12932648271e72bad181b293e1fa5945265c7dbedUrs Grob/* 22932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Copyright (C) 2009 The Android Open Source Project 32932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 42932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Licensed under the Apache License, Version 2.0 (the "License"); 52932648271e72bad181b293e1fa5945265c7dbedUrs Grob * you may not use this file except in compliance with the License. 62932648271e72bad181b293e1fa5945265c7dbedUrs Grob * You may obtain a copy of the License at 72932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 82932648271e72bad181b293e1fa5945265c7dbedUrs Grob * http://www.apache.org/licenses/LICENSE-2.0 92932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 102932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Unless required by applicable law or agreed to in writing, software 112932648271e72bad181b293e1fa5945265c7dbedUrs Grob * distributed under the License is distributed on an "AS IS" BASIS, 122932648271e72bad181b293e1fa5945265c7dbedUrs Grob * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 132932648271e72bad181b293e1fa5945265c7dbedUrs Grob * See the License for the specific language governing permissions and 142932648271e72bad181b293e1fa5945265c7dbedUrs Grob * limitations under the License. 152932648271e72bad181b293e1fa5945265c7dbedUrs Grob */ 162932648271e72bad181b293e1fa5945265c7dbedUrs Grobpackage tests.targets.security.cert; 172932648271e72bad181b293e1fa5945265c7dbedUrs Grob 182932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport dalvik.annotation.AndroidOnly; 192932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport dalvik.annotation.TestLevel; 202932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport dalvik.annotation.TestTargetNew; 212932648271e72bad181b293e1fa5945265c7dbedUrs Grob 222932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport junit.framework.TestCase; 232932648271e72bad181b293e1fa5945265c7dbedUrs Grob 242932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport java.io.ByteArrayInputStream; 252932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport java.security.KeyStore; 262932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport java.security.NoSuchAlgorithmException; 272932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport java.security.Provider; 282932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport java.security.PublicKey; 292932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport java.security.Security; 302932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport java.security.cert.CertPath; 312932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport java.security.cert.CertPathValidator; 322932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport java.security.cert.CertPathValidatorResult; 332932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport java.security.cert.Certificate; 342932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport java.security.cert.CertificateFactory; 352932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport java.security.cert.PKIXCertPathValidatorResult; 362932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport java.security.cert.PKIXParameters; 372932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport java.security.cert.X509Certificate; 382932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport java.util.ArrayList; 392932648271e72bad181b293e1fa5945265c7dbedUrs Grobimport java.util.List; 402932648271e72bad181b293e1fa5945265c7dbedUrs Grob 412932648271e72bad181b293e1fa5945265c7dbedUrs Grobpublic class CertificateTest extends TestCase { 422932648271e72bad181b293e1fa5945265c7dbedUrs Grob 432932648271e72bad181b293e1fa5945265c7dbedUrs Grob /* 442932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Following certificate chain was taken from https://www.verisign.com and 452932648271e72bad181b293e1fa5945265c7dbedUrs Grob * uses MD2withRSA for the root certificate. This chain stops validating 462932648271e72bad181b293e1fa5945265c7dbedUrs Grob * in Nov 2016. 472932648271e72bad181b293e1fa5945265c7dbedUrs Grob */ 482932648271e72bad181b293e1fa5945265c7dbedUrs Grob 492932648271e72bad181b293e1fa5945265c7dbedUrs Grob /** 502932648271e72bad181b293e1fa5945265c7dbedUrs Grob * A selfsigned certificate using MD2withRSA 512932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 522932648271e72bad181b293e1fa5945265c7dbedUrs Grob * <pre> 532932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Certificate: 542932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Data: 552932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Version: 1 (0x0) 562932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Serial Number: 572932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf 582932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Signature Algorithm: md2WithRSAEncryption 592932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 602932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Validity 612932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Not Before: Jan 29 00:00:00 1996 GMT 622932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Not After : Aug 1 23:59:59 2028 GMT 632932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 642932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Subject Public Key Info: 652932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Public Key Algorithm: rsaEncryption 662932648271e72bad181b293e1fa5945265c7dbedUrs Grob * RSA Public Key: (1024 bit) 672932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Modulus (1024 bit): 682932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 00:c9:5c:59:9e:f2:1b:8a:01:14:b4:10:df:04:40: 692932648271e72bad181b293e1fa5945265c7dbedUrs Grob * db:e3:57:af:6a:45:40:8f:84:0c:0b:d1:33:d9:d9: 702932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 11:cf:ee:02:58:1f:25:f7:2a:a8:44:05:aa:ec:03: 712932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 1f:78:7f:9e:93:b9:9a:00:aa:23:7d:d6:ac:85:a2: 722932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 63:45:c7:72:27:cc:f4:4c:c6:75:71:d2:39:ef:4f: 732932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 42:f0:75:df:0a:90:c6:8e:20:6f:98:0f:f8:ac:23: 742932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 5f:70:29:36:a4:c9:86:e7:b1:9a:20:cb:53:a5:85: 752932648271e72bad181b293e1fa5945265c7dbedUrs Grob * e7:3d:be:7d:9a:fe:24:45:33:dc:76:15:ed:0f:a2: 762932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 71:64:4c:65:2e:81:68:45:a7 772932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Exponent: 65537 (0x10001) 782932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Signature Algorithm: md2WithRSAEncryption 792932648271e72bad181b293e1fa5945265c7dbedUrs Grob * bb:4c:12:2b:cf:2c:26:00:4f:14:13:dd:a6:fb:fc:0a:11:84: 802932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 8c:f3:28:1c:67:92:2f:7c:b6:c5:fa:df:f0:e8:95:bc:1d:8f: 812932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 6c:2c:a8:51:cc:73:d8:a4:c0:53:f0:4e:d6:26:c0:76:01:57: 822932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 81:92:5e:21:f1:d1:b1:ff:e7:d0:21:58:cd:69:17:e3:44:1c: 832932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 9c:19:44:39:89:5c:dc:9c:00:0f:56:8d:02:99:ed:a2:90:45: 842932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 4c:e4:bb:10:a4:3d:f0:32:03:0e:f1:ce:f8:e8:c9:51:8c:e6: 852932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 62:9f:e6:9f:c0:7d:b7:72:9c:c9:36:3a:6b:9f:4e:a8:ff:64: 862932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 0d:64 872932648271e72bad181b293e1fa5945265c7dbedUrs Grob * </pre> 882932648271e72bad181b293e1fa5945265c7dbedUrs Grob */ 892932648271e72bad181b293e1fa5945265c7dbedUrs Grob private static final String selfSignedCertMD2 = 902932648271e72bad181b293e1fa5945265c7dbedUrs Grob "-----BEGIN CERTIFICATE-----\n" 912932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n" 922932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" 932932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" 942932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" 952932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n" 962932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" 972932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n" 982932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n" 992932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n" 1002932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n" 1012932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n" 1022932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n" 1032932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "-----END CERTIFICATE-----\n"; 1042932648271e72bad181b293e1fa5945265c7dbedUrs Grob 1052932648271e72bad181b293e1fa5945265c7dbedUrs Grob /** 1062932648271e72bad181b293e1fa5945265c7dbedUrs Grob * A certificate signed by selfSignedCertMD2 1072932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 1082932648271e72bad181b293e1fa5945265c7dbedUrs Grob * <pre> 1092932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Certificate: 1102932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Data: 1112932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Version: 3 (0x2) 1122932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Serial Number: 1132932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 57:bf:fb:03:fb:2c:46:d4:e1:9e:ce:e0:d7:43:7f:13 1142932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Signature Algorithm: sha1WithRSAEncryption 1152932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 1162932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Validity 1172932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Not Before: Nov 8 00:00:00 2006 GMT 1182932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Not After : Nov 7 23:59:59 2021 GMT 1192932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 1202932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Subject Public Key Info: 1212932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Public Key Algorithm: rsaEncryption 1222932648271e72bad181b293e1fa5945265c7dbedUrs Grob * RSA Public Key: (2048 bit) 1232932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Modulus (2048 bit): 1242932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 00:af:24:08:08:29:7a:35:9e:60:0c:aa:e7:4b:3b: 1252932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 4e:dc:7c:bc:3c:45:1c:bb:2b:e0:fe:29:02:f9:57: 1262932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 08:a3:64:85:15:27:f5:f1:ad:c8:31:89:5d:22:e8: 1272932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 2a:aa:a6:42:b3:8f:f8:b9:55:b7:b1:b7:4b:b3:fe: 1282932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 8f:7e:07:57:ec:ef:43:db:66:62:15:61:cf:60:0d: 1292932648271e72bad181b293e1fa5945265c7dbedUrs Grob * a4:d8:de:f8:e0:c3:62:08:3d:54:13:eb:49:ca:59: 1302932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 54:85:26:e5:2b:8f:1b:9f:eb:f5:a1:91:c2:33:49: 1312932648271e72bad181b293e1fa5945265c7dbedUrs Grob * d8:43:63:6a:52:4b:d2:8f:e8:70:51:4d:d1:89:69: 1322932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 7b:c7:70:f6:b3:dc:12:74:db:7b:5d:4b:56:d3:96: 1332932648271e72bad181b293e1fa5945265c7dbedUrs Grob * bf:15:77:a1:b0:f4:a2:25:f2:af:1c:92:67:18:e5: 1342932648271e72bad181b293e1fa5945265c7dbedUrs Grob * f4:06:04:ef:90:b9:e4:00:e4:dd:3a:b5:19:ff:02: 1352932648271e72bad181b293e1fa5945265c7dbedUrs Grob * ba:f4:3c:ee:e0:8b:eb:37:8b:ec:f4:d7:ac:f2:f6: 1362932648271e72bad181b293e1fa5945265c7dbedUrs Grob * f0:3d:af:dd:75:91:33:19:1d:1c:40:cb:74:24:19: 1372932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 21:93:d9:14:fe:ac:2a:52:c7:8f:d5:04:49:e4:8d: 1382932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 63:47:88:3c:69:83:cb:fe:47:bd:2b:7e:4f:c5:95: 1392932648271e72bad181b293e1fa5945265c7dbedUrs Grob * ae:0e:9d:d4:d1:43:c0:67:73:e3:14:08:7e:e5:3f: 1402932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 9f:73:b8:33:0a:cf:5d:3f:34:87:96:8a:ee:53:e8: 1412932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 25:15 1422932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Exponent: 65537 (0x10001) 1432932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 extensions: 1442932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Basic Constraints: critical 1452932648271e72bad181b293e1fa5945265c7dbedUrs Grob * CA:TRUE 1462932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 CRL Distribution Points: 1472932648271e72bad181b293e1fa5945265c7dbedUrs Grob * URI:http://crl.verisign.com/pca3.crl 1482932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Key Usage: critical 1492932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Certificate Sign, CRL Sign 1502932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 1.3.6.1.5.5.7.1.12: 1512932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif 1522932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Certificate Policies: 1532932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Policy: X509v3 Any Policy 1542932648271e72bad181b293e1fa5945265c7dbedUrs Grob * CPS: https://www.verisign.com/cps 1552932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Subject Key Identifier: 1562932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33 1572932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Extended Key Usage: 1582932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1, TLS Web Server Authentication, TLS Web Client Authentication 1592932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Authority Key Identifier: 1602932648271e72bad181b293e1fa5945265c7dbedUrs Grob * DirName:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority 1612932648271e72bad181b293e1fa5945265c7dbedUrs Grob * serial:70:BA:E4:1D:10:D9:29:34:B6:38:CA:7B:03:CC:BA:BF 1622932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Signature Algorithm: sha1WithRSAEncryption 1632932648271e72bad181b293e1fa5945265c7dbedUrs Grob * a9:7b:66:29:30:f7:d5:b4:a6:96:12:d0:ee:72:f0:58:11:69: 1642932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 15:55:5f:41:ff:d2:12:84:13:a4:d9:03:66:ff:a9:e0:4c:c9: 1652932648271e72bad181b293e1fa5945265c7dbedUrs Grob * ed:8c:72:8b:b4:d7:55:3b:29:15:60:c8:3c:21:ef:44:2e:93: 1662932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 3d:c6:0b:0c:8d:24:3f:1e:fb:01:5a:7a:dd:83:66:14:d1:c7: 1672932648271e72bad181b293e1fa5945265c7dbedUrs Grob * fd:30:53:48:51:85:85:13:a8:54:e1:ee:76:a2:89:18:d3:97: 1682932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 89:7a:c6:fd:b3:bd:94:61:5a:3a:08:cf:14:93:bd:93:fd:09: 1692932648271e72bad181b293e1fa5945265c7dbedUrs Grob * a9:7b:56:c8:00:b8:44:58:e9:de:5b:77:bd:07:1c:6c:0b:30: 1702932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 30:c7 1712932648271e72bad181b293e1fa5945265c7dbedUrs Grob * </pre> 1722932648271e72bad181b293e1fa5945265c7dbedUrs Grob */ 1732932648271e72bad181b293e1fa5945265c7dbedUrs Grob private static final String signedCert1Chain1 = 1742932648271e72bad181b293e1fa5945265c7dbedUrs Grob "-----BEGIN CERTIFICATE-----\n" 1752932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MIIFEzCCBHygAwIBAgIQV7/7A/ssRtThns7g10N/EzANBgkqhkiG9w0BAQUFADBf\n" 1762932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n" 1772932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n" 1782932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n" 1792932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n" 1802932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n" 1812932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n" 1822932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n" 1832932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n" 1842932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n" 1852932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n" 1862932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n" 1872932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n" 1882932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n" 1892932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "AAGjggHeMIIB2jAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n" 1902932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjBt\n" 1912932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIa\n" 1922932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "BBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5j\n" 1932932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "b20vdnNsb2dvLmdpZjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n" 1942932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7Lvw\n" 1952932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MAnzQzn6Aq8zMTMwNAYDVR0lBC0wKwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBBggr\n" 1962932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "BgEFBQcDAQYIKwYBBQUHAwIwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVT\n" 1972932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJs\n" 1982932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "aWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7\n" 1992932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "A8y6vzANBgkqhkiG9w0BAQUFAAOBgQCpe2YpMPfVtKaWEtDucvBYEWkVVV9B/9IS\n" 2002932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "hBOk2QNm/6ngTMntjHKLtNdVOykVYMg8Ie9ELpM9xgsMjSQ/HvsBWnrdg2YU0cf9\n" 2012932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MFNIUYWFE6hU4e52ookY05eJesb9s72UYVo6CM8Uk72T/Qmpe1bIALhEWOneW3e9\n" 2022932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "BxxsCzAwxw==\n" 2032932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "-----END CERTIFICATE-----"; 2042932648271e72bad181b293e1fa5945265c7dbedUrs Grob 2052932648271e72bad181b293e1fa5945265c7dbedUrs Grob /** 2062932648271e72bad181b293e1fa5945265c7dbedUrs Grob * A certificate signed by signedCert1Chain1 2072932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 2082932648271e72bad181b293e1fa5945265c7dbedUrs Grob * <pre> 2092932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Certificate: 2102932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Data: 2112932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Version: 3 (0x2) 2122932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Serial Number: 2132932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 11:2a:00:6d:37:e5:10:6f:d6:ca:7c:c3:ef:ba:cc:18 2142932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Signature Algorithm: sha1WithRSAEncryption 2152932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 2162932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Validity 2172932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Not Before: Nov 8 00:00:00 2006 GMT 2182932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Not After : Nov 7 23:59:59 2016 GMT 2192932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)06, CN=VeriSign Class 3 Extended Validation SSL SGC CA 2202932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Subject Public Key Info: 2212932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Public Key Algorithm: rsaEncryption 2222932648271e72bad181b293e1fa5945265c7dbedUrs Grob * RSA Public Key: (2048 bit) 2232932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Modulus (2048 bit): 2242932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 00:bd:56:88:ba:88:34:64:64:cf:cd:ca:b0:ee:e7: 2252932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 19:73:c5:72:d9:bb:45:bc:b5:a8:ff:83:be:1c:03: 2262932648271e72bad181b293e1fa5945265c7dbedUrs Grob * db:ed:89:b7:2e:10:1a:25:bc:55:ca:41:a1:9f:0b: 2272932648271e72bad181b293e1fa5945265c7dbedUrs Grob * cf:19:5e:70:b9:5e:39:4b:9e:31:1c:5f:87:ae:2a: 2282932648271e72bad181b293e1fa5945265c7dbedUrs Grob * aa:a8:2b:a2:1b:3b:10:23:5f:13:b1:dd:08:8c:4e: 2292932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 14:da:83:81:e3:b5:8c:e3:68:ed:24:67:ce:56:b6: 2302932648271e72bad181b293e1fa5945265c7dbedUrs Grob * ac:9b:73:96:44:db:8a:8c:b3:d6:f0:71:93:8e:db: 2312932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 71:54:4a:eb:73:59:6a:8f:70:51:2c:03:9f:97:d1: 2322932648271e72bad181b293e1fa5945265c7dbedUrs Grob * cc:11:7a:bc:62:0d:95:2a:c9:1c:75:57:e9:f5:c7: 2332932648271e72bad181b293e1fa5945265c7dbedUrs Grob * ea:ba:84:35:cb:c7:85:5a:7e:e4:4d:e1:11:97:7d: 2342932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 0e:20:34:45:db:f1:a2:09:eb:eb:3d:9e:b8:96:43: 2352932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 5e:34:4b:08:25:1e:43:1a:a2:d9:b7:8a:01:34:3d: 2362932648271e72bad181b293e1fa5945265c7dbedUrs Grob * c3:f8:e5:af:4f:8c:ff:cd:65:f0:23:4e:c5:97:b3: 2372932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 5c:da:90:1c:82:85:0d:06:0d:c1:22:b6:7b:28:a4: 2382932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 03:c3:4c:53:d1:58:bc:72:bc:08:39:fc:a0:76:a8: 2392932648271e72bad181b293e1fa5945265c7dbedUrs Grob * a8:e9:4b:6e:88:3d:e3:b3:31:25:8c:73:29:48:0e: 2402932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 32:79:06:ed:3d:43:f4:f6:e4:e9:fc:7d:be:8e:08: 2412932648271e72bad181b293e1fa5945265c7dbedUrs Grob * d5:1f 2422932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Exponent: 65537 (0x10001) 2432932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 extensions: 2442932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Subject Key Identifier: 2452932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 4E:43:C8:1D:76:EF:37:53:7A:4F:F2:58:6F:94:F3:38:E2:D5:BD:DF 2462932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Basic Constraints: critical 2472932648271e72bad181b293e1fa5945265c7dbedUrs Grob * CA:TRUE, pathlen:0 2482932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Certificate Policies: 2492932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Policy: X509v3 Any Policy 2502932648271e72bad181b293e1fa5945265c7dbedUrs Grob * CPS: https://www.verisign.com/cps 2512932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 CRL Distribution Points: 2522932648271e72bad181b293e1fa5945265c7dbedUrs Grob * URI:http://EVSecure-crl.verisign.com/pca3-g5.crl 2532932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Extended Key Usage: 2542932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1 2552932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Key Usage: critical 2562932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Certificate Sign, CRL Sign 2572932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Netscape Cert Type: 2582932648271e72bad181b293e1fa5945265c7dbedUrs Grob * SSL CA, S/MIME CA 2592932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 1.3.6.1.5.5.7.1.12: 2602932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif 2612932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Subject Alternative Name: 2622932648271e72bad181b293e1fa5945265c7dbedUrs Grob * DirName:/CN=Class3CA2048-1-48 2632932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Authority Information Access: 2642932648271e72bad181b293e1fa5945265c7dbedUrs Grob * OCSP - URI:http://EVSecure-ocsp.verisign.com 2652932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Authority Key Identifier: 2662932648271e72bad181b293e1fa5945265c7dbedUrs Grob * keyid:7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33 2672932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Signature Algorithm: sha1WithRSAEncryption 2682932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 5a:a2:b1:bf:eb:8d:d4:38:a8:80:72:c2:dc:38:2e:ac:a7:71: 2692932648271e72bad181b293e1fa5945265c7dbedUrs Grob * f9:2b:a3:bb:47:bb:6d:69:6f:10:36:98:8c:c7:56:2e:bb:bc: 2702932648271e72bad181b293e1fa5945265c7dbedUrs Grob * ab:4a:9b:7a:d6:f2:82:93:e0:14:fe:8a:ce:83:b7:83:db:93: 2712932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 87:ab:ac:65:79:49:fd:57:a9:b1:ce:09:1f:ba:10:15:c4:09: 2722932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 0e:62:e3:f9:0a:25:d5:64:98:f0:f2:a8:0f:76:32:7e:91:e6: 2732932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 18:ee:bc:e7:da:d0:4e:8d:78:bb:e2:9d:c0:59:2b:c0:ce:95: 2742932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 0d:24:0c:72:ca:34:5e:70:22:89:2b:4a:b0:f1:68:87:f3:ee: 2752932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 44:8d:28:40:77:39:6e:48:72:45:31:5d:6b:39:0e:86:02:ea: 2762932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 66:99:93:31:0f:df:67:de:a6:9f:8c:9d:4c:ce:71:6f:3a:21: 2772932648271e72bad181b293e1fa5945265c7dbedUrs Grob * f6:b9:34:3f:f9:6e:d8:9a:f7:3e:da:f3:81:5f:7a:5c:6d:8f: 2782932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 7c:f6:99:74:b7:ff:e4:17:5d:ed:61:5e:ab:48:bb:96:8d:66: 2792932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 45:39:b4:12:0a:f6:70:e9:9c:76:22:4b:60:e9:2a:1b:34:49: 2802932648271e72bad181b293e1fa5945265c7dbedUrs Grob * f7:a2:d4:67:c0:b1:26:ad:13:ba:d9:84:01:c1:ab:e1:8e:6d: 2812932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 70:16:3b:77:ac:91:9a:bb:1a:1f:da:58:a7:e4:4f:c1:61:ae: 2822932648271e72bad181b293e1fa5945265c7dbedUrs Grob * bc:a2:fe:4b 2832932648271e72bad181b293e1fa5945265c7dbedUrs Grob * </pre> 2842932648271e72bad181b293e1fa5945265c7dbedUrs Grob */ 2852932648271e72bad181b293e1fa5945265c7dbedUrs Grob private static final String signedCert2Chain1 = 2862932648271e72bad181b293e1fa5945265c7dbedUrs Grob "-----BEGIN CERTIFICATE-----\n" 2872932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MIIGCjCCBPKgAwIBAgIQESoAbTflEG/WynzD77rMGDANBgkqhkiG9w0BAQUFADCB\n" 2882932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" 2892932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n" 2902932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n" 2912932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n" 2922932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBvjEL\n" 2932932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n" 2942932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n" 2952932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMvVmVy\n" 2962932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0EwggEi\n" 2972932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Voi6iDRkZM/NyrDu5xlzxXLZ\n" 2982932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "u0W8taj/g74cA9vtibcuEBolvFXKQaGfC88ZXnC5XjlLnjEcX4euKqqoK6IbOxAj\n" 2992932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "XxOx3QiMThTag4HjtYzjaO0kZ85Wtqybc5ZE24qMs9bwcZOO23FUSutzWWqPcFEs\n" 3002932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "A5+X0cwRerxiDZUqyRx1V+n1x+q6hDXLx4VafuRN4RGXfQ4gNEXb8aIJ6+s9nriW\n" 3012932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "Q140SwglHkMaotm3igE0PcP45a9PjP/NZfAjTsWXs1zakByChQ0GDcEitnsopAPD\n" 3022932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "TFPRWLxyvAg5/KB2qKjpS26IPeOzMSWMcylIDjJ5Bu09Q/T25On8fb6OCNUfAgMB\n" 3032932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "AAGjggH0MIIB8DAdBgNVHQ4EFgQUTkPIHXbvN1N6T/JYb5TzOOLVvd8wEgYDVR0T\n" 3042932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "AQH/BAgwBgEB/wIBADA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n" 3052932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczA9BgNVHR8ENjA0MDKgMKAuhixo\n" 3062932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "dHRwOi8vRVZTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9wY2EzLWc1LmNybDAgBgNV\n" 3072932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "HSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDgYDVR0PAQH/BAQDAgEGMBEG\n" 3082932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "CWCGSAGG+EIBAQQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFn\n" 3092932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "ZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRw\n" 3102932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "Oi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEa\n" 3112932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MBgGA1UEAxMRQ2xhc3MzQ0EyMDQ4LTEtNDgwPQYIKwYBBQUHAQEEMTAvMC0GCCsG\n" 3122932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "AQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5jb20wHwYDVR0j\n" 3132932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "BBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAFqi\n" 3142932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "sb/rjdQ4qIBywtw4Lqyncfkro7tHu21pbxA2mIzHVi67vKtKm3rW8oKT4BT+is6D\n" 3152932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "t4Pbk4errGV5Sf1XqbHOCR+6EBXECQ5i4/kKJdVkmPDyqA92Mn6R5hjuvOfa0E6N\n" 3162932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "eLvincBZK8DOlQ0kDHLKNF5wIokrSrDxaIfz7kSNKEB3OW5IckUxXWs5DoYC6maZ\n" 3172932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "kzEP32fepp+MnUzOcW86Ifa5ND/5btia9z7a84Ffelxtj3z2mXS3/+QXXe1hXqtI\n" 3182932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "u5aNZkU5tBIK9nDpnHYiS2DpKhs0Sfei1GfAsSatE7rZhAHBq+GObXAWO3eskZq7\n" 3192932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "Gh/aWKfkT8Fhrryi/ks=\n" 3202932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "-----END CERTIFICATE-----"; 3212932648271e72bad181b293e1fa5945265c7dbedUrs Grob 3222932648271e72bad181b293e1fa5945265c7dbedUrs Grob /* 3232932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Following certificate chain was taken from https://www.thawte.com and 3242932648271e72bad181b293e1fa5945265c7dbedUrs Grob * uses MD5withRSA for the root certificate. This chain stops validating 3252932648271e72bad181b293e1fa5945265c7dbedUrs Grob * in Nov 2016. 3262932648271e72bad181b293e1fa5945265c7dbedUrs Grob */ 3272932648271e72bad181b293e1fa5945265c7dbedUrs Grob 3282932648271e72bad181b293e1fa5945265c7dbedUrs Grob /** 3292932648271e72bad181b293e1fa5945265c7dbedUrs Grob * A selfsigned certificate using MD5withRSA 3302932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 3312932648271e72bad181b293e1fa5945265c7dbedUrs Grob * <pre> 3322932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Certificate: 3332932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Data: 3342932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Version: 3 (0x2) 3352932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Serial Number: 1 (0x1) 3362932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Signature Algorithm: md5WithRSAEncryption 3372932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com 3382932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Validity 3392932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Not Before: Aug 1 00:00:00 1996 GMT 3402932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Not After : Dec 31 23:59:59 2020 GMT 3412932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com 3422932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Subject Public Key Info: 3432932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Public Key Algorithm: rsaEncryption 3442932648271e72bad181b293e1fa5945265c7dbedUrs Grob * RSA Public Key: (1024 bit) 3452932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Modulus (1024 bit): 3462932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 00:d2:36:36:6a:8b:d7:c2:5b:9e:da:81:41:62:8f: 3472932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 38:ee:49:04:55:d6:d0:ef:1c:1b:95:16:47:ef:18: 3482932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 48:35:3a:52:f4:2b:6a:06:8f:3b:2f:ea:56:e3:af: 3492932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 86:8d:9e:17:f7:9e:b4:65:75:02:4d:ef:cb:09:a2: 3502932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 21:51:d8:9b:d0:67:d0:ba:0d:92:06:14:73:d4:93: 3512932648271e72bad181b293e1fa5945265c7dbedUrs Grob * cb:97:2a:00:9c:5c:4e:0c:bc:fa:15:52:fc:f2:44: 3522932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 6e:da:11:4a:6e:08:9f:2f:2d:e3:f9:aa:3a:86:73: 3532932648271e72bad181b293e1fa5945265c7dbedUrs Grob * b6:46:53:58:c8:89:05:bd:83:11:b8:73:3f:aa:07: 3542932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 8d:f4:42:4d:e7:40:9d:1c:37 3552932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Exponent: 65537 (0x10001) 3562932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 extensions: 3572932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Basic Constraints: critical 3582932648271e72bad181b293e1fa5945265c7dbedUrs Grob * CA:TRUE 3592932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Signature Algorithm: md5WithRSAEncryption 3602932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 26:48:2c:16:c2:58:fa:e8:16:74:0c:aa:aa:5f:54:3f:f2:d7: 3612932648271e72bad181b293e1fa5945265c7dbedUrs Grob * c9:78:60:5e:5e:6e:37:63:22:77:36:7e:b2:17:c4:34:b9:f5: 3622932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 08:85:fc:c9:01:38:ff:4d:be:f2:16:42:43:e7:bb:5a:46:fb: 3632932648271e72bad181b293e1fa5945265c7dbedUrs Grob * c1:c6:11:1f:f1:4a:b0:28:46:c9:c3:c4:42:7d:bc:fa:ab:59: 3642932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 6e:d5:b7:51:88:11:e3:a4:85:19:6b:82:4c:a4:0c:12:ad:e9: 3652932648271e72bad181b293e1fa5945265c7dbedUrs Grob * a4:ae:3f:f1:c3:49:65:9a:8c:c5:c8:3e:25:b7:94:99:bb:92: 3662932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 32:71:07:f0:86:5e:ed:50:27:a6:0d:a6:23:f9:bb:cb:a6:07: 3672932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 14:42 3682932648271e72bad181b293e1fa5945265c7dbedUrs Grob * </pre> 3692932648271e72bad181b293e1fa5945265c7dbedUrs Grob */ 3702932648271e72bad181b293e1fa5945265c7dbedUrs Grob private static final String selfSignedCertMD5 = 3712932648271e72bad181b293e1fa5945265c7dbedUrs Grob "-----BEGIN CERTIFICATE-----\n" 3722932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx\n" 3732932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD\n" 3742932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv\n" 3752932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy\n" 3762932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t\n" 3772932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB\n" 3782932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG\n" 3792932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp\n" 3802932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl\n" 3812932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv\n" 3822932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE\n" 3832932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ\n" 3842932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR\n" 3852932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG\n" 3862932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI\n" 3872932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM\n" 3882932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==\n" 3892932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "-----END CERTIFICATE-----"; 3902932648271e72bad181b293e1fa5945265c7dbedUrs Grob 3912932648271e72bad181b293e1fa5945265c7dbedUrs Grob /** 3922932648271e72bad181b293e1fa5945265c7dbedUrs Grob * A certificate signed by selfSignedCertMD5 3932932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 3942932648271e72bad181b293e1fa5945265c7dbedUrs Grob * <pre> 3952932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Certificate: 3962932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Data: 3972932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Version: 3 (0x2) 3982932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Serial Number: 3992932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 5f:a6:be:80:b6:86:c6:2f:01:ed:0c:ab:b1:96:a1:05 4002932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Signature Algorithm: sha1WithRSAEncryption 4012932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com 4022932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Validity 4032932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Not Before: Nov 17 00:00:00 2006 GMT 4042932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Not After : Dec 30 23:59:59 2020 GMT 4052932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 4062932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Subject Public Key Info: 4072932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Public Key Algorithm: rsaEncryption 4082932648271e72bad181b293e1fa5945265c7dbedUrs Grob * RSA Public Key: (2048 bit) 4092932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Modulus (2048 bit): 4102932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 00:ac:a0:f0:fb:80:59:d4:9c:c7:a4:cf:9d:a1:59: 4112932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 73:09:10:45:0c:0d:2c:6e:68:f1:6c:5b:48:68:49: 4122932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 59:37:fc:0b:33:19:c2:77:7f:cc:10:2d:95:34:1c: 4132932648271e72bad181b293e1fa5945265c7dbedUrs Grob * e6:eb:4d:09:a7:1c:d2:b8:c9:97:36:02:b7:89:d4: 4142932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 24:5f:06:c0:cc:44:94:94:8d:02:62:6f:eb:5a:dd: 4152932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 11:8d:28:9a:5c:84:90:10:7a:0d:bd:74:66:2f:6a: 4162932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 38:a0:e2:d5:54:44:eb:1d:07:9f:07:ba:6f:ee:e9: 4172932648271e72bad181b293e1fa5945265c7dbedUrs Grob * fd:4e:0b:29:f5:3e:84:a0:01:f1:9c:ab:f8:1c:7e: 4182932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 89:a4:e8:a1:d8:71:65:0d:a3:51:7b:ee:bc:d2:22: 4192932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 60:0d:b9:5b:9d:df:ba:fc:51:5b:0b:af:98:b2:e9: 4202932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 2e:e9:04:e8:62:87:de:2b:c8:d7:4e:c1:4c:64:1e: 4212932648271e72bad181b293e1fa5945265c7dbedUrs Grob * dd:cf:87:58:ba:4a:4f:ca:68:07:1d:1c:9d:4a:c6: 4222932648271e72bad181b293e1fa5945265c7dbedUrs Grob * d5:2f:91:cc:7c:71:72:1c:c5:c0:67:eb:32:fd:c9: 4232932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 92:5c:94:da:85:c0:9b:bf:53:7d:2b:09:f4:8c:9d: 4242932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 91:1f:97:6a:52:cb:de:09:36:a4:77:d8:7b:87:50: 4252932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 44:d5:3e:6e:29:69:fb:39:49:26:1e:09:a5:80:7b: 4262932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 40:2d:eb:e8:27:85:c9:fe:61:fd:7e:e6:7c:97:1d: 4272932648271e72bad181b293e1fa5945265c7dbedUrs Grob * d5:9d 4282932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Exponent: 65537 (0x10001) 4292932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 extensions: 4302932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Basic Constraints: critical 4312932648271e72bad181b293e1fa5945265c7dbedUrs Grob * CA:TRUE 4322932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Certificate Policies: 4332932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Policy: X509v3 Any Policy 4342932648271e72bad181b293e1fa5945265c7dbedUrs Grob * CPS: https://www.thawte.com/cps 4352932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Key Usage: critical 4362932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Certificate Sign, CRL Sign 4372932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Subject Key Identifier: 4382932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 7B:5B:45:CF:AF:CE:CB:7A:FD:31:92:1A:6A:B6:F3:46:EB:57:48:50 4392932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 CRL Distribution Points: 4402932648271e72bad181b293e1fa5945265c7dbedUrs Grob * URI:http://crl.thawte.com/ThawtePremiumServerCA.crl 4412932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Extended Key Usage: 4422932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1 4432932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Authority Key Identifier: 4442932648271e72bad181b293e1fa5945265c7dbedUrs Grob * DirName:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com 4452932648271e72bad181b293e1fa5945265c7dbedUrs Grob * serial:01 4462932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Signature Algorithm: sha1WithRSAEncryption 4472932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 2b:ca:12:c9:dd:d7:cc:63:1c:9b:31:35:4a:dd:e4:b7:f6:9d: 4482932648271e72bad181b293e1fa5945265c7dbedUrs Grob * d1:a4:fb:1e:f8:47:f9:ae:07:8e:0d:58:12:fb:da:ed:b5:cc: 4492932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 33:e5:97:68:47:61:42:d5:66:a9:6e:1e:47:bf:85:db:7d:58: 4502932648271e72bad181b293e1fa5945265c7dbedUrs Grob * d1:77:5a:cc:90:61:98:9a:29:f5:9d:b1:cf:b8:dc:f3:7b:80: 4512932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 47:48:d1:7d:f4:68:8c:c4:41:cb:b4:e9:fd:f0:23:e0:b1:9b: 4522932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 76:2a:6d:28:56:a3:8c:cd:e9:ec:21:00:71:f0:5f:dd:50:a5: 4532932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 69:42:1b:83:11:5d:84:28:d3:27:ae:ec:2a:ab:2f:60:42:c5: 4542932648271e72bad181b293e1fa5945265c7dbedUrs Grob * c4:78 4552932648271e72bad181b293e1fa5945265c7dbedUrs Grob * </pre> 4562932648271e72bad181b293e1fa5945265c7dbedUrs Grob */ 4572932648271e72bad181b293e1fa5945265c7dbedUrs Grob private static final String signedCert1Chain2 = 4582932648271e72bad181b293e1fa5945265c7dbedUrs Grob "-----BEGIN CERTIFICATE-----\n" 4592932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MIIFUTCCBLqgAwIBAgIQX6a+gLaGxi8B7QyrsZahBTANBgkqhkiG9w0BAQUFADCB\n" 4602932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ\n" 4612932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE\n" 4622932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh\n" 4632932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl\n" 4642932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "cnZlckB0aGF3dGUuY29tMB4XDTA2MTExNzAwMDAwMFoXDTIwMTIzMDIzNTk1OVow\n" 4652932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "gakxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xKDAmBgNVBAsT\n" 4662932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "H0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xODA2BgNVBAsTLyhjKSAy\n" 4672932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MDA2IHRoYXd0ZSwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYD\n" 4682932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "VQQDExZ0aGF3dGUgUHJpbWFyeSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC\n" 4692932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "AQ8AMIIBCgKCAQEArKDw+4BZ1JzHpM+doVlzCRBFDA0sbmjxbFtIaElZN/wLMxnC\n" 4702932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "d3/MEC2VNBzm600JpxzSuMmXNgK3idQkXwbAzESUlI0CYm/rWt0RjSiaXISQEHoN\n" 4712932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "vXRmL2o4oOLVVETrHQefB7pv7un9Tgsp9T6EoAHxnKv4HH6JpOih2HFlDaNRe+68\n" 4722932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "0iJgDblbnd+6/FFbC6+Ysuku6QToYofeK8jXTsFMZB7dz4dYukpPymgHHRydSsbV\n" 4732932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "L5HMfHFyHMXAZ+sy/cmSXJTahcCbv1N9Kwn0jJ2RH5dqUsveCTakd9h7h1BE1T5u\n" 4742932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "KWn7OUkmHgmlgHtALevoJ4XJ/mH9fuZ8lx3VnQIDAQABo4IBzTCCAckwDwYDVR0T\n" 4752932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "AQH/BAUwAwEB/zA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0\n" 4762932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "cHM6Ly93d3cudGhhd3RlLmNvbS9jcHMwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQW\n" 4772932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "BBR7W0XPr87Lev0xkhpqtvNG61dIUDBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8v\n" 4782932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "Y3JsLnRoYXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAgBgNVHSUE\n" 4792932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "GTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwgeUGA1UdIwSB3TCB2qGB1KSB0TCB\n" 4802932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ\n" 4812932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE\n" 4822932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh\n" 4832932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl\n" 4842932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "cnZlckB0aGF3dGUuY29tggEBMA0GCSqGSIb3DQEBBQUAA4GBACvKEsnd18xjHJsx\n" 4852932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "NUrd5Lf2ndGk+x74R/muB44NWBL72u21zDPll2hHYULVZqluHke/hdt9WNF3WsyQ\n" 4862932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "YZiaKfWdsc+43PN7gEdI0X30aIzEQcu06f3wI+Cxm3YqbShWo4zN6ewhAHHwX91Q\n" 4872932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "pWlCG4MRXYQo0yeu7CqrL2BCxcR4\n" 4882932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "-----END CERTIFICATE-----"; 4892932648271e72bad181b293e1fa5945265c7dbedUrs Grob 4902932648271e72bad181b293e1fa5945265c7dbedUrs Grob /** 4912932648271e72bad181b293e1fa5945265c7dbedUrs Grob * A certificate signed by signedCert1Chain2 4922932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 4932932648271e72bad181b293e1fa5945265c7dbedUrs Grob * <pre> 4942932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Certificate: 4952932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Data: 4962932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Version: 3 (0x2) 4972932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Serial Number: 4982932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 7b:11:55:eb:78:9a:90:85:b5:8c:92:ff:42:b7:fe:56 4992932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Signature Algorithm: sha1WithRSAEncryption 5002932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Issuer: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 5012932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Validity 5022932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Not Before: Nov 17 00:00:00 2006 GMT 5032932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Not After : Nov 16 23:59:59 2016 GMT 5042932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Subject: C=US, O=thawte, Inc., OU=Terms of use at https://www.thawte.com/cps (c)06, CN=thawte Extended Validation SSL CA 5052932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Subject Public Key Info: 5062932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Public Key Algorithm: rsaEncryption 5072932648271e72bad181b293e1fa5945265c7dbedUrs Grob * RSA Public Key: (2048 bit) 5082932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Modulus (2048 bit): 5092932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 00:b5:8d:47:f7:b0:48:76:9b:bd:fb:a9:cb:bf:04: 5102932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 31:a2:3d:9a:7e:30:29:d3:28:b8:fe:68:ce:cf:e9: 5112932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 30:6a:53:95:0e:50:65:80:26:c9:98:bf:f2:14:ff: 5122932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 06:7c:6a:7b:dc:50:07:e2:98:fa:df:cf:30:5d:ca: 5132932648271e72bad181b293e1fa5945265c7dbedUrs Grob * a8:b9:8a:9b:2d:2d:7e:59:8b:1a:f7:b3:c9:c3:69: 5142932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 80:0f:89:19:08:77:b2:52:55:ad:78:83:9d:6b:b9: 5152932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 87:e4:53:24:37:2c:fc:19:0e:8b:79:14:4d:be:80: 5162932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 9e:b4:9b:73:74:31:f2:38:ec:8a:af:2a:36:8e:64: 5172932648271e72bad181b293e1fa5945265c7dbedUrs Grob * ce:31:26:14:03:54:53:8e:fb:84:08:c1:7e:47:32: 5182932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 3d:71:e0:ba:ba:8c:82:58:96:4d:68:43:56:1a:f3: 5192932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 46:5a:32:99:95:b0:60:6f:e9:41:8a:48:cc:16:0d: 5202932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 44:68:b1:8a:dd:dd:17:3d:a4:9b:78:7f:2e:29:06: 5212932648271e72bad181b293e1fa5945265c7dbedUrs Grob * f0:dc:d5:d2:13:3f:c0:36:05:fd:c7:b5:b9:80:1b: 5222932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 8a:46:74:2f:f1:ab:79:9e:97:6e:f8:a5:13:5a:f3: 5232932648271e72bad181b293e1fa5945265c7dbedUrs Grob * fc:b5:d7:c8:96:19:37:ee:06:bc:c6:27:14:81:05: 5242932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 14:33:38:16:9f:4b:e2:0f:db:38:bb:f3:01:ef:35: 5252932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 2e:de:af:f1:e4:6f:6f:f7:96:00:56:5e:8f:60:94: 5262932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 1d:2f 5272932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Exponent: 65537 (0x10001) 5282932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 extensions: 5292932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Authority Information Access: 5302932648271e72bad181b293e1fa5945265c7dbedUrs Grob * OCSP - URI:http://EVSecure-ocsp.thawte.com 5312932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Basic Constraints: critical 5322932648271e72bad181b293e1fa5945265c7dbedUrs Grob * CA:TRUE, pathlen:0 5332932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Certificate Policies: 5342932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Policy: X509v3 Any Policy 5352932648271e72bad181b293e1fa5945265c7dbedUrs Grob * CPS: https://www.thawte.com/cps 5362932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 CRL Distribution Points: 5372932648271e72bad181b293e1fa5945265c7dbedUrs Grob * URI:http://crl.thawte.com/ThawtePCA.crl 5382932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Key Usage: critical 5392932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Certificate Sign, CRL Sign 5402932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Subject Alternative Name: 5412932648271e72bad181b293e1fa5945265c7dbedUrs Grob * DirName:/CN=PrivateLabel3-2048-234 5422932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Subject Key Identifier: 5432932648271e72bad181b293e1fa5945265c7dbedUrs Grob * CD:32:E2:F2:5D:25:47:02:AA:8F:79:4B:32:EE:03:99:FD:30:49:D1 5442932648271e72bad181b293e1fa5945265c7dbedUrs Grob * X509v3 Authority Key Identifier: 5452932648271e72bad181b293e1fa5945265c7dbedUrs Grob * keyid:7B:5B:45:CF:AF:CE:CB:7A:FD:31:92:1A:6A:B6:F3:46:EB:57:48:50 5462932648271e72bad181b293e1fa5945265c7dbedUrs Grob * Signature Algorithm: sha1WithRSAEncryption 5472932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 0b:b4:96:ce:03:0c:d1:9d:af:cb:e3:39:56:0d:c6:22:a0:c9: 5482932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 71:7d:ea:65:95:31:f1:dc:b6:1e:f2:8d:31:5d:61:b3:54:84: 5492932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 13:cc:2b:3f:02:5c:c7:1f:15:01:82:90:1e:31:25:06:e3:32: 5502932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 0c:87:f0:c3:be:9a:c4:00:41:f6:c6:91:e5:6c:3e:92:5d:a3: 5512932648271e72bad181b293e1fa5945265c7dbedUrs Grob * e4:3d:1f:32:2d:31:1e:50:c1:02:21:b4:23:e3:07:75:9a:52: 5522932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 45:51:fa:d3:1d:fd:01:6f:60:6d:25:d9:bf:43:b1:a7:43:6c: 5532932648271e72bad181b293e1fa5945265c7dbedUrs Grob * ad:8c:bb:bc:f7:99:41:eb:d6:95:cf:20:5c:7e:6f:c4:2a:da: 5542932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 4b:4d:1b:5b:c2:9f:b0:94:d4:bf:47:97:fd:9d:49:79:60:8e: 5552932648271e72bad181b293e1fa5945265c7dbedUrs Grob * ae:96:19:a1:b0:eb:e8:df:42:c7:22:74:61:0c:25:a3:7f:8f: 5562932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 45:d2:7e:e7:4a:6e:1d:4f:48:bb:c2:da:1a:7e:4a:59:81:fa: 5572932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 1c:e3:fb:14:73:41:03:a1:77:fa:9b:06:fc:7c:33:bd:46:3d: 5582932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 0c:06:17:85:7b:2a:7b:e3:36:e8:83:df:fa:aa:cb:32:0c:79: 5592932648271e72bad181b293e1fa5945265c7dbedUrs Grob * aa:86:74:6c:44:54:f6:d8:07:9e:cd:98:f4:23:05:09:2f:a2: 5602932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 53:b5:db:0a:81:cc:5f:23:cb:79:11:c5:11:5b:85:6b:27:01: 5612932648271e72bad181b293e1fa5945265c7dbedUrs Grob * 89:f3:0e:bb 5622932648271e72bad181b293e1fa5945265c7dbedUrs Grob * </pre> 5632932648271e72bad181b293e1fa5945265c7dbedUrs Grob */ 5642932648271e72bad181b293e1fa5945265c7dbedUrs Grob private static final String signedCert2Chain2 = 5652932648271e72bad181b293e1fa5945265c7dbedUrs Grob "-----BEGIN CERTIFICATE-----\n" 5662932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MIIFCjCCA/KgAwIBAgIQexFV63iakIW1jJL/Qrf+VjANBgkqhkiG9w0BAQUFADCB\n" 5672932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf\n" 5682932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw\n" 5692932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV\n" 5702932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMTYx\n" 5712932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MTE2MjM1OTU5WjCBizELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j\n" 5722932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "LjE5MDcGA1UECxMwVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnRoYXd0ZS5j\n" 5732932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "b20vY3BzIChjKTA2MSowKAYDVQQDEyF0aGF3dGUgRXh0ZW5kZWQgVmFsaWRhdGlv\n" 5742932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "biBTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1jUf3sEh2\n" 5752932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "m737qcu/BDGiPZp+MCnTKLj+aM7P6TBqU5UOUGWAJsmYv/IU/wZ8anvcUAfimPrf\n" 5762932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "zzBdyqi5ipstLX5Zixr3s8nDaYAPiRkId7JSVa14g51ruYfkUyQ3LPwZDot5FE2+\n" 5772932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "gJ60m3N0MfI47IqvKjaOZM4xJhQDVFOO+4QIwX5HMj1x4Lq6jIJYlk1oQ1Ya80Za\n" 5782932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MpmVsGBv6UGKSMwWDURosYrd3Rc9pJt4fy4pBvDc1dITP8A2Bf3HtbmAG4pGdC/x\n" 5792932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "q3mel274pRNa8/y118iWGTfuBrzGJxSBBRQzOBafS+IP2zi78wHvNS7er/Hkb2/3\n" 5802932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "lgBWXo9glB0vAgMBAAGjggFIMIIBRDA7BggrBgEFBQcBAQQvMC0wKwYIKwYBBQUH\n" 5812932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "MAGGH2h0dHA6Ly9FVlNlY3VyZS1vY3NwLnRoYXd0ZS5jb20wEgYDVR0TAQH/BAgw\n" 5822932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "BgEB/wIBADA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0cHM6\n" 5832932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "Ly93d3cudGhhd3RlLmNvbS9jcHMwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2Ny\n" 5842932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "bC50aGF3dGUuY29tL1RoYXd0ZVBDQS5jcmwwDgYDVR0PAQH/BAQDAgEGMC4GA1Ud\n" 5852932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "EQQnMCWkIzAhMR8wHQYDVQQDExZQcml2YXRlTGFiZWwzLTIwNDgtMjM0MB0GA1Ud\n" 5862932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "DgQWBBTNMuLyXSVHAqqPeUsy7gOZ/TBJ0TAfBgNVHSMEGDAWgBR7W0XPr87Lev0x\n" 5872932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "khpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAC7SWzgMM0Z2vy+M5Vg3GIqDJ\n" 5882932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "cX3qZZUx8dy2HvKNMV1hs1SEE8wrPwJcxx8VAYKQHjElBuMyDIfww76axABB9saR\n" 5892932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "5Ww+kl2j5D0fMi0xHlDBAiG0I+MHdZpSRVH60x39AW9gbSXZv0Oxp0NsrYy7vPeZ\n" 5902932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "QevWlc8gXH5vxCraS00bW8KfsJTUv0eX/Z1JeWCOrpYZobDr6N9CxyJ0YQwlo3+P\n" 5912932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "RdJ+50puHU9Iu8LaGn5KWYH6HOP7FHNBA6F3+psG/HwzvUY9DAYXhXsqe+M26IPf\n" 5922932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "+qrLMgx5qoZ0bERU9tgHns2Y9CMFCS+iU7XbCoHMXyPLeRHFEVuFaycBifMOuw==\n" 5932932648271e72bad181b293e1fa5945265c7dbedUrs Grob + "-----END CERTIFICATE-----"; 5942932648271e72bad181b293e1fa5945265c7dbedUrs Grob 5952932648271e72bad181b293e1fa5945265c7dbedUrs Grob @TestTargetNew( 5962932648271e72bad181b293e1fa5945265c7dbedUrs Grob clazz=Certificate.class, 5972932648271e72bad181b293e1fa5945265c7dbedUrs Grob level=TestLevel.ADDITIONAL, 5982932648271e72bad181b293e1fa5945265c7dbedUrs Grob method="verify", 5992932648271e72bad181b293e1fa5945265c7dbedUrs Grob args={PublicKey.class} 6002932648271e72bad181b293e1fa5945265c7dbedUrs Grob ) 6012932648271e72bad181b293e1fa5945265c7dbedUrs Grob public void testVerifyMD5() throws Exception { 6022932648271e72bad181b293e1fa5945265c7dbedUrs Grob Provider[] providers = Security.getProviders("CertificateFactory.X509"); 6032932648271e72bad181b293e1fa5945265c7dbedUrs Grob for (Provider provider : providers) { 6042932648271e72bad181b293e1fa5945265c7dbedUrs Grob CertificateFactory certificateFactory = CertificateFactory 6052932648271e72bad181b293e1fa5945265c7dbedUrs Grob .getInstance("X509", provider); 6062932648271e72bad181b293e1fa5945265c7dbedUrs Grob 6072932648271e72bad181b293e1fa5945265c7dbedUrs Grob Certificate certificate = certificateFactory 6082932648271e72bad181b293e1fa5945265c7dbedUrs Grob .generateCertificate(new ByteArrayInputStream(selfSignedCertMD5 6092932648271e72bad181b293e1fa5945265c7dbedUrs Grob .getBytes())); 6102932648271e72bad181b293e1fa5945265c7dbedUrs Grob 6112932648271e72bad181b293e1fa5945265c7dbedUrs Grob certificate.verify(certificate.getPublicKey()); 6122932648271e72bad181b293e1fa5945265c7dbedUrs Grob } 6132932648271e72bad181b293e1fa5945265c7dbedUrs Grob } 6142932648271e72bad181b293e1fa5945265c7dbedUrs Grob 6152932648271e72bad181b293e1fa5945265c7dbedUrs Grob @TestTargetNew( 6162932648271e72bad181b293e1fa5945265c7dbedUrs Grob clazz=Certificate.class, 6172932648271e72bad181b293e1fa5945265c7dbedUrs Grob level=TestLevel.ADDITIONAL, 6182932648271e72bad181b293e1fa5945265c7dbedUrs Grob method="verify", 6192932648271e72bad181b293e1fa5945265c7dbedUrs Grob args={PublicKey.class} 6202932648271e72bad181b293e1fa5945265c7dbedUrs Grob ) 6212932648271e72bad181b293e1fa5945265c7dbedUrs Grob @AndroidOnly("MD2 is not supported by Android") 6222932648271e72bad181b293e1fa5945265c7dbedUrs Grob public void testVerifyMD2() throws Exception { 6232932648271e72bad181b293e1fa5945265c7dbedUrs Grob Provider[] providers = Security.getProviders("CertificateFactory.X509"); 6242932648271e72bad181b293e1fa5945265c7dbedUrs Grob for (Provider provider : providers) { 6252932648271e72bad181b293e1fa5945265c7dbedUrs Grob CertificateFactory certificateFactory = CertificateFactory 6262932648271e72bad181b293e1fa5945265c7dbedUrs Grob .getInstance("X509", provider); 6272932648271e72bad181b293e1fa5945265c7dbedUrs Grob 6282932648271e72bad181b293e1fa5945265c7dbedUrs Grob Certificate certificate = certificateFactory 6292932648271e72bad181b293e1fa5945265c7dbedUrs Grob .generateCertificate(new ByteArrayInputStream(selfSignedCertMD2 6302932648271e72bad181b293e1fa5945265c7dbedUrs Grob .getBytes())); 6312932648271e72bad181b293e1fa5945265c7dbedUrs Grob try { 6322932648271e72bad181b293e1fa5945265c7dbedUrs Grob certificate.verify(certificate.getPublicKey()); 6332932648271e72bad181b293e1fa5945265c7dbedUrs Grob fail("MD2 should not be allowed"); 6342932648271e72bad181b293e1fa5945265c7dbedUrs Grob } catch (NoSuchAlgorithmException e) { 6352932648271e72bad181b293e1fa5945265c7dbedUrs Grob // expected 6362932648271e72bad181b293e1fa5945265c7dbedUrs Grob } 6372932648271e72bad181b293e1fa5945265c7dbedUrs Grob } 6382932648271e72bad181b293e1fa5945265c7dbedUrs Grob } 6392932648271e72bad181b293e1fa5945265c7dbedUrs Grob 6402932648271e72bad181b293e1fa5945265c7dbedUrs Grob @TestTargetNew( 6412932648271e72bad181b293e1fa5945265c7dbedUrs Grob clazz=CertPathValidator.class, 6422932648271e72bad181b293e1fa5945265c7dbedUrs Grob level=TestLevel.ADDITIONAL, 6432932648271e72bad181b293e1fa5945265c7dbedUrs Grob method="verify", 6442932648271e72bad181b293e1fa5945265c7dbedUrs Grob args={PublicKey.class} 6452932648271e72bad181b293e1fa5945265c7dbedUrs Grob ) 6462932648271e72bad181b293e1fa5945265c7dbedUrs Grob public void testVerifyMD2_chain() throws Exception { 6472932648271e72bad181b293e1fa5945265c7dbedUrs Grob CertificateFactory certificateFactory = CertificateFactory 6482932648271e72bad181b293e1fa5945265c7dbedUrs Grob .getInstance("X509"); 6492932648271e72bad181b293e1fa5945265c7dbedUrs Grob 6502932648271e72bad181b293e1fa5945265c7dbedUrs Grob CertPath path; 6512932648271e72bad181b293e1fa5945265c7dbedUrs Grob CertPathValidator certPathValidator; 6522932648271e72bad181b293e1fa5945265c7dbedUrs Grob PKIXParameters params; 6532932648271e72bad181b293e1fa5945265c7dbedUrs Grob CertPathValidatorResult res; 6542932648271e72bad181b293e1fa5945265c7dbedUrs Grob 6552932648271e72bad181b293e1fa5945265c7dbedUrs Grob // First check with the trust anchor not included in the chain 6562932648271e72bad181b293e1fa5945265c7dbedUrs Grob path = certificateFactory.generateCertPath(getCertList(true, false)); 6572932648271e72bad181b293e1fa5945265c7dbedUrs Grob 6582932648271e72bad181b293e1fa5945265c7dbedUrs Grob certPathValidator = CertPathValidator.getInstance("PKIX"); 6592932648271e72bad181b293e1fa5945265c7dbedUrs Grob params = createPKIXParams(); 6602932648271e72bad181b293e1fa5945265c7dbedUrs Grob 6612932648271e72bad181b293e1fa5945265c7dbedUrs Grob res = certPathValidator.validate(path, params); 6622932648271e72bad181b293e1fa5945265c7dbedUrs Grob assertTrue("wrong result type", 6632932648271e72bad181b293e1fa5945265c7dbedUrs Grob res instanceof PKIXCertPathValidatorResult); 6642932648271e72bad181b293e1fa5945265c7dbedUrs Grob 6652932648271e72bad181b293e1fa5945265c7dbedUrs Grob PKIXCertPathValidatorResult r = (PKIXCertPathValidatorResult) res; 6662932648271e72bad181b293e1fa5945265c7dbedUrs Grob assertTrue("Wrong trust anchor returned", params.getTrustAnchors() 6672932648271e72bad181b293e1fa5945265c7dbedUrs Grob .contains(r.getTrustAnchor())); 6682932648271e72bad181b293e1fa5945265c7dbedUrs Grob 6692932648271e72bad181b293e1fa5945265c7dbedUrs Grob // Now check with the trust anchor included in the chain 6702932648271e72bad181b293e1fa5945265c7dbedUrs Grob path = certificateFactory.generateCertPath(getCertList(true, true)); 6712932648271e72bad181b293e1fa5945265c7dbedUrs Grob 6722932648271e72bad181b293e1fa5945265c7dbedUrs Grob certPathValidator = CertPathValidator.getInstance("PKIX"); 6732932648271e72bad181b293e1fa5945265c7dbedUrs Grob params = createPKIXParams(); 6742932648271e72bad181b293e1fa5945265c7dbedUrs Grob 6752932648271e72bad181b293e1fa5945265c7dbedUrs Grob res = certPathValidator.validate(path, params); 6762932648271e72bad181b293e1fa5945265c7dbedUrs Grob assertTrue("wrong result type", 6772932648271e72bad181b293e1fa5945265c7dbedUrs Grob res instanceof PKIXCertPathValidatorResult); 6782932648271e72bad181b293e1fa5945265c7dbedUrs Grob 6792932648271e72bad181b293e1fa5945265c7dbedUrs Grob r = (PKIXCertPathValidatorResult) res; 6802932648271e72bad181b293e1fa5945265c7dbedUrs Grob assertTrue("Wrong trust anchor returned", params.getTrustAnchors() 6812932648271e72bad181b293e1fa5945265c7dbedUrs Grob .contains(r.getTrustAnchor())); 6822932648271e72bad181b293e1fa5945265c7dbedUrs Grob } 6832932648271e72bad181b293e1fa5945265c7dbedUrs Grob 6842932648271e72bad181b293e1fa5945265c7dbedUrs Grob @TestTargetNew( 6852932648271e72bad181b293e1fa5945265c7dbedUrs Grob clazz=CertPathValidator.class, 6862932648271e72bad181b293e1fa5945265c7dbedUrs Grob level=TestLevel.ADDITIONAL, 6872932648271e72bad181b293e1fa5945265c7dbedUrs Grob method="verify", 6882932648271e72bad181b293e1fa5945265c7dbedUrs Grob args={PublicKey.class} 6892932648271e72bad181b293e1fa5945265c7dbedUrs Grob ) 6902932648271e72bad181b293e1fa5945265c7dbedUrs Grob public void testVerifyMD5_chain() throws Exception { 6912932648271e72bad181b293e1fa5945265c7dbedUrs Grob CertificateFactory certificateFactory = CertificateFactory 6922932648271e72bad181b293e1fa5945265c7dbedUrs Grob .getInstance("X509"); 6932932648271e72bad181b293e1fa5945265c7dbedUrs Grob 6942932648271e72bad181b293e1fa5945265c7dbedUrs Grob CertPath path; 6952932648271e72bad181b293e1fa5945265c7dbedUrs Grob CertPathValidator certPathValidator; 6962932648271e72bad181b293e1fa5945265c7dbedUrs Grob PKIXParameters params; 6972932648271e72bad181b293e1fa5945265c7dbedUrs Grob CertPathValidatorResult res; 6982932648271e72bad181b293e1fa5945265c7dbedUrs Grob 6992932648271e72bad181b293e1fa5945265c7dbedUrs Grob // First check with the trust anchor not included in the chain 7002932648271e72bad181b293e1fa5945265c7dbedUrs Grob path = certificateFactory.generateCertPath(getCertList(false, false)); 7012932648271e72bad181b293e1fa5945265c7dbedUrs Grob 7022932648271e72bad181b293e1fa5945265c7dbedUrs Grob certPathValidator = CertPathValidator.getInstance("PKIX"); 7032932648271e72bad181b293e1fa5945265c7dbedUrs Grob params = createPKIXParams(); 7042932648271e72bad181b293e1fa5945265c7dbedUrs Grob 7052932648271e72bad181b293e1fa5945265c7dbedUrs Grob res = certPathValidator.validate(path, params); 7062932648271e72bad181b293e1fa5945265c7dbedUrs Grob assertTrue("wrong result type", 7072932648271e72bad181b293e1fa5945265c7dbedUrs Grob res instanceof PKIXCertPathValidatorResult); 7082932648271e72bad181b293e1fa5945265c7dbedUrs Grob 7092932648271e72bad181b293e1fa5945265c7dbedUrs Grob PKIXCertPathValidatorResult r = (PKIXCertPathValidatorResult) res; 7102932648271e72bad181b293e1fa5945265c7dbedUrs Grob assertTrue("Wrong trust anchor returned", params.getTrustAnchors() 7112932648271e72bad181b293e1fa5945265c7dbedUrs Grob .contains(r.getTrustAnchor())); 7122932648271e72bad181b293e1fa5945265c7dbedUrs Grob 7132932648271e72bad181b293e1fa5945265c7dbedUrs Grob // Now check with the trust anchor included in the chain 7142932648271e72bad181b293e1fa5945265c7dbedUrs Grob path = certificateFactory.generateCertPath(getCertList(false, true)); 7152932648271e72bad181b293e1fa5945265c7dbedUrs Grob 7162932648271e72bad181b293e1fa5945265c7dbedUrs Grob certPathValidator = CertPathValidator.getInstance("PKIX"); 7172932648271e72bad181b293e1fa5945265c7dbedUrs Grob params = createPKIXParams(); 7182932648271e72bad181b293e1fa5945265c7dbedUrs Grob 7192932648271e72bad181b293e1fa5945265c7dbedUrs Grob res = certPathValidator.validate(path, params); 7202932648271e72bad181b293e1fa5945265c7dbedUrs Grob assertTrue("wrong result type", 7212932648271e72bad181b293e1fa5945265c7dbedUrs Grob res instanceof PKIXCertPathValidatorResult); 7222932648271e72bad181b293e1fa5945265c7dbedUrs Grob 7232932648271e72bad181b293e1fa5945265c7dbedUrs Grob r = (PKIXCertPathValidatorResult) res; 7242932648271e72bad181b293e1fa5945265c7dbedUrs Grob assertTrue("Wrong trust anchor returned", params.getTrustAnchors() 7252932648271e72bad181b293e1fa5945265c7dbedUrs Grob .contains(r.getTrustAnchor())); 7262932648271e72bad181b293e1fa5945265c7dbedUrs Grob } 7272932648271e72bad181b293e1fa5945265c7dbedUrs Grob 7282932648271e72bad181b293e1fa5945265c7dbedUrs Grob private X509Certificate[] certs= new X509Certificate[3]; 7292932648271e72bad181b293e1fa5945265c7dbedUrs Grob 7302932648271e72bad181b293e1fa5945265c7dbedUrs Grob private List<Certificate> getCertList(boolean useMD2root, 7312932648271e72bad181b293e1fa5945265c7dbedUrs Grob boolean includeRootInChain) throws Exception { 7322932648271e72bad181b293e1fa5945265c7dbedUrs Grob 7332932648271e72bad181b293e1fa5945265c7dbedUrs Grob CertificateFactory certificateFactory = CertificateFactory 7342932648271e72bad181b293e1fa5945265c7dbedUrs Grob .getInstance("X509"); 7352932648271e72bad181b293e1fa5945265c7dbedUrs Grob 7362932648271e72bad181b293e1fa5945265c7dbedUrs Grob if (useMD2root) { 7372932648271e72bad181b293e1fa5945265c7dbedUrs Grob certs[0] = (X509Certificate) certificateFactory 7382932648271e72bad181b293e1fa5945265c7dbedUrs Grob .generateCertificate(new ByteArrayInputStream( 7392932648271e72bad181b293e1fa5945265c7dbedUrs Grob selfSignedCertMD2.getBytes())); 7402932648271e72bad181b293e1fa5945265c7dbedUrs Grob certs[1] = (X509Certificate) certificateFactory 7412932648271e72bad181b293e1fa5945265c7dbedUrs Grob .generateCertificate(new ByteArrayInputStream( 7422932648271e72bad181b293e1fa5945265c7dbedUrs Grob signedCert1Chain1.getBytes())); 7432932648271e72bad181b293e1fa5945265c7dbedUrs Grob certs[2] = (X509Certificate) certificateFactory 7442932648271e72bad181b293e1fa5945265c7dbedUrs Grob .generateCertificate(new ByteArrayInputStream( 7452932648271e72bad181b293e1fa5945265c7dbedUrs Grob signedCert2Chain1.getBytes())); 7462932648271e72bad181b293e1fa5945265c7dbedUrs Grob } else { 7472932648271e72bad181b293e1fa5945265c7dbedUrs Grob certs[0] = (X509Certificate) certificateFactory 7482932648271e72bad181b293e1fa5945265c7dbedUrs Grob .generateCertificate(new ByteArrayInputStream( 7492932648271e72bad181b293e1fa5945265c7dbedUrs Grob selfSignedCertMD5.getBytes())); 7502932648271e72bad181b293e1fa5945265c7dbedUrs Grob certs[1] = (X509Certificate) certificateFactory 7512932648271e72bad181b293e1fa5945265c7dbedUrs Grob .generateCertificate(new ByteArrayInputStream( 7522932648271e72bad181b293e1fa5945265c7dbedUrs Grob signedCert1Chain2.getBytes())); 7532932648271e72bad181b293e1fa5945265c7dbedUrs Grob certs[2] = (X509Certificate) certificateFactory 7542932648271e72bad181b293e1fa5945265c7dbedUrs Grob .generateCertificate(new ByteArrayInputStream( 7552932648271e72bad181b293e1fa5945265c7dbedUrs Grob signedCert2Chain2.getBytes())); 7562932648271e72bad181b293e1fa5945265c7dbedUrs Grob } 7572932648271e72bad181b293e1fa5945265c7dbedUrs Grob 7582932648271e72bad181b293e1fa5945265c7dbedUrs Grob ArrayList<Certificate> result = new ArrayList<Certificate>(); 7592932648271e72bad181b293e1fa5945265c7dbedUrs Grob result.add(certs[2]); 7602932648271e72bad181b293e1fa5945265c7dbedUrs Grob result.add(certs[1]); 7612932648271e72bad181b293e1fa5945265c7dbedUrs Grob if (includeRootInChain) { 7622932648271e72bad181b293e1fa5945265c7dbedUrs Grob result.add(certs[0]); 7632932648271e72bad181b293e1fa5945265c7dbedUrs Grob } 7642932648271e72bad181b293e1fa5945265c7dbedUrs Grob return result; 7652932648271e72bad181b293e1fa5945265c7dbedUrs Grob } 7662932648271e72bad181b293e1fa5945265c7dbedUrs Grob 7672932648271e72bad181b293e1fa5945265c7dbedUrs Grob private PKIXParameters createPKIXParams() throws Exception { 7682932648271e72bad181b293e1fa5945265c7dbedUrs Grob KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); 7692932648271e72bad181b293e1fa5945265c7dbedUrs Grob keyStore.load(null, null); 7702932648271e72bad181b293e1fa5945265c7dbedUrs Grob keyStore.setCertificateEntry("selfSignedCert", certs[0]); 7712932648271e72bad181b293e1fa5945265c7dbedUrs Grob 7722932648271e72bad181b293e1fa5945265c7dbedUrs Grob PKIXParameters params; 7732932648271e72bad181b293e1fa5945265c7dbedUrs Grob params = new PKIXParameters(keyStore); 7742932648271e72bad181b293e1fa5945265c7dbedUrs Grob params.setRevocationEnabled(false); 7752932648271e72bad181b293e1fa5945265c7dbedUrs Grob return params; 7762932648271e72bad181b293e1fa5945265c7dbedUrs Grob } 7772932648271e72bad181b293e1fa5945265c7dbedUrs Grob} 778