diff --git a/debian/rules b/debian/rules
index b35fe67a5..681ccd799 100755
--- a/debian/rules
+++ b/debian/rules
@@ -6,6 +6,3 @@ DEB_MAKE_CHECK_TARGET = test
override_dh_builddeb:
dh_builddeb -- -Zgzip
-
-override_dh_auto_test:
- DEB_BUILD_OPTIONS=parallel=1 dh_auto_test
diff --git a/test/TSLTests.cpp b/test/TSLTests.cpp
index c36cd3892..af93e490e 100644
--- a/test/TSLTests.cpp
+++ b/test/TSLTests.cpp
@@ -28,9 +28,9 @@ class TSLFixture: public DigiDocPPFixture
{
public:
TSLFixture()
+ : DigiDocPPFixture{boost::unit_test::framework::master_test_suite().argv[
+ boost::unit_test::framework::master_test_suite().argc - 3]}
{
- copyTSL(boost::unit_test::framework::master_test_suite().argv[
- boost::unit_test::framework::master_test_suite().argc - 3]);
digidoc::initialize("untitestboost");
}
};
diff --git a/test/data/EE_T-good.xml b/test/data/EE_T.xml
similarity index 93%
rename from test/data/EE_T-good.xml
rename to test/data/EE_T.xml
index 216b41f69..7e1f58847 100644
--- a/test/data/EE_T-good.xml
+++ b/test/data/EE_T.xml
@@ -1,7 +1,7 @@
5
- 9
+ 22
http://uri.etsi.org/TrstSvc/TrustedList/TSLType/EUgeneric
Information System Authority
@@ -75,7 +75,7 @@
- 2023-11-09T13:24:24Z
+ 2024-03-21T11:03:51Z
2027-08-20T21:00:00Z
@@ -431,7 +431,7 @@
-
+
@@ -555,7 +555,7 @@
http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted
2016-06-30T22:00:00Z
- http://demo.sk.ee/tsa/
+ http://tsa.demo.sk.ee/tsa
@@ -588,7 +588,7 @@
http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted
2020-11-30T21:00:00Z
- http://demo.sk.ee/tsa/
+ http://tsa.demo.sk.ee/tsa
@@ -1197,11 +1197,11 @@
- MIIDeDCCAmCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAnMQswCQYDVQQGEwJFRTEYMBYGA1UEAxMPbGliZGlnaWRvY3BwIENBMB4XDTE0MDMyMzIzMTM0OVoXDTI0MDMyMDIzMTM0OVowKjELMAkGA1UEBhMCRUUxGzAZBgNVBAMTEmxpYmRpZ2lkb2NwcCBJbnRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN6EPZ6Dg8D+VjK6lakSh1MdZzuunt0p/5EEJEW/wNJIPFK4CWTMDvYD1aiVP7Kh+WmJV+l3lck0vAyPUnPjXQrbucz0V+1DaBhOnairMhK04gJ2fYktNr90atyz/mQJroiyHdncToeW7iSbro8d2P9BSLfIM6o/yjNasYAWfcrG4/biGTYW/YqN2fad605T8tLYgReNET84qFQV4L34mUdY8PLDg/kaJL6iYC337u5UfNl6qEdg1zU/8jD1c1YPL1duF+J2JK3YbLizjKkBAQRGpY3Emk984lV6fQBfgCEwbO1yecOXL9jFXIGp9aZNjVLtQuPu/Yfz120rMx8qlEcCAwEAAaOBqzCBqDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUWp//2G24RVxM2GM5/6mJ9lYq2PEwHwYDVR0jBBgwFoAUPsJJGbvIsF9JdKFutxdtIX28DAgwRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilodHRwOi8vd3d3Lm9wZW54YWRlcy5vcmcvY2dpLWJpbi9vY3NwLmNnaTANBgkqhkiG9w0BAQUFAAOCAQEARxDvfF4LvUlAHhxzOEygk+gFishTUrzsaaZ9NFgo7yLrejjyzM3RRZQTkFfru9Xr0DmxCfh4pgFBHlW4csDmufQOFTtJTf3Qvuh+EnM+WGtMsNZaHwuEpVlI64WYgbM1UOD71BswvJ/drZ6b0xmlJQwjLMn6f8ET10w+eTcWF2rPfaod8Rj0JPSJPPLYm6FOgJzHuB3p4h+uBx2kh1a64PD3/jGvz8r2ZUHXdkQD+mz6UJPj6cxsmzcTu3k1RVX+kPgjQvJ6PjQQJyAL3UGYIb0cYZIcEZ3gHErtZ9HQS2zJXtlMrlnpwAWi3xiw015hz4KyPJvQOKxyX2/TIatCpA==
+ MIIDlDCCAnygAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAnMQswCQYDVQQGEwJFRTEYMBYGA1UEAwwPbGliZGlnaWRvY3BwIENBMB4XDTI0MDMyMTA4NTMwM1oXDTM0MDMxOTA4NTMwM1owKjELMAkGA1UEBhMCRUUxGzAZBgNVBAMMEmxpYmRpZ2lkb2NwcCBJbnRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpa+AtGOhIowDu1hgCNqesMso8LwNzejtfycaCv/z6R9VItzUT5wy2eS0OuWTf/tc85Az+4fcTT8Li43+S8RvDPT33CgBX/cqPCB2gawolvWB1B2Z7LTEsfSyEYVLLZXRU1HhG7k8bEaor03EgtBjk0dPJ0sxwjU+DupkyZvAEYnHPM3HQc+ch5ME6sy7S3PW1JbeToY22Gb3DhNjnhg+5PvI7ua6Xf5p2k2/kbMMleB7cmry1ey4zoMGFLX10kc7uFa4cUK9TUaVC4SCURxFwuCWgxk08mNnep5wkO7NqP3dmTET+X9Yy0GxfLDYY98w1LoyG35NiQLThY/9sqMD0CAwEAAaOBxzCBxDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAqBgNVHSUBAf8EIDAeBggrBgEFBQcDCQYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRnJP4MRxCCxQkHg84xw6GUH8k4xTAfBgNVHSMEGDAWgBQJ5lj7S/XbJbvD4vbGkFf26JV4IDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9kZW1vLnNrLmVlL29jc3AwDQYJKoZIhvcNAQENBQADggEBAKo6iC3MY97RI3Di0tyeGKGw/Ep2hW8yzr2tVrHGdhSz4jUV9apb4145szmBP9IY32SU4yI0XYcgn+pyW6vcvoTE2k1QRNYOg6Lhkp401hYIMngByydvEAyeVUusIffZH2qE5kFpZJdElmRntIP0EMAF0zCNlkt5blm407dNoGXzBFagcAAXFDgmTGEMHjb4ptV5NOksRSM3rqek/V2X7flkFjuYmPGCSjJSyKWPtis6XxUkeJwjLJlHSJ2BQP2f65Lcnq0KgOp7cvZPkjegHEczMFknZ2Vd3oNxkV3M/EaQMafbZj6nCUB9rML3CViOq5P4AIBkXb6ak7X0DrmZIr4=
http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted
- 2010-03-31T09:17:00Z
+ 2024-03-21T08:53:03Z
https://sk.ee/en/repository/CP/
https://sk.ee/repositoorium/CP/
@@ -1224,7 +1224,7 @@
-
+
@@ -1254,16 +1254,82 @@
+
+
+
+ Information System Authority
+
+
+ RIA
+
+
+
+
+ Pärnu maantee 139a
+ Tallinn
+ Harjumaa
+ 15169
+ EE
+
+
+
+ https://www.ria.ee
+ mailto:info@ria.ee
+
+
+
+ http://www.sk.ee/en/repository/CPS
+
+
+
+
+
+ http://uri.etsi.org/TrstSvc/Svctype/TSA/QTST
+
+ TEST of RIA TIMESTAMPING AUTHORITY 2018 G1 PROOV 1
+
+
+
+ MIIFCjCCAvKgAwIBAgIIOTmoMM25tyUwDQYJKoZIhvcNAQEMBQAwdTELMAkGA1UEBhMCRUUxJTAjBgNVBAoMHEluZm9ybWF0aW9uIFN5c3RlbSBBdXRob3JpdHkxJDAiBgNVBAMMG1RFU1Qgb2YgUklBIFJPT1QgQ0EgMjAxOCBHMTEZMBcGCSqGSIb3DQEJARYKcGtpQHJpYS5lZTAeFw0xOTA3MTYwNzUyNTZaFw0zODA0MTQxMjA4MjZaMIGoMQswCQYDVQQGEwJFRTEVMBMGA1UECAwMSGFyanUgQ291bnR5MRAwDgYDVQQHDAdUYWxsaW5uMSUwIwYDVQQKDBxJbmZvcm1hdGlvbiBTeXN0ZW0gQXV0aG9yaXR5MQwwCgYDVQQLDANUU0ExOzA5BgNVBAMMMlRFU1Qgb2YgUklBIFRJTUVTVEFNUElORyBBVVRIT1JJVFkgMjAxOCBHMSBQUk9PViAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwKPfXSFMJRX5/cuk950lQVN2y1dNESggm8m11D05VKAlOdor9fZO2aGVToMGqDcOa6FRH/fbdKuRN4LDJsbTiysKdlqAfoOqioOgnqu6HUt3TQztaSauqqduKKwLSNXQuN7T0/B6sTtNKlzuCtv8kwnxQVrAjPTRGx+0NIM5zxYyni0HXB+lp+w+ToG/l3s29lC5VeCnUPcYM5xtC+KsSvRRKmKI8dDK5l20v5RgmowIxP0McyhmhcGf+WbI01nq5ptEn8cFoJVwu8gcMDfLC6aRgEr+ag8G+l6pHLRiiNH+kjSFPQreDcCGcHbRKOqNT4SbwYeccZI5fpNLW7bywIDAQABo2owaDAfBgNVHSMEGDAWgBQ+6250UdpSNA6ZgOO3z9/uQysKVDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAdBgNVHQ4EFgQUgN06mzzCFCX8ThslsRNc1HnNcsswDgYDVR0PAQH/BAQDAgbAMA0GCSqGSIb3DQEBDAUAA4ICAQBHin1fKyM2t4J21djwjqDXROpYh7XncZDiUdAXGLlHnXI/wRG+x6ttWj/MjxsTeUGJrKuibsBIQDV4kWRNKoCt4zDOyDM11p3jg9oA325xad7cXcHOrRY7flbvFTB8jlKXHgrSdyfha8Cq7BJScepS2lELXLZ2ZziXXRdFxTpGzxdPqGKUB7tzpc6IIWEmcTOBTLXL/t2j6fZpLJKBihY74h+/16UxG3cXZa3E0BFkAeycm7XsbmS96XOmj2i/g2rKri7mztsS+WdFc++Awh1AvQiE9x5i0T/16nlJajsd6eJCBb2Nv/JlHqhmymDslmdiMSG1GMoHeQjTxLd197F3tz4TkVhEbcb6+tTgHn5nlSgk7W14hRqhv+9stBNt6d5ikdX01MugM8Iah7zGZKe35I+OUu3VKg8yDQFa2JItjIgvqcDTQKJ8cSep32YcIb/WFENRRfDocQQjai9PlJ7tvLbj17Z6fEe4M/mZAQnM3Lmw9rzz4OiOk8CrQAxJULeNOT0amKL8Hvsms5YKhahP6+PkU+bez+Cj2lV25rXVLfWYU5qKzd+aps6xHatR5HLJ13+aasJ4yYJ0AUXeUrbOb+KCFWzuIrKCDskoUAhIwVIr2tUQSeP65jBYurgsVtCi7IB7OSdaEjA7UTzyNurLKp81NEAOtp5zTRKwsraFMw==
+
+
+ http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted
+ 2019-07-16T08:00:00Z
+
+ http://tsa.test.riaint.ee/
+
+
+
+
+
+ http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC
+
+ TEST of RIA OCSP RESPONDER 2019 G1
+
+
+
+ MIIE+DCCAuCgAwIBAgIIE2M27fGPKnowDQYJKoZIhvcNAQEMBQAwdTELMAkGA1UEBhMCRUUxJTAjBgNVBAoMHEluZm9ybWF0aW9uIFN5c3RlbSBBdXRob3JpdHkxJDAiBgNVBAMMG1RFU1Qgb2YgUklBIFJPT1QgQ0EgMjAxOCBHMTEZMBcGCSqGSIb3DQEJARYKcGtpQHJpYS5lZTAeFw0xOTA5MDQxMjM4MDRaFw0zODA0MTQxMjA4MjZaMIGZMQswCQYDVQQGEwJFRTEVMBMGA1UECAwMSGFyanUgQ291bnR5MRAwDgYDVQQHDAdUYWxsaW5uMSUwIwYDVQQKDBxJbmZvcm1hdGlvbiBTeXN0ZW0gQXV0aG9yaXR5MQ0wCwYDVQQLDARPQ1NQMSswKQYDVQQDDCJURVNUIG9mIFJJQSBPQ1NQIFJFU1BPTkRFUiAyMDE5IEcxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKu3S/omS09qV59HtnFVGFtN7lOc84QZi3LsZwVjFunnWPN1Kxe/wbmR8VK8vTbS6IUe0PKzoMui6NcZIH0wJwLV3CeaXZtbpQ8Sl1ZYTd9ks6907RKLHRW9lDuu8dBwAe7xOlfJS7/cyTQO0z5475CtIOt0fODwU1mcjebXegZPqVlzUpqaRbM1ONgsOK4dSO04+MmGpFsluXt5HfaA6O5jggKG6SiTOLSIpJeaM6T4K284Mx+1+Pfl0NR+evt+vELJonmvTfxViYoEa2T8HNqHJZxMb78X8IDJGZ/Hvp3MTJ+2XDZLNHeSx3Kdy/A18HdUGgAM37xchtgGzJsZvQIDAQABo2cwZTAfBgNVHSMEGDAWgBQ+6250UdpSNA6ZgOO3z9/uQysKVDATBgNVHSUEDDAKBggrBgEFBQcDCTAdBgNVHQ4EFgQUPa7zIV4ioQssO0Djiso9ccTnktwwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBDAUAA4ICAQBRGOnbtqMQHIR85CSsjITJMv4YVqvzq1Dmm2K12I4vKMsLW8VFgCBCmeh5KtJCrTYnWJJbLDZj3EACA1pWLOQXAfMuqDu5aYZ9Uvvx7bR4CiOaPoSImjLZnYeo5IbwgFE8/yHNcaXjNmnwNYnfbvLYG8aY+qoOHrs63tj5HQL2po3N1B9BOKuYRA1zenYRyqpUYF1ZV2zYDzw2en7x8ZnZHUEln2a0rGWp2KHwH63lI+MiWpOa8yMC3Nzm9ZIpLw49u7U0+Vu2at9Lf6Cb+7aMrwdsfVuLrDVBf6AQmBSvLPZQTZa2SvdUoPNrT3mFpR1gjZRu+W4XVtikm+iSVN3dQX3lT4ycC+jwGEo7QA+N3+UZJR9A7h1Bz0jqF4g5zKRUtvxRsyMbP8pnIvDEThSHzBkr64t9nchdqlpgNruMCMQZWnoosqd6PSYlgef7W7OOhkxKTsTaUayzXR9QMH7QrSwMuq9DoOKaQlOTTfxrfLcCaoRP8fwUkE3hqqdCBnzhtnadYG0KgYnDu4mMkqTvsBOFU/EooE6aUdLScPQZ2ReLI/hAwm2G8rEqwGlS/Jun7l8moHK3ZoQUeoi56h+Hx2Dj0UqZ+Ph2KVs+zi4T28dPEqIbISBX/1hQXempPHbMNw5EIYPidlFLzovoc1aYgRWNcbimUEWaIZM2YLW9eQ==
+
+
+ http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted
+ 2019-09-04T13:00:00Z
+
+ http://ocsp.test.riaint.ee/
+
+
+
+
+
-ZKNt0kwffw26YK4Jmmpu7rR5744wgR/l/zl3l4ZtC08=7YzVcyCmZ2mNh1ziIJzW/CAdgBEyavP+HlRJairNCsM=qgUsqlum/+IzvabugGEwulZhLMaJZn+RKmLFCMtgRfzlfHviikpHVbmH8Mpbz1vGOGCMdBrFH38h
-2d7OuziDjy9IUwGFOR85y4SJ0djc1XSVHEnA0ph+rXva/E+EiRA9WuhX5nQusT8WgH+JO5Oez+LZ
-9LWw3Qkoo5aeYDTLV56YWwY73lbdtlJTkPfJuv2GoASijTq9ZvQrpwm9pX9yQorGwkLa4qlGYwme
-Z85nLvxZbAMQHKLSxULjEVQHB/XXv/HQklAuWdKs6Og1sQn2a8t+w2P7icDwYy47LwOxHoYTsG4U
-lIwzTHGuHe3fTGd1qdRMWnB8kN7ud1duQi8fE6a/O8eLTX55XBkfCSFm854Pjce46sKT+F3bbPfg
-oCi4+2lE8SArywNd334ID8lyAHZ1T/H+IALDPDt8coojgGo4//8ai3TZijKKTK8uMSAR6FiM5mre
-KhSGTEcd6ZxjjqE4Jbr6PbNGYkajiGGkQHXZ5Zt5+yEHYf46A3rtoMRuZl2AnkHmRovWJ/RhD7C5
-wmsEOOfMsW6gnsih0TGjsPSowX3jAPGwLhyoAkhqzuwCBcrlQIef7Y7jz0covSoz3PD28MfSzVDv
-IMEAm1NrQeR+qUhqATQg/nLem1xqbPB2ZPczqSY43IBVO3zBdPCvarsHDDaTuDS53Jpgkx28kTY=MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UE
+ifP2HqsI3ZF/3+MzWdfwKAXKD1E/XzUXeXvEi/sWoCs=2sBtWB0E5DK0Hr21H7CLSUCs8Ku2xoSB8uvylB2LEwI=Mq0gJOd3Rm6kCMfg7JVLxBAXnEAHRqdNSua95o3XEakEJZ2yA7H5HT2v3xZ97JqMw5CnZgb4cYTh
+OE/Y9MAnDnkD8KHM5P7aY3TUzE0Lo5H0qBy3zBf+G8nnosli38BMEas38ZyzZAYF9A6i/x3BlAJi
+MzwiAabwmjwp4QM0QVYedEoqywKe2CRd0wkzx9572zz5ed08uMH8DM7QieHbpetbnmCMrQDWVehy
+qCKGkibwWgWt+HIjcVx63gSRZc8Tu2PyHK/46iK70D1lU0QDc4LCV9Itqb5F8WqruFG51aU7DPg1
+KLkR06hGOMamJzmM2DnQKPsPQ/XOUemMGOeXnYpZQ8zdXAOH9bsKBfgkb8ZIE+OM836i8atmQVP2
+RTzIReOmGgBjmvhhrKgxLYh0Rl8wZjmQsxh+JEkVPu1Dgu0z/KFTrXXjUiVpSTTkPL8BT6WjeLkz
+UJZQVULUimRL+rSUAtNKLMa5dMM2lClpiWbV6ZUhwT5Gbw871emydC7lBPgkfGZS7c0EVZjm9wkJ
+t6OSLOwFlpzD8MRtCeLlJQBtUuv5SMvevlMt19mtrY7iPCbQ+0lIxIuXp7IYLU58gfTDejzmV6/4
+qwCQmvI5sftzZVz/efazkjmIEqHZPC7yEpunN+T8Z/BHx4UE2p7cHcJ9pp8GQjbTLPKYIxB+rvY=MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UE
AwwIVGVzdCBUU0wwHhcNMTgxMTE1MTI1MjU1WhcNMjgxMTEyMTI1MjU1WjAgMQswCQYDVQQGEwJF
RTERMA8GA1UEAwwIVGVzdCBUU0wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDfFK0f
YeGrdngMZXZndDEpcl9pjGGNpbie3+ch5mDqObUe+OL45b4+SfPapriVRNBa+m5T1TuijP7Kb8sT
@@ -1284,4 +1350,4 @@ AzcmODU9uMRRBlGOWK8UQg05exc518heICmudSbgSyQLGqzVoI4kybhmBA3w93KEXJSXlnU7hBzo
YDP2d1g46Ay59UtvLycS1kxe0jVjxxRnh/f9aPbMwUYBzEC0naUzMeJtElHLHgW4HT6PLgFImgLL
Fh8dnYJUzn35wz10g3YBA61YUJuODpapKHixn/2X/t/8Vf1vqr/VwiwUglNQj+P78Fdb3T56JsYR
G1bdf6nz5dvv4qtLoG+OjPI/tiLjh2ktqaMjeVmlQFchy/C5Lr48d9IGmo+x2ECYSWVvwzxI7PIb
-YBI4oaPjh2zKIrz/AlY2RmqMMA==2023-11-09T11:24:24Znk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=CN=Test TSL, C=EE10086976385427474061
\ No newline at end of file
+YBI4oaPjh2zKIrz/AlY2RmqMMA==2024-03-21T09:03:51Znk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=CN=Test TSL, C=EE10086976385427474061
\ No newline at end of file
diff --git a/test/data/ca.crt b/test/data/ca.crt
index b8e125631..c2adc29cb 100644
--- a/test/data/ca.crt
+++ b/test/data/ca.crt
@@ -2,82 +2,81 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
- Signature Algorithm: sha1WithRSAEncryption
+ Signature Algorithm: sha512WithRSAEncryption
Issuer: C=EE, CN=libdigidocpp CA
Validity
- Not Before: Mar 23 23:13:46 2014 GMT
- Not After : Mar 20 23:13:46 2024 GMT
+ Not Before: Mar 21 08:52:59 2024 GMT
+ Not After : Mar 19 08:52:59 2034 GMT
Subject: C=EE, CN=libdigidocpp CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:cf:03:d5:3c:2b:fa:6f:c3:4f:47:75:1d:f6:21:
- d6:17:ee:f2:53:eb:91:92:59:80:ae:43:62:27:2c:
- 21:42:db:e9:b5:8e:e4:d9:3e:cf:a0:c5:5a:5d:fc:
- 91:c6:b9:38:e8:b1:57:01:85:3e:8d:df:77:0b:a5:
- 46:21:cb:70:47:1c:a6:fd:14:3d:90:cc:93:b7:bb:
- 3d:33:da:68:82:aa:db:44:9a:dc:c8:c2:3b:2b:96:
- 11:67:b5:98:c6:bc:6d:15:9f:3b:88:5d:c1:be:f5:
- 6c:66:50:04:97:92:5d:ef:d8:74:46:52:74:b0:1e:
- ba:83:e3:1a:df:90:8f:ae:e9:01:64:52:6c:2b:b1:
- 4f:bf:b8:ff:58:b8:dc:ef:20:bb:4a:87:aa:97:ad:
- b1:13:0e:46:61:49:a1:1a:84:64:94:c1:68:4c:b6:
- 4f:08:50:54:37:f0:c6:d2:af:b5:ed:3d:d9:af:83:
- 7d:d5:94:e3:21:e7:67:68:55:e3:ce:48:62:83:c4:
- 35:7e:fb:04:17:e8:ce:31:a4:48:f8:f0:9c:bc:be:
- 15:af:33:86:ae:3a:22:ac:4a:b8:44:bb:aa:dc:9d:
- 49:7c:13:74:f0:03:d5:b5:de:ca:e7:e0:c0:ba:13:
- d1:33:48:2d:0a:91:0d:8a:41:ef:66:56:f2:2b:99:
- 67:b1
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cd:ae:a8:f6:87:84:64:25:f9:b2:ac:56:72:24:
+ 49:37:27:e6:65:ad:3c:9d:2e:49:20:d1:d9:d5:b5:
+ e4:5b:a6:7c:b8:b5:17:e3:c8:1e:1d:28:19:4a:9c:
+ 03:02:b1:50:58:62:24:a4:80:9f:7b:4c:85:51:67:
+ 05:de:d2:27:1f:74:7c:18:58:18:8f:ad:2d:b2:61:
+ 83:be:53:2c:e2:a8:73:da:1f:7e:60:a1:4f:fa:4f:
+ 67:18:5c:7b:98:97:9d:43:61:b6:39:43:42:e0:a3:
+ 9a:45:40:42:3e:4c:4b:25:89:44:65:92:dc:83:5d:
+ 3c:5b:8c:de:44:21:bc:31:0a:5c:c4:b2:56:d0:bf:
+ 6c:f2:8f:19:9a:6b:fa:7d:ab:62:8b:be:e7:44:f9:
+ 94:22:21:05:91:3e:48:30:d5:ae:ed:53:2f:23:f5:
+ f8:55:bb:ad:b7:8a:34:eb:86:08:8b:00:14:47:5e:
+ 66:46:a1:01:8e:c4:d3:81:fa:57:be:78:0f:8e:e5:
+ 14:31:4d:c6:9e:14:6b:3b:37:42:db:df:43:44:11:
+ 67:ba:b0:50:a0:67:a2:4a:e0:1e:4c:99:cb:25:04:
+ fa:7a:f7:a2:9f:71:46:54:de:0e:ee:56:54:7b:bb:
+ be:22:2e:7b:8e:8f:b7:dc:64:98:f5:48:dc:63:1e:
+ 71:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
+ X509v3 Extended Key Usage: critical
+ OCSP Signing, TLS Web Client Authentication, E-mail Protection, TLS Web Server Authentication
X509v3 Subject Key Identifier:
- 3E:C2:49:19:BB:C8:B0:5F:49:74:A1:6E:B7:17:6D:21:7D:BC:0C:08
- X509v3 Extended Key Usage:
- TLS Web Client Authentication, TLS Web Server Authentication, Code Signing, E-mail Protection, Time Stamping, OCSP Signing
+ 09:E6:58:FB:4B:F5:DB:25:BB:C3:E2:F6:C6:90:57:F6:E8:95:78:20
Authority Information Access:
- OCSP - URI:http://www.openxades.org/cgi-bin/ocsp.cgi
-
- Signature Algorithm: sha1WithRSAEncryption
- 8c:5c:2c:e2:3e:a8:3f:85:8a:f1:3d:64:87:7c:52:34:97:88:
- 36:e5:85:9d:67:3b:35:77:c8:e8:fc:86:13:23:36:40:12:56:
- e1:55:f7:bf:1c:1e:02:9a:a9:5f:da:13:9b:12:a2:e4:19:98:
- d5:53:db:12:3f:5c:a6:60:7c:d0:aa:ee:da:50:f6:a0:32:b3:
- b3:12:8d:91:c2:6c:28:ee:ec:1b:e2:10:3c:cd:4d:33:fd:e5:
- bd:02:a8:76:94:71:7b:3d:ea:31:bb:04:ef:25:84:e5:5a:4c:
- 36:68:01:ec:73:bb:d6:0a:21:98:3c:0c:19:33:9f:5b:27:09:
- 17:cb:ae:e6:4d:1d:33:36:47:7c:be:c0:18:11:91:52:6e:fd:
- dc:a5:02:fc:d2:53:da:4b:26:51:1e:e1:b7:cf:44:ff:11:5a:
- 35:ae:fe:9e:c4:d6:01:59:7c:10:f3:7b:55:84:1a:d7:80:9c:
- ab:95:88:a5:0c:00:b7:0a:e9:16:97:fb:89:81:db:26:43:a7:
- d1:39:fd:04:6f:9f:22:14:95:c9:ca:47:5a:8c:a7:9e:12:14:
- 00:40:3e:b5:f5:ec:bd:74:fd:6e:fa:6d:83:f5:ff:c3:7b:31:
- 26:c4:78:17:b9:7f:d1:a6:09:21:c0:50:d2:10:99:77:b0:08:
- f1:0d:74:df
+ OCSP - URI:http://demo.sk.ee/ocsp
+ Signature Algorithm: sha512WithRSAEncryption
+ Signature Value:
+ 25:b5:2b:e6:8a:81:f7:fd:c4:5b:28:03:3f:ae:89:23:5a:ad:
+ 81:84:9a:8d:62:c3:b3:ad:57:f7:1a:cd:20:a3:ea:fb:ee:50:
+ 81:ae:c0:08:ce:b4:c7:69:88:67:50:c6:05:82:a1:2c:cc:0a:
+ c9:0d:39:1a:9e:21:45:b6:0a:96:9f:8b:9a:5a:0d:c8:ab:8c:
+ cd:6e:47:89:49:ee:a3:6a:80:ec:22:ec:75:33:79:29:57:2e:
+ 0a:06:7e:c9:7d:14:f5:63:54:e4:28:78:11:22:00:24:fc:45:
+ c4:29:ce:c1:a8:49:5e:79:88:71:f8:d8:98:7a:4b:c3:16:44:
+ 25:65:d4:a0:09:51:6d:be:17:cb:c3:89:31:e1:91:ee:1f:be:
+ ba:9a:5f:6c:f7:a6:36:4a:15:7b:5b:e0:0a:6f:bc:0d:a7:96:
+ 72:e4:4f:ee:3a:9a:bb:c9:6c:26:d9:0b:eb:84:e7:55:d0:ef:
+ 61:b6:c4:ba:48:17:50:68:ba:69:54:8f:1d:77:5f:70:ba:31:
+ 4e:bc:8f:73:7e:62:fa:bc:ac:ac:8d:f1:87:39:94:50:2a:2a:
+ 51:e4:27:f5:09:08:fb:43:64:69:34:cc:da:4a:4b:b3:91:ec:
+ 0a:26:bb:af:f8:21:e8:1e:c9:fc:e5:6e:9f:7d:15:1a:e9:76:
+ c4:2b:ba:df
-----BEGIN CERTIFICATE-----
-MIIDmzCCAoOgAwIBAgIBATANBgkqhkiG9w0BAQUFADAnMQswCQYDVQQGEwJFRTEY
-MBYGA1UEAxMPbGliZGlnaWRvY3BwIENBMB4XDTE0MDMyMzIzMTM0NloXDTI0MDMy
-MDIzMTM0NlowJzELMAkGA1UEBhMCRUUxGDAWBgNVBAMTD2xpYmRpZ2lkb2NwcCBD
-QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM8D1Twr+m/DT0d1HfYh
-1hfu8lPrkZJZgK5DYicsIULb6bWO5Nk+z6DFWl38kca5OOixVwGFPo3fdwulRiHL
-cEccpv0UPZDMk7e7PTPaaIKq20Sa3MjCOyuWEWe1mMa8bRWfO4hdwb71bGZQBJeS
-Xe/YdEZSdLAeuoPjGt+Qj67pAWRSbCuxT7+4/1i43O8gu0qHqpetsRMORmFJoRqE
-ZJTBaEy2TwhQVDfwxtKvte092a+DfdWU4yHnZ2hV485IYoPENX77BBfozjGkSPjw
-nLy+Fa8zhq46IqxKuES7qtydSXwTdPAD1bXeyufgwLoT0TNILQqRDYpB72ZW8iuZ
-Z7ECAwEAAaOB0TCBzjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd
-BgNVHQ4EFgQUPsJJGbvIsF9JdKFutxdtIX28DAgwRQYDVR0lBD4wPAYIKwYBBQUH
-AwIGCCsGAQUFBwMBBggrBgEFBQcDAwYIKwYBBQUHAwQGCCsGAQUFBwMIBggrBgEF
-BQcDCTBFBggrBgEFBQcBAQQ5MDcwNQYIKwYBBQUHMAGGKWh0dHA6Ly93d3cub3Bl
-bnhhZGVzLm9yZy9jZ2ktYmluL29jc3AuY2dpMA0GCSqGSIb3DQEBBQUAA4IBAQCM
-XCziPqg/hYrxPWSHfFI0l4g25YWdZzs1d8jo/IYTIzZAElbhVfe/HB4Cmqlf2hOb
-EqLkGZjVU9sSP1ymYHzQqu7aUPagMrOzEo2Rwmwo7uwb4hA8zU0z/eW9Aqh2lHF7
-PeoxuwTvJYTlWkw2aAHsc7vWCiGYPAwZM59bJwkXy67mTR0zNkd8vsAYEZFSbv3c
-pQL80lPaSyZRHuG3z0T/EVo1rv6exNYBWXwQ83tVhBrXgJyrlYilDAC3CukWl/uJ
-gdsmQ6fROf0Eb58iFJXJykdajKeeEhQAQD619ey9dP1u+m2D9f/DezEmxHgXuX/R
-pgkhwFDSEJl3sAjxDXTf
+MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQ0FADAnMQswCQYDVQQGEwJFRTEY
+MBYGA1UEAwwPbGliZGlnaWRvY3BwIENBMB4XDTI0MDMyMTA4NTI1OVoXDTM0MDMx
+OTA4NTI1OVowJzELMAkGA1UEBhMCRUUxGDAWBgNVBAMMD2xpYmRpZ2lkb2NwcCBD
+QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM2uqPaHhGQl+bKsVnIk
+STcn5mWtPJ0uSSDR2dW15FumfLi1F+PIHh0oGUqcAwKxUFhiJKSAn3tMhVFnBd7S
+Jx90fBhYGI+tLbJhg75TLOKoc9offmChT/pPZxhce5iXnUNhtjlDQuCjmkVAQj5M
+SyWJRGWS3INdPFuM3kQhvDEKXMSyVtC/bPKPGZpr+n2rYou+50T5lCIhBZE+SDDV
+ru1TLyP1+FW7rbeKNOuGCIsAFEdeZkahAY7E04H6V754D47lFDFNxp4Uazs3Qtvf
+Q0QRZ7qwUKBnokrgHkyZyyUE+nr3op9xRlTeDu5WVHu7viIue46Pt9xkmPVI3GMe
+cQUCAwEAAaOBrTCBqjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA0
+BgNVHSUBAf8EKjAoBggrBgEFBQcDCQYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEF
+BQcDATAdBgNVHQ4EFgQUCeZY+0v12yW7w+L2xpBX9uiVeCAwMgYIKwYBBQUHAQEE
+JjAkMCIGCCsGAQUFBzABhhZodHRwOi8vZGVtby5zay5lZS9vY3NwMA0GCSqGSIb3
+DQEBDQUAA4IBAQAltSvmioH3/cRbKAM/rokjWq2BhJqNYsOzrVf3Gs0go+r77lCB
+rsAIzrTHaYhnUMYFgqEszArJDTkaniFFtgqWn4uaWg3Iq4zNbkeJSe6jaoDsIux1
+M3kpVy4KBn7JfRT1Y1TkKHgRIgAk/EXEKc7BqEleeYhx+NiYekvDFkQlZdSgCVFt
+vhfLw4kx4ZHuH766ml9s96Y2ShV7W+AKb7wNp5Zy5E/uOpq7yWwm2QvrhOdV0O9h
+tsS6SBdQaLppVI8dd19wujFOvI9zfmL6vKysjfGHOZRQKipR5Cf1CQj7Q2RpNMza
+SkuzkewKJruv+CHoHsn85W6ffRUa6XbEK7rf
-----END CERTIFICATE-----
diff --git a/test/data/gencerts.sh b/test/data/gencerts.sh
index edf9829a1..e59dbb10b 100755
--- a/test/data/gencerts.sh
+++ b/test/data/gencerts.sh
@@ -7,22 +7,22 @@ openssl req -out ca.req -new -newkey rsa:2048 -nodes -keyout ca.key -subj "/CN=l
openssl ca -create_serial -out ca.crt -days 3650 -keyfile ca.key -selfsign -extensions v3_ca -config ./openssl.conf -infiles ca.req
openssl req -out inter.req -new -newkey rsa:2048 -nodes -keyout inter.key -subj "/C=EE/CN=libdigidocpp Inter"
-openssl x509 -req -in inter.req -out inter.crt -CA ca.crt -CAkey ca.key -CAserial caserial.txt -extfile openssl.conf -extensions v3_inter -days 3650
+openssl x509 -req -in inter.req -out inter.crt -CA ca.crt -CAkey ca.key -CAserial caserial.txt -extfile openssl.conf -extensions v3_inter -days 3650 -sha512
openssl req -out ocsp.req -new -newkey rsa:2048 -nodes -keyout ocsp.key -subj "/C=EE/CN=libdigidocpp OCSP"
-openssl x509 -req -in ocsp.req -out ocsp.crt -CA ca.crt -CAkey ca.key -CAserial caserial.txt -extfile openssl.conf -extensions v3_ocsp -days 3650
+openssl x509 -req -in ocsp.req -out ocsp.crt -CA ca.crt -CAkey ca.key -CAserial caserial.txt -extfile openssl.conf -extensions v3_ocsp -days 3650 -sha512
# Server: openssl ocsp -index index.txt -CA ca.crt -rsigner ocsp.crt -rkey ocsp.key -port 8080
# Client: openssl ocsp -issuer inter.crt -cert signer1.crt -url http://localhost:8080 -VAfile ocsp.crt -text
for i in $(seq 1 3); do
openssl req -out signer$i.req -new -newkey rsa:2048 -nodes -keyout signer$i.key -subj "/C=EE/CN=signer$i"
- openssl x509 -req -in signer$i.req -out signer$i.crt -CA inter.crt -CAkey inter.key -CAserial interserial.txt -extfile openssl.conf -extensions v3_usr -days 3650
- openssl pkcs12 -export -nodes -in signer$i.crt -inkey signer$i.key -out signer$i.p12 -password pass:signer$i
+ openssl x509 -req -in signer$i.req -out signer$i.crt -CA inter.crt -CAkey inter.key -CAserial interserial.txt -extfile openssl.conf -extensions v3_usr -days 3650 -sha512
+ openssl pkcs12 -export -in signer$i.crt -inkey signer$i.key -out signer$i.p12 -password pass:signer$i
done
openssl req -out signerEC.req -new -newkey ec:<(openssl ecparam -name secp384r1) -nodes -keyout signerEC.key -subj "/C=EE/CN=signer EC"
-openssl x509 -req -in signerEC.req -out signerEC.crt -CA inter.crt -CAkey inter.key -CAserial interserial.txt -extfile openssl.conf -extensions v3_usr -days 3650
-openssl pkcs12 -export -nodes -in signerEC.crt -inkey signerEC.key -out signerEC.p12 -password pass:signerEC
+openssl x509 -req -in signerEC.req -out signerEC.crt -CA inter.crt -CAkey inter.key -CAserial interserial.txt -extfile openssl.conf -extensions v3_usr -days 3650 -sha512
+openssl pkcs12 -export -in signerEC.crt -inkey signerEC.key -out signerEC.p12 -password pass:signerEC
openssl req -out unicode.req -new -newkey ec:<(openssl ecparam -name secp384r1) -nodes -keyout unicode.key -subj "/C=EE/CN=unicodeöäüõ" -utf8
-openssl x509 -req -in unicode.req -out unicode.crt -signkey unicode.key -days 365
+openssl x509 -req -in unicode.req -out unicode.crt -signkey unicode.key -days 365 -sha512
diff --git a/test/data/inter.crt b/test/data/inter.crt
index 51c5627b4..851f92738 100644
--- a/test/data/inter.crt
+++ b/test/data/inter.crt
@@ -1,21 +1,22 @@
-----BEGIN CERTIFICATE-----
-MIIDeDCCAmCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAnMQswCQYDVQQGEwJFRTEY
-MBYGA1UEAxMPbGliZGlnaWRvY3BwIENBMB4XDTE0MDMyMzIzMTM0OVoXDTI0MDMy
-MDIzMTM0OVowKjELMAkGA1UEBhMCRUUxGzAZBgNVBAMTEmxpYmRpZ2lkb2NwcCBJ
-bnRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN6EPZ6Dg8D+VjK6
-lakSh1MdZzuunt0p/5EEJEW/wNJIPFK4CWTMDvYD1aiVP7Kh+WmJV+l3lck0vAyP
-UnPjXQrbucz0V+1DaBhOnairMhK04gJ2fYktNr90atyz/mQJroiyHdncToeW7iSb
-ro8d2P9BSLfIM6o/yjNasYAWfcrG4/biGTYW/YqN2fad605T8tLYgReNET84qFQV
-4L34mUdY8PLDg/kaJL6iYC337u5UfNl6qEdg1zU/8jD1c1YPL1duF+J2JK3YbLiz
-jKkBAQRGpY3Emk984lV6fQBfgCEwbO1yecOXL9jFXIGp9aZNjVLtQuPu/Yfz120r
-Mx8qlEcCAwEAAaOBqzCBqDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
-BjAdBgNVHQ4EFgQUWp//2G24RVxM2GM5/6mJ9lYq2PEwHwYDVR0jBBgwFoAUPsJJ
-GbvIsF9JdKFutxdtIX28DAgwRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilo
-dHRwOi8vd3d3Lm9wZW54YWRlcy5vcmcvY2dpLWJpbi9vY3NwLmNnaTANBgkqhkiG
-9w0BAQUFAAOCAQEARxDvfF4LvUlAHhxzOEygk+gFishTUrzsaaZ9NFgo7yLrejjy
-zM3RRZQTkFfru9Xr0DmxCfh4pgFBHlW4csDmufQOFTtJTf3Qvuh+EnM+WGtMsNZa
-HwuEpVlI64WYgbM1UOD71BswvJ/drZ6b0xmlJQwjLMn6f8ET10w+eTcWF2rPfaod
-8Rj0JPSJPPLYm6FOgJzHuB3p4h+uBx2kh1a64PD3/jGvz8r2ZUHXdkQD+mz6UJPj
-6cxsmzcTu3k1RVX+kPgjQvJ6PjQQJyAL3UGYIb0cYZIcEZ3gHErtZ9HQS2zJXtlM
-rlnpwAWi3xiw015hz4KyPJvQOKxyX2/TIatCpA==
+MIIDlDCCAnygAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAnMQswCQYDVQQGEwJFRTEY
+MBYGA1UEAwwPbGliZGlnaWRvY3BwIENBMB4XDTI0MDMyMTA4NTMwM1oXDTM0MDMx
+OTA4NTMwM1owKjELMAkGA1UEBhMCRUUxGzAZBgNVBAMMEmxpYmRpZ2lkb2NwcCBJ
+bnRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpa+AtGOhIowDu1
+hgCNqesMso8LwNzejtfycaCv/z6R9VItzUT5wy2eS0OuWTf/tc85Az+4fcTT8Li4
+3+S8RvDPT33CgBX/cqPCB2gawolvWB1B2Z7LTEsfSyEYVLLZXRU1HhG7k8bEaor0
+3EgtBjk0dPJ0sxwjU+DupkyZvAEYnHPM3HQc+ch5ME6sy7S3PW1JbeToY22Gb3Dh
+Njnhg+5PvI7ua6Xf5p2k2/kbMMleB7cmry1ey4zoMGFLX10kc7uFa4cUK9TUaVC4
+SCURxFwuCWgxk08mNnep5wkO7NqP3dmTET+X9Yy0GxfLDYY98w1LoyG35NiQLThY
+/9sqMD0CAwEAAaOBxzCBxDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE
+AwIBBjAqBgNVHSUBAf8EIDAeBggrBgEFBQcDCQYIKwYBBQUHAwIGCCsGAQUFBwME
+MB0GA1UdDgQWBBRnJP4MRxCCxQkHg84xw6GUH8k4xTAfBgNVHSMEGDAWgBQJ5lj7
+S/XbJbvD4vbGkFf26JV4IDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0
+dHA6Ly9kZW1vLnNrLmVlL29jc3AwDQYJKoZIhvcNAQENBQADggEBAKo6iC3MY97R
+I3Di0tyeGKGw/Ep2hW8yzr2tVrHGdhSz4jUV9apb4145szmBP9IY32SU4yI0XYcg
+n+pyW6vcvoTE2k1QRNYOg6Lhkp401hYIMngByydvEAyeVUusIffZH2qE5kFpZJdE
+lmRntIP0EMAF0zCNlkt5blm407dNoGXzBFagcAAXFDgmTGEMHjb4ptV5NOksRSM3
+rqek/V2X7flkFjuYmPGCSjJSyKWPtis6XxUkeJwjLJlHSJ2BQP2f65Lcnq0KgOp7
+cvZPkjegHEczMFknZ2Vd3oNxkV3M/EaQMafbZj6nCUB9rML3CViOq5P4AIBkXb6a
+k7X0DrmZIr4=
-----END CERTIFICATE-----
diff --git a/test/data/openssl.conf b/test/data/openssl.conf
index 99f6b8f1e..3b58d65fa 100644
--- a/test/data/openssl.conf
+++ b/test/data/openssl.conf
@@ -1,30 +1,33 @@
[ v3_usr ]
basicConstraints = CA:false
subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer
+authorityKeyIdentifier = keyid, issuer
authorityInfoAccess = OCSP;URI: http://demo.sk.ee/ocsp
-keyUsage=critical, digitalSignature, nonRepudiation
+keyUsage = critical, nonRepudiation
+certificatePolicies = 0.4.0.194112.1.2
[ v3_inter ]
-basicConstraints = critical, CA:true
-keyUsage=critical, keyCertSign, cRLSign
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, keyCertSign, cRLSign
+extendedKeyUsage = critical, OCSPSigning, clientAuth, emailProtection
subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer
+authorityKeyIdentifier = keyid, issuer
authorityInfoAccess = OCSP;URI: http://demo.sk.ee/ocsp
[ v3_ocsp ]
-basicConstraints = CA:FALSE
+basicConstraints = CA:false
subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer
+authorityKeyIdentifier = keyid, issuer
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = OCSPSigning
certificatePolicies = 1.0.14533.4.1.1
[ v3_ca ]
basicConstraints = critical, CA:true
-keyUsage=critical, keyCertSign, cRLSign
+keyUsage = critical, keyCertSign, cRLSign
+extendedKeyUsage = critical, OCSPSigning, clientAuth, emailProtection, serverAuth
subjectKeyIdentifier = hash
-extendedKeyUsage=clientAuth, serverAuth, codeSigning, emailProtection, timeStamping, OCSPSigning
+authorityKeyIdentifier = keyid, issuer
authorityInfoAccess = OCSP;URI: http://demo.sk.ee/ocsp
[ ca ]
@@ -38,7 +41,7 @@ distinguished_name = req_distinguished_name
[ CA_default ]
new_certs_dir = .
database = ./index
-default_md = sha1
+default_md = sha512
policy = policy_match
serial = ./caserial.txt
private_key = cakey.pem
diff --git a/test/data/signer1.p12 b/test/data/signer1.p12
index 5d47c7373..a553f96e3 100644
Binary files a/test/data/signer1.p12 and b/test/data/signer1.p12 differ
diff --git a/test/data/signer2.p12 b/test/data/signer2.p12
index ac7e5075d..591397f6f 100644
Binary files a/test/data/signer2.p12 and b/test/data/signer2.p12 differ
diff --git a/test/data/signer3.p12 b/test/data/signer3.p12
index 009353bef..7675afcd8 100644
Binary files a/test/data/signer3.p12 and b/test/data/signer3.p12 differ
diff --git a/test/data/signerEC.p12 b/test/data/signerEC.p12
index 4c5b737e4..a4fb869a4 100644
Binary files a/test/data/signerEC.p12 and b/test/data/signerEC.p12 differ
diff --git a/test/data/signerEC384.p12 b/test/data/signerEC384.p12
deleted file mode 100644
index 75b2f3ba6..000000000
Binary files a/test/data/signerEC384.p12 and /dev/null differ
diff --git a/test/data/unicode.crt b/test/data/unicode.crt
index 2ae99a4f6..8b4cfbb95 100644
--- a/test/data/unicode.crt
+++ b/test/data/unicode.crt
@@ -1,11 +1,12 @@
-----BEGIN CERTIFICATE-----
-MIIBhzCCAQwCFHwlKK7JnqHZRCECmbJz/7VNRNMEMAoGCCqGSM49BAMCMCcxCzAJ
-BgNVBAYTAkVFMRgwFgYDVQQDDA91bmljb2Rlw7bDpMO8w7UwHhcNMjMxMDA0MTM0
-MTM4WhcNMjQxMDAzMTM0MTM4WjAnMQswCQYDVQQGEwJFRTEYMBYGA1UEAwwPdW5p
-Y29kZcO2w6TDvMO1MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE6Sx6tkRnC2b/J91s
-mmL5VhrywL/kGcxJV+bX4ThM+zY3+P59VULwuhCFV3ShjC8Xt8I4iBIhMZQmBfIa
-s6jDI7oHxRQWUIG9BCAjnyEUDJIb7PvLRKmf2CsJhmfC+94yMAoGCCqGSM49BAMC
-A2kAMGYCMQD4jHmeKWn6YJ0D8S6+2TdFdkeawlD6yoL1HtOVxYxHmVu/wtbSAVM+
-R8uJeR8tg6oCMQDt43YaOQEKgX1T3kBn2Fna8ovhwOVBJUYlVWDW88Sm5qi+ilOn
-KRRV6XxGYDbwpRU=
+MIIBrzCCATSgAwIBAgIUY4FFQCr+NosViC+Df8jN2YLPRlowCgYIKoZIzj0EAwQw
+JzELMAkGA1UEBhMCRUUxGDAWBgNVBAMMD3VuaWNvZGXDtsOkw7zDtTAeFw0yNDAz
+MjEwODUzMDNaFw0yNTAzMjEwODUzMDNaMCcxCzAJBgNVBAYTAkVFMRgwFgYDVQQD
+DA91bmljb2Rlw7bDpMO8w7UwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASD7s3frcVc
+edqPaXc0+gV2A/9+IlzMEw23hPMd3LtGrky8oKoKdUe7yoSNANuXCWFY74ILO6Rb
+3MPJM1UCKgESPStCz0hsGWezXnuocq8DjleBHbzkkl1GbmuLamhiZRKjITAfMB0G
+A1UdDgQWBBRJEw8vPxzWhlsqQmlgjAiAEy9OTzAKBggqhkjOPQQDBANpADBmAjEA
+mYYl7bT4HvIDwn/TB+Cbqr5lq9BWYHI9UpRpfmJB+0XVQudgTGg+RpTtslE2i8K9
+AjEA3j7csBEidefaJuIoBjJSYYGAxxXIwlhZQ7I9Zj60C1adYh4aSUASMnw9J6FU
+nX2A
-----END CERTIFICATE-----
diff --git a/test/libdigidocpp_boost.cpp b/test/libdigidocpp_boost.cpp
index 045b86407..83f9e72c6 100644
--- a/test/libdigidocpp_boost.cpp
+++ b/test/libdigidocpp_boost.cpp
@@ -38,7 +38,6 @@ class TestFixture: public DigiDocPPFixture
public:
TestFixture()
{
- copyTSL("EE_T-good.xml");
initialize("untitestboost");
}
};
@@ -91,28 +90,28 @@ BOOST_AUTO_TEST_CASE(signerParameters)
BOOST_CHECK_NO_THROW(signature = signer->sign(URI_SHA256, digest));
const vector sig {
- 0x19, 0x48, 0x15, 0x11, 0x27, 0xA0, 0x1D, 0xB5, 0x4F, 0x0B, 0x91, 0x6F,
- 0x54, 0x2B, 0x6F, 0x69, 0xAD, 0xAB, 0x9A, 0x23, 0x7C, 0x3F, 0x35, 0xEF,
- 0x24, 0xDE, 0xE1, 0x77, 0xB9, 0xED, 0xC8, 0xDF, 0x34, 0x4F, 0x14, 0x7E,
- 0xD5, 0xE1, 0xA0, 0xA7, 0xD7, 0xE6, 0x34, 0x01, 0xAF, 0x86, 0x44, 0x57,
- 0x81, 0xDB, 0x91, 0x18, 0x3B, 0xF3, 0x57, 0x38, 0x7B, 0x66, 0x8E, 0xF5,
- 0xC7, 0xB6, 0x89, 0x6D, 0x57, 0xB0, 0x3D, 0x84, 0x33, 0xA6, 0xE5, 0x36,
- 0x3B, 0x07, 0x47, 0x3C, 0xE0, 0x1A, 0xC9, 0xC7, 0x9F, 0xFE, 0xCB, 0xE6,
- 0xB0, 0x0C, 0xC6, 0xEF, 0xC2, 0x47, 0x0E, 0xBF, 0xE3, 0x9A, 0xB3, 0x02,
- 0xF9, 0x27, 0xDA, 0x61, 0x2B, 0x87, 0x01, 0xD6, 0xD5, 0xC1, 0xA9, 0x9B,
- 0x8B, 0x26, 0x63, 0x6D, 0x26, 0xDB, 0x1A, 0xA7, 0x2E, 0x84, 0xA9, 0x4B,
- 0xA0, 0xC0, 0x76, 0xB7, 0x9C, 0x83, 0xF0, 0x6E, 0x69, 0xD9, 0xE6, 0x70,
- 0xD7, 0x69, 0x6A, 0x3E, 0xAA, 0xF2, 0x74, 0x3F, 0x98, 0xFA, 0xAE, 0xE2,
- 0x84, 0x69, 0x9B, 0xE8, 0x4E, 0x9C, 0x51, 0x48, 0xC0, 0x60, 0x21, 0x6D,
- 0x80, 0x3D, 0x61, 0x9B, 0x32, 0xA7, 0x86, 0x67, 0x7B, 0x51, 0x12, 0xFA,
- 0x9C, 0xF0, 0xD5, 0x55, 0x98, 0xB5, 0xE5, 0xC0, 0xBC, 0xC2, 0x0D, 0xBE,
- 0x14, 0x62, 0xE1, 0xF3, 0x59, 0x50, 0x83, 0x32, 0x56, 0xA5, 0x7E, 0xE7,
- 0xDE, 0xAA, 0xC9, 0x8A, 0x45, 0x51, 0x98, 0xC5, 0xE0, 0xFC, 0x37, 0x40,
- 0x5F, 0xFD, 0xCC, 0xBD, 0x3B, 0x23, 0xD6, 0xAA, 0xAE, 0x99, 0x9B, 0x78,
- 0xEB, 0x0F, 0xF5, 0x8D, 0xE3, 0x78, 0x89, 0xF9, 0x70, 0xD2, 0x8A, 0xD9,
- 0x31, 0x97, 0x8A, 0x7B, 0x2E, 0xD9, 0x99, 0xBE, 0xE2, 0x3E, 0xA9, 0xBA,
- 0xE2, 0x3A, 0xE0, 0xD4, 0x38, 0x43, 0x8B, 0x80, 0xA5, 0x7A, 0xAA, 0x59,
- 0xEE, 0xD9, 0xED, 0x5A
+ 0x5F, 0x3E, 0xE2, 0xC0, 0x43, 0x93, 0x30, 0x07, 0x96, 0x9D, 0x7E, 0x1E,
+ 0xCF, 0xCF, 0x2D, 0xA3, 0x2F, 0xDE, 0x3A, 0x04, 0x8B, 0x33, 0xD3, 0x20,
+ 0x2F, 0xEA, 0x94, 0x66, 0x87, 0x99, 0xB3, 0x57, 0x77, 0xEC, 0xED, 0x48,
+ 0x60, 0xE3, 0x34, 0xDE, 0xD7, 0x7C, 0x3B, 0xCB, 0x38, 0x19, 0xBB, 0xE8,
+ 0xB8, 0xD4, 0x0B, 0x25, 0xD7, 0x84, 0x54, 0x67, 0x5F, 0xD8, 0xCD, 0x05,
+ 0x0B, 0x92, 0x1C, 0xF2, 0xFB, 0xEE, 0x36, 0x2D, 0x88, 0xF0, 0xCE, 0x76,
+ 0x0C, 0x76, 0x77, 0xF0, 0x2D, 0xB0, 0xB2, 0x64, 0x00, 0xEF, 0x05, 0xA6,
+ 0xDA, 0x2C, 0x7C, 0x64, 0xBE, 0x6B, 0x87, 0x4E, 0x15, 0xA6, 0x6D, 0x8B,
+ 0xB2, 0x82, 0xAA, 0x7C, 0xB1, 0x72, 0x7E, 0x11, 0x35, 0xEE, 0x18, 0x05,
+ 0xCE, 0xEF, 0x13, 0xE2, 0xF6, 0xF3, 0xCC, 0xD1, 0x8D, 0x38, 0xD5, 0x33,
+ 0xFB, 0x95, 0x59, 0x78, 0xCC, 0xBD, 0x93, 0x7E, 0x65, 0xBD, 0xBF, 0x71,
+ 0x17, 0x6B, 0x60, 0x75, 0xF8, 0xD0, 0x0D, 0x2B, 0xFA, 0xF4, 0xAC, 0xB6,
+ 0xB9, 0xF8, 0xAE, 0xF1, 0x07, 0x32, 0xD7, 0x6D, 0x77, 0xF2, 0x42, 0x11,
+ 0x10, 0x61, 0x2E, 0x5C, 0x4F, 0x3D, 0x3A, 0xDD, 0xE7, 0x0A, 0x25, 0xB1,
+ 0x31, 0x22, 0xC4, 0x92, 0x9D, 0xFA, 0x47, 0xF6, 0xE8, 0x15, 0xED, 0xF8,
+ 0xEC, 0x14, 0xD4, 0xBC, 0xB2, 0x26, 0xB8, 0x95, 0xAF, 0x39, 0xF5, 0x61,
+ 0xD4, 0x5E, 0x27, 0xEC, 0x87, 0x8D, 0x86, 0x7B, 0xB8, 0xB3, 0x09, 0xF7,
+ 0xC0, 0xC9, 0x31, 0xBF, 0xA1, 0x22, 0x24, 0xAD, 0x08, 0xC9, 0xCB, 0xF1,
+ 0x59, 0x5F, 0x83, 0x20, 0x26, 0xEB, 0x81, 0xE2, 0xF1, 0xF9, 0x35, 0xD8,
+ 0xE2, 0xA7, 0xBF, 0x10, 0xE5, 0x32, 0xDB, 0x7F, 0xFE, 0x14, 0x23, 0xE1,
+ 0x38, 0x9C, 0x2F, 0x72, 0x9C, 0x56, 0x44, 0xF2, 0x85, 0xA0, 0xF4, 0x3D,
+ 0x12, 0x61, 0x4D, 0x00
};
BOOST_CHECK_EQUAL(signature, sig);
}
@@ -132,11 +131,7 @@ BOOST_AUTO_TEST_CASE(parameters)
BOOST_CHECK_EQUAL(c.subjectName("C"), "EE");
BOOST_CHECK_EQUAL(c.issuerName("CN"), "libdigidocpp Inter");
BOOST_CHECK_EQUAL(c.issuerName("C"), "EE");
- vector usage{
- X509Cert::DigitalSignature,
- X509Cert::NonRepudiation
- };
- BOOST_CHECK_EQUAL(c.keyUsage(), usage);
+ BOOST_CHECK_EQUAL(c.keyUsage(), vector{ X509Cert::NonRepudiation});
BOOST_CHECK_EQUAL(c.isValid(), true);
}
BOOST_AUTO_TEST_SUITE_END()
@@ -336,7 +331,7 @@ BOOST_AUTO_TEST_CASE_TEMPLATE(signature, Doc, DocTypes)
BOOST_CHECK_EQUAL(d->signatures().size(), 2U);
if(s3)
{
- BOOST_CHECK_EQUAL(s3->signatureMethod(), URI_ECDSA_SHA256);
+ BOOST_CHECK_EQUAL(s3->signatureMethod(), URI_ECDSA_SHA384);
BOOST_CHECK_EQUAL(s3->signingCertificate(), signer3.cert());
BOOST_CHECK_NO_THROW(s3->validate());
}
@@ -387,13 +382,6 @@ BOOST_AUTO_TEST_CASE_TEMPLATE(signature, Doc, DocTypes)
BOOST_CHECK_NO_THROW(s = d->sign(&signer1));
BOOST_CHECK_NO_THROW(s->validate());
BOOST_CHECK_EQUAL(s->signatureMethod(), signer1.method());
- PKCS12Signer signer4("signerEC384.p12", "signerEC");
- signer4.setProfile("BES"); // Not signed with same Issuer
- d = Container::createPtr(Doc::EXT + ".tmp");
- BOOST_CHECK_NO_THROW(d->addDataFile("test1.txt", "text/plain"));
- Signature *s4 = nullptr;
- BOOST_CHECK_NO_THROW(s4 = d->sign(&signer4));
- BOOST_CHECK_EQUAL(s4->signatureMethod(), URI_ECDSA_SHA384);
}
// Remove second Signature
diff --git a/test/test.h b/test/test.h
index 0fe9138a3..fe0952c28 100644
--- a/test/test.h
+++ b/test/test.h
@@ -35,46 +35,46 @@ namespace std
{
ostream &operator<<(ostream &os, const X509Cert &cert)
{
- return os << "X509Cert(" << cert.subjectName() << ")";
+ return os << "X509Cert(" << cert.subjectName() << ')';
}
ostream &operator<<(ostream &os, const vector &data)
{
- os << "Data(" << data.size() << ") { " << hex << uppercase << setfill('0');
- for(vector::const_iterator i = data.begin(); i != data.end(); ++i)
- os << setw(2) << static_cast(*i) << ' ';
- os << dec << nouppercase << setfill(' ') << "}";
- return os;
+ os << "Data(" << data.size() << ") { " << hex << uppercase << setfill('0');
+ for(vector::const_iterator i = data.begin(); i != data.end(); ++i)
+ os << setw(2) << static_cast(*i) << ' ';
+ os << dec << nouppercase << setfill(' ') << '}';
+ return os;
}
ostream &operator<<(ostream &os, const vector &roles)
{
- os << "SignatureRoles(";
- for(const string &role: roles)
- os << role << ", ";
- return os << ")";
+ os << "SignatureRoles(";
+ for(const string &role: roles)
+ os << role << ", ";
+ return os << ')';
}
ostream &operator<<(ostream &os, const vector &usage)
{
- os << "X509Cert::KeyUsage(";
- for(X509Cert::KeyUsage i: usage)
- {
- switch(i)
- {
- case X509Cert::DigitalSignature: os << "DigitalSignature, "; break;
- case X509Cert::NonRepudiation: os << "NonRepudiation, "; break;
- case X509Cert::KeyEncipherment: os << "KeyEncipherment, "; break;
- case X509Cert::DataEncipherment: os << "DataEncipherment, "; break;
- case X509Cert::KeyAgreement: os << "KeyAgreement, "; break;
- case X509Cert::KeyCertificateSign: os << "KeyCertificateSign, "; break;
- case X509Cert::CRLSign: os << "CRLSign, "; break;
- case X509Cert::EncipherOnly: os << "EncipherOnly, "; break;
- case X509Cert::DecipherOnly: os << "DecipherOnly, "; break;
- default: os << "Unknown usage, "; break;
- }
- }
- return os << ")";
+ os << "X509Cert::KeyUsage(";
+ for(X509Cert::KeyUsage i: usage)
+ {
+ switch(i)
+ {
+ case X509Cert::DigitalSignature: os << "DigitalSignature, "; break;
+ case X509Cert::NonRepudiation: os << "NonRepudiation, "; break;
+ case X509Cert::KeyEncipherment: os << "KeyEncipherment, "; break;
+ case X509Cert::DataEncipherment: os << "DataEncipherment, "; break;
+ case X509Cert::KeyAgreement: os << "KeyAgreement, "; break;
+ case X509Cert::KeyCertificateSign: os << "KeyCertificateSign, "; break;
+ case X509Cert::CRLSign: os << "CRLSign, "; break;
+ case X509Cert::EncipherOnly: os << "EncipherOnly, "; break;
+ case X509Cert::DecipherOnly: os << "DecipherOnly, "; break;
+ default: os << "Unknown usage, "; break;
+ }
+ }
+ return os << ')';
}
}
@@ -83,27 +83,29 @@ namespace digidoc
DIGIDOCPP_WARNING_PUSH
DIGIDOCPP_WARNING_DISABLE_MSVC(4996)
-class TestConfig: public ConfCurrent
+struct TestConfig: public ConfCurrent
{
-public:
- int logLevel() const override { return 4; }
- string logFile() const override { return path + "/libdigidocpp.log"; }
- string xsdPath() const override { return DIGIDOCPPCONF; }
- string ocsp(const string &) const override
- { return "http://demo.sk.ee/ocsp"; }
- set OCSPTMProfiles() const override {
- set profiles = ConfCurrent::OCSPTMProfiles();
- profiles.emplace("1.3.6.1.4.1.10015.3.1.1");
- return profiles;
- }
- string TSUrl() const override { return "http://demo.sk.ee/tsa/"; }
- bool TSLAutoUpdate() const override { return false; }
- string TSLCache() const override { return path; }
- bool TSLOnlineDigest() const override { return false; }
- string TSLUrl() const override { return path + "/TSL.xml"; }
- vector TSLCerts() const override { return { X509Cert(path + "/TSL.crt", X509Cert::Pem) }; }
-
- string path = ".";
+ TestConfig(std::string &&_tsl, std::string &&_path)
+ : tsl(std::move(_tsl))
+ , path(std::move(_path))
+ {}
+ int logLevel() const override { return 4; }
+ string logFile() const override { return util::File::path(path, "libdigidocpp.log"); }
+ string xsdPath() const override { return DIGIDOCPPCONF; }
+ set OCSPTMProfiles() const override {
+ set profiles = ConfCurrent::OCSPTMProfiles();
+ profiles.emplace("1.3.6.1.4.1.10015.3.1.1");
+ return profiles;
+ }
+ string TSUrl() const override { return "http://demo.sk.ee/tsa/"; }
+ bool TSLAutoUpdate() const override { return false; }
+ string TSLCache() const override { return path; }
+ bool TSLOnlineDigest() const override { return false; }
+ string TSLUrl() const override { return util::File::path(path, tsl); }
+ vector TSLCerts() const override { return { X509Cert(util::File::path(path, "TSL.crt"), X509Cert::Pem) }; }
+
+ string tsl;
+ string path;
};
DIGIDOCPP_WARNING_POP
@@ -113,41 +115,33 @@ DIGIDOCPP_WARNING_POP
class DigiDocPPFixture
{
public:
- DigiDocPPFixture()
- {
- //BOOST_MESSAGE("loading libdigidocpp: " + digidoc::version());
- TestConfig *conf = new TestConfig;
- int argc = boost::unit_test::framework::master_test_suite().argc;
- if(argc > 1)
- {
- //BOOST_MESSAGE("Data path " + string(boost::unit_test::framework::master_test_suite().argv[argc-1]));
+ DigiDocPPFixture(std::string tsl = "TSL.xml")
+ {
+ //BOOST_MESSAGE("loading libdigidocpp: " + digidoc::version());
+ string path = ".";
+ int argc = boost::unit_test::framework::master_test_suite().argc;
+ if(argc > 1)
+ {
+ //BOOST_MESSAGE("Data path " + string(boost::unit_test::framework::master_test_suite().argv[argc-1]));
fs::current_path(boost::unit_test::framework::master_test_suite().argv[argc-1]);
- path = conf->path = boost::unit_test::framework::master_test_suite().argv[argc-1];
- }
- boost::unit_test::unit_test_monitor.register_exception_translator(&translate_exception);
- Conf::init(conf);
- }
-
- virtual ~DigiDocPPFixture()
- {
- digidoc::terminate();
- //BOOST_MESSAGE("unloading libdigidocpp");
- }
-
- static void translate_exception(const Exception &e)
- {
- stringstream s;
- s << endl << e.file() << "(" << e.line() << "): " << e.msg();
- BOOST_ERROR(s.str().c_str());
- for(const Exception &ex: e.causes())
- translate_exception(ex);
- }
-
- void copyTSL(const string &from)
- {
- ofstream(util::File::encodeName(path + "/EE_T.xml"), ifstream::binary)
- << ifstream(util::File::encodeName(from), ofstream::binary).rdbuf();
- }
-
- string path = ".";
+ path = boost::unit_test::framework::master_test_suite().argv[argc-1];
+ }
+ boost::unit_test::unit_test_monitor.register_exception_translator(&translate_exception);
+ Conf::init(new TestConfig(std::move(tsl), std::move(path)));
+ }
+
+ virtual ~DigiDocPPFixture()
+ {
+ digidoc::terminate();
+ //BOOST_MESSAGE("unloading libdigidocpp");
+ }
+
+ static void translate_exception(const Exception &e)
+ {
+ stringstream s;
+ s << '\n' << e.file() << '(' << e.line() << "): " << e.msg();
+ BOOST_ERROR(s.str().c_str());
+ for(const Exception &ex: e.causes())
+ translate_exception(ex);
+ }
};