• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1This repository contains data used in various tests :
2- ca-cert.pem: Root CA certificate
3
4- ct-server-key-public.pem: Public Key of a test Certificate Transparency log
5
6- cert.pem / cert-key.pem: Certificate issued by ca-cert.pem, and its private key
7
8- cert-ct-poisoned.pem: Same certificate as cert.pem, but with an extra CT Poison extension
9
10- cert-ct-embedded.pem: Same certificate as cert.pem, but with an embedded signed certificate
11    timestamp signed by the test CT log
12
13- ct-signed-timestamp-list: TLS-encoded SignedCertificateTimestampList containing one SCT for
14    cert.pem signed by the test CT log
15
16- ct-signed-timestamp-list-invalid: TLS-encoded SignedCertificateTimestampList containing one SCT
17    signed by the test CT log, but for another certificate
18
19- ct-signed-timestamp-list-unknown: TLS-encoded SignedCertificateTimestampList containing one SCT
20    for cert.pem, but signed by a different log
21
22- ocsp-response.der: OCSP response for cert.pem, containing an SCT for cert.pem signed by the test
23    CT log
24
25- ocsp-response-sct-extension.der: The extension from ocsp-response.der which contains the SCT
26
27
28For blocklist testing:
29- test_blocklist_ca_key.pem: Private key for blocklisted CA
30
31- test_blocklist_ca.pem: Certificate for blocklisted CA
32Generate with:
33    openssl req -x509 -new -subj "/CN=blacklist test CA" -days 3650 -key test_blocklist_ca_key.pem -out test_blocklist_ca.pem -nodes
34
35- test_nonblocklist_ca_key.pem: Private key for non-blocklisted CA
36
37- test_nonblocklist_ca.pem: Certificate for non-blocklisted CA
38Generate with:
39    openssl req -x509 -new -subj "/CN=Test CA" -days 3650 -key test_nonblocklist_ca_key.pem -out test_nonblocklist_ca.pem -nodes
40
41- test_leaf.csr: CSR for leaf certificate
42Generate with:
43    openssl req -new -subj "/CN=leaf" -out test_leaf.csr -nodes
44
45- test_intermediate.csr: CSR for intermediate certificate
46Generate with:
47    openssl req -new -subj "/CN=intermediate" -out test_intermediate.csr -keyout test_intermediate_key.pem -nodes
48
49- test_leaf_blockedroot.pem: Leaf cert signed by blocked root CA
50Generate with:
51    openssl  req -days 3650  -in test_leaf.csr -out test_leaf_blockedroot.pem -CA test_blocklist_ca.pem -CAkey test_blocklist_ca_key.pem -nodes
52
53- test_leaf_intermediate.pem: Leaf cert signed by intermediate CA
54Generate with:
55    openssl  req -days 3650  -in test_leaf.csr -out test_leaf_intermediate.pem -CA test_intermediate_blockedroot.pem -CAkey test_intermediate_key.pem -nodes
56
57- test_intermediate_blockedroot.pem: Intermediate cert signed by blocked root CA
58Generate with:
59    openssl  req -days 3650  -in test_intermediate.csr -out test_intermediate_blockedroot.pem -CA test_blocklist_ca.pem -CAkey test_blocklist_ca_key.pem -nodes
60
61- test_intermediate_nonblockedroot.pem: Intermediate cert signed by non-blocked root CA
62Generate with:
63    openssl  req -days 3650  -in test_intermediate.csr -out test_intermediate_nonblockedroot.pem -CA test_nonblocklist_ca.pem -CAkey test_nonblocklist_ca_key.pem -nodes
64
65- blocklist_test_valid_ca.pem: non-blocklisted CA cert
66Generate with:
67    cp test_nonblocklist_ca.pem blocklist_test_valid_ca.pem
68
69- blocklist_test_chain.pem: Test chain with a valid leaf signed by a blocklisted CA
70Generate with:
71    cat test_leaf_blockedroot.pem test_blocklist_ca.pem > blocklist_test_chain.pem
72
73blocklist_test_valid_chain.pem: Valid cert chain - leaf signed by intermediate cross-signed by both CAs
74Generate with:
75    cat test_leaf_intermediate.pem test_intermediate_blockedroot.pem test_intermediate_nonblockedroot.pem test_blocklist_ca.pem test_nonblocklist_ca.pem > blocklist_test_valid_chain.pem