ocsp: rewrite tests that rely on SHA1-RSA
This test suite should really be completely re-written, but for now
we can just substitute the tests which relied on certificates that
were signed with SHA1-RSA.
Fixes #49443
Change-Id: Ibe4ae3b3062956a56e6e3579144312747df3ef9a
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/362334
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Reviewed-by: Katie Hockman <katie@golang.org>
diff --git a/ocsp/ocsp_test.go b/ocsp/ocsp_test.go
index a6f7c48..0bc194b 100644
--- a/ocsp/ocsp_test.go
+++ b/ocsp/ocsp_test.go
@@ -10,11 +10,14 @@
import (
"bytes"
"crypto"
+ "crypto/rand"
+ "crypto/rsa"
"crypto/sha1"
"crypto/x509"
"crypto/x509/pkix"
"encoding/asn1"
"encoding/hex"
+ "encoding/pem"
"math/big"
"reflect"
"testing"
@@ -28,19 +31,26 @@
t.Fatal(err)
}
- responderCert, _ := hex.DecodeString(startComResponderCertHex)
- responder, err := x509.ParseCertificate(responderCert)
+ // keyHash is the SKID of the issuer of the certificate the OCSP
+ // response is for.
+ keyHash, err := hex.DecodeString("8a747faf85cdee95cd3d9cd0e24614f371351d27")
+ if err != nil {
+ t.Fatal(err)
+ }
+ // serialBytes is the serial number of the certificate the OCSP
+ // response is for.
+ serialBytes, err := hex.DecodeString("f374542e3c7a68360a00000001103462")
if err != nil {
t.Fatal(err)
}
expected := Response{
Status: Good,
- SerialNumber: big.NewInt(0x1d0fa),
+ SerialNumber: big.NewInt(0).SetBytes(serialBytes),
RevocationReason: Unspecified,
- ThisUpdate: time.Date(2010, 7, 7, 15, 1, 5, 0, time.UTC),
- NextUpdate: time.Date(2010, 7, 7, 18, 35, 17, 0, time.UTC),
- RawResponderName: responder.RawSubject,
+ ThisUpdate: time.Date(2021, 11, 7, 14, 25, 51, 0, time.UTC),
+ NextUpdate: time.Date(2021, 11, 14, 13, 25, 50, 0, time.UTC),
+ ResponderKeyHash: keyHash,
}
if !reflect.DeepEqual(resp.ThisUpdate, expected.ThisUpdate) {
@@ -105,8 +115,8 @@
}
func TestOCSPSignature(t *testing.T) {
- issuerCert, _ := hex.DecodeString(startComHex)
- issuer, err := x509.ParseCertificate(issuerCert)
+ b, _ := pem.Decode([]byte(GTSRoot))
+ issuer, err := x509.ParseCertificate(b.Bytes)
if err != nil {
t.Fatal(err)
}
@@ -326,131 +336,154 @@
}
}
+func createMultiResp() ([]byte, error) {
+ rawResponderID := asn1.RawValue{
+ Class: 2, // context-specific
+ Tag: 1, // Name (explicit tag)
+ IsCompound: true,
+ Bytes: []byte{48, 0},
+ }
+ tbsResponseData := responseData{
+ Version: 0,
+ RawResponderID: rawResponderID,
+ ProducedAt: time.Now().Truncate(time.Minute).UTC(),
+ }
+ this := time.Now()
+ next := this.Add(time.Hour * 24 * 4)
+ for i := int64(0); i < 5; i++ {
+ tbsResponseData.Responses = append(tbsResponseData.Responses, singleResponse{
+ CertID: certID{
+ HashAlgorithm: pkix.AlgorithmIdentifier{
+ Algorithm: hashOIDs[crypto.SHA1],
+ Parameters: asn1.RawValue{Tag: 5 /* ASN.1 NULL */},
+ },
+ NameHash: []byte{1, 2, 3},
+ IssuerKeyHash: []byte{4, 5, 6},
+ SerialNumber: big.NewInt(i),
+ },
+ ThisUpdate: this.UTC(),
+ NextUpdate: next.UTC(),
+ Good: true,
+ })
+ }
+
+ tbsResponseDataDER, err := asn1.Marshal(tbsResponseData)
+ if err != nil {
+ return nil, err
+ }
+
+ k, err := rsa.GenerateKey(rand.Reader, 1024)
+ if err != nil {
+ return nil, err
+ }
+
+ hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(k.Public(), x509.SHA1WithRSA)
+ if err != nil {
+ return nil, err
+ }
+
+ responseHash := hashFunc.New()
+ responseHash.Write(tbsResponseDataDER)
+ signature, err := k.Sign(rand.Reader, responseHash.Sum(nil), hashFunc)
+ if err != nil {
+ return nil, err
+ }
+
+ response := basicResponse{
+ TBSResponseData: tbsResponseData,
+ SignatureAlgorithm: signatureAlgorithm,
+ Signature: asn1.BitString{
+ Bytes: signature,
+ BitLength: 8 * len(signature),
+ },
+ }
+ responseDER, err := asn1.Marshal(response)
+ if err != nil {
+ return nil, err
+ }
+
+ return asn1.Marshal(responseASN1{
+ Status: asn1.Enumerated(Success),
+ Response: responseBytes{
+ ResponseType: idPKIXOCSPBasic,
+ Response: responseDER,
+ },
+ })
+}
+
func TestOCSPDecodeMultiResponse(t *testing.T) {
- inclCert, _ := hex.DecodeString(ocspMultiResponseCertHex)
- cert, err := x509.ParseCertificate(inclCert)
+ respBytes, err := createMultiResp()
+ if err != nil {
+ t.Fatal(err)
+ }
+ matchingCert := &x509.Certificate{SerialNumber: big.NewInt(3)}
+ resp, err := ParseResponseForCert(respBytes, matchingCert, nil)
if err != nil {
t.Fatal(err)
}
- responseBytes, _ := hex.DecodeString(ocspMultiResponseHex)
- resp, err := ParseResponseForCert(responseBytes, cert, nil)
- if err != nil {
- t.Fatal(err)
- }
-
- if resp.SerialNumber.Cmp(cert.SerialNumber) != 0 {
- t.Errorf("resp.SerialNumber: got %x, want %x", resp.SerialNumber, cert.SerialNumber)
+ if resp.SerialNumber.Cmp(matchingCert.SerialNumber) != 0 {
+ t.Errorf("resp.SerialNumber: got %x, want %x", resp.SerialNumber, 3)
}
}
func TestOCSPDecodeMultiResponseWithoutMatchingCert(t *testing.T) {
- wrongCert, _ := hex.DecodeString(startComHex)
- cert, err := x509.ParseCertificate(wrongCert)
+ respBytes, err := createMultiResp()
if err != nil {
t.Fatal(err)
}
-
- responseBytes, _ := hex.DecodeString(ocspMultiResponseHex)
- _, err = ParseResponseForCert(responseBytes, cert, nil)
+ _, err = ParseResponseForCert(respBytes, &x509.Certificate{SerialNumber: big.NewInt(100)}, nil)
want := ParseError("no response matching the supplied certificate")
if err != want {
t.Errorf("err: got %q, want %q", err, want)
}
}
-// This OCSP response was taken from Thawte's public OCSP responder.
+// This OCSP response was taken from GTS's public OCSP responder.
// To recreate:
-// $ openssl s_client -tls1 -showcerts -servername www.google.com -connect www.google.com:443
+// $ openssl s_client -tls1 -showcerts -servername golang.org -connect golang.org:443
// Copy and paste the first certificate into /tmp/cert.crt and the second into
// /tmp/intermediate.crt
-// $ openssl ocsp -issuer /tmp/intermediate.crt -cert /tmp/cert.crt -url http://ocsp.thawte.com -resp_text -respout /tmp/ocsp.der
+// Note: depending on what version of openssl you are using, you may need to use the key=value
+// form for the header argument (i.e. -header host=ocsp.pki.goog)
+// $ openssl ocsp -issuer /tmp/intermediate.crt -cert /tmp/cert.crt -url http://ocsp.pki.goog/gts1c3 -header host ocsp.pki.goog -resp_text -respout /tmp/ocsp.der
// Then hex encode the result:
// $ python -c 'print file("/tmp/ocsp.der", "r").read().encode("hex")'
-const ocspResponseHex = "308206bc0a0100a08206b5308206b106092b0601050507300101048206a23082069e3081" +
- "c9a14e304c310b300906035504061302494c31163014060355040a130d5374617274436f" +
- "6d204c74642e312530230603550403131c5374617274436f6d20436c6173732031204f43" +
- "5350205369676e6572180f32303130303730373137333531375a30663064303c30090605" +
- "2b0e03021a050004146568874f40750f016a3475625e1f5c93e5a26d580414eb4234d098" +
- "b0ab9ff41b6b08f7cc642eef0e2c45020301d0fa8000180f323031303037303731353031" +
- "30355aa011180f32303130303730373138333531375a300d06092a864886f70d01010505" +
- "000382010100ab557ff070d1d7cebbb5f0ec91a15c3fed22eb2e1b8244f1b84545f013a4" +
- "fb46214c5e3fbfbebb8a56acc2b9db19f68fd3c3201046b3824d5ba689f99864328710cb" +
- "467195eb37d84f539e49f859316b32964dc3e47e36814ce94d6c56dd02733b1d0802f7ff" +
- "4eebdbbd2927dcf580f16cbc290f91e81b53cb365e7223f1d6e20a88ea064104875e0145" +
- "672b20fc14829d51ca122f5f5d77d3ad6c83889c55c7dc43680ba2fe3cef8b05dbcabdc0" +
- "d3e09aaf9725597f8c858c2fa38c0d6aed2e6318194420dd1a1137445d13e1c97ab47896" +
- "17a4e08925f46f867b72e3a4dc1f08cb870b2b0717f7207faa0ac512e628a029aba7457a" +
- "e63dcf3281e2162d9349a08204ba308204b6308204b23082039aa003020102020101300d" +
- "06092a864886f70d010105050030818c310b300906035504061302494c31163014060355" +
- "040a130d5374617274436f6d204c74642e312b3029060355040b13225365637572652044" +
- "69676974616c204365727469666963617465205369676e696e6731383036060355040313" +
- "2f5374617274436f6d20436c6173732031205072696d61727920496e7465726d65646961" +
- "746520536572766572204341301e170d3037313032353030323330365a170d3132313032" +
- "333030323330365a304c310b300906035504061302494c31163014060355040a130d5374" +
- "617274436f6d204c74642e312530230603550403131c5374617274436f6d20436c617373" +
- "2031204f435350205369676e657230820122300d06092a864886f70d0101010500038201" +
- "0f003082010a0282010100b9561b4c45318717178084e96e178df2255e18ed8d8ecc7c2b" +
- "7b51a6c1c2e6bf0aa3603066f132fe10ae97b50e99fa24b83fc53dd2777496387d14e1c3" +
- "a9b6a4933e2ac12413d085570a95b8147414a0bc007c7bcf222446ef7f1a156d7ea1c577" +
- "fc5f0facdfd42eb0f5974990cb2f5cefebceef4d1bdc7ae5c1075c5a99a93171f2b0845b" +
- "4ff0864e973fcfe32f9d7511ff87a3e943410c90a4493a306b6944359340a9ca96f02b66" +
- "ce67f028df2980a6aaee8d5d5d452b8b0eb93f923cc1e23fcccbdbe7ffcb114d08fa7a6a" +
- "3c404f825d1a0e715935cf623a8c7b59670014ed0622f6089a9447a7a19010f7fe58f841" +
- "29a2765ea367824d1c3bb2fda308530203010001a382015c30820158300c0603551d1301" +
- "01ff04023000300b0603551d0f0404030203a8301e0603551d250417301506082b060105" +
- "0507030906092b0601050507300105301d0603551d0e0416041445e0a36695414c5dd449" +
- "bc00e33cdcdbd2343e173081a80603551d230481a030819d8014eb4234d098b0ab9ff41b" +
- "6b08f7cc642eef0e2c45a18181a47f307d310b300906035504061302494c311630140603" +
- "55040a130d5374617274436f6d204c74642e312b3029060355040b132253656375726520" +
- "4469676974616c204365727469666963617465205369676e696e67312930270603550403" +
- "13205374617274436f6d2043657274696669636174696f6e20417574686f726974798201" +
- "0a30230603551d12041c301a8618687474703a2f2f7777772e737461727473736c2e636f" +
- "6d2f302c06096086480186f842010d041f161d5374617274436f6d205265766f63617469" +
- "6f6e20417574686f72697479300d06092a864886f70d01010505000382010100182d2215" +
- "8f0fc0291324fa8574c49bb8ff2835085adcbf7b7fc4191c397ab6951328253fffe1e5ec" +
- "2a7da0d50fca1a404e6968481366939e666c0a6209073eca57973e2fefa9ed1718e8176f" +
- "1d85527ff522c08db702e3b2b180f1cbff05d98128252cf0f450f7dd2772f4188047f19d" +
- "c85317366f94bc52d60f453a550af58e308aaab00ced33040b62bf37f5b1ab2a4f7f0f80" +
- "f763bf4d707bc8841d7ad9385ee2a4244469260b6f2bf085977af9074796048ecc2f9d48" +
- "a1d24ce16e41a9941568fec5b42771e118f16c106a54ccc339a4b02166445a167902e75e" +
- "6d8620b0825dcd18a069b90fd851d10fa8effd409deec02860d26d8d833f304b10669b42"
+const ocspResponseHex = "308201d40a0100a08201cd308201c906092b0601050507300101048201ba308201b630819fa21604148a747faf85cdee95cd3d9cd0e24614f371351d27180f32303231313130373134323535335a30743072304a300906052b0e03021a05000414c72e798addff6134b3baed4742b8bbc6c024076304148a747faf85cdee95cd3d9cd0e24614f371351d27021100f374542e3c7a68360a000000011034628000180f32303231313130373134323535315aa011180f32303231313131343133323535305a300d06092a864886f70d01010b0500038201010087749296e681abe36f2efef047730178ce57e948426959ac62ac5f25b9a63ba3b7f31b9f683aea384d21845c8dda09498f2531c78f3add3969ca4092f31f58ac3c2613719d63b7b9a5260e52814c827f8dd44f4f753b2528bcd03ccec02cdcd4918247f5323f8cfc12cee4ac8f0361587b267019cfd12336db09b04eac59807a480213cfcd9913a3aa2d13a6c88c0a750475a0e991806d94ec0fc9dab599171a43a08e6d935b4a4a13dff9c4a97ad46cef6fb4d61cb2363d788c12d81cce851b478889c2e05d80cd00ae346772a1e7502f011e2ed9be8ef4b194c8b65d6e33671d878cfb30267972075b062ff3d56b51984bf685161afc6e2538dd6e6a23063c"
-const startComResponderCertHex = "308204b23082039aa003020102020101300d06092a864886f70d010105050030818c310b" +
- "300906035504061302494c31163014060355040a130d5374617274436f6d204c74642e31" +
- "2b3029060355040b1322536563757265204469676974616c204365727469666963617465" +
- "205369676e696e67313830360603550403132f5374617274436f6d20436c617373203120" +
- "5072696d61727920496e7465726d65646961746520536572766572204341301e170d3037" +
- "313032353030323330365a170d3132313032333030323330365a304c310b300906035504" +
- "061302494c31163014060355040a130d5374617274436f6d204c74642e31253023060355" +
- "0403131c5374617274436f6d20436c6173732031204f435350205369676e657230820122" +
- "300d06092a864886f70d01010105000382010f003082010a0282010100b9561b4c453187" +
- "17178084e96e178df2255e18ed8d8ecc7c2b7b51a6c1c2e6bf0aa3603066f132fe10ae97" +
- "b50e99fa24b83fc53dd2777496387d14e1c3a9b6a4933e2ac12413d085570a95b8147414" +
- "a0bc007c7bcf222446ef7f1a156d7ea1c577fc5f0facdfd42eb0f5974990cb2f5cefebce" +
- "ef4d1bdc7ae5c1075c5a99a93171f2b0845b4ff0864e973fcfe32f9d7511ff87a3e94341" +
- "0c90a4493a306b6944359340a9ca96f02b66ce67f028df2980a6aaee8d5d5d452b8b0eb9" +
- "3f923cc1e23fcccbdbe7ffcb114d08fa7a6a3c404f825d1a0e715935cf623a8c7b596700" +
- "14ed0622f6089a9447a7a19010f7fe58f84129a2765ea367824d1c3bb2fda30853020301" +
- "0001a382015c30820158300c0603551d130101ff04023000300b0603551d0f0404030203" +
- "a8301e0603551d250417301506082b0601050507030906092b0601050507300105301d06" +
- "03551d0e0416041445e0a36695414c5dd449bc00e33cdcdbd2343e173081a80603551d23" +
- "0481a030819d8014eb4234d098b0ab9ff41b6b08f7cc642eef0e2c45a18181a47f307d31" +
- "0b300906035504061302494c31163014060355040a130d5374617274436f6d204c74642e" +
- "312b3029060355040b1322536563757265204469676974616c2043657274696669636174" +
- "65205369676e696e6731293027060355040313205374617274436f6d2043657274696669" +
- "636174696f6e20417574686f7269747982010a30230603551d12041c301a861868747470" +
- "3a2f2f7777772e737461727473736c2e636f6d2f302c06096086480186f842010d041f16" +
- "1d5374617274436f6d205265766f636174696f6e20417574686f72697479300d06092a86" +
- "4886f70d01010505000382010100182d22158f0fc0291324fa8574c49bb8ff2835085adc" +
- "bf7b7fc4191c397ab6951328253fffe1e5ec2a7da0d50fca1a404e6968481366939e666c" +
- "0a6209073eca57973e2fefa9ed1718e8176f1d85527ff522c08db702e3b2b180f1cbff05" +
- "d98128252cf0f450f7dd2772f4188047f19dc85317366f94bc52d60f453a550af58e308a" +
- "aab00ced33040b62bf37f5b1ab2a4f7f0f80f763bf4d707bc8841d7ad9385ee2a4244469" +
- "260b6f2bf085977af9074796048ecc2f9d48a1d24ce16e41a9941568fec5b42771e118f1" +
- "6c106a54ccc339a4b02166445a167902e75e6d8620b0825dcd18a069b90fd851d10fa8ef" +
- "fd409deec02860d26d8d833f304b10669b42"
+const GTSRoot = `-----BEGIN CERTIFICATE-----
+MIIFljCCA36gAwIBAgINAgO8U1lrNMcY9QFQZjANBgkqhkiG9w0BAQsFADBHMQsw
+CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU
+MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjAwODEzMDAwMDQyWhcNMjcwOTMwMDAw
+MDQyWjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp
+Y2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFDMzCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAPWI3+dijB43+DdCkH9sh9D7ZYIl/ejLa6T/belaI+KZ9hzp
+kgOZE3wJCor6QtZeViSqejOEH9Hpabu5dOxXTGZok3c3VVP+ORBNtzS7XyV3NzsX
+lOo85Z3VvMO0Q+sup0fvsEQRY9i0QYXdQTBIkxu/t/bgRQIh4JZCF8/ZK2VWNAcm
+BA2o/X3KLu/qSHw3TT8An4Pf73WELnlXXPxXbhqW//yMmqaZviXZf5YsBvcRKgKA
+gOtjGDxQSYflispfGStZloEAoPtR28p3CwvJlk/vcEnHXG0g/Zm0tOLKLnf9LdwL
+tmsTDIwZKxeWmLnwi/agJ7u2441Rj72ux5uxiZ0CAwEAAaOCAYAwggF8MA4GA1Ud
+DwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0T
+AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUinR/r4XN7pXNPZzQ4kYU83E1HScwHwYD
+VR0jBBgwFoAU5K8rJnEaK0gnhS9SZizv8IkTcT4waAYIKwYBBQUHAQEEXDBaMCYG
+CCsGAQUFBzABhhpodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHNyMTAwBggrBgEFBQcw
+AoYkaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzcjEuZGVyMDQGA1UdHwQt
+MCswKaAnoCWGI2h0dHA6Ly9jcmwucGtpLmdvb2cvZ3RzcjEvZ3RzcjEuY3JsMFcG
+A1UdIARQME4wOAYKKwYBBAHWeQIFAzAqMCgGCCsGAQUFBwIBFhxodHRwczovL3Br
+aS5nb29nL3JlcG9zaXRvcnkvMAgGBmeBDAECATAIBgZngQwBAgIwDQYJKoZIhvcN
+AQELBQADggIBAIl9rCBcDDy+mqhXlRu0rvqrpXJxtDaV/d9AEQNMwkYUuxQkq/BQ
+cSLbrcRuf8/xam/IgxvYzolfh2yHuKkMo5uhYpSTld9brmYZCwKWnvy15xBpPnrL
+RklfRuFBsdeYTWU0AIAaP0+fbH9JAIFTQaSSIYKCGvGjRFsqUBITTcFTNvNCCK9U
++o53UxtkOCcXCb1YyRt8OS1b887U7ZfbFAO/CVMkH8IMBHmYJvJh8VNS/UKMG2Yr
+PxWhu//2m+OBmgEGcYk1KCTd4b3rGS3hSMs9WYNRtHTGnXzGsYZbr8w0xNPM1IER
+lQCh9BIiAfq0g3GvjLeMcySsN1PCAJA/Ef5c7TaUEDu9Ka7ixzpiO2xj2YC/WXGs
+Yye5TBeg2vZzFb8q3o/zpWwygTMD0IZRcZk0upONXbVRWPeyk+gB9lm+cZv9TSjO
+z23HFtz30dZGm6fKa+l3D/2gthsjgx0QGtkJAITgRNOidSOzNIb2ILCkXhAd4FJG
+AJ2xDx8hcFH1mt0G/FX0Kw4zd8NLQsLxdxP8c4CU6x+7Nz/OAipmsHMdMqUybDKw
+juDEI/9bfU1lcKwrmz3O2+BtjjKAvpafkmO8l7tdufThcV4q5O8DIrGKZTqPwJNl
+1IXNDw9bg1kWRxYtnCQ6yICmJhSFm/Y3m6xv+cXDBlHz4n/FsRC6UfTd
+-----END CERTIFICATE-----`
const startComHex = "308206343082041ca003020102020118300d06092a864886f70d0101050500307d310b30" +
"0906035504061302494c31163014060355040a130d5374617274436f6d204c74642e312b" +
@@ -591,169 +624,6 @@
"e17afa19d6e8ae91ddf33179d16ebb6ac2c69cae8373d408ebf8c55308be6c04d93a2543" +
"9a94299a65a709756c7a3e568be049d5c38839"
-const ocspMultiResponseHex = "30820ee60a0100a0820edf30820edb06092b060105050730010104820ecc30820ec83082" +
- "0839a216041445ac2ecd75f53f1cf6e4c51d3de0047ad0aa7465180f3230313530363032" +
- "3130303033305a3082080c3065303d300906052b0e03021a05000414f7452a0080601527" +
- "72e4a135e76e9e52fde0f1580414edd8f2ee977252853a330b297a18f5c993853b3f0204" +
- "5456656a8000180f32303135303630323039303230375aa011180f323031353036303331" +
- "30303033305a3065303d300906052b0e03021a05000414f7452a008060152772e4a135e7" +
- "6e9e52fde0f1580414edd8f2ee977252853a330b297a18f5c993853b3f02045456656b80" +
- "00180f32303135303630323039303230375aa011180f3230313530363033313030303330" +
- "5a3065303d300906052b0e03021a05000414f7452a008060152772e4a135e76e9e52fde0" +
- "f1580414edd8f2ee977252853a330b297a18f5c993853b3f02045456656c8000180f3230" +
- "3135303630323039303230375aa011180f32303135303630333130303033305a3065303d" +
- "300906052b0e03021a05000414f7452a008060152772e4a135e76e9e52fde0f1580414ed" +
- "d8f2ee977252853a330b297a18f5c993853b3f02045456656d8000180f32303135303630" +
- "323039303230375aa011180f32303135303630333130303033305a3065303d300906052b" +
- "0e03021a05000414f7452a008060152772e4a135e76e9e52fde0f1580414edd8f2ee9772" +
- "52853a330b297a18f5c993853b3f02045456656e8000180f323031353036303230393032" +
- "30375aa011180f32303135303630333130303033305a3065303d300906052b0e03021a05" +
- "000414f7452a008060152772e4a135e76e9e52fde0f1580414edd8f2ee977252853a330b" +
- "297a18f5c993853b3f02045456656f8000180f32303135303630323039303230375aa011" +
- "180f32303135303630333130303033305a3065303d300906052b0e03021a05000414f745" +
- "2a008060152772e4a135e76e9e52fde0f1580414edd8f2ee977252853a330b297a18f5c9" +
- "93853b3f0204545665708000180f32303135303630323039303230375aa011180f323031" +
- "35303630333130303033305a3065303d300906052b0e03021a05000414f7452a00806015" +
- "2772e4a135e76e9e52fde0f1580414edd8f2ee977252853a330b297a18f5c993853b3f02" +
- "04545665718000180f32303135303630323039303230375aa011180f3230313530363033" +
- "3130303033305a3065303d300906052b0e03021a05000414f7452a008060152772e4a135" +
- "e76e9e52fde0f1580414edd8f2ee977252853a330b297a18f5c993853b3f020454566572" +
- "8000180f32303135303630323039303230375aa011180f32303135303630333130303033" +
- "305a3065303d300906052b0e03021a05000414f7452a008060152772e4a135e76e9e52fd" +
- "e0f1580414edd8f2ee977252853a330b297a18f5c993853b3f0204545665738000180f32" +
- "303135303630323039303230375aa011180f32303135303630333130303033305a306530" +
- "3d300906052b0e03021a05000414f7452a008060152772e4a135e76e9e52fde0f1580414" +
- "edd8f2ee977252853a330b297a18f5c993853b3f0204545665748000180f323031353036" +
- "30323039303230375aa011180f32303135303630333130303033305a3065303d30090605" +
- "2b0e03021a05000414f7452a008060152772e4a135e76e9e52fde0f1580414edd8f2ee97" +
- "7252853a330b297a18f5c993853b3f0204545665758000180f3230313530363032303930" +
- "3230375aa011180f32303135303630333130303033305a3065303d300906052b0e03021a" +
- "05000414f7452a008060152772e4a135e76e9e52fde0f1580414edd8f2ee977252853a33" +
- "0b297a18f5c993853b3f0204545665768000180f32303135303630323039303230375aa0" +
- "11180f32303135303630333130303033305a3065303d300906052b0e03021a05000414f7" +
- "452a008060152772e4a135e76e9e52fde0f1580414edd8f2ee977252853a330b297a18f5" +
- "c993853b3f0204545665778000180f32303135303630323039303230375aa011180f3230" +
- "3135303630333130303033305a3065303d300906052b0e03021a05000414f7452a008060" +
- "152772e4a135e76e9e52fde0f1580414edd8f2ee977252853a330b297a18f5c993853b3f" +
- "0204545665788000180f32303135303630323039303230375aa011180f32303135303630" +
- "333130303033305a3065303d300906052b0e03021a05000414f7452a008060152772e4a1" +
- "35e76e9e52fde0f1580414edd8f2ee977252853a330b297a18f5c993853b3f0204545665" +
- "798000180f32303135303630323039303230375aa011180f323031353036303331303030" +
- "33305a3065303d300906052b0e03021a05000414f7452a008060152772e4a135e76e9e52" +
- "fde0f1580414edd8f2ee977252853a330b297a18f5c993853b3f02045456657a8000180f" +
- "32303135303630323039303230375aa011180f32303135303630333130303033305a3065" +
- "303d300906052b0e03021a05000414f7452a008060152772e4a135e76e9e52fde0f15804" +
- "14edd8f2ee977252853a330b297a18f5c993853b3f02045456657b8000180f3230313530" +
- "3630323039303230375aa011180f32303135303630333130303033305a3065303d300906" +
- "052b0e03021a05000414f7452a008060152772e4a135e76e9e52fde0f1580414edd8f2ee" +
- "977252853a330b297a18f5c993853b3f02045456657c8000180f32303135303630323039" +
- "303230375aa011180f32303135303630333130303033305a3065303d300906052b0e0302" +
- "1a05000414f7452a008060152772e4a135e76e9e52fde0f1580414edd8f2ee977252853a" +
- "330b297a18f5c993853b3f02045456657d8000180f32303135303630323039303230375a" +
- "a011180f32303135303630333130303033305a300d06092a864886f70d01010505000382" +
- "01010016b73b92859979f27d15eb018cf069eed39c3d280213565f3026de11ba15bdb94d" +
- "764cf2d0fdd204ef926c588d7b183483c8a2b1995079c7ed04dcefcc650c1965be4b6832" +
- "a8839e832f7f60f638425eccdf9bc3a81fbe700fda426ddf4f06c29bee431bbbe81effda" +
- "a60b7da5b378f199af2f3c8380be7ba6c21c8e27124f8a4d8989926aea19055700848d33" +
- "799e833512945fd75364edbd2dd18b783c1e96e332266b17979a0b88c35b43f47c87c493" +
- "19155056ad8dbbae5ff2afad3c0e1c69ed111206ffda49875e8e4efc0926264823bc4423" +
- "c8a002f34288c4bc22516f98f54fc609943721f590ddd8d24f989457526b599b0eb75cb5" +
- "a80da1ad93a621a08205733082056f3082056b30820453a0030201020204545638c4300d" +
- "06092a864886f70d01010b0500308182310b300906035504061302555331183016060355" +
- "040a130f552e532e20476f7665726e6d656e7431233021060355040b131a446570617274" +
- "6d656e74206f662074686520547265617375727931223020060355040b13194365727469" +
- "6669636174696f6e20417574686f7269746965733110300e060355040b13074f43494f20" +
- "4341301e170d3135303332303131353531335a170d3135303633303034303030305a3081" +
- "98310b300906035504061302555331183016060355040a130f552e532e20476f7665726e" +
- "6d656e7431233021060355040b131a4465706172746d656e74206f662074686520547265" +
- "617375727931223020060355040b131943657274696669636174696f6e20417574686f72" +
- "69746965733110300e060355040b13074f43494f204341311430120603550403130b4f43" +
- "5350205369676e657230820122300d06092a864886f70d01010105000382010f00308201" +
- "0a0282010100c1b6fe1ba1ad50bb98c855811acbd67fe68057f48b8e08d3800e7f2c51b7" +
- "9e20551934971fd92b9c9e6c49453097927cba83a94c0b2fea7124ba5ac442b38e37dba6" +
- "7303d4962dd7d92b22a04b0e0e182e9ea67620b1c6ce09ee607c19e0e6e3adae81151db1" +
- "2bb7f706149349a292e21c1eb28565b6839df055e1a838a772ff34b5a1452618e2c26042" +
- "705d53f0af4b57aae6163f58216af12f3887813fe44b0321827b3a0c52b0e47d0aab94a2" +
- "f768ab0ba3901d22f8bb263823090b0e37a7f8856db4b0d165c42f3aa7e94f5f6ce1855e" +
- "98dc57adea0ae98ad39f67ecdec00b88685566e9e8d69f6cefb6ddced53015d0d3b862bc" +
- "be21f3d72251eefcec730203010001a38201cf308201cb300e0603551d0f0101ff040403" +
- "020780306b0603551d2004643062300c060a60864801650302010502300c060a60864801" +
- "650302010503300c060a60864801650302010504300c060a60864801650302010507300c" +
- "060a60864801650302010508300c060a6086480165030201030d300c060a608648016503" +
- "020103113081e506082b060105050701010481d83081d5303006082b0601050507300286" +
- "24687474703a2f2f706b692e74726561732e676f762f746f63615f65655f6169612e7037" +
- "633081a006082b060105050730028681936c6461703a2f2f6c6461702e74726561732e67" +
- "6f762f6f753d4f43494f25323043412c6f753d43657274696669636174696f6e25323041" +
- "7574686f7269746965732c6f753d4465706172746d656e742532306f6625323074686525" +
- "323054726561737572792c6f3d552e532e253230476f7665726e6d656e742c633d55533f" +
- "634143657274696669636174653b62696e61727930130603551d25040c300a06082b0601" +
- "0505070309300f06092b060105050730010504020500301f0603551d23041830168014a2" +
- "13a8e5c607546c243d4eb72b27a2a7711ab5af301d0603551d0e0416041451f98046818a" +
- "e46d953ac90c210ccfaa1a06980c300d06092a864886f70d01010b050003820101003a37" +
- "0b301d14ffdeb370883639bec5ae6f572dcbddadd672af16ee2a8303316b14e1fbdca8c2" +
- "8f4bad9c7b1410250e149c14e9830ca6f17370a8d13151205d956e28c141cc0500379596" +
- "c5b9239fcfa3d2de8f1d4f1a2b1bf2d1851bed1c86012ee8135bdc395cd4496ce69fadd0" +
- "3b682b90350ca7b4f458190b7a0ab5c33a04cf1347a77d541877a380a4c94988c5658908" +
- "44fdc22637a72b9fa410333e2caf969477f9fe07f50e3681c204fb3bf073b9da01cd8d91" +
- "8044c40b1159955af12a3263ab1d34119d7f59bfa6cae88ed058addc4e08250263f8f836" +
- "2f5bdffd45636fea7474c60a55c535954477b2f286e1b2535f0dd12c162f1b353c370e08" +
- "be67"
-
-const ocspMultiResponseCertHex = "308207943082067ca003020102020454566573300d06092a864886f70d01010b05003081" +
- "82310b300906035504061302555331183016060355040a130f552e532e20476f7665726e" +
- "6d656e7431233021060355040b131a4465706172746d656e74206f662074686520547265" +
- "617375727931223020060355040b131943657274696669636174696f6e20417574686f72" +
- "69746965733110300e060355040b13074f43494f204341301e170d313530343130313535" +
- "3733385a170d3138303431303136323733385a30819d310b300906035504061302555331" +
- "183016060355040a130f552e532e20476f7665726e6d656e7431233021060355040b131a" +
- "4465706172746d656e74206f662074686520547265617375727931253023060355040b13" +
- "1c427572656175206f66207468652046697363616c20536572766963653110300e060355" +
- "040b130744657669636573311630140603550403130d706b692e74726561732e676f7630" +
- "820122300d06092a864886f70d01010105000382010f003082010a0282010100c7273623" +
- "8c49c48bf501515a2490ef6e5ae0c06e0ad2aa9a6bb77f3d0370d846b2571581ebf38fd3" +
- "1948daad3dec7a4da095f1dcbe9654e65bcf7acdfd4ee802421dad9b90536c721d2bca58" +
- "8413e6bfd739a72470560bb7d64f9a09284f90ff8af1d5a3c5c84d0f95a00f9c6d988dd0" +
- "d87f1d0d3344580901c955139f54d09de0acdbd3322b758cb0c58881bf04913243401f44" +
- "013fd9f6d8348044cc8bb0a71978ad93366b2a4687a5274b2ee07d0fb40225453eb244ed" +
- "b20152251ac77c59455260ff07eeceb3cb3c60fb8121cf92afd3daa2a4650e1942ccb555" +
- "de10b3d481feb299838ef05d0fd1810b146753472ae80da65dd34da25ca1f89971f10039" +
- "0203010001a38203f3308203ef300e0603551d0f0101ff0404030205a030170603551d20" +
- "0410300e300c060a60864801650302010503301106096086480186f84201010404030206" +
- "4030130603551d25040c300a06082b060105050703013082010806082b06010505070101" +
- "0481fb3081f8303006082b060105050730028624687474703a2f2f706b692e7472656173" +
- "2e676f762f746f63615f65655f6169612e7037633081a006082b06010505073002868193" +
- "6c6461703a2f2f6c6461702e74726561732e676f762f6f753d4f43494f25323043412c6f" +
- "753d43657274696669636174696f6e253230417574686f7269746965732c6f753d446570" +
- "6172746d656e742532306f6625323074686525323054726561737572792c6f3d552e532e" +
- "253230476f7665726e6d656e742c633d55533f634143657274696669636174653b62696e" +
- "617279302106082b060105050730018615687474703a2f2f6f6373702e74726561732e67" +
- "6f76307b0603551d1104743072811c6373612d7465616d4066697363616c2e7472656173" +
- "7572792e676f768210706b692e74726561737572792e676f768210706b692e64696d632e" +
- "6468732e676f76820d706b692e74726561732e676f76811f6563622d686f7374696e6740" +
- "66697363616c2e74726561737572792e676f76308201890603551d1f048201803082017c" +
- "3027a025a0238621687474703a2f2f706b692e74726561732e676f762f4f43494f5f4341" +
- "332e63726c3082014fa082014ba0820147a48197308194310b3009060355040613025553" +
- "31183016060355040a130f552e532e20476f7665726e6d656e7431233021060355040b13" +
- "1a4465706172746d656e74206f662074686520547265617375727931223020060355040b" +
- "131943657274696669636174696f6e20417574686f7269746965733110300e060355040b" +
- "13074f43494f2043413110300e0603550403130743524c313430398681aa6c6461703a2f" +
- "2f6c6461702e74726561732e676f762f636e3d43524c313430392c6f753d4f43494f2532" +
- "3043412c6f753d43657274696669636174696f6e253230417574686f7269746965732c6f" +
- "753d4465706172746d656e742532306f6625323074686525323054726561737572792c6f" +
- "3d552e532e253230476f7665726e6d656e742c633d55533f636572746966696361746552" +
- "65766f636174696f6e4c6973743b62696e617279302b0603551d1004243022800f323031" +
- "35303431303135353733385a810f32303138303431303136323733385a301f0603551d23" +
- "041830168014a213a8e5c607546c243d4eb72b27a2a7711ab5af301d0603551d0e041604" +
- "14b0869c12c293914cd460e33ed43e6c5a26e0d68f301906092a864886f67d074100040c" +
- "300a1b0456382e31030203a8300d06092a864886f70d01010b050003820101004968d182" +
- "8f9efdc147e747bb5dda15536a42a079b32d3d7f87e619b483aeee70b7e26bda393c6028" +
- "7c733ecb468fe8b8b11bf809ff76add6b90eb25ad8d3a1052e43ee281e48a3a1ebe7efb5" +
- "9e2c4a48765dedeb23f5346242145786cc988c762d230d28dd33bf4c2405d80cbb2cb1d6" +
- "4c8f10ba130d50cb174f6ffb9cfc12808297a2cefba385f4fad170f39b51ebd87c12abf9" +
- "3c51fc000af90d8aaba78f48923908804a5eb35f617ccf71d201e3708a559e6d16f9f13e" +
- "074361eb9007e28d86bb4e0bfa13aad0e9ddd9124e84519de60e2fc6040b18d9fd602b02" +
- "684b4c071c3019fc842197d00c120c41654bcbfbc4a096a1c637b79112b81ce1fa3899f9"
-
const ocspRequestHex = "3051304f304d304b3049300906052b0e03021a05000414c0fe0278fc99188891b3f212e9" +
"c7e1b21ab7bfc004140dfc1df0a9e0f01ce7f2b213177e6f8d157cd4f60210017f77deb3" +
"bcbb235d44ccc7dba62e72"
