 dnsName: "www.google.com", 96 97 expectedChains: [][]string{ 98 {"Google", "Google Internet Authority", "GeoTrust"}, 99 }, 100 }, 101 { 102 leaf: dnssecExpLeaf, 103 intermediates: []string{startComIntermediate}, 104 roots: []string{startComRoot}, 105 currentTime: 1302726541, 106 107 expectedChains: [][]string{ 108 {"dnssec-exp", "StartCom Class 1", "StartCom Certification Authority"}, 109 }, 110 }, 111 { 112 leaf: dnssecExpLeaf, 113 intermediates: []string{startComIntermediate, startComRoot}, 114 roots: []string{startComRoot}, 115 currentTime: 1302726541, 116 expectedChains: [][]string{ 117 {"dnssec-exp", "StartCom Class 1", "StartCom Certification Authority"}, 118 }, 119 }, 120 { 121 leaf: googleLeafWithInvalidHash, 122 intermediates: []string{giag2Intermediate}, 123 roots: []string{geoTrustRoot}, 124 currentTime: 1395785200, 125 dnsName: "www.google.com", 126 errorCallback: expectHashError, 127 }, 128 { 129 // The default configuration should reject an S/MIME chain. 130 leaf: smimeLeaf, 131 roots: []string{smimeIntermediate}, 132 currentTime: 1339436154, 133 errorCallback: expectUsageError, 134 }, 135 { 136 leaf: smimeLeaf, 137 roots: []string{smimeIntermediate}, 138 currentTime: 1339436154, 139 keyUsages: []ExtKeyUsage{ExtKeyUsageServerAuth}, 140 errorCallback: expectUsageError, 141 }, 142 { 143 leaf: smimeLeaf, 144 roots: []string{smimeIntermediate}, 145 currentTime: 1339436154, 146 keyUsages: []ExtKeyUsage{ExtKeyUsageEmailProtection}, 147 expectedChains: [][]string{ 148 {"Ryan Hurst", "GlobalSign PersonalSign 2 CA - G2"}, 149 }, 150 }, 151 { 152 leaf: megaLeaf, 153 intermediates: []string{comodoIntermediate1}, 154 roots: []string{comodoRoot}, 155 currentTime: 1360431182, 156 expectedChains: [][]string{ 157 {"mega.co.nz", "EssentialSSL CA", "COMODO Certification Authority"}, 158 }, 159 }, 160 { 161 // Check that a name constrained intermediate works even when 162 // it lists multiple constraints. 163 leaf: nameConstraintsLeaf, 164 intermediates: []string{nameConstraintsIntermediate1, nameConstraintsIntermediate2}, 165 roots: []string{globalSignRoot}, 166 currentTime: 1382387896, 167 dnsName: "secure.iddl.vt.edu", 168 169 expectedChains: [][]string{ 170 { 171 "Technology-enhanced Learning and Online Strategies", 172 "Virginia Tech Global Qualified Server CA", 173 "Trusted Root CA G2", 174 "GlobalSign Root CA", 175 }, 176 }, 177 }, 178 { 179 // Check that SHA-384 intermediates (which are popping up) 180 // work. 181 leaf: moipLeafCert, 182 intermediates: []string{comodoIntermediateSHA384, comodoRSAAuthority}, 183 roots: []string{addTrustRoot}, 184 currentTime: 1397502195, 185 dnsName: "api.moip.com.br", 186 187 expectedChains: [][]string{ 188 { 189 "api.moip.com.br", 190 "COMODO RSA Extended Validation Secure Server CA", 191 "COMODO RSA Certification Authority", 192 "AddTrust External CA Root", 193 }, 194 }, 195 }, 196 { 197 // Check the NotAfter < NotBefore is NeverValid 198 leaf: zcryptoNeverValid, 199 intermediates: []string{zcryptoIntermediate}, 200 roots: []string{zcryptoRoot}, 201 currentTime: 1622505600, // Tuesday 1st June 2021 12:00:00 AM 202 dnsName: "never-valid.example.com", 203 204 errorCallback: expectNeverValid, 205 }, 206 { 207 leaf: zcryptoValidBeforeIntermediate, 208 intermediates: []string{zcryptoIntermediate}, 209 roots: []string{zcryptoRoot}, 210 currentTime: 1527811200, // Friday 1st June 2018 12:00:00 AM 211 dnsName: "never-valid.example.com", 212 213 errorCallback: expectNeverValid, 214 }, 215 { 216 leaf: zcryptoRoot, 217 intermediates: []string{zcryptoIntermediate}, 218 roots: []string{zcryptoRoot}, 219 currentTime: 1527811200, // Friday 1st June 2018 12:00:00 AM, 220 221 expectedChains: [][]string{ 222 {"ZCrypto Root Authority"}, 223 }, 224 }, 225 { 226 leaf: zcryptoRoot, 227 intermediates: []string{zcryptoIntermediate}, 228 roots: []string{zcryptoRoot}, 229 currentTime: 1830297600, // Saturday 1st Jan 2028 12:00:00 AM, 230 231 expiredChains: [][]string{ 232 {"ZCrypto Root Authority"}, 233 }, 234 errorCallback: expectExpired, 235 }, 236 { 237 leaf: zcryptoRoot, 238 intermediates: []string{comodoIntermediateSHA384, comodoRSAAuthority}, 239 roots: []string{addTrustRoot}, 240 currentTime: 1527811200, // Friday 1st June 2018 12:00:00 AM, 241 242 errorCallback: expectCertificateInvalid(IsSelfSigned), 243 }, 244 { 245 leaf: zcryptoRoot, 246 intermediates: []string{zcryptoRoot, comodoRSAAuthority}, 247 roots: []string{addTrustRoot}, 248 currentTime: 1527811200, // Friday 1st June 2018 12:00:00 AM, 249 250 errorCallback: expectCertificateInvalid(IsSelfSigned), 251 }, 252 } 253 254 func expectHostnameError(t *testing.T, i int, err error) (ok bool) { 255 if _, ok := err.(HostnameError); !ok { 256 t.Errorf("#%d: error was not a HostnameError: %s", i, err) 257 return false 258 } 259 return true 260 } 261 262 func expectExpired(t *testing.T, i int, err error) (ok bool) { 263 if inval, ok := err.(CertificateInvalidError); !ok || inval.Reason != Expired { 264 t.Errorf("#%d: error was not Expired: %s", i, err) 265 return false 266 } 267 return true 268 } 269 270 func expectNeverValid(t *testing.T, i int, err error) (ok bool) { 271 if inval, ok := err.(CertificateInvalidError); !ok || inval.Reason != NeverValid { 272 t.Errorf("#%d: error was not NeverValid: %s", i, err) 273 return false 274 } 275 return true 276 } 277 278 func expectUsageError(t *testing.T, i int, err error) (ok bool) { 279 if inval, ok := err.(CertificateInvalidError); !ok || inval.Reason != IncompatibleUsage { 280 t.Errorf("#%d: error was not IncompatibleUsage: %s", i, err) 281 return false 282 } 283 return true 284 } 285 286 func expectAuthorityUnknown(t *testing.T, i int, err error) (ok bool) { 287 if _, ok := err.(UnknownAuthorityError); !ok { 288 t.Errorf("#%d: error was not UnknownAuthorityError: %s", i, err) 289 return false 290 } 291 return true 292 } 293 294 func expectHashError(t *testing.T, i int, err error) bool { 295 if err == nil { 296 t.Errorf("#%d: no error resulted from invalid hash", i) 297 return false 298 } 299 if expected := "algorithm unimplemented"; !strings.Contains(err.Error(), expected) { 300 t.Errorf("#%d: error resulting from invalid hash didn't contain '%s', rather it was: %s", i, expected, err) 301 return false 302 } 303 return true 304 } 305 306 func expectCertificateInvalid(reason InvalidReason) func(*testing.T, int, error) bool { 307 expectedReason := reason 308 return func(t *testing.T, i int, err error) bool { 309 if err == nil { 310 t.Errorf("#%d: no error when expectin CertificateInvalidError", i) 311 return false 312 } 313 invalidError, ok := err.(CertificateInvalidError) 314 if !ok { 315 t.Errorf("#%d: got an error that wasn't CertificateInvalidError", i) 316 return false 317 } 318 if invalidError.Reason != expectedReason { 319 t.Errorf("#%d: got invalid reason %v, expected %v", i, invalidError.Reason, expectedReason) 320 return false 321 } 322 return true 323 } 324 } 325 326 func certificateFromPEM(pemBytes string) (*Certificate, error) { 327 block, _ := pem.Decode([]byte(pemBytes)) 328 if block == nil { 329 return nil, errors.New("failed to decode PEM") 330 } 331 return ParseCertificate(block.Bytes) 332 } 333 334 func testVerify(t *testing.T) { 335 for i, test := range verifyTests { 336 opts := VerifyOptions{ 337 Intermediates: NewCertPool(), 338 DNSName: test.dnsName, 339 CurrentTime: time.Unix(test.currentTime, 0), 340 KeyUsages: test.keyUsages, 341 } 342 343 opts.Roots = NewCertPool() 344 for j, root := range test.roots { 345 ok := opts.Roots.AppendCertsFromPEM([]byte(root)) 346 if !ok { 347 t.Errorf("#%d: failed to parse root #%d", i, j) 348 return 349 } 350 } 351 352 for j, intermediate := range test.intermediates { 353 ok := opts.Intermediates.AppendCertsFromPEM([]byte(intermediate)) 354 if !ok { 355 t.Errorf("#%d: failed to parse intermediate #%d", i, j) 356 return 357 } 358 } 359 360 leaf, err := certificateFromPEM(test.leaf) 361 if err != nil { 362 t.Errorf("#%d: failed to parse leaf: %s", i, err) 363 return 364 } 365 366 chains, expiredChains, _, err := leaf.Verify(opts) 367 368 if test.errorCallback == nil && err != nil { 369 t.Errorf("#%d: unexpected error: %s", i, err) 370 } 371 if test.errorCallback != nil { 372 if !test.errorCallback(t, i, err) { 373 return 374 } 375 } 376 377 if len(chains) != len(test.expectedChains) { 378 t.Errorf("#%d: wanted %d chains, got %d", i, len(test.expectedChains), len(chains)) 379 } 380 381 if test.expiredChains != nil && len(expiredChains) != len(test.expiredChains) { 382 t.Errorf("#%d: wanted %d expired chains, got %d", i, len(test.expiredChains), len(expiredChains)) 383 } 384 385 // We check that each returned chain matches a chain from 386 // expectedChains but an entry in expectedChains can't match 387 // two chains. 388 seenChains := make([]bool, len(chains)) 389 NextOutputChain: 390 for _, chain := range chains { 391 TryNextExpected: 392 for j, expectedChain := range test.expectedChains { 393 if seenChains[j] { 394 continue 395 } 396 if len(chain) != len(expectedChain) { 397 continue 398 } 399 for k, cert := range chain { 400 if strings.Index(nameToKey(&cert.Subject), expectedChain[k]) == -1 { 401 continue TryNextExpected 402 } 403 } 404 // we matched 405 seenChains[j] = true 406 continue NextOutputChain 407 } 408 t.Errorf("#%d: No expected chain matched %s", i, chainToDebugString(chain)) 409 } 410 } 411 } 412 413 func TestGoVerify(t *testing.T) { 414 testVerify(t) 415 } 416 417 func chainToDebugString(chain []*Certificate) string { 418 var chainStr string 419 for _, cert := range chain { 420 if len(chainStr) > 0 { 421 chainStr += " -> " 422 } 423 chainStr += nameToKey(&cert.Subject) 424 } 425 return chainStr 426 } 427 428 func nameToKey(name *pkix.Name) string { 429 return strings.Join(name.Country, ",") + "/" + strings.Join(name.Organization, ",") + "/" + strings.Join(name.OrganizationalUnit, ",") + "/" + name.CommonName 430 } 431 432 const geoTrustRoot = `-----BEGIN CERTIFICATE----- 433 MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT 434 MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i 435 YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG 436 EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg 437 R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 438 9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq 439 fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv 440 iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU 441 1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ 442 bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW 443 MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA 444 ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l 445 uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn 446 Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS 447 tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF 448 PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un 449 hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV 450 5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== 451 -----END CERTIFICATE----- 452 ` 453 454 const giag2Intermediate = `-----BEGIN CERTIFICATE----- 455 MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT 456 MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i 457 YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQG 458 EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy 459 bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB 460 AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP 461 VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv 462 h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE 463 ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ 464 EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC 465 DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7 466 qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD 467 VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2g 468 K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYI 469 KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5n 470 ZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEB 471 BQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY 472 /iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/ 473 zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjza 474 HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto 475 WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6 476 yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx 477 -----END CERTIFICATE----- 478 ` 479 480 const googleLeaf = `-----BEGIN CERTIFICATE----- 481 MIIEdjCCA16gAwIBAgIIcR5k4dkoe04wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE 482 BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl 483 cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwMzEyMDkzODMwWhcNMTQwNjEwMDAwMDAw 484 WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN 485 TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3 486 Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4zYCe 487 m0oUBhwE0EwBr65eBOcgcQO2PaSIAB2dEP/c1EMX2tOy0ov8rk83ePhJ+MWdT1z6 488 jge9X4zQQI8ZyA9qIiwrKBZOi8DNUvrqNZC7fJAVRrb9aX/99uYOJCypIbpmWG1q 489 fhbHjJewhwf8xYPj71eU4rLG80a+DapWmphtfq3h52lDQIBzLVf1yYbyrTaELaz4 490 NXF7HXb5YkId/gxIsSzM0aFUVu2o8sJcLYAsJqwfFKBKOMxUcn545nlspf0mTcWZ 491 0APlbwsKznNs4/xCDwIxxWjjqgHrYAFl6y07i1gzbAOqdNEyR24p+3JWI8WZBlBI 492 dk2KGj0W1fIfsvyxAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI 493 KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE 494 XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0 495 MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G 496 A1UdDgQWBBTXD5Bx6iqT+dmEhbFL4OUoHyZn8zAMBgNVHRMBAf8EAjAAMB8GA1Ud 497 IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW 498 eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB 499 RzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCR3RJtHzgDh33b/MI1ugiki+nl8Ikj 500 5larbJRE/rcA5oite+QJyAr6SU1gJJ/rRrK3ItVEHr9L621BCM7GSdoNMjB9MMcf 501 tJAW0kYGJ+wqKm53wG/JaOADTnnq2Mt/j6F2uvjgN/ouns1nRHufIvd370N0LeH+ 502 orKqTuAPzXK7imQk6+OycYABbqCtC/9qmwRd8wwn7sF97DtYfK8WuNHtFalCAwyi 503 8LxJJYJCLWoMhZ+V8GZm+FOex5qkQAjnZrtNlbQJ8ro4r+rpKXtmMFFhfa+7L+PA 504 Kom08eUK8skxAzfDDijZPh10VtJ66uBoiDPdT+uCBehcBIcmSTrKjFGX 505 -----END CERTIFICATE----- 506 ` 507 508 // googleLeafWithInvalidHash is the same as googleLeaf, but the signature 509 // algorithm in the certificate contains a nonsense OID. 510 const googleLeafWithInvalidHash = `-----BEGIN CERTIFICATE----- 511 MIIEdjCCA16gAwIBAgIIcR5k4dkoe04wDQYJKoZIhvcNAWAFBQAwSTELMAkGA1UE 512 BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl 513 cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwMzEyMDkzODMwWhcNMTQwNjEwMDAwMDAw 514 WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN 515 TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3 516 Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4zYCe 517 m0oUBhwE0EwBr65eBOcgcQO2PaSIAB2dEP/c1EMX2tOy0ov8rk83ePhJ+MWdT1z6 518 jge9X4zQQI8ZyA9qIiwrKBZOi8DNUvrqNZC7fJAVRrb9aX/99uYOJCypIbpmWG1q 519 fhbHjJewhwf8xYPj71eU4rLG80a+DapWmphtfq3h52lDQIBzLVf1yYbyrTaELaz4 520 NXF7HXb5YkId/gxIsSzM0aFUVu2o8sJcLYAsJqwfFKBKOMxUcn545nlspf0mTcWZ 521 0APlbwsKznNs4/xCDwIxxWjjqgHrYAFl6y07i1gzbAOqdNEyR24p+3JWI8WZBlBI 522 dk2KGj0W1fIfsvyxAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI 523 KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE 524 XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0 525 MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G 526 A1UdDgQWBBTXD5Bx6iqT+dmEhbFL4OUoHyZn8zAMBgNVHRMBAf8EAjAAMB8GA1Ud 527 IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW 528 eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB 529 RzIuY3JsMA0GCSqGSIb3DQFgBQUAA4IBAQCR3RJtHzgDh33b/MI1ugiki+nl8Ikj 530 5larbJRE/rcA5oite+QJyAr6SU1gJJ/rRrK3ItVEHr9L621BCM7GSdoNMjB9MMcf 531 tJAW0kYGJ+wqKm53wG/JaOADTnnq2Mt/j6F2uvjgN/ouns1nRHufIvd370N0LeH+ 532 orKqTuAPzXK7imQk6+OycYABbqCtC/9qmwRd8wwn7sF97DtYfK8WuNHtFalCAwyi 533 8LxJJYJCLWoMhZ+V8GZm+FOex5qkQAjnZrtNlbQJ8ro4r+rpKXtmMFFhfa+7L+PA 534 Kom08eUK8skxAzfDDijZPh10VtJ66uBoiDPdT+uCBehcBIcmSTrKjFGX 535 -----END CERTIFICATE----- 536 ` 537 538 const dnssecExpLeaf = `-----BEGIN CERTIFICATE----- 539 MIIGzTCCBbWgAwIBAgIDAdD6MA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ 540 TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0 541 YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg 542 MSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTAwNzA0MTQ1MjQ1 543 WhcNMTEwNzA1MTA1NzA0WjCBwTEgMB4GA1UEDRMXMjIxMTM3LWxpOWE5dHhJRzZM 544 NnNyVFMxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVQZXJzb25hIE5vdCBWYWxpZGF0 545 ZWQxKTAnBgNVBAsTIFN0YXJ0Q29tIEZyZWUgQ2VydGlmaWNhdGUgTWVtYmVyMRsw 546 GQYDVQQDExJ3d3cuZG5zc2VjLWV4cC5vcmcxKDAmBgkqhkiG9w0BCQEWGWhvc3Rt 547 YXN0ZXJAZG5zc2VjLWV4cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK 548 AoIBAQDEdF/22vaxrPbqpgVYMWi+alfpzBctpbfLBdPGuqOazJdCT0NbWcK8/+B4 549 X6OlSOURNIlwLzhkmwVsWdVv6dVSaN7d4yI/fJkvgfDB9+au+iBJb6Pcz8ULBfe6 550 D8HVvqKdORp6INzHz71z0sghxrQ0EAEkoWAZLh+kcn2ZHdcmZaBNUfjmGbyU6PRt 551 RjdqoP+owIaC1aktBN7zl4uO7cRjlYFdusINrh2kPP02KAx2W84xjxX1uyj6oS6e 552 7eBfvcwe8czW/N1rbE0CoR7h9+HnIrjnVG9RhBiZEiw3mUmF++Up26+4KTdRKbu3 553 +BL4yMpfd66z0+zzqu+HkvyLpFn5AgMBAAGjggL/MIIC+zAJBgNVHRMEAjAAMAsG 554 A1UdDwQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUy04I5guM 555 drzfh2JQaXhgV86+4jUwHwYDVR0jBBgwFoAU60I00Jiwq5/0G2sI98xkLu8OLEUw 556 LQYDVR0RBCYwJIISd3d3LmRuc3NlYy1leHAub3Jngg5kbnNzZWMtZXhwLm9yZzCC 557 AUIGA1UdIASCATkwggE1MIIBMQYLKwYBBAGBtTcBAgIwggEgMC4GCCsGAQUFBwIB 558 FiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMDQGCCsGAQUFBwIB 559 FihodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9pbnRlcm1lZGlhdGUucGRmMIG3Bggr 560 BgEFBQcCAjCBqjAUFg1TdGFydENvbSBMdGQuMAMCAQEagZFMaW1pdGVkIExpYWJp 561 bGl0eSwgc2VlIHNlY3Rpb24gKkxlZ2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3Rh 562 cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUG9saWN5IGF2YWlsYWJsZSBh 563 dCBodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMGEGA1UdHwRaMFgw 564 KqAooCaGJGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2NydDEtY3JsLmNybDAqoCig 565 JoYkaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0MS1jcmwuY3JsMIGOBggrBgEF 566 BQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20v 567 c3ViL2NsYXNzMS9zZXJ2ZXIvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly93d3cuc3Rh 568 cnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczEuc2VydmVyLmNhLmNydDAjBgNVHRIE 569 HDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQEFBQADggEB 570 ACXj6SB59KRJPenn6gUdGEqcta97U769SATyiQ87i9er64qLwvIGLMa3o2Rcgl2Y 571 kghUeyLdN/EXyFBYA8L8uvZREPoc7EZukpT/ZDLXy9i2S0jkOxvF2fD/XLbcjGjM 572 iEYG1/6ASw0ri9C0k4oDDoJLCoeH9++yqF7SFCCMcDkJqiAGXNb4euDpa8vCCtEQ 573 CSS+ObZbfkreRt3cNCf5LfCXe9OsTnCfc8Cuq81c0oLaG+SmaLUQNBuToq8e9/Zm 574 +b+/a3RVjxmkV5OCcGVBxsXNDn54Q6wsdw0TBMcjwoEndzpLS7yWgFbbkq5ZiGpw 575 Qibb2+CfKuQ+WFV1GkVQmVA= 576 -----END CERTIFICATE-----` 577 578 const startComIntermediate = `-----BEGIN CERTIFICATE----- 579 MIIGNDCCBBygAwIBAgIBGDANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW 580 MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg 581 Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh 582 dGlvbiBBdXRob3JpdHkwHhcNMDcxMDI0MjA1NDE3WhcNMTcxMDI0MjA1NDE3WjCB 583 jDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT 584 IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0 585 YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMIIB 586 IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtonGrO8JUngHrJJj0PREGBiE 587 gFYfka7hh/oyULTTRwbw5gdfcA4Q9x3AzhA2NIVaD5Ksg8asWFI/ujjo/OenJOJA 588 pgh2wJJuniptTT9uYSAK21ne0n1jsz5G/vohURjXzTCm7QduO3CHtPn66+6CPAVv 589 kvek3AowHpNz/gfK11+AnSJYUq4G2ouHI2mw5CrY6oPSvfNx23BaKA+vWjhwRRI/ 590 ME3NO68X5Q/LoKldSKqxYVDLNM08XMML6BDAjJvwAwNi/rJsPnIO7hxDKslIDlc5 591 xDEhyBDBLIf+VJVSH1I8MRKbf+fAoKVZ1eKPPvDVqOHXcDGpxLPPr21TLwb0pwID 592 AQABo4IBrTCCAakwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD 593 VR0OBBYEFOtCNNCYsKuf9BtrCPfMZC7vDixFMB8GA1UdIwQYMBaAFE4L7xqkQFul 594 F2mHMMo0aEPQQa7yMGYGCCsGAQUFBwEBBFowWDAnBggrBgEFBQcwAYYbaHR0cDov 595 L29jc3Auc3RhcnRzc2wuY29tL2NhMC0GCCsGAQUFBzAChiFodHRwOi8vd3d3LnN0 596 YXJ0c3NsLmNvbS9zZnNjYS5jcnQwWwYDVR0fBFQwUjAnoCWgI4YhaHR0cDovL3d3 597 dy5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0 598 c3NsLmNvbS9zZnNjYS5jcmwwgYAGA1UdIAR5MHcwdQYLKwYBBAGBtTcBAgEwZjAu 599 BggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0 600 BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRl 601 LnBkZjANBgkqhkiG9w0BAQUFAAOCAgEAIQlJPqWIbuALi0jaMU2P91ZXouHTYlfp 602 tVbzhUV1O+VQHwSL5qBaPucAroXQ+/8gA2TLrQLhxpFy+KNN1t7ozD+hiqLjfDen 603 xk+PNdb01m4Ge90h2c9W/8swIkn+iQTzheWq8ecf6HWQTd35RvdCNPdFWAwRDYSw 604 xtpdPvkBnufh2lWVvnQce/xNFE+sflVHfXv0pQ1JHpXo9xLBzP92piVH0PN1Nb6X 605 t1gW66pceG/sUzCv6gRNzKkC4/C2BBL2MLERPZBOVmTX3DxDX3M570uvh+v2/miI 606 RHLq0gfGabDBoYvvF0nXYbFFSF87ICHpW7LM9NfpMfULFWE7epTj69m8f5SuauNi 607 YpaoZHy4h/OZMn6SolK+u/hlz8nyMPyLwcKmltdfieFcNID1j0cHL7SRv7Gifl9L 608 WtBbnySGBVFaaQNlQ0lxxeBvlDRr9hvYqbBMflPrj0jfyjO1SPo2ShpTpjMM0InN 609 SRXNiTE8kMBy12VLUjWKRhFEuT2OKGWmPnmeXAhEKa2wNREuIU640ucQPl2Eg7PD 610 wuTSxv0JS3QJ3fGz0xk+gA2iCxnwOOfFwq/iI9th4p1cbiCJSS4jarJiwUW0n6+L 611 p/EiO/h94pDQehn7Skzj0n1fSoMD7SfWI55rjbRZotnvbIIp3XUZPD9MEI3vu3Un 612 0q6Dp6jOW6c= 613 -----END CERTIFICATE-----` 614 615 const startComRoot = `-----BEGIN CERTIFICATE----- 616 MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW 617 MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg 618 Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh 619 dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9 620 MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi 621 U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh 622 cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA 623 A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk 624 pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf 625 OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C 626 Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT 627 Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi 628 HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM 629 Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w 630 +2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+ 631 Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 632 Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B 633 26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID 634 AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE 635 FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j 636 ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js 637 LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM 638 BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0 639 Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy 640 dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh 641 cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh 642 YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg 643 dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp 644 bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ 645 YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT 646 TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ 647 9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8 648 jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW 649 FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz 650 ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1 651 ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L 652 EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu 653 L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq 654 yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC 655 O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V 656 um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh 657 NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14= 658 -----END CERTIFICATE-----` 659 660 const startComRootSHA256 = `-----BEGIN CERTIFICATE----- 661 MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEW 662 MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg 663 Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh 664 dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM3WhcNMzYwOTE3MTk0NjM2WjB9 665 MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi 666 U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh 667 cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA 668 A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk 669 pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf 670 OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C 671 Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT 672 Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi 673 HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM 674 Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w 675 +2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+ 676 Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 677 Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B 678 26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID 679 AQABo4ICEDCCAgwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD 680 VR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMB8GA1UdIwQYMBaAFE4L7xqkQFul 681 F2mHMMo0aEPQQa7yMIIBWgYDVR0gBIIBUTCCAU0wggFJBgsrBgEEAYG1NwEBATCC 682 ATgwLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5w 683 ZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2ludGVybWVk 684 aWF0ZS5wZGYwgc8GCCsGAQUFBwICMIHCMCcWIFN0YXJ0IENvbW1lcmNpYWwgKFN0 685 YXJ0Q29tKSBMdGQuMAMCAQEagZZMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0aGUg 686 c2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0 687 aWZpY2F0aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly93 688 d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgG 689 CWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1 690 dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAgEAjo/n3JR5fPGFf59Jb2vKXfuM/gTF 691 wWLRfUKKvFO3lANmMD+x5wqnUCBVJX92ehQN6wQOQOY+2IirByeDqXWmN3PH/UvS 692 Ta0XQMhGvjt/UfzDtgUx3M2FIk5xt/JxXrAaxrqTi3iSSoX4eA+D/i+tLPfkpLst 693 0OcNOrg+zvZ49q5HJMqjNTbOx8aHmNrs++myziebiMMEofYLWWivydsQD032ZGNc 694 pRJvkrKTlMeIFw6Ttn5ii5B/q06f/ON1FE8qMt9bDeD1e5MNq6HPh+GlBEXoPBKl 695 CcWw0bdT82AUuoVpaiF8H3VhFyAXe2w7QSlc4axa0c2Mm+tgHRns9+Ww2vl5GKVF 696 P0lDV9LdJNUso/2RjSe15esUBppMeyG7Oq0wBhjA2MFrLH9ZXF2RsXAiV+uKa0hK 697 1Q8p7MZAwC+ITGgBF3f0JBlPvfrhsiAhS90a2Cl9qrjeVOwhVYBsHvUwyKMQ5bLm 698 KhQxw4UtjJixhlpPiVktucf3HMiKf8CdBUrmQk9io20ppB+Fq9vlgcitKj1MXVuE 699 JnHEhV5xJMqlG2zYYdMa4FTbzrqpMrUi9nNBCV24F10OD5mQ1kfabwo6YigUZ4LZ 700 8dCAWZvLMdibD4x3TrVoivJs9iQOLWxwxXPR3hTQcY+203sC9uO41Alua551hDnm 701 fyWl8kgAwKQB2j8= 702 -----END CERTIFICATE-----` 703 704 const smimeLeaf = `-----BEGIN CERTIFICATE----- 705 MIIFBjCCA+6gAwIBAgISESFvrjT8XcJTEe6rBlPptILlMA0GCSqGSIb3DQEBBQUA 706 MFQxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSowKAYD 707 VQQDEyFHbG9iYWxTaWduIFBlcnNvbmFsU2lnbiAyIENBIC0gRzIwHhcNMTIwMTIz 708 MTYzNjU5WhcNMTUwMTIzMTYzNjU5WjCBlDELMAkGA1UEBhMCVVMxFjAUBgNVBAgT 709 DU5ldyBIYW1zcGhpcmUxEzARBgNVBAcTClBvcnRzbW91dGgxGTAXBgNVBAoTEEds 710 b2JhbFNpZ24sIEluYy4xEzARBgNVBAMTClJ5YW4gSHVyc3QxKDAmBgkqhkiG9w0B 711 CQEWGXJ5YW4uaHVyc3RAZ2xvYmFsc2lnbi5jb20wggEiMA0GCSqGSIb3DQEBAQUA 712 A4IBDwAwggEKAoIBAQC4ASSTvavmsFQAob60ukSSwOAL9nT/s99ltNUCAf5fPH5j 713 NceMKxaQse2miOmRRIXaykcq1p/TbI70Ztce38r2mbOwqDHHPVi13GxJEyUXWgaR 714 BteDMu5OGyWNG1kchVsGWpbstT0Z4v0md5m1BYFnxB20ebJyOR2lXDxsFK28nnKV 715 +5eMj76U8BpPQ4SCH7yTMG6y0XXsB3cCrBKr2o3TOYgEKv+oNnbaoMt3UxMt9nSf 716 9jyIshjqfnT5Aew3CUNMatO55g5FXXdIukAweg1YSb1ls05qW3sW00T3d7dQs9/7 717 NuxCg/A2elmVJSoy8+MLR8JSFEf/aMgjO/TyLg/jAgMBAAGjggGPMIIBizAOBgNV 718 HQ8BAf8EBAMCBaAwTQYDVR0gBEYwRDBCBgorBgEEAaAyASgKMDQwMgYIKwYBBQUH 719 AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMCQGA1Ud 720 EQQdMBuBGXJ5YW4uaHVyc3RAZ2xvYmFsc2lnbi5jb20wCQYDVR0TBAIwADAdBgNV 721 HSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwQwYDVR0fBDwwOjA4oDagNIYyaHR0 722 cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc3BlcnNvbmFsc2lnbjJnMi5jcmww 723 VQYIKwYBBQUHAQEESTBHMEUGCCsGAQUFBzAChjlodHRwOi8vc2VjdXJlLmdsb2Jh 724 bHNpZ24uY29tL2NhY2VydC9nc3BlcnNvbmFsc2lnbjJnMi5jcnQwHQYDVR0OBBYE 725 FFWiECe0/L72eVYqcWYnLV6SSjzhMB8GA1UdIwQYMBaAFD8V0m18L+cxnkMKBqiU 726 bCw7xe5lMA0GCSqGSIb3DQEBBQUAA4IBAQAhQi6hLPeudmf3IBF4IDzCvRI0FaYd 727 BKfprSk/H0PDea4vpsLbWpA0t0SaijiJYtxKjlM4bPd+2chb7ejatDdyrZIzmDVy 728 q4c30/xMninGKokpYA11/Ve+i2dvjulu65qasrtQRGybAuuZ67lrp/K3OMFgjV5N 729 C3AHYLzvNU4Dwc4QQ1BaMOg6KzYSrKbABRZajfrpC9uiePsv7mDIXLx/toBPxWNl 730 a5vJm5DrZdn7uHdvBCE6kMykbOLN5pmEK0UIlwKh6Qi5XD0pzlVkEZliFkBMJgub 731 d/eF7xeg7TKPWC5xyOFp9SdMolJM7LTC3wnSO3frBAev+q/nGs9Xxyvs 732 -----END CERTIFICATE-----` 733 734 const smimeIntermediate = `-----BEGIN CERTIFICATE----- 735 MIIEFjCCAv6gAwIBAgILBAAAAAABL07hL1IwDQYJKoZIhvcNAQEFBQAwVzELMAkG 736 A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv 737 b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAw 738 MDBaFw0xOTA0MTMxMDAwMDBaMFQxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i 739 YWxTaWduIG52LXNhMSowKAYDVQQDEyFHbG9iYWxTaWduIFBlcnNvbmFsU2lnbiAy 740 IENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBa0H5Nez4 741 En3dIlFpX7e5E0YndxQ74xOBbz7kdBd+DLX0LOQMjVPU3DAgKL9ujhH+ZhHkURbH 742 3X/94TQSUL/z2JjsaQvS0NqyZXHhM5eeuquzOJRzEQ8+odETzHg2G0Erv7yjSeww 743 gkwDWDJnYUDlOjYTDUEG6+i+8Mn425reo4I0E277wD542kmVWeW7+oHv5dZo9e1Q 744 yWwiKTEP6BEQVVSBgThXMG4traSSDRUt3T1eQTZx5EObpiBEBO4OTqiBTJfg4vEI 745 YgkXzKLpnfszTB6YMDpR9/QS6p3ANB3kfAb+t6udSO3WCst0DGrwHDLBFGDR4UeY 746 T5KGGnI7cWL7AgMBAAGjgeUwgeIwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQI 747 MAYBAf8CAQAwHQYDVR0OBBYEFD8V0m18L+cxnkMKBqiUbCw7xe5lMEcGA1UdIARA 748 MD4wPAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWdu 749 LmNvbS9yZXBvc2l0b3J5LzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmds 750 b2JhbHNpZ24ubmV0L3Jvb3QuY3JsMB8GA1UdIwQYMBaAFGB7ZhpFDZfKiVAvfQTN 751 NKj//P1LMA0GCSqGSIb3DQEBBQUAA4IBAQBDc3nMpMxJMQMcYUCB3+C73UpvwDE8 752 eCOr7t2F/uaQKKcyqqstqLZc6vPwI/rcE9oDHugY5QEjQzIBIEaTnN6P0vege2IX 753 eCOr7t2F/uaQKKcyqqstqLZc6vPwI/rcE9oDHugY5QEjQzIBIEaTnN6P0vege2IX 754 YEvTWbWwGdPytDFPYIl3/6OqNSXSnZ7DxPcdLJq2uyiga8PB/TTIIHYkdM2+1DE0 755 7y3rH/7TjwDVD7SLu5/SdOfKskuMPTjOEvz3K161mymW06klVhubCIWOro/Gx1Q2 756 2FQOZ7/2k4uYoOdBTSlb8kTAuzZNgIE0rB2BIYCTz/P6zZIKW0ogbRSH 757 -----END CERTIFICATE-----` 758 759 var megaLeaf = `-----BEGIN CERTIFICATE----- 760 MIIFOjCCBCKgAwIBAgIQWYE8Dup170kZ+k11Lg51OjANBgkqhkiG9w0BAQUFADBy 761 MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD 762 VQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDEYMBYGA1UE 763 AxMPRXNzZW50aWFsU1NMIENBMB4XDTEyMTIxNDAwMDAwMFoXDTE0MTIxNDIzNTk1 764 OVowfzEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMS4wLAYDVQQL 765 EyVIb3N0ZWQgYnkgSW5zdHJhIENvcnBvcmF0aW9uIFB0eS4gTFREMRUwEwYDVQQL 766 EwxFc3NlbnRpYWxTU0wxEzARBgNVBAMTCm1lZ2EuY28ubnowggEiMA0GCSqGSIb3 767 DQEBAQUAA4IBDwAwggEKAoIBAQDcxMCClae8BQIaJHBUIVttlLvhbK4XhXPk3RQ3 768 G5XA6tLZMBQ33l3F9knYJ0YErXtr8IdfYoulRQFmKFMJl9GtWyg4cGQi2Rcr5VN5 769 S5dA1vu4oyJBxE9fPELcK6Yz1vqaf+n6za+mYTiQYKggVdS8/s8hmNuXP9Zk1pIn 770 +q0pGsf8NAcSHMJgLqPQrTDw+zae4V03DvcYfNKjuno88d2226ld7MAmQZ7uRNsI 771 /CnkdelVs+akZsXf0szefSqMJlf08SY32t2jj4Ra7RApVYxOftD9nij/aLfuqOU6 772 ow6IgIcIG2ZvXLZwK87c5fxL7UAsTTV+M1sVv8jA33V2oKLhAgMBAAGjggG9MIIB 773 uTAfBgNVHSMEGDAWgBTay+qtWwhdzP/8JlTOSeVVxjj0+DAdBgNVHQ4EFgQUmP9l 774 6zhyrZ06Qj4zogt+6LKFk4AwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw 775 NAYDVR0lBC0wKwYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglghkgB 776 hvhCBAEwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkGCCsGAQUFBwIBFh1o 777 dHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgEwOwYDVR0fBDQw 778 MjAwoC6gLIYqaHR0cDovL2NybC5jb21vZG9jYS5jb20vRXNzZW50aWFsU1NMQ0Eu 779 Y3JsMG4GCCsGAQUFBwEBBGIwYDA4BggrBgEFBQcwAoYsaHR0cDovL2NydC5jb21v 780 ZG9jYS5jb20vRXNzZW50aWFsU1NMQ0FfMi5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6 781 Ly9vY3NwLmNvbW9kb2NhLmNvbTAlBgNVHREEHjAcggptZWdhLmNvLm56gg53d3cu 782 bWVnYS5jby5uejANBgkqhkiG9w0BAQUFAAOCAQEAcYhrsPSvDuwihMOh0ZmRpbOE 783 Gw6LqKgLNTmaYUPQhzi2cyIjhUhNvugXQQlP5f0lp5j8cixmArafg1dTn4kQGgD3 784 ivtuhBTgKO1VYB/VRoAt6Lmswg3YqyiS7JiLDZxjoV7KoS5xdiaINfHDUaBBY4ZH 785 j2BUlPniNBjCqXe/HndUTVUewlxbVps9FyCmH+C4o9DWzdGBzDpCkcmo5nM+cp7q 786 ZhTIFTvZfo3zGuBoyu8BzuopCJcFRm3cRiXkpI7iOMUIixO1szkJS6WpL1sKdT73 787 UXp08U0LBqoqG130FbzEJBBV3ixbvY6BWMHoCWuaoF12KJnC5kHt2RoWAAgMXA== 788 -----END CERTIFICATE-----` 789 790 var comodoIntermediate1 = `-----BEGIN CERTIFICATE----- 791 MIIFAzCCA+ugAwIBAgIQGLLLuqME8aAPwfLzJkYqSjANBgkqhkiG9w0BAQUFADCB 792 gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G 793 A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV 794 BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw 795 MDBaFw0xOTEyMzEyMzU5NTlaMHIxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVh 796 dGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9E 797 TyBDQSBMaW1pdGVkMRgwFgYDVQQDEw9Fc3NlbnRpYWxTU0wgQ0EwggEiMA0GCSqG 798 SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt8AiwcsargxIxF3CJhakgEtSYau2A1NHf 799 5I5ZLdOWIY120j8YC0YZYwvHIPPlC92AGvFaoL0dds23Izp0XmEbdaqb1IX04XiR 800 0y3hr/yYLgbSeT1awB8hLRyuIVPGOqchfr7tZ291HRqfalsGs2rjsQuqag7nbWzD 801 ypWMN84hHzWQfdvaGlyoiBSyD8gSIF/F03/o4Tjg27z5H6Gq1huQByH6RSRQXScq 802 oChBRVt9vKCiL6qbfltTxfEFFld+Edc7tNkBdtzffRDPUanlOPJ7FAB1WfnwWdsX 803 Pvev5gItpHnBXaIcw5rIp6gLSApqLn8tl2X2xQScRMiZln5+pN0vAgMBAAGjggGD 804 MIIBfzAfBgNVHSMEGDAWgBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAdBgNVHQ4EFgQU 805 2svqrVsIXcz//CZUzknlVcY49PgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQI 806 MAYBAf8CAQAwIAYDVR0lBBkwFwYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMD4GA1Ud 807 IAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21v 808 ZG8uY29tL0NQUzBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9kb2Nh 809 LmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBsBggrBgEFBQcB 810 AQRgMF4wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NvbW9k 811 b1VUTlNHQ0NBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2Eu 812 Y29tMA0GCSqGSIb3DQEBBQUAA4IBAQAtlzR6QDLqcJcvgTtLeRJ3rvuq1xqo2l/z 813 odueTZbLN3qo6u6bldudu+Ennv1F7Q5Slqz0J790qpL0pcRDAB8OtXj5isWMcL2a 814 ejGjKdBZa0wztSz4iw+SY1dWrCRnilsvKcKxudokxeRiDn55w/65g+onO7wdQ7Vu 815 F6r7yJiIatnyfKH2cboZT7g440LX8NqxwCPf3dfxp+0Jj1agq8MLy6SSgIGSH6lv 816 +Wwz3D5XxqfyH8wqfOQsTEZf6/Nh9yvENZ+NWPU6g0QO2JOsTGvMd/QDzczc4BxL 817 XSXaPV7Od4rhPsbXlM1wSTz/Dr0ISKvlUhQVnQ6cGodWaK2cCQBk 818 -----END CERTIFICATE-----` 819 820 var comodoRoot = `-----BEGIN CERTIFICATE----- 821 MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB 822 gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G 823 A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV 824 BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw 825 MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl 826 YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P 827 RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 828 aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 829 UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI 830 2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 831 Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp 832 +2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ 833 DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O 834 nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW 835 /zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g 836 PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u 837 QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY 838 SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv 839 IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ 840 RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 841 zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd 842 BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB 843 ZQ== 844 -----END CERTIFICATE-----` 845 846 var nameConstraintsLeaf = `-----BEGIN CERTIFICATE----- 847 MIIHMTCCBRmgAwIBAgIIIZaV/3ezOJkwDQYJKoZIhvcNAQEFBQAwgcsxCzAJBgNV 848 BAYTAlVTMREwDwYDVQQIEwhWaXJnaW5pYTETMBEGA1UEBxMKQmxhY2tzYnVyZzEj 849 MCEGA1UECxMaR2xvYmFsIFF1YWxpZmllZCBTZXJ2ZXIgQ0ExPDA6BgNVBAoTM1Zp 850 cmdpbmlhIFBvbHl0ZWNobmljIEluc3RpdHV0ZSBhbmQgU3RhdGUgVW5pdmVyc2l0 851 eTExMC8GA1UEAxMoVmlyZ2luaWEgVGVjaCBHbG9iYWwgUXVhbGlmaWVkIFNlcnZl 852 ciBDQTAeFw0xMzA5MTkxNDM2NTVaFw0xNTA5MTkxNDM2NTVaMIHNMQswCQYDVQQG 853 EwJVUzERMA8GA1UECAwIVmlyZ2luaWExEzARBgNVBAcMCkJsYWNrc2J1cmcxPDA6 854 BgNVBAoMM1ZpcmdpbmlhIFBvbHl0ZWNobmljIEluc3RpdHV0ZSBhbmQgU3RhdGUg 855 VW5pdmVyc2l0eTE7MDkGA1UECwwyVGVjaG5vbG9neS1lbmhhbmNlZCBMZWFybmlu 856 ZyBhbmQgT25saW5lIFN0cmF0ZWdpZXMxGzAZBgNVBAMMEnNlY3VyZS5pZGRsLnZ0 857 LmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkOyPpsOK/6IuPG 858 WnIBlVwlHzeYf+cUlggqkLq0b0+vZbiTXgio9/VCuNQ8opSoss7J7o3ygV9to+9Y 859 YwJKVC5WDT/y5JWpQey0CWILymViJnpNSwnxBc8A+Q8w5NUGDd/UhtPx/U8/hqbd 860 WPDYj2hbOqyq8UlRhfS5pwtnv6BbCTaY11I6FhCLK7zttISyTuWCf9p9o/ggiipP 861 ii/5oh4dkl+r5SfuSp5GPNHlYO8lWqys5NAPoDD4fc/kuflcK7Exx7XJ+Oqu0W0/ 862 psjEY/tES1ZgDWU/ParcxxFpFmKHbD5DXsfPOObzkVWXIY6tGMutSlE1Froy/Nn0 863 OZsAOrcCAwEAAaOCAhMwggIPMIG4BggrBgEFBQcBAQSBqzCBqDBYBggrBgEFBQcw 864 AoZMaHR0cDovL3d3dy5wa2kudnQuZWR1L2dsb2JhbHF1YWxpZmllZHNlcnZlci9j 865 YWNlcnQvZ2xvYmFscXVhbGlmaWVkc2VydmVyLmNydDBMBggrBgEFBQcwAYZAaHR0 866 cDovL3Z0Y2EtcC5lcHJvdi5zZXRpLnZ0LmVkdTo4MDgwL2VqYmNhL3B1YmxpY3dl 867 Yi9zdGF0dXMvb2NzcDAdBgNVHQ4EFgQUp7xbO6iHkvtZbPE4jmndmnAbSEcwDAYD 868 VR0TAQH/BAIwADAfBgNVHSMEGDAWgBS8YmAn1eM1SBfpS6tFatDIqHdxjDBqBgNV 869 HSAEYzBhMA4GDCsGAQQBtGgFAgICATAOBgwrBgEEAbRoBQICAQEwPwYMKwYBBAG0 870 aAUCAgMBMC8wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucGtpLnZ0LmVkdS9nbG9i 871 YWwvY3BzLzBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vd3d3LnBraS52dC5lZHUv 872 Z2xvYmFscXVhbGlmaWVkc2VydmVyL2NybC9jYWNybC5jcmwwDgYDVR0PAQH/BAQD 873 AgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHREEFjAUghJz 874 ZWN1cmUuaWRkbC52dC5lZHUwDQYJKoZIhvcNAQEFBQADggIBAEgoYo4aUtatY3gI 875 OyyKp7QlIOaLbTJZywESHqy+L5EGDdJW2DJV+mcE0LDGvqa2/1Lo+AR1ntsZwfOi 876 Y718JwgVVaX/RCd5+QKP25c5/x72xI8hb/L1bgS0ED9b0YAhd7Qm1K1ot82+6mqX 877 DW6WiGeDr8Z07MQ3143qQe2rBlq+QI69DYzm2GOqAIAnUIWv7tCyLUm31b4DwmrJ 878 TeudVreTKUbBNB1TWRFHEPkWhjjXKZnNGRO11wHXcyBu6YekIvVZ+vmx8ePee4jJ 879 3GFOi7lMuWOeq57jTVL7KOKaKLVXBb6gqo5aq+Wwt8RUD5MakrCAEeQZj7DKaFmZ 880 oQCO0Pxrsl3InCGvxnGzT+bFVO9nJ/BAMj7hknFdm9Jr6Bg5q33Z+gnf909AD9QF 881 ESqUSykaHu2LVdJx2MaCH1CyKnRgMw5tEwE15EXpUjCm24m8FMOYC+rNtf18pgrz 882 5D8Jhh+oxK9PjcBYqXNtnioIxiMCYcV0q5d4w4BYFEh71tk7/bYB0R55CsBUVPmp 883 timWNOdRd57Tfpk3USaVsumWZAf9MP3wPiC7gb4d5tYEEAG5BuDT8ruFw838wU8G 884 1VvAVutSiYBg7k3NYO7AUqZ+Ax4klQX3aM9lgonmJ78Qt94UPtbptrfZ4/lSqEf8 885 GBUwDrQNTb+gsXsDkjd5lcYxNx6l 886 -----END CERTIFICATE-----` 887 888 var nameConstraintsIntermediate1 = `-----BEGIN CERTIFICATE----- 889 MIINLjCCDBagAwIBAgIRIqpyf/YoGgvHc8HiDAxAI8owDQYJKoZIhvcNAQEFBQAw 890 XDELMAkGA1UEBhMCQkUxFTATBgNVBAsTDFRydXN0ZWQgUm9vdDEZMBcGA1UEChMQ 891 R2xvYmFsU2lnbiBudi1zYTEbMBkGA1UEAxMSVHJ1c3RlZCBSb290IENBIEcyMB4X 892 DTEyMTIxMzAwMDAwMFoXDTE3MTIxMzAwMDAwMFowgcsxCzAJBgNVBAYTAlVTMREw 893 DwYDVQQIEwhWaXJnaW5pYTETMBEGA1UEBxMKQmxhY2tzYnVyZzEjMCEGA1UECxMa 894 R2xvYmFsIFF1YWxpZmllZCBTZXJ2ZXIgQ0ExPDA6BgNVBAoTM1ZpcmdpbmlhIFBv 895 bHl0ZWNobmljIEluc3RpdHV0ZSBhbmQgU3RhdGUgVW5pdmVyc2l0eTExMC8GA1UE 896 AxMoVmlyZ2luaWEgVGVjaCBHbG9iYWwgUXVhbGlmaWVkIFNlcnZlciBDQTCCAiIw 897 DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALgIZhEaptBWADBqdJ45ueFGzMXa 898 GHnzNxoxR1fQIaaRQNdCg4cw3A4dWKMeEgYLtsp65ai3Xfw62Qaus0+KJ3RhgV+r 899 ihqK81NUzkls78fJlADVDI4fCTlothsrE1CTOMiy97jKHai5mVTiWxmcxpmjv7fm 900 5Nhc+uHgh2hIz6npryq495mD51ZrUTIaqAQN6Pw/VHfAmR524vgriTOjtp1t4lA9 901 pXGWjF/vkhAKFFheOQSQ00rngo2wHgCqMla64UTN0oz70AsCYNZ3jDLx0kOP0YmM 902 R3Ih91VA63kLqPXA0R6yxmmhhxLZ5bcyAy1SLjr1N302MIxLM/pSy6aquEnbELhz 903 qyp9yGgRyGJay96QH7c4RJY6gtcoPDbldDcHI9nXngdAL4DrZkJ9OkDkJLyqG66W 904 ZTF5q4EIs6yMdrywz0x7QP+OXPJrjYpbeFs6tGZCFnWPFfmHCRJF8/unofYrheq+ 905 9J7Jx3U55S/k57NXbAM1RAJOuMTlfn9Etf9Dpoac9poI4Liav6rBoUQk3N3JWqnV 906 HNx/NdCyJ1/6UbKMJUZsStAVglsi6lVPo289HHOE4f7iwl3SyekizVOp01wUin3y 907 cnbZB/rXmZbwapSxTTSBf0EIOr9i4EGfnnhCAVA9U5uLrI5OEB69IY8PNX0071s3 908 Z2a2fio5c8m3JkdrAgMBAAGjggh5MIIIdTAOBgNVHQ8BAf8EBAMCAQYwTAYDVR0g 909 BEUwQzBBBgkrBgEEAaAyATwwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xv 910 YmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wEgYDVR0TAQH/BAgwBgEB/wIBADCCBtAG 911 A1UdHgSCBscwggbDoIIGvzASghAzZGJsYWNrc2J1cmcub3JnMBiCFmFjY2VsZXJh 912 dGV2aXJnaW5pYS5jb20wGIIWYWNjZWxlcmF0ZXZpcmdpbmlhLm9yZzALgglhY3Zj 913 cC5vcmcwCYIHYmV2Lm5ldDAJggdiZXYub3JnMAuCCWNsaWdzLm9yZzAMggpjbWl3 914 ZWIub3JnMBeCFWVhc3Rlcm5icm9va3Ryb3V0Lm5ldDAXghVlYXN0ZXJuYnJvb2t0 915 cm91dC5vcmcwEYIPZWNvcnJpZG9ycy5pbmZvMBOCEWVkZ2FycmVzZWFyY2gub3Jn 916 MBKCEGdldC1lZHVjYXRlZC5jb20wE4IRZ2V0LWVkdWNhdGVkLmluZm8wEYIPZ2V0 917 ZWR1Y2F0ZWQubmV0MBKCEGdldC1lZHVjYXRlZC5uZXQwEYIPZ2V0ZWR1Y2F0ZWQu 918 b3JnMBKCEGdldC1lZHVjYXRlZC5vcmcwD4INaG9raWVjbHViLmNvbTAQgg5ob2tp 919 ZXBob3RvLmNvbTAPgg1ob2tpZXNob3AuY29tMBGCD2hva2llc3BvcnRzLmNvbTAS 920 ghBob2tpZXRpY2tldHMuY29tMBKCEGhvdGVscm9hbm9rZS5jb20wE4IRaHVtYW53 921 aWxkbGlmZS5vcmcwF4IVaW5uYXR2aXJnaW5pYXRlY2guY29tMA+CDWlzY2hwMjAx 922 MS5vcmcwD4INbGFuZHJlaGFiLm9yZzAggh5uYXRpb25hbHRpcmVyZXNlYXJjaGNl 923 bnRlci5jb20wFYITbmV0d29ya3ZpcmdpbmlhLm5ldDAMggpwZHJjdnQuY29tMBiC 924 FnBldGVkeWVyaXZlcmNvdXJzZS5jb20wDYILcmFkaW9pcS5vcmcwFYITcml2ZXJj 925 b3Vyc2Vnb2xmLmNvbTALgglzZGltaS5vcmcwEIIOc292YW1vdGlvbi5jb20wHoIc 926 c3VzdGFpbmFibGUtYmlvbWF0ZXJpYWxzLmNvbTAeghxzdXN0YWluYWJsZS1iaW9t 927 YXRlcmlhbHMub3JnMBWCE3RoaXNpc3RoZWZ1dHVyZS5jb20wGIIWdGhpcy1pcy10 928 aGUtZnV0dXJlLmNvbTAVghN0aGlzaXN0aGVmdXR1cmUubmV0MBiCFnRoaXMtaXMt 929 dGhlLWZ1dHVyZS5uZXQwCoIIdmFkcy5vcmcwDIIKdmFsZWFmLm9yZzANggt2YXRl 930 Y2guaW5mbzANggt2YXRlY2gubW9iaTAcghp2YXRlY2hsaWZlbG9uZ2xlYXJuaW5n 931 LmNvbTAcghp2YXRlY2hsaWZlbG9uZ2xlYXJuaW5nLm5ldDAcghp2YXRlY2hsaWZl 932 bG9uZ2xlYXJuaW5nLm9yZzAKggh2Y29tLmVkdTASghB2aXJnaW5pYXZpZXcubmV0 933 MDSCMnZpcmdpbmlhcG9seXRlY2huaWNpbnN0aXR1dGVhbmRzdGF0ZXVuaXZlcnNp 934 dHkuY29tMDWCM3ZpcmdpbmlhcG9seXRlY2huaWNpbnN0aXR1dGVhbmRzdGF0ZXVu 935 aXZlcnNpdHkuaW5mbzA0gjJ2aXJnaW5pYXBvbHl0ZWNobmljaW5zdGl0dXRlYW5k 936 c3RhdGV1bml2ZXJzaXR5Lm5ldDA0gjJ2aXJnaW5pYXBvbHl0ZWNobmljaW5zdGl0 937 dXRlYW5kc3RhdGV1bml2ZXJzaXR5Lm9yZzAZghd2aXJnaW5pYXB1YmxpY3JhZGlv 938 Lm9yZzASghB2aXJnaW5pYXRlY2guZWR1MBOCEXZpcmdpbmlhdGVjaC5tb2JpMByC 939 GnZpcmdpbmlhdGVjaGZvdW5kYXRpb24ub3JnMAiCBnZ0LmVkdTALggl2dGFyYy5v 940 cmcwDIIKdnQtYXJjLm9yZzALggl2dGNyYy5jb20wCoIIdnRpcC5vcmcwDIIKdnRs 941 ZWFuLm9yZzAWghR2dGtub3dsZWRnZXdvcmtzLmNvbTAYghZ2dGxpZmVsb25nbGVh 942 cm5pbmcuY29tMBiCFnZ0bGlmZWxvbmdsZWFybmluZy5uZXQwGIIWdnRsaWZlbG9u 943 Z2xlYXJuaW5nLm9yZzATghF2dHNwb3J0c21lZGlhLmNvbTALggl2dHdlaS5jb20w 944 D4INd2l3YXR3ZXJjLmNvbTAKggh3dnRmLm9yZzAIgQZ2dC5lZHUwd6R1MHMxCzAJ 945 BgNVBAYTAlVTMREwDwYDVQQIEwhWaXJnaW5pYTETMBEGA1UEBxMKQmxhY2tzYnVy 946 ZzE8MDoGA1UEChMzVmlyZ2luaWEgUG9seXRlY2huaWMgSW5zdGl0dXRlIGFuZCBT 947 dGF0ZSBVbml2ZXJzaXR5MCcGA1UdJQQgMB4GCCsGAQUFBwMCBggrBgEFBQcDAQYI 948 KwYBBQUHAwkwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2NybC5nbG9iYWxzaWdu 949 LmNvbS9ncy90cnVzdHJvb3RnMi5jcmwwgYQGCCsGAQUFBwEBBHgwdjAzBggrBgEF 950 BQcwAYYnaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL3RydXN0cm9vdGcyMD8G 951 CCsGAQUFBzAChjNodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC90 952 cnVzdHJvb3RnMi5jcnQwHQYDVR0OBBYEFLxiYCfV4zVIF+lLq0Vq0Miod3GMMB8G 953 A1UdIwQYMBaAFBT25YsxtkWASkxt/MKHico2w5BiMA0GCSqGSIb3DQEBBQUAA4IB 954 AQAyJm/lOB2Er4tHXhc/+fSufSzgjohJgYfMkvG4LknkvnZ1BjliefR8tTXX49d2 955 SCDFWfGjqyJZwavavkl/4p3oXPG/nAMDMvxh4YAT+CfEK9HH+6ICV087kD4BLegi 956 +aFJMj8MMdReWCzn5sLnSR1rdse2mo2arX3Uod14SW+PGrbUmTuWNyvRbz3fVmxp 957 UdbGmj3laknO9YPsBGgHfv73pVVsTJkW4ZfY/7KdD/yaVv6ophpOB3coXfjl2+kd 958 Z4ypn2zK+cx9IL/LSewqd/7W9cD55PCUy4X9OTbEmAccwiz3LB66mQoUGfdHdkoB 959 jUY+v9vLQXmaVwI0AYL7g9LN 960 -----END CERTIFICATE-----` 961 962 var nameConstraintsIntermediate2 = `-----BEGIN CERTIFICATE----- 963 MIIEXTCCA0WgAwIBAgILBAAAAAABNuk6OrMwDQYJKoZIhvcNAQEFBQAwVzELMAkG 964 A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv 965 b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMjA0MjUxMTAw 966 MDBaFw0yNzA0MjUxMTAwMDBaMFwxCzAJBgNVBAYTAkJFMRUwEwYDVQQLEwxUcnVz 967 dGVkIFJvb3QxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExGzAZBgNVBAMTElRy 968 dXN0ZWQgUm9vdCBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB 969 AKyuvqrtcMr7g7EuNbu4sKwxM127UsCmx1RxbxxgcArGS7rjiefpBH/w4LYrymjf 970 vcw1ueyMNoqLo9nJMz/ORXupb35NNfE667prQYHa+tTjl1IiKpB7QUwt3wXPuTMF 971 Ja1tXtjKzkqJyuJlNuPKT76HcjgNqgV1s9qG44MD5I2JvI12du8zI1bgdQ+l/KsX 972 kTfbGjUvhOLOlVNWVQDpL+YMIrGqgBYxy5TUNgrAcRtwpNdS2KkF5otSmMweVb5k 973 hoUVv3u8UxQH/WWbNhHq1RrIlg/0rBUfi/ziShYFSB7U+aLx5DxPphTFBiDquQGp 974 tB+FC4JvnukDStFihZCZ1R8CAwEAAaOCASMwggEfMA4GA1UdDwEB/wQEAwIBBjAP 975 BgNVHRMBAf8EBTADAQH/MEcGA1UdIARAMD4wPAYEVR0gADA0MDIGCCsGAQUFBwIB 976 FiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAdBgNVHQ4E 977 FgQUFPblizG2RYBKTG38woeJyjbDkGIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDov 978 L2NybC5nbG9iYWxzaWduLm5ldC9yb290LmNybDA+BggrBgEFBQcBAQQyMDAwLgYI 979 KwYBBQUHMAGGImh0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9yb290cjEwHwYD 980 VR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZIhvcNAQEFBQADggEB 981 AL7IG0l+k4LkcpI+a/kvZsSRwSM4uA6zGX34e78A2oytr8RG8bJwVb8+AHMUD+Xe 982 2kYdh/Uj/waQXfqR0OgxQXL9Ct4ZM+JlR1avsNKXWL5AwYXAXCOB3J5PW2XOck7H 983 Zw0vRbGQhjWjQx+B4KOUFg1b3ov/z6Xkr3yaCfRQhXh7KC0Bc0RXPPG5Nv5lCW+z 984 tbbg0zMm3kyfQITRusMSg6IBsDJqOnjaiaKQRcXiD0Sk43ZXb2bUKMxC7+Td3QL4 985 RyHcWJbQ7YylLTS/x+jxWIcOQ0oO5/54t5PTQ14neYhOz9x4gUk2AYAW6d1vePwb 986 hcC8roQwkHT7HvfYBoc74FM= 987 -----END CERTIFICATE-----` 988 989 var globalSignRoot = `-----BEGIN CERTIFICATE----- 990 MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG 991 A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv 992 b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw 993 MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i 994 YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT 995 aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ 996 jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp 997 xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp 998 1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG 999 snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ 1000 U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 1001 9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E 1002 BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B 1003 AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz 1004 yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE 1005 38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP 1006 AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad 1007 DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME 1008 HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== 1009 -----END CERTIFICATE-----` 1010 1011 var moipLeafCert = `-----BEGIN CERTIFICATE----- 1012 MIIGQDCCBSigAwIBAgIRAPe/cwh7CUWizo8mYSDavLIwDQYJKoZIhvcNAQELBQAw 1013 gZIxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO 1014 BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTgwNgYD 1015 VQQDEy9DT01PRE8gUlNBIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZl 1016 ciBDQTAeFw0xMzA4MTUwMDAwMDBaFw0xNDA4MTUyMzU5NTlaMIIBQjEXMBUGA1UE 1017 BRMOMDg3MTg0MzEwMDAxMDgxEzARBgsrBgEEAYI3PAIBAxMCQlIxGjAYBgsrBgEE 1018 AYI3PAIBAhMJU2FvIFBhdWxvMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlv 1019 bjELMAkGA1UEBhMCQlIxETAPBgNVBBETCDAxNDUyMDAwMRIwEAYDVQQIEwlTYW8g 1020 UGF1bG8xEjAQBgNVBAcTCVNhbyBQYXVsbzEtMCsGA1UECRMkQXZlbmlkYSBCcmln 1021 YWRlaXJvIEZhcmlhIExpbWEgLCAyOTI3MR0wGwYDVQQKExRNb2lwIFBhZ2FtZW50 1022 b3MgUy5BLjENMAsGA1UECxMETU9JUDEYMBYGA1UECxMPU1NMIEJsaW5kYWRvIEVW 1023 MRgwFgYDVQQDEw9hcGkubW9pcC5jb20uYnIwggEiMA0GCSqGSIb3DQEBAQUAA4IB 1024 DwAwggEKAoIBAQDN0b9x6TrXXA9hPCF8/NjqGJ++2D4LO4ZiMFTjs0VwpXy2Y1Oe 1025 s74/HuiLGnAHxTmAtV7IpZMibiOcTxcnDYp9oEWkf+gR+hZvwFZwyOBC7wyb3SR3 1026 UvV0N1ZbEVRYpN9kuX/3vjDghjDmzzBwu8a/T+y5JTym5uiJlngVAWyh/RjtIvYi 1027 +NVkQMbyVlPGkoCe6c30pH8DKYuUCZU6DHjUsPTX3jAskqbhDSAnclX9iX0p2bmw 1028 KVBc+5Vh/2geyzDuquF0w+mNIYdU5h7uXvlmJnf3d2Cext5dxdL8/jezD3U0dAqI 1029 pYSKERbyxSkJWxdvRlhdpM9YXMJcpc88xNp1AgMBAAGjggHcMIIB2DAfBgNVHSME 1030 GDAWgBQ52v/KKBSKqHQTCLnkDqnS+n6daTAdBgNVHQ4EFgQU/lXuOa7DMExzZjRj 1031 LQWcMWGZY7swDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw 1032 FAYIKwYBBQUHAwEGCCsGAQUFBwMCMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQUB 1033 MCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMFYG 1034 A1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JT 1035 QUV4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBhwYIKwYBBQUH 1036 AQEEezB5MFEGCCsGAQUFBzAChkVodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01P 1037 RE9SU0FFeHRlbmRlZFZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYB 1038 BQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAvBgNVHREEKDAmgg9hcGku 1039 bW9pcC5jb20uYnKCE3d3dy5hcGkubW9pcC5jb20uYnIwDQYJKoZIhvcNAQELBQAD 1040 ggEBAFoTmPlaDcf+nudhjXHwud8g7/LRyA8ucb+3/vfmgbn7FUc1eprF5sJS1mA+ 1041 pbiTyXw4IxcJq2KUj0Nw3IPOe9k84mzh+XMmdCKH+QK3NWkE9Udz+VpBOBc0dlqC 1042 1RH5umStYDmuZg/8/r652eeQ5kUDcJyADfpKWBgDPYaGtwzKVT4h3Aok9SLXRHx6 1043 z/gOaMjEDMarMCMw4VUIG1pvNraZrG5oTaALPaIXXpd8VqbQYPudYJ6fR5eY3FeW 1044 H/ofbYFdRcuD26MfBFWE9VGGral9Fgo8sEHffho+UWhgApuQV4/l5fMzxB5YBXyQ 1045 jhuy8PqqZS9OuLilTeLu4a8z2JI= 1046 -----END CERTIFICATE-----` 1047 1048 var comodoIntermediateSHA384 = `-----BEGIN CERTIFICATE----- 1049 MIIGDjCCA/agAwIBAgIQBqdDgNTr/tQ1taP34Wq92DANBgkqhkiG9w0BAQwFADCB 1050 hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G 1051 A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV 1052 BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTIwMjEy 1053 MDAwMDAwWhcNMjcwMjExMjM1OTU5WjCBkjELMAkGA1UEBhMCR0IxGzAZBgNVBAgT 1054 EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR 1055 Q09NT0RPIENBIExpbWl0ZWQxODA2BgNVBAMTL0NPTU9ETyBSU0EgRXh0ZW5kZWQg 1056 VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC 1057 AQ8AMIIBCgKCAQEAlVbeVLTf1QJJe9FbXKKyHo+cK2JMK40SKPMalaPGEP0p3uGf 1058 CzhAk9HvbpUQ/OGQF3cs7nU+e2PsYZJuTzurgElr3wDqAwB/L3XVKC/sVmePgIOj 1059 vdwDmZOLlJFWW6G4ajo/Br0OksxgnP214J9mMF/b5pTwlWqvyIqvgNnmiDkBfBzA 1060 xSr3e5Wg8narbZtyOTDr0VdVAZ1YEZ18bYSPSeidCfw8/QpKdhQhXBZzQCMZdMO6 1061 WAqmli7eNuWf0MLw4eDBYuPCGEUZUaoXHugjddTI0JYT/8ck0YwLJ66eetw6YWNg 1062 iJctXQUL5Tvrrs46R3N2qPos3cCHF+msMJn4HwIDAQABo4IBaTCCAWUwHwYDVR0j 1063 BBgwFoAUu69+Aj36pvE8hI6t7jiY7NkyMtQwHQYDVR0OBBYEFDna/8ooFIqodBMI 1064 ueQOqdL6fp1pMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMD4G 1065 A1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5j 1066 b21vZG8uY29tL0NQUzBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9k 1067 b2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggr 1068 BgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29t 1069 L0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz 1070 cC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAERCnUFRK0iIXZebeV4R 1071 AUpSGXtBLMeJPNBy3IX6WK/VJeQT+FhlZ58N/1eLqYVeyqZLsKeyLeCMIs37/3mk 1072 jCuN/gI9JN6pXV/kD0fQ22YlPodHDK4ixVAihNftSlka9pOlk7DgG4HyVsTIEFPk 1073 1Hax0VtpS3ey4E/EhOfUoFDuPPpE/NBXueEoU/1Tzdy5H3pAvTA/2GzS8+cHnx8i 1074 teoiccsq8FZ8/qyo0QYPFBRSTP5kKwxpKrgNUG4+BAe/eiCL+O5lCeHHSQgyPQ0o 1075 fkkdt0rvAucNgBfIXOBhYsvss2B5JdoaZXOcOBCgJjqwyBZ9kzEi7nQLiMBciUEA 1076 KKlHMd99SUWa9eanRRrSjhMQ34Ovmw2tfn6dNVA0BM7pINae253UqNpktNEvWS5e 1077 ojZh1CSggjMziqHRbO9haKPl0latxf1eYusVqHQSTC8xjOnB3xBLAer2VBvNfzu9 1078 XJ/B288ByvK6YBIhMe2pZLiySVgXbVrXzYxtvp5/4gJYp9vDLVj2dAZqmvZh+fYA 1079 tmnYOosxWd2R5nwnI4fdAw+PKowegwFOAWEMUnNt/AiiuSpm5HZNMaBWm9lTjaK2 1080 jwLI5jqmBNFI+8NKAnb9L9K8E7bobTQk+p0pisehKxTxlgBzuRPpwLk6R1YCcYAn 1081 pLwltum95OmYdBbxN4SBB7SC 1082 -----END CERTIFICATE-----` 1083 1084 const comodoRSAAuthority = `-----BEGIN CERTIFICATE----- 1085 MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv 1086 MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk 1087 ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF 1088 eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow 1089 gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO 1090 BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD 1091 VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq 1092 hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw 1093 AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6 1094 2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr 1095 ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt 1096 4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq 1097 m1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/ 1098 vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT 1099 8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IE 1100 IlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfO 1101 KJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPO 1102 GHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/ 1103 s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g 1104 JMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQD 1105 AgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9 1106 MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy 1107 bmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6 1108 Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQ 1109 zbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfj 1110 Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY 1111 Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5 1112 B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx 1113 PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR 1114 pu/xO28QOG8= 1115 -----END CERTIFICATE-----` 1116 1117 const addTrustRoot = `-----BEGIN CERTIFICATE----- 1118 MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU 1119 MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs 1120 IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 1121 MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux 1122 FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h 1123 bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v 1124 dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt 1125 H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 1126 uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX 1127 mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX 1128 a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN 1129 E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 1130 WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD 1131 VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 1132 Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU 1133 cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx 1134 IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN 1135 AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH 1136 YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 1137 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC 1138 Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX 1139 c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a 1140 mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= 1141 -----END CERTIFICATE-----` 1142 1143 const zcryptoRoot = ` 1144 Certificate: 1145 Data: 1146 Version: 3 (0x2) 1147 Serial Number: 0 (0x0) 1148 Signature Algorithm: sha256WithRSAEncryption 1149 Issuer: CN=ZCrypto Root Authority 1150 Validity 1151 Not Before: Jan 1 00:00:00 2017 GMT 1152 Not After : Jan 1 00:00:00 2027 GMT 1153 Subject: CN=ZCrypto Root Authority 1154 Subject Public Key Info: 1155 Public Key Algorithm: rsaEncryption 1156 RSA Public Key: (2048 bit) 1157 Modulus (2048 bit): 1158 00:cd:f3:5a:43:f9:8a:16:e8:73:2e:3d:76:39:49: 1159 bb:bf:9e:a1:58:23:8a:d0:ea:55:92:6e:d5:4f:d3: 1160 be:32:ea:5d:66:e9:ae:0f:e0:b7:2e:2e:97:90:f6: 1161 fb:c1:0b:73:e3:bc:d8:7b:93:35:ac:f4:01:f9:bc: 1162 ca:97:a0:ce:8c:eb:f6:73:9b:63:a9:ae:09:fb:50: 1163 1b:c0:5f:3e:ac:93:d6:8c:e2:97:28:af:d2:4a:00: 1164 85:1e:81:ec:ce:0f:5d:b1:39:08:e9:0c:fa:07:3c: 1165 85:af:09:e4:09:c8:7a:8f:9d:58:cc:a5:28:ba:d1: 1166 d8:3a:0a:cd:b5:0d:0b:26:71:16:60:86:a4:87:b5: 1167 b7:48:a5:21:27:44:b1:bf:06:7e:a9:74:17:69:b7: 1168 55:0d:75:bb:a6:cd:e5:40:a2:4a:f9:17:3b:cf:e3: 1169 0e:0a:d9:2b:09:43:f5:8a:f9:c8:5b:6b:1d:0e:b1: 1170 61:d6:12:2c:04:ba:65:72:7a:b0:ff:a0:0d:03:28: 1171 fd:5e:bc:a9:06:b4:cf:34:81:40:af:e4:72:90:4e: 1172 4a:37:89:54:c9:cf:5b:1f:e4:4f:1f:15:4a:54:f3: 1173 9d:2a:8c:dd:9e:58:59:38:68:d8:27:2b:7c:08:82: 1174 60:3e:f1:0f:f7:8f:d5:87:6e:11:ec:44:f2:e4:ee: 1175 e7:f3 1176 Exponent: 65537 (0x10001) 1177 X509v3 extensions: 1178 X509v3 Basic Constraints: critical 1179 CA:TRUE 1180 X509v3 Subject Key Identifier: 1181 F7:7D:D8:A5:24:B8:D0:D1:A0:14:7C:5D:91:67:38:8A:EB:0D:31:95 1182 X509v3 Authority Key Identifier: 1183 keyid:F7:7D:D8:A5:24:B8:D0:D1:A0:14:7C:5D:91:67:38:8A:EB:0D:31:95 1184 1185 X509v3 Key Usage: critical 1186 Certificate Sign, CRL Sign 1187 Signature Algorithm: sha256WithRSAEncryption 1188 59:18:0c:0c:fc:70:f0:f9:38:6d:70:71:69:a5:6a:19:96:b7: 1189 56:fa:d1:a7:56:04:12:77:36:05:a9:a2:d5:97:1e:8e:ce:78: 1190 b9:72:09:bf:73:4f:32:90:0f:a0:6a:77:40:8c:00:92:4e:c9: 1191 a7:78:05:4f:b5:42:c6:f3:b2:d9:02:ec:a1:98:e9:2b:3a:2f: 1192 67:02:3f:44:f2:bb:f3:7d:ee:4e:6c:2f:3f:29:56:6d:aa:bc: 1193 fc:8c:c0:3d:7c:bf:96:01:87:3f:e1:3b:71:3b:ef:26:25:3e: 1194 61:90:90:d0:02:31:f1:64:ae:bc:bb:62:04:05:10:5e:fe:dd: 1195 34:92:d7:2c:32:1f:b7:30:d6:b7:57:8b:b8:b4:29:9c:e5:bb: 1196 c6:5b:6d:f5:5c:80:e1:c8:c4:30:eb:eb:44:45:86:bf:71:08: 1197 b7:e3:79:10:02:08:70:66:58:a1:21:b7:7e:01:9d:3b:ea:6d: 1198 a6:68:c9:12:6e:f4:c5:ea:b8:1d:38:27:49:b6:60:ac:8f:5a: 1199 f3:9f:27:28:e2:4c:87:a7:cf:f9:f8:72:5b:b4:4e:98:bf:5b: 1200 fb:cd:52:6e:6b:56:d7:dd:32:2f:28:d9:30:cb:dd:40:3b:79: 1201 50:7c:97:70:ce:b3:c2:57:4d:e0:9b:05:89:43:2a:3d:78:bc: 1202 e8:95:a5:14 1203 -----BEGIN CERTIFICATE----- 1204 MIIDIDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAhMR8wHQYDVQQDDBZaQ3J5 1205 cHRvIFJvb3QgQXV0aG9yaXR5MB4XDTE3MDEwMTAwMDAwMFoXDTI3MDEwMTAwMDAw 1206 MFowITEfMB0GA1UEAwwWWkNyeXB0byBSb290IEF1dGhvcml0eTCCASIwDQYJKoZI 1207 hvcNAQEBBQADggEPADCCAQoCggEBAM3zWkP5ihbocy49djlJu7+eoVgjitDqVZJu 1208 1U/TvjLqXWbprg/gty4ul5D2+8ELc+O82HuTNaz0Afm8ypegzozr9nObY6muCftQ 1209 G8BfPqyT1ozilyiv0koAhR6B7M4PXbE5COkM+gc8ha8J5AnIeo+dWMylKLrR2DoK 1210 zbUNCyZxFmCGpIe1t0ilISdEsb8Gfql0F2m3VQ11u6bN5UCiSvkXO8/jDgrZKwlD 1211 9Yr5yFtrHQ6xYdYSLAS6ZXJ6sP+gDQMo/V68qQa0zzSBQK/kcpBOSjeJVMnPWx/k 1212 Tx8VSlTznSqM3Z5YWTho2CcrfAiCYD7xD/eP1YduEexE8uTu5/MCAwEAAaNjMGEw 1213 DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU933YpSS40NGgFHxdkWc4iusNMZUw 1214 HwYDVR0jBBgwFoAU933YpSS40NGgFHxdkWc4iusNMZUwDgYDVR0PAQH/BAQDAgEG 1215 MA0GCSqGSIb3DQEBCwUAA4IBAQBZGAwM/HDw+ThtcHFppWoZlrdW+tGnVgQSdzYF 1216 qaLVlx6Ozni5cgm/c08ykA+gandAjACSTsmneAVPtULG87LZAuyhmOkrOi9nAj9E 1217 8rvzfe5ObC8/KVZtqrz8jMA9fL+WAYc/4TtxO+8mJT5hkJDQAjHxZK68u2IEBRBe 1218 /t00ktcsMh+3MNa3V4u4tCmc5bvGW231XIDhyMQw6+tERYa/cQi343kQAghwZlih 1219 Ibd+AZ076m2maMkSbvTF6rgdOCdJtmCsj1rznyco4kyHp8/5+HJbtE6Yv1v7zVJu 1220 a1bX3TIvKNkwy91AO3lQfJdwzrPCV03gmwWJQyo9eLzolaUU 1221 -----END CERTIFICATE----- 1222 ` 1223 const zcryptoIntermediate = ` 1224 Certificate: 1225 Data: 1226 Version: 3 (0x2) 1227 Serial Number: 1 (0x1) 1228 Signature Algorithm: sha256WithRSAEncryption 1229 Issuer: CN=ZCrypto Root Authority 1230 Validity 1231 Not Before: Jan 1 00:00:00 2020 GMT 1232 Not After : Dec 31 00:00:00 2026 GMT 1233 Subject: CN=ZCrypto Intermediate Authority 1234 Subject Public Key Info: 1235 Public Key Algorithm: rsaEncryption 1236 RSA Public Key: (2048 bit) 1237 Modulus (2048 bit): 1238 00:cb:63:b2:bd:28:93:52:78:aa:88:a7:9f:0f:92: 1239 8b:53:fe:07:61:e1:c1:c2:0e:67:b7:bb:61:e8:53: 1240 c2:7f:cb:41:a0:2d:7f:46:a8:1a:65:8f:5b:96:69: 1241 39:15:97:db:04:84:7e:37:56:5e:1d:50:8f:16:2e: 1242 97:e4:25:b7:3d:1a:a6:7a:0c:3b:1c:1d:0c:e6:61: 1243 ff:d4:51:e0:60:22:0a:d7:5d:34:09:80:fc:67:fd: 1244 33:3b:ef:e1:04:6e:f4:2c:f9:2a:81:8f:5e:88:a7: 1245 9a:b6:18:87:d9:aa:8b:8b:5a:ef:bc:bd:ba:08:55: 1246 39:20:0e:b2:8e:6b:7a:b9:b7:97:2c:d5:ab:7e:fc: 1247 41:7c:ce:4b:1d:ec:8b:0c:6b:2f:e4:ac:0e:44:79: 1248 59:7f:21:cc:ce:a9:f1:95:9c:1a:b6:7b:94:16:a9: 1249 ba:ed:b0:48:8e:ec:25:c0:db:68:66:cb:3b:de:27: 1250 6d:c0:d2:02:9b:e3:9e:38:2d:bd:ea:90:00:1d:f3: 1251 e8:8e:6d:6d:43:9a:68:07:6a:7a:eb:0d:71:0b:02: 1252 83:61:56:cf:d2:d0:dd:9e:b2:0e:74:39:26:bc:e0: 1253 3b:24:d4:6a:99:33:15:b8:37:c8:ae:97:c1:78:74: 1254 6b:26:67:d1:91:74:c4:91:90:d3:96:ad:87:f9:19: 1255 67:63 1256 Exponent: 65537 (0x10001) 1257 X509v3 extensions: 1258 X509v3 Basic Constraints: critical 1259 CA:TRUE 1260 X509v3 Subject Key Identifier: 1261 23:56:59:53:5A:3D:D7:DF:2E:F3:A8:68:C0:12:77:FB:55:D8:50:EA 1262 X509v3 Authority Key Identifier: 1263 keyid:F7:7D:D8:A5:24:B8:D0:D1:A0:14:7C:5D:91:67:38:8A:EB:0D:31:95 1264 1265 X509v3 Key Usage: critical 1266 Certificate Sign, CRL Sign 1267 Signature Algorithm: sha256WithRSAEncryption 1268 68:59:cf:9d:2e:7e:19:61:63:4d:d2:61:c0:98:0c:0d:70:2f: 1269 cb:1c:1e:b7:27:a0:07:e5:13:92:5c:ff:2f:93:ca:04:a1:a9: 1270 99:e0:3d:92:b3:63:a9:92:67:ab:e2:94:b8:b0:7e:cd:78:eb: 1271 e6:68:65:b1:53:2a:c5:e2:76:f9:ce:ee:fe:f4:46:85:51:3e: 1272 20:f2:9b:ce:9f:ef:03:f6:22:c1:31:d3:0e:f4:bb:cd:8f:88: 1273 7d:24:2d:9b:93:b1:28:c7:20:11:7b:cf:67:4d:c0:81:f1:b0: 1274 92:36:34:e5:a9:f2:e0:cf:cf:6b:d5:8c:07:d3:c1:66:b0:32: 1275 b0:2f:ec:11:70:7b:d0:63:a8:db:bc:fa:d9:93:67:7e:3b:9c: 1276 95:ca:4b:a0:14:fd:f2:80:fb:04:2e:86:3c:75:89:31:21:0b: 1277 9a:13:5b:56:f0:c1:ea:0f:6c:8f:ec:9a:5c:b8:8a:75:5e:c3: 1278 b2:00:b2:3d:37:75:0e:fa:43:43:7e:4d:fd:8e:95:71:7a:0a: 1279 e6:2a:a1:59:bb:45:65:5c:3e:d4:d6:f1:5e:27:e3:18:7e:1b: 1280 59:cc:46:71:7c:32:fc:2a:b8:a0:02:29:99:8f:be:62:95:9a: 1281 d0:b2:d6:03:36:82:54:fc:4b:69:e4:c6:fd:b3:c4:e4:5b:55: 1282 14:a8:c6:4f 1283 -----BEGIN CERTIFICATE----- 1284 MIIDKDCCAhCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMR8wHQYDVQQDDBZaQ3J5 1285 cHRvIFJvb3QgQXV0aG9yaXR5MB4XDTIwMDEwMTAwMDAwMFoXDTI2MTIzMTAwMDAw 1286 MFowKTEnMCUGA1UEAwweWkNyeXB0byBJbnRlcm1lZGlhdGUgQXV0aG9yaXR5MIIB 1287 IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2OyvSiTUniqiKefD5KLU/4H 1288 YeHBwg5nt7th6FPCf8tBoC1/RqgaZY9blmk5FZfbBIR+N1ZeHVCPFi6X5CW3PRqm 1289 egw7HB0M5mH/1FHgYCIK1100CYD8Z/0zO+/hBG70LPkqgY9eiKeathiH2aqLi1rv 1290 vL26CFU5IA6yjmt6ubeXLNWrfvxBfM5LHeyLDGsv5KwORHlZfyHMzqnxlZwatnuU 1291 Fqm67bBIjuwlwNtoZss73idtwNICm+OeOC296pAAHfPojm1tQ5poB2p66w1xCwKD 1292 YVbP0tDdnrIOdDkmvOA7JNRqmTMVuDfIrpfBeHRrJmfRkXTEkZDTlq2H+RlnYwID 1293 AQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjVllTWj3X3y7zqGjA 1294 Enf7VdhQ6jAfBgNVHSMEGDAWgBT3fdilJLjQ0aAUfF2RZziK6w0xlTAOBgNVHQ8B 1295 Af8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAGhZz50ufhlhY03SYcCYDA1wL8sc 1296 HrcnoAflE5Jc/y+TygShqZngPZKzY6mSZ6vilLiwfs146+ZoZbFTKsXidvnO7v70 1297 RoVRPiDym86f7wP2IsEx0w70u82PiH0kLZuTsSjHIBF7z2dNwIHxsJI2NOWp8uDP 1298 z2vVjAfTwWawMrAv7BFwe9BjqNu8+tmTZ347nJXKS6AU/fKA+wQuhjx1iTEhC5oT 1299 W1bwweoPbI/smly4inVew7IAsj03dQ76Q0N+Tf2OlXF6CuYqoVm7RWVcPtTW8V4n 1300 4xh+G1nMRnF8MvwquKACKZmPvmKVmtCy1gM2glT8S2nkxv2zxORbVRSoxk8= 1301 -----END CERTIFICATE----- 1302 ` 1303 const zcryptoNeverValid = ` 1304 Certificate: 1305 Data: 1306 Version: 3 (0x2) 1307 Serial Number: 255 (0xff) 1308 Signature Algorithm: sha256WithRSAEncryption 1309 Issuer: CN=ZCrypto Intermediate Authority 1310 Validity 1311 Not Before: Jan 1 01:00:00 2022 GMT 1312 Not After : Jan 1 01:00:00 2021 GMT 1313 Subject: CN=never-valid.example.com 1314 Subject Public Key Info: 1315 Public Key Algorithm: rsaEncryption 1316 RSA Public Key: (2048 bit) 1317 Modulus (2048 bit): 1318 00:c8:b5:df:e8:39:ba:15:5c:7c:a3:e4:97:ae:9e: 1319 80:c9:9c:00:38:b0:05:75:56:dc:54:11:ca:f1:6d: 1320 d5:4c:ad:0a:92:b7:b9:ed:00:6a:bf:84:e2:8a:71: 1321 a2:31:a4:ee:4e:0a:7e:61:6d:6c:8e:45:36:51:b8: 1322 66:dc:5a:0f:b1:62:36:7e:2e:05:b5:07:1b:e0:94: 1323 ef:f5:3d:99:54:c0:56:d5:3b:f0:d5:95:8c:5a:74: 1324 fc:3b:57:4d:b3:0c:5a:a4:5a:95:45:14:cb:cf:5b: 1325 32:3c:79:08:f0:13:06:f3:0c:6e:b4:41:a9:e3:7a: 1326 c2:92:ba:b0:cb:c4:0e:12:25:a2:46:fc:95:c3:0d: 1327 9d:25:1e:14:6d:77:06:01:82:5b:27:21:5b:97:68: 1328 1a:db:9d:ca:2d:1b:0a:bf:d7:82:3a:7d:ae:b0:cc: 1329 a9:0f:f3:fc:3e:d3:e7:43:1a:67:2a:5c:65:f2:f0: 1330 bb:f7:7f:ac:d6:0a:4c:78:b0:ef:78:ad:f6:69:97: 1331 4f:2c:90:b4:b3:40:56:1e:fe:d9:19:80:0e:5b:43: 1332 d1:21:db:a6:aa:e2:42:93:a9:d7:b1:6b:f5:f5:a8: 1333 22:05:48:eb:52:0d:90:ac:03:34:ba:a3:75:32:d2: 1334 f0:d8:41:70:c2:63:c9:c7:e4:30:db:75:f2:1e:b4: 1335 90:51 1336 Exponent: 65537 (0x10001) 1337 X509v3 extensions: 1338 X509v3 Basic Constraints: critical 1339 CA:FALSE 1340 X509v3 Subject Key Identifier: 1341 D1:8B:87:FE:65:90:77:5C:F0:BC:FE:26:B9:AC:76:A1:91:D3:12:F0 1342 X509v3 Authority Key Identifier: 1343 keyid:23:56:59:53:5A:3D:D7:DF:2E:F3:A8:68:C0:12:77:FB:55:D8:50:EA 1344 1345 X509v3 Key Usage: 1346 Digital Signature, Key Encipherment, Data Encipherment 1347 Signature Algorithm: sha256WithRSAEncryption 1348 b3:58:c2:51:12:c0:29:df:1b:57:5e:19:d2:b5:c7:8b:e1:39: 1349 f8:a5:c0:01:97:7f:35:34:6f:6a:7a:09:39:60:53:22:ee:07: 1350 37:c4:42:f0:a6:5c:71:6c:c6:b4:66:78:b4:e8:0e:0b:44:56: 1351 8a:4a:c6:2e:3c:97:89:a6:6a:2e:57:73:09:7c:01:d2:a4:80: 1352 7e:3e:cc:5d:5f:7c:cd:df:1e:a5:b9:0d:ae:70:6f:5d:dd:c9: 1353 b1:35:85:98:54:21:c4:31:d1:9c:07:b2:72:66:86:d0:aa:22: 1354 bc:16:5f:fc:b8:eb:cd:fe:01:c5:65:64:f7:b9:bb:14:69:7e: 1355 52:12:1e:cc:9e:93:c4:07:0a:2f:6e:03:de:2e:a1:cc:30:fd: 1356 a6:b0:f5:9f:a3:2a:d4:97:7b:6c:84:c2:1d:93:52:cb:0a:bd: 1357 09:27:6a:3c:bb:50:ba:95:39:5d:99:a7:61:d4:c5:67:6b:f7: 1358 69:27:c0:66:7e:ba:88:ee:98:c5:91:69:ba:5c:42:14:f8:16: 1359 02:d8:20:d4:ea:a8:ed:e3:ac:50:d4:72:20:a8:ba:00:5f:78: 1360 07:8e:7b:1f:39:5d:59:3f:07:52:7c:87:7a:83:30:0f:cb:ea: 1361 d0:7f:4b:d0:0d:e8:21:62:43:97:22:89:b7:c9:47:b8:2e:47: 1362 b3:8a:93:c0 1363 -----BEGIN CERTIFICATE----- 1364 MIIDJDCCAgygAwIBAgICAP8wDQYJKoZIhvcNAQELBQAwKTEnMCUGA1UEAwweWkNy 1365 eXB0byBJbnRlcm1lZGlhdGUgQXV0aG9yaXR5MB4XDTIyMDEwMTAxMDAwMFoXDTIx 1366 MDEwMTAxMDAwMFowIjEgMB4GA1UEAwwXbmV2ZXItdmFsaWQuZXhhbXBsZS5jb20w 1367 ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDItd/oOboVXHyj5JeunoDJ 1368 nAA4sAV1VtxUEcrxbdVMrQqSt7ntAGq/hOKKcaIxpO5OCn5hbWyORTZRuGbcWg+x 1369 YjZ+LgW1BxvglO/1PZlUwFbVO/DVlYxadPw7V02zDFqkWpVFFMvPWzI8eQjwEwbz 1370 DG60QanjesKSurDLxA4SJaJG/JXDDZ0lHhRtdwYBglsnIVuXaBrbncotGwq/14I6 1371 fa6wzKkP8/w+0+dDGmcqXGXy8Lv3f6zWCkx4sO94rfZpl08skLSzQFYe/tkZgA5b 1372 Q9Eh26aq4kKTqdexa/X1qCIFSOtSDZCsAzS6o3Uy0vDYQXDCY8nH5DDbdfIetJBR 1373 AgMBAAGjXTBbMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNGLh/5lkHdc8Lz+Jrms 1374 dqGR0xLwMB8GA1UdIwQYMBaAFCNWWVNaPdffLvOoaMASd/tV2FDqMAsGA1UdDwQE 1375 AwIEsDANBgkqhkiG9w0BAQsFAAOCAQEAs1jCURLAKd8bV14Z0rXHi+E5+KXAAZd/ 1376 NTRvanoJOWBTIu4HN8RC8KZccWzGtGZ4tOgOC0RWikrGLjyXiaZqLldzCXwB0qSA 1377 fj7MXV98zd8epbkNrnBvXd3JsTWFmFQhxDHRnAeycmaG0KoivBZf/Ljrzf4BxWVk 1378 97m7FGl+UhIezJ6TxAcKL24D3i6hzDD9prD1n6Mq1Jd7bITCHZNSywq9CSdqPLtQ 1379 upU5XZmnYdTFZ2v3aSfAZn66iO6YxZFpulxCFPgWAtgg1Oqo7eOsUNRyIKi6AF94 1380 B457HzldWT8HUnyHeoMwD8vq0H9L0A3oIWJDlyKJt8lHuC5Hs4qTwA== 1381 -----END CERTIFICATE----- 1382 ` 1383 const zcryptoValidBeforeIntermediate = ` 1384 Certificate: 1385 Data: 1386 Version: 3 (0x2) 1387 Serial Number: 256 (0x100) 1388 Signature Algorithm: sha256WithRSAEncryption 1389 Issuer: CN=ZCrypto Intermediate Authority 1390 Validity 1391 Not Before: Jan 1 01:00:00 2018 GMT 1392 Not After : Jan 1 01:00:00 2019 GMT 1393 Subject: CN=never-valid.example.com 1394 Subject Public Key Info: 1395 Public Key Algorithm: rsaEncryption 1396 RSA Public Key: (2048 bit) 1397 Modulus (2048 bit): 1398 00:cf:6a:62:38:10:e0:90:4c:63:f7:b0:91:20:4b: 1399 e5:ca:f2:1b:0d:44:e3:c6:cb:7c:7d:d4:73:4c:b4: 1400 45:ae:3a:64:89:20:30:4b:93:20:6d:9d:40:9b:53: 1401 30:b7:71:58:9f:51:5e:91:73:07:bf:8a:8a:ab:c9: 1402 dc:42:7c:7e:33:9a:08:81:00:5c:06:61:01:cb:bf: 1403 cd:ff:b8:fc:9e:94:83:1a:1e:05:f8:99:c3:02:5f: 1404 fb:bd:53:c1:97:0b:28:4d:1a:4a:5d:00:6b:40:7a: 1405 c3:e4:7e:06:e9:6b:39:de:c7:93:5e:de:b5:f2:5b: 1406 a4:78:ff:22:bb:4a:b1:af:c0:3a:21:19:de:ff:c8: 1407 b5:ae:cc:63:bd:60:ce:6f:ec:c3:c9:1d:aa:24:a1: 1408 73:b2:d7:79:55:51:6a:92:21:aa:70:58:c4:80:df: 1409 8b:fa:25:7c:8f:a0:de:03:36:3e:e1:c8:05:57:fd: 1410 fa:9f:38:f3:3a:7b:fc:83:83:2d:40:da:4f:14:8d: 1411 60:90:f1:d4:95:eb:09:e3:4e:4c:f6:6a:be:dc:46: 1412 87:da:cd:3c:65:33:5e:a2:be:e5:4c:33:d6:e1:08: 1413 30:c6:bd:35:8c:bb:1a:30:9a:e9:7e:76:e7:84:b2: 1414 7c:d8:fb:27:67:6c:00:9f:6c:9e:0a:f1:db:bb:47: 1415 ee:11 1416 Exponent: 65537 (0x10001) 1417 X509v3 extensions: 1418 X509v3 Basic Constraints: critical 1419 CA:FALSE 1420 X509v3 Subject Key Identifier: 1421 6D:5F:14:AB:EB:ED:2B:CE:B9:56:DF:46:86:97:3F:35:E2:6F:D9:8F 1422 X509v3 Authority Key Identifier: 1423 keyid:23:56:59:53:5A:3D:D7:DF:2E:F3:A8:68:C0:12:77:FB:55:D8:50:EA 1424 1425 X509v3 Key Usage: 1426 Digital Signature, Key Encipherment, Data Encipherment 1427 Signature Algorithm: sha256WithRSAEncryption 1428 b1:60:2b:82:19:98:29:98:bf:4e:6c:9e:07:7e:9e:8b:13:cf: 1429 be:be:88:3c:be:68:65:63:7f:8a:c7:2a:9a:5f:52:12:dc:ee: 1430 e1:64:94:59:3e:14:c7:7d:80:82:8b:c5:f4:72:41:ad:a0:20: 1431 7f:d5:04:7c:66:f5:01:9e:d7:95:a4:d9:bd:f2:ad:b6:24:fb: 1432 e4:d4:be:5a:0d:a8:5f:b8:de:95:c5:6e:1c:f5:fc:d8:9c:e0: 1433 fa:5b:93:48:70:d3:98:1f:02:09:86:fe:a5:d5:d9:de:7f:c2: 1434 23:9c:e8:3e:f2:85:da:e5:91:2f:b0:a3:da:ba:f4:8d:88:4a: 1435 3d:c7:94:e7:00:cf:d9:e3:6e:19:ef:6a:09:58:27:60:49:6a: 1436 a9:03:98:83:88:33:ac:24:ba:63:37:73:6f:2f:10:df:06:79: 1437 d8:29:01:62:a5:89:4b:25:24:12:9c:6b:0c:f0:95:45:85:fe: 1438 1b:82:13:76:ae:c2:80:77:d8:41:60:3b:8a:7f:40:43:e5:66: 1439 f9:b2:f3:e8:e0:5f:0a:ec:0a:3c:22:cf:4a:2d:e7:59:0c:82: 1440 0d:e7:8a:4b:31:f2:04:a8:79:9f:a9:af:57:c6:6e:d7:32:ec: 1441 23:74:aa:e2:59:2a:88:c2:e4:0c:f6:fb:67:31:dd:44:ed:a9: 1442 e0:fe:2f:65 1443 -----BEGIN CERTIFICATE----- 1444 MIIDJDCCAgygAwIBAgICAQAwDQYJKoZIhvcNAQELBQAwKTEnMCUGA1UEAwweWkNy 1445 eXB0byBJbnRlcm1lZGlhdGUgQXV0aG9yaXR5MB4XDTE4MDEwMTAxMDAwMFoXDTE5 1446 MDEwMTAxMDAwMFowIjEgMB4GA1UEAwwXbmV2ZXItdmFsaWQuZXhhbXBsZS5jb20w 1447 ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPamI4EOCQTGP3sJEgS+XK 1448 8hsNROPGy3x91HNMtEWuOmSJIDBLkyBtnUCbUzC3cVifUV6Rcwe/ioqrydxCfH4z 1449 mgiBAFwGYQHLv83/uPyelIMaHgX4mcMCX/u9U8GXCyhNGkpdAGtAesPkfgbpazne 1450 x5Ne3rXyW6R4/yK7SrGvwDohGd7/yLWuzGO9YM5v7MPJHaokoXOy13lVUWqSIapw 1451 WMSA34v6JXyPoN4DNj7hyAVX/fqfOPM6e/yDgy1A2k8UjWCQ8dSV6wnjTkz2ar7c 1452 RofazTxlM16ivuVMM9bhCDDGvTWMuxowmul+dueEsnzY+ydnbACfbJ4K8du7R+4R 1453 AgMBAAGjXTBbMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFG1fFKvr7SvOuVbfRoaX 1454 PzXib9mPMB8GA1UdIwQYMBaAFCNWWVNaPdffLvOoaMASd/tV2FDqMAsGA1UdDwQE 1455 AwIEsDANBgkqhkiG9w0BAQsFAAOCAQEAsWArghmYKZi/TmyeB36eixPPvr6IPL5o 1456 ZWN/iscqml9SEtzu4WSUWT4Ux32AgovF9HJBraAgf9UEfGb1AZ7XlaTZvfKttiT7 1457 5NS+Wg2oX7jelcVuHPX82Jzg+luTSHDTmB8CCYb+pdXZ3n/CI5zoPvKF2uWRL7Cj 1458 2rr0jYhKPceU5wDP2eNuGe9qCVgnYElqqQOYg4gzrCS6Yzdzby8Q3wZ52CkBYqWJ 1459 SyUkEpxrDPCVRYX+G4ITdq7CgHfYQWA7in9AQ+Vm+bLz6OBfCuwKPCLPSi3nWQyC 1460 DeeKSzHyBKh5n6mvV8Zu1zLsI3Sq4lkqiMLkDPb7ZzHdRO2p4P4vZQ== 1461 -----END CERTIFICATE----- 1462 `