Skip to content

Commit

Permalink
Added IsSMIMEBRCertificate in checkApplies where missing (#780)
Browse files Browse the repository at this point in the history 
* lint about the encoding of qcstatements for PSD2

* Revert "lint about the encoding of qcstatements for PSD2"

This reverts commit 6c23670.

* util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC

* always check and perform the operation in the execution

* synchronised with project

* synchronised with project

* synchronised with project

* added util.IsSMIMEBRCertificate(c) where missing, updated test data

* removed GIT merge hints

---------

Co-authored-by: mtg <git@mtg.de>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: Christopher Henderson <chris@chenderson.org>
  • Loading branch information
@mtgag @web-flow @christopher-henderson
4 people authored Dec 16, 2023
1 parent c1aacb0 commit f830602
Show file tree
Hide file tree
Showing 13 changed files with 450 additions and 102 deletions.
2 changes: 1 addition & 1 deletion v3/lints/cabf_smime_br/lint_san_shall_be_present.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ func NewSubjectAlternativeNameShallBePresent() lint.LintInterface {
}

func (l *subjectAlternativeNameShallBePresent) CheckApplies(c *x509.Certificate) bool {
return util.IsSubscriberCert(c)
return util.IsSubscriberCert(c) && util.IsSMIMEBRCertificate(c)
}

func (l *subjectAlternativeNameShallBePresent) Execute(c *x509.Certificate) *lint.LintResult {
Expand Down
5 changes: 5 additions & 0 deletions v3/lints/cabf_smime_br/lint_san_shall_be_present_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,11 @@ func TestSubscriberSubjectAlternativeNameShallBePresent(t *testing.T) {
InputFilename: "smime/without_subject_alternative_name.pem",
ExpectedResult: lint.Error,
},
{
Name: "na - certificate has no SMIME BR policy",
InputFilename: "smime/with_subject_alternative_name_no_br.pem",
ExpectedResult: lint.NA,
},
}
for _, tc := range testCases {
t.Run(tc.Name, func(t *testing.T) {
Expand Down
2 changes: 1 addition & 1 deletion v3/lints/cabf_smime_br/lint_san_should_not_be_critical.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ func NewSubjectAlternativeNameNotCritical() lint.LintInterface {
}

func (l *SubjectAlternativeNameNotCritical) CheckApplies(c *x509.Certificate) bool {
return util.IsSubscriberCert(c) && util.IsExtInCert(c, util.SubjectAlternateNameOID)
return util.IsSubscriberCert(c) && util.IsExtInCert(c, util.SubjectAlternateNameOID) && util.IsSMIMEBRCertificate(c)
}

func (l *SubjectAlternativeNameNotCritical) Execute(c *x509.Certificate) *lint.LintResult {
Expand Down
18 changes: 12 additions & 6 deletions v3/lints/cabf_smime_br/lint_san_should_not_be_critical_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,20 @@ func TestSubjectAlternativeNameNotCritical(t *testing.T) {
ExpectedResult lint.LintStatus
}{
{
Name: "pass - cert without a CRL distribution point",
InputFilename: "smime/san_not_critical_with_subject.pem",
Name: "pass - certificate with non-critical SAN and non-empty subject",
InputFilename: "smime/san_non_critical_non_empty_subject.pem",
ExpectedResult: lint.Pass,
},
// I admit that it is very difficult to construct a negative case
// since the Go standard library does the correct thing on your
// behalf at time of signing. Plus no certs came up bad in
// the test corpus, so we don't have any live examples.
{
Name: "warn - certificate with critical SAN and non-empty subject",
InputFilename: "smime/san_critical_non_empty_subject.pem",
ExpectedResult: lint.Warn,
},
{
Name: "na - certificate has no SMIME BR policy",
InputFilename: "ecdsaP224.pem",
ExpectedResult: lint.NA,
},
}
for _, tc := range testCases {
t.Run(tc.Name, func(t *testing.T) {
Expand Down
4 changes: 2 additions & 2 deletions v3/lints/cabf_smime_br/lint_single_email_if_present.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ func NewSingleEmailIfPresent() lint.LintInterface {
}

func (l *singleEmailIfPresent) CheckApplies(c *x509.Certificate) bool {
return util.IsSubscriberCert(c) && c.EmailAddresses != nil && len(c.EmailAddresses) != 0
return util.IsSubscriberCert(c) && c.EmailAddresses != nil && len(c.EmailAddresses) != 0 && util.IsSMIMEBRCertificate(c)
}

func (l *singleEmailIfPresent) Execute(c *x509.Certificate) *lint.LintResult {
Expand All @@ -53,7 +53,7 @@ func (l *singleEmailIfPresent) Execute(c *x509.Certificate) *lint.LintResult {
} else {
return &lint.LintResult{
Status: lint.Error,
Details: fmt.Sprintf("subject:emailAddress was present and containted %d names (%s)", len(c.EmailAddresses), c.EmailAddresses),
Details: fmt.Sprintf("subject:emailAddress was present and contained %d names (%s)", len(c.EmailAddresses), c.EmailAddresses),
LintMetadata: lint.LintMetadata{},
}
}
Expand Down
2 changes: 1 addition & 1 deletion v3/lints/cabf_smime_br/lint_subscribers_shall_have_crl_distribution_points.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ func NewSubscriberCrlDistributionPoints() lint.LintInterface {
}

func (l *SubscriberCrlDistributionPoints) CheckApplies(c *x509.Certificate) bool {
return util.IsSubscriberCert(c)
return util.IsSubscriberCert(c) && util.IsSMIMEBRCertificate(c)
}

func (l *SubscriberCrlDistributionPoints) Execute(c *x509.Certificate) *lint.LintResult {
Expand Down
5 changes: 5 additions & 0 deletions v3/lints/cabf_smime_br/lint_subscribers_shall_have_crl_distribution_points_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,11 @@ func TestSubscriberCrlDistributionPoints(t *testing.T) {
InputFilename: "smime/subscriber_no_crl_distribution_points.pem",
ExpectedResult: lint.Error,
},
{
Name: "na - certificate has no SMIME BR policy",
InputFilename: "smime/with_subject_alternative_name_no_br.pem",
ExpectedResult: lint.NA,
},
}
for _, tc := range testCases {
t.Run(tc.Name, func(t *testing.T) {
Expand Down
103 changes: 73 additions & 30 deletions v3/testdata/smime/multiple_email_present.pem
View file
Original file line number Diff line number Diff line change
@@ -1,41 +1,84 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: ecdsa-with-SHA256
Issuer:
Serial Number:
12:72:7f:36:d1:7d:fd:a5:b0:ef:c2:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Lint CA, O = Lint, C = DE
Validity
Not Before: Oct 15 17:52:28 2023 GMT
Not After : Nov 30 00:00:00 9998 GMT
Subject:
Not Before: Sep 1 00:00:00 2023 GMT
Not After : Sep 1 00:00:00 2024 GMT
Subject: CN = Certificate, O = Lint, C = DE
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:cb:41:d2:58:66:06:29:c0:c8:bf:c9:20:76:7f:
49:a7:6d:2a:f1:f4:7f:36:4c:94:b4:91:ac:6d:76:
29:65:11:d0:34:0b:d5:d2:53:e0:dd:86:42:5b:ee:
37:ca:bb:a0:bc:be:73:7f:61:cb:45:af:8e:46:74:
ce:4b:9a:ff:a2
ASN1 OID: prime256v1
NIST CURVE: P-256
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:e2:6a:83:ec:f7:b5:f6:07:ae:41:84:4d:8c:
84:56:96:8a:9a:e3:f7:0d:d3:75:4e:a6:f9:08:e3:
76:88:07:01:bc:a5:21:3c:42:58:7a:bb:7f:ec:32:
64:41:cc:63:05:66:60:50:27:f3:b6:f6:7a:6b:a9:
9e:fe:7d:91:03:61:c2:28:04:41:28:97:19:3a:f6:
fb:63:58:50:6a:13:1a:20:26:66:b1:3a:40:6e:fe:
ca:54:c3:4f:32:81:cb:dc:dd:fe:75:5d:65:69:4f:
97:6d:86:26:4b:2d:a9:ff:e5:74:a2:08:e1:fd:b3:
71:f5:cd:f0:57:77:81:95:da:e8:cb:2a:e0:66:0c:
e7:c3:87:a9:e4:b5:45:3a:d2:d9:cf:6c:d2:b0:dc:
de:74:4d:aa:d1:af:4b:67:17:82:e6:be:fd:09:41:
7c:bf:1e:ab:08:4d:e6:bd:57:a7:a7:11:96:90:36:
4a:52:51:2c:a9:58:14:c5:7f:76:c4:30:64:16:7c:
bb:ca:b7:d3:e0:f1:e8:77:eb:67:c4:9a:2e:22:9a:
66:3f:eb:87:c2:33:f8:2f:07:8b:ee:c3:66:7c:eb:
64:68:40:30:8a:ae:67:4d:21:bd:ca:bf:a3:1f:9c:
b9:b7:d2:f1:d5:83:fd:4d:3d:e9:fd:30:04:a1:7a:
11:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:A4:9D:B9:7C:DF:CE:B5:81:51:9F:03:65:9F:73:7C:44:1A:08:3E:C5

X509v3 Subject Key Identifier:
0A:FA:B2:7F:15:CC:C7:54:B3:9B:57:4F:7E:F6:7A:3A:EA:22:C1:2C
X509v3 Extended Key Usage:
E-mail Protection
X509v3 Subject Alternative Name:
email:coolguy@coolplace.com, email:drumsolo@rockstar.org
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:46:02:21:00:90:32:cc:3f:a1:bf:31:e7:be:57:8f:a7:30:
33:bc:ed:2f:92:9a:7a:69:50:bc:7f:e1:72:aa:b1:25:1a:2e:
fe:02:21:00:c1:88:2d:90:b9:72:d4:03:12:c3:45:3a:b5:f3:
45:72:23:9c:65:73:b4:5e:50:cd:f6:bc:4c:a7:ba:8e:6d:b8
email:test+1@example.com, email:test+2@example.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.5.1.3

Signature Algorithm: sha256WithRSAEncryption
99:72:83:a4:dd:70:c4:88:b0:ae:b4:d9:49:8b:66:dc:45:cc:
3f:9b:a5:bd:da:b2:36:52:61:6c:8e:13:cb:4f:39:40:cb:d0:
2b:d4:b8:c5:d2:60:69:9b:85:0f:5b:69:8e:13:49:9f:d9:4b:
47:c6:35:d5:a0:e9:9b:e2:7c:9f:c9:d1:86:f1:23:83:52:c4:
b0:8d:2f:7f:83:8e:5a:7b:a7:cf:c2:f1:ea:94:1b:34:b1:0b:
ee:43:50:83:5f:89:e8:f8:e8:85:e0:94:e7:61:1b:bc:6e:64:
40:30:6a:8c:4a:eb:2c:57:a7:c2:cd:ec:d7:2a:40:9a:9d:95:
2a:38:e2:ed:e0:59:d9:75:92:74:7f:75:42:17:c7:bf:06:06:
4a:a3:6d:d2:ee:66:e3:8d:3a:74:08:5a:1e:e2:9f:68:2a:3b:
cc:76:b9:09:b8:2e:e4:48:44:2d:e9:7b:00:76:99:f6:65:38:
be:c5:dd:4e:f4:b5:94:71:59:45:6e:0b:cf:51:cd:bf:88:2f:
84:13:db:06:8b:7a:c6:de:d1:ba:c4:b9:a7:bf:c9:09:a5:7f:
fa:80:cd:61:62:e2:ef:0c:e8:bf:f9:10:e2:64:dc:fa:95:ed:
7b:21:15:88:b8:7a:b0:2e:5b:aa:db:20:0f:9a:da:eb:d3:90:
d6:66:4c:25
-----BEGIN CERTIFICATE-----
MIIBQTCB56ADAgECAgEDMAoGCCqGSM49BAMCMAAwIBcNMjMxMDE1MTc1MjI4WhgP
OTk5ODExMzAwMDAwMDBaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATLQdJY
ZgYpwMi/ySB2f0mnbSrx9H82TJS0kaxtdillEdA0C9XSU+DdhkJb7jfKu6C8vnN/
YctFr45GdM5Lmv+io1AwTjATBgNVHSUEDDAKBggrBgEFBQcDBDA3BgNVHREEMDAu
gRVjb29sZ3V5QGNvb2xwbGFjZS5jb22BFWRydW1zb2xvQHJvY2tzdGFyLm9yZzAK
BggqhkjOPQQDAgNJADBGAiEAkDLMP6G/Mee+V4+nMDO87S+SmnppULx/4XKqsSUa
Lv4CIQDBiC2QuXLUAxLDRTq180VyI5xlc7ReUM32vEynuo5tuA==
MIIDiDCCAnCgAwIBAgIMEnJ/NtF9/aWw78JWMA0GCSqGSIb3DQEBCwUAMC4xEDAO
BgNVBAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIz
MDkwMTAwMDAwMFoXDTI0MDkwMTAwMDAwMFowMjEUMBIGA1UEAwwLQ2VydGlmaWNh
dGUxDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAteJqg+z3tfYHrkGETYyEVpaKmuP3DdN1Tqb5CON2iAcB
vKUhPEJYert/7DJkQcxjBWZgUCfztvZ6a6me/n2RA2HCKARBKJcZOvb7Y1hQahMa
ICZmsTpAbv7KVMNPMoHL3N3+dV1laU+XbYYmSy2p/+V0ogjh/bNx9c3wV3eBldro
yyrgZgznw4ep5LVFOtLZz2zSsNzedE2q0a9LZxeC5r79CUF8vx6rCE3mvVenpxGW
kDZKUlEsqVgUxX92xDBkFny7yrfT4PHod+tnxJouIppmP+uHwjP4LweL7sNmfOtk
aEAwiq5nTSG9yr+jH5y5t9Lx1YP9TT3p/TAEoXoRzwIDAQABo4GhMIGeMB8GA1Ud
IwQYMBaAFKSduXzfzrWBUZ8DZZ9zfEQaCD7FMB0GA1UdDgQWBBQK+rJ/FczHVLOb
V09+9no66iLBLDATBgNVHSUEDDAKBggrBgEFBQcDBDAxBgNVHREEKjAogRJ0ZXN0
KzFAZXhhbXBsZS5jb22BEnRlc3QrMkBleGFtcGxlLmNvbTAUBgNVHSAEDTALMAkG
B2eBDAEFAQMwDQYJKoZIhvcNAQELBQADggEBAJlyg6TdcMSIsK602UmLZtxFzD+b
pb3asjZSYWyOE8tPOUDL0CvUuMXSYGmbhQ9baY4TSZ/ZS0fGNdWg6ZvifJ/J0Ybx
I4NSxLCNL3+Djlp7p8/C8eqUGzSxC+5DUINfiej46IXglOdhG7xuZEAwaoxK6yxX
p8LN7NcqQJqdlSo44u3gWdl1knR/dUIXx78GBkqjbdLuZuONOnQIWh7in2gqO8x2
uQm4LuRIRC3pewB2mfZlOL7F3U70tZRxWUVuC89Rzb+IL4QT2waLesbe0brEuae/
yQmlf/qAzWFi4u8M6L/5EOJk3PqV7XshFYi4erAuW6rbIA+a2uvTkNZmTCU=
-----END CERTIFICATE-----
84 changes: 84 additions & 0 deletions v3/testdata/smime/san_critical_non_empty_subject.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
a5:25:fe:a3:72:80:64:93:0e:84:f7:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Lint CA, O = Lint, C = DE
Validity
Not Before: Sep 1 00:00:00 2023 GMT
Not After : Sep 1 00:00:00 2024 GMT
Subject: CN = Certificate, O = Lint, C = DE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:3a:e1:f9:16:d6:e3:3e:72:90:6d:50:95:4b:
68:3e:5b:dc:29:48:b1:18:d7:9f:e9:70:89:55:de:
16:4a:35:02:71:7d:df:80:48:2b:e5:ba:47:0f:79:
b8:09:e2:2d:4a:de:6c:5f:dc:e7:c9:49:7f:46:49:
0e:fb:2e:49:53:3f:eb:67:04:f2:a1:1a:5b:e6:a6:
a2:ba:67:3a:1a:5e:93:c5:15:22:01:53:f8:12:99:
a8:13:2d:47:ae:c6:ff:4a:0e:62:24:da:91:76:eb:
f4:d6:af:97:3a:33:12:39:de:21:30:4f:7e:59:ba:
ca:42:b9:d8:84:ce:39:89:a7:2a:2e:3b:1e:e8:f0:
c0:e4:d7:5a:e8:82:d6:24:d2:ad:e3:cd:d0:57:88:
66:bb:e5:76:42:36:cf:e3:d1:3a:e8:11:35:f6:aa:
51:3c:70:53:a3:77:4c:bd:6d:f7:87:2a:b6:b8:50:
1b:4d:40:f5:c1:70:77:61:33:37:15:a5:b9:76:5e:
5c:1e:42:57:48:9f:ca:93:9c:63:56:37:41:b7:70:
da:c0:b0:01:88:2f:c4:07:60:e2:ca:64:5c:1f:d3:
21:2e:f8:93:91:20:39:17:1a:32:6f:8d:11:6c:ff:
60:88:cd:79:7d:93:08:2d:3b:c5:23:27:71:a7:05:
bd:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:12:91:D7:AD:71:D6:1B:DC:F3:2C:5C:0C:FB:D3:92:17:F1:7A:E0:E3

X509v3 Subject Key Identifier:
10:3B:95:E5:0D:9C:A9:C6:6C:18:54:BE:E5:84:84:CD:01:F9:ED:5A
X509v3 Extended Key Usage:
E-mail Protection
X509v3 Subject Alternative Name: critical
email:test@example.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.5.1.3

Signature Algorithm: sha256WithRSAEncryption
91:2e:21:20:bf:02:06:78:43:d1:b6:d7:46:80:9a:0a:1e:50:
98:df:63:33:78:34:1a:2f:43:e7:06:2d:a3:a0:2c:20:98:fe:
dd:f7:51:63:d4:7f:0b:7a:0a:36:c8:a4:51:72:03:5c:b8:f9:
ff:d9:8b:6e:c1:9e:cd:fe:6e:dd:06:c7:dd:b7:5c:17:1c:8e:
db:2a:e4:40:37:fa:8a:c4:4c:14:59:50:bc:4c:32:11:0d:64:
b1:7b:7f:6b:1b:90:bb:96:76:c1:41:88:06:d3:97:d2:c5:7b:
e6:04:e7:db:b8:53:5e:aa:40:c4:02:92:42:12:34:9d:30:96:
bb:c8:b3:29:07:03:d1:9a:10:91:98:56:2e:3c:c9:d8:40:f5:
02:e0:27:03:1d:10:19:ff:21:3b:b3:32:a5:09:ae:1f:b7:31:
6f:9e:0f:75:06:31:82:df:f4:94:06:07:d6:3f:e8:9c:e2:a6:
bc:35:b7:76:b4:7e:b2:5b:b5:ef:a1:5d:1c:36:6b:ce:61:33:
e6:e1:04:21:6e:d0:90:41:15:3f:4f:66:d1:84:2f:09:46:6a:
76:dd:d8:0d:92:a3:51:1c:e5:c2:ac:e0:33:f1:10:94:0e:d4:
79:5b:30:66:e2:db:dd:a5:78:47:33:76:73:38:d3:3e:8f:1d:
2f:52:eb:b7
-----BEGIN CERTIFICATE-----
MIIDdjCCAl6gAwIBAgINAKUl/qNygGSTDoT3fzANBgkqhkiG9w0BAQsFADAuMRAw
DgYDVQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0y
MzA5MDEwMDAwMDBaFw0yNDA5MDEwMDAwMDBaMDIxFDASBgNVBAMMC0NlcnRpZmlj
YXRlMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBALk64fkW1uM+cpBtUJVLaD5b3ClIsRjXn+lwiVXeFko1
AnF934BIK+W6Rw95uAniLUrebF/c58lJf0ZJDvsuSVM/62cE8qEaW+amorpnOhpe
k8UVIgFT+BKZqBMtR67G/0oOYiTakXbr9NavlzozEjneITBPflm6ykK52ITOOYmn
Ki47HujwwOTXWuiC1iTSrePN0FeIZrvldkI2z+PROugRNfaqUTxwU6N3TL1t94cq
trhQG01A9cFwd2EzNxWluXZeXB5CV0ifypOcY1Y3Qbdw2sCwAYgvxAdg4spkXB/T
IS74k5EgORcaMm+NEWz/YIjNeX2TCC07xSMncacFvXMCAwEAAaOBjjCBizAfBgNV
HSMEGDAWgBQSkdetcdYb3PMsXAz705IX8Xrg4zAdBgNVHQ4EFgQUEDuV5Q2cqcZs
GFS+5YSEzQH57VowEwYDVR0lBAwwCgYIKwYBBQUHAwQwHgYDVR0RAQH/BBQwEoEQ
dGVzdEBleGFtcGxlLmNvbTAUBgNVHSAEDTALMAkGB2eBDAEFAQMwDQYJKoZIhvcN
AQELBQADggEBAJEuISC/AgZ4Q9G210aAmgoeUJjfYzN4NBovQ+cGLaOgLCCY/t33
UWPUfwt6CjbIpFFyA1y4+f/Zi27Bns3+bt0Gx923XBccjtsq5EA3+orETBRZULxM
MhENZLF7f2sbkLuWdsFBiAbTl9LFe+YE59u4U16qQMQCkkISNJ0wlrvIsykHA9Ga
EJGYVi48ydhA9QLgJwMdEBn/ITuzMqUJrh+3MW+eD3UGMYLf9JQGB9Y/6Jziprw1
t3a0frJbte+hXRw2a85hM+bhBCFu0JBBFT9PZtGELwlGanbd2A2So1Ec5cKs4DPx
EJQO1HlbMGbi292leEczdnM40z6PHS9S67c=
-----END CERTIFICATE-----
84 changes: 84 additions & 0 deletions v3/testdata/smime/san_non_critical_non_empty_subject.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d9:5e:b1:0b:f4:53:78:a3:2c:2b:e4:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Lint CA, O = Lint, C = DE
Validity
Not Before: Sep 1 00:00:00 2023 GMT
Not After : Sep 1 00:00:00 2024 GMT
Subject: CN = Certificate, O = Lint, C = DE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:ec:e8:16:c2:1b:e3:b3:e8:3d:f0:73:cb:cc:
a3:b1:3f:f8:55:15:39:1d:9b:a9:a2:bb:75:6e:1c:
14:67:2b:c7:ee:0b:a8:b2:39:43:07:9b:87:20:10:
f9:25:69:a9:7f:9b:6a:a7:29:02:50:0d:bd:6a:cf:
02:7c:4f:ee:5a:4b:64:8f:ec:7e:0e:f6:ed:43:19:
45:90:0b:24:bd:21:44:fb:c5:ac:53:45:a8:8f:06:
29:aa:30:a9:0d:39:96:3b:70:db:d0:ed:20:c4:76:
e9:82:84:db:da:6f:47:bc:8c:81:0d:a3:fc:44:de:
26:6d:a3:9a:77:02:d9:e3:3f:e7:d6:3b:48:78:ae:
ef:28:24:86:5c:ed:b8:c9:19:27:0a:74:c4:78:67:
8c:2d:03:52:93:3b:db:50:2c:9b:79:26:8a:28:c7:
7c:ce:51:61:0a:74:23:d1:9f:46:38:f0:92:05:8c:
bd:65:16:84:c5:b2:57:b1:18:da:2e:e9:9d:61:5b:
e8:e4:6b:1e:dc:83:34:29:b2:f6:dd:84:9b:34:9c:
89:25:c2:7d:6b:d9:e0:7f:e1:1b:01:2e:24:6c:10:
e9:5d:65:b6:dc:98:df:0d:9e:cc:3a:c5:1c:f0:a2:
1d:1d:87:6a:93:5d:20:9f:a8:99:50:d1:3d:c1:76:
ef:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:82:47:6E:7B:80:A2:D7:EF:09:C0:78:96:E6:FA:8F:CB:22:CE:2F:E1

X509v3 Subject Key Identifier:
00:8D:17:3A:96:01:4F:C3:10:D7:34:B5:9A:3A:AB:FF:3B:EC:74:94
X509v3 Extended Key Usage:
E-mail Protection
X509v3 Subject Alternative Name:
email:test@example.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.5.1.3

Signature Algorithm: sha256WithRSAEncryption
70:f3:65:58:f4:3f:c8:77:b1:a1:8b:88:51:5a:0e:6a:65:e6:
c0:c6:15:fa:8d:c3:74:cd:73:3b:02:a6:04:a7:d0:08:a4:44:
ea:c4:23:89:05:be:9e:24:ca:d8:2c:6a:b7:7c:c3:54:d5:13:
d2:78:f3:36:37:80:7c:21:48:d3:9e:a9:8c:e0:d8:81:5a:5f:
93:d7:99:14:31:28:95:dc:26:0c:11:a8:b7:9b:a4:48:5b:12:
c4:31:b6:75:ee:a8:5e:83:f8:2c:b5:dd:46:ee:86:b0:ac:64:
e8:31:c0:c2:ac:bc:99:2d:1e:6a:e0:49:5a:cf:a7:22:9c:3b:
52:9b:28:41:f3:32:d2:2d:72:de:41:5d:80:d6:d9:36:f1:6a:
f9:21:a0:9a:17:31:e6:97:1a:56:d0:ad:55:e3:70:0f:58:bf:
1a:15:8b:4f:78:32:28:44:cb:82:2d:c0:7b:70:11:92:5b:da:
80:92:90:e6:ce:89:7a:b6:3d:c4:bb:20:a9:29:ff:dd:8d:9c:
9f:02:7d:08:ff:51:55:6b:dd:54:eb:ca:18:97:70:5e:63:18:
13:8d:7c:cb:9b:c3:77:05:48:a9:80:7d:f6:cf:8a:4f:97:5f:
3e:90:18:85:53:05:da:07:8f:d0:34:f2:54:b0:51:33:2e:b4:
3d:79:f5:d8
-----BEGIN CERTIFICATE-----
MIIDczCCAlugAwIBAgINANlesQv0U3ijLCvkmzANBgkqhkiG9w0BAQsFADAuMRAw
DgYDVQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0y
MzA5MDEwMDAwMDBaFw0yNDA5MDEwMDAwMDBaMDIxFDASBgNVBAMMC0NlcnRpZmlj
YXRlMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBALTs6BbCG+Oz6D3wc8vMo7E/+FUVOR2bqaK7dW4cFGcr
x+4LqLI5QwebhyAQ+SVpqX+baqcpAlANvWrPAnxP7lpLZI/sfg727UMZRZALJL0h
RPvFrFNFqI8GKaowqQ05ljtw29DtIMR26YKE29pvR7yMgQ2j/ETeJm2jmncC2eM/
59Y7SHiu7ygkhlztuMkZJwp0xHhnjC0DUpM721Asm3kmiijHfM5RYQp0I9GfRjjw
kgWMvWUWhMWyV7EY2i7pnWFb6ORrHtyDNCmy9t2EmzSciSXCfWvZ4H/hGwEuJGwQ
6V1lttyY3w2ezDrFHPCiHR2HapNdIJ+omVDRPcF27/cCAwEAAaOBizCBiDAfBgNV
HSMEGDAWgBSCR257gKLX7wnAeJbm+o/LIs4v4TAdBgNVHQ4EFgQUAI0XOpYBT8MQ
1zS1mjqr/zvsdJQwEwYDVR0lBAwwCgYIKwYBBQUHAwQwGwYDVR0RBBQwEoEQdGVz
dEBleGFtcGxlLmNvbTAUBgNVHSAEDTALMAkGB2eBDAEFAQMwDQYJKoZIhvcNAQEL
BQADggEBAHDzZVj0P8h3saGLiFFaDmpl5sDGFfqNw3TNczsCpgSn0AikROrEI4kF
vp4kytgsard8w1TVE9J48zY3gHwhSNOeqYzg2IFaX5PXmRQxKJXcJgwRqLebpEhb
EsQxtnXuqF6D+Cy13UbuhrCsZOgxwMKsvJktHmrgSVrPpyKcO1KbKEHzMtItct5B
XYDW2TbxavkhoJoXMeaXGlbQrVXjcA9YvxoVi094MihEy4ItwHtwEZJb2oCSkObO
iXq2PcS7IKkp/92NnJ8CfQj/UVVr3VTryhiXcF5jGBONfMubw3cFSKmAffbPik+X
Xz6QGIVTBdoHj9A08lSwUTMutD159dg=
-----END CERTIFICATE-----
Loading

0 comments on commit f830602

Please sign in to comment.