r509-ocsp-responder 0.3.1

data/spec/fixtures.rb

@@ -0,0 +1,196 @@
+require 'spec_helper'
+require 'pathname'
+require 'r509/io_helpers'
+
+module TestFixtures
+    extend R509::IOHelpers
+
+    FIXTURES_PATH = Pathname.new(__FILE__).dirname + "fixtures"
+
+    def self.read_fixture(filename)
+        read_data((FIXTURES_PATH + filename).to_s)
+    end
+
+    #Trustwave cert for langui.sh
+    CERT = read_fixture('cert1.pem')
+
+    #Trustwave root cert
+    STCA_CERT = read_fixture('stca.pem')
+
+
+    TEST_CA_CERT = read_fixture('test_ca.cer')
+    TEST_CA_KEY  = read_fixture('test_ca.key')
+
+    TEST_CA_OCSP_CERT = read_fixture('test_ca_ocsp.cer')
+    TEST_CA_OCSP_KEY  = read_fixture('test_ca_ocsp.key')
+
+    TEST_CA_SUBROOT_CERT = read_fixture('test_ca_subroot.cer')
+    TEST_CA_SUBROOT_KEY  = read_fixture('test_ca_subroot.key')
+
+    TEST_CA_SUBROOT_OCSP_CERT = read_fixture('test_ca_subroot_ocsp.cer')
+    TEST_CA_SUBROOT_OCSP_KEY  = read_fixture('test_ca_subroot_ocsp.key')
+
+    SECOND_CA_CERT = read_fixture('second_ca.cer')
+    SECOND_CA_KEY  = read_fixture('second_ca.key')
+
+    OCSP_TEST_CERT = read_fixture('ocsptest.r509.local.pem')
+
+    STCA_OCSP_REQUEST  = read_fixture('stca_ocsp_request.der')
+    STCA_OCSP_RESPONSE  = read_fixture('stca_ocsp_response.der')
+
+    def self.test_ca_cert
+        R509::Cert.new(:cert => TEST_CA_CERT, :key => TEST_CA_KEY)
+    end
+
+    def self.test_ca_subroot_cert
+        R509::Cert.new(:cert => TEST_CA_SUBROOT_CERT, :key => TEST_CA_SUBROOT_KEY)
+    end
+
+    def self.test_ca_server_profile
+        R509::Config::CaProfile.new(
+              :basic_constraints => "CA:FALSE",
+              :key_usage => ["digitalSignature","keyEncipherment"],
+              :extended_key_usage => ["serverAuth"],
+              :certificate_policies => [
+                    [
+                        "policyIdentifier=2.16.840.1.12345.1.2.3.4.1",
+                        "CPS.1=http://example.com/cps"
+                    ]
+                ]
+        )
+
+    end
+
+    def self.test_ca_server_profile_with_subject_item_policy
+        subject_item_policy = R509::Config::SubjectItemPolicy.new(
+            "CN" => "required",
+            "O" => "optional",
+            "ST" => "required",
+            "C" => "required",
+            "OU" => "optional"
+        )
+        R509::Config::CaProfile.new(
+            :basic_constraints => "CA:FALSE",
+            :key_usage => ["digitalSignature","keyEncipherment"],
+            :extended_key_usage => ["serverAuth"],
+            :certificate_policies => [
+                [
+                    "policyIdentifier=2.16.840.1.12345.1.2.3.4.1",
+                    "CPS.1=http://example.com/cps"
+                ]
+            ],
+            :subject_item_policy => subject_item_policy
+        )
+    end
+
+    def self.test_ca_subroot_profile
+        R509::Config::CaProfile.new(
+                  :basic_constraints => "CA:TRUE,pathlen:0",
+                  :key_usage => ["keyCertSign","cRLSign"],
+                  :extended_key_usage => [],
+                  :certificate_policies => nil)
+    end
+
+    def self.test_ca_ocspsigner_profile
+        R509::Config::CaProfile.new(
+                  :basic_constraints => "CA:FALSE",
+                  :key_usage => ["digitalSignature"],
+                  :extended_key_usage => ["OCSPSigning"],
+                  :certificate_policies => nil)
+    end
+
+    def self.second_ca_cert
+        R509::Cert.new(:cert => SECOND_CA_CERT, :key => SECOND_CA_KEY)
+    end
+
+    def self.second_ca_server_profile
+        R509::Config::CaProfile.new(
+              :basic_constraints => "CA:FALSE",
+              :key_usage => ["digitalSignature","keyEncipherment"],
+              :extended_key_usage => ["serverAuth"],
+              :certificate_policies => [
+                    [
+                        "policyIdentifier=2.16.840.1.12345.1.2.3.4.1",
+                        "CPS.1=http://example.com/cps"
+                    ]
+                ]
+        )
+
+    end
+
+    def self.second_ca_subroot_profile
+        R509::Config::CaProfile.new(
+                  :basic_constraints => "CA:TRUE,pathlen:0",
+                  :key_usage => ["keyCertSign","cRLSign"],
+                  :extended_key_usage => [],
+                  :certificate_policies => nil)
+    end
+
+
+    # @return [R509::Config::CaConfig]
+    def self.test_ca_config
+        crl_list_sio = StringIO.new
+        crl_list_sio.set_encoding("BINARY") if crl_list_sio.respond_to?(:set_encoding)
+        crl_number_sio = StringIO.new
+        crl_number_sio.set_encoding("BINARY") if crl_number_sio.respond_to?(:set_encoding)
+
+        opts = {
+          :ca_cert => test_ca_cert(),
+          :cdp_location => 'URI:http://crl.domain.com/test_ca.crl',
+          :ocsp_location => 'URI:http://ocsp.domain.com',
+          :ocsp_start_skew_seconds => 3600,
+          :ocsp_validity_hours => 48,
+          :crl_list_file => crl_list_sio,
+          :crl_number_file => crl_number_sio
+        }
+        ret = R509::Config::CaConfig.new(opts)
+
+        ret.set_profile("server", self.test_ca_server_profile)
+        ret.set_profile("subroot", self.test_ca_subroot_profile)
+        ret.set_profile("ocspsigner", self.test_ca_ocspsigner_profile)
+        ret.set_profile("server_with_subject_item_policy", self.test_ca_server_profile_with_subject_item_policy)
+
+        ret
+    end
+
+    # @return [R509::Config::CaConfig]
+    def self.test_ca_subroot_config
+        crl_list_sio = StringIO.new
+        crl_list_sio.set_encoding("BINARY") if crl_list_sio.respond_to?(:set_encoding)
+        crl_number_sio = StringIO.new
+        crl_number_sio.set_encoding("BINARY") if crl_number_sio.respond_to?(:set_encoding)
+
+        opts = {
+          :ca_cert => test_ca_subroot_cert(),
+          :cdp_location => 'URI:http://crl.domain.com/test_ca.crl',
+          :ocsp_location => 'URI:http://ocsp.domain.com',
+          :ocsp_start_skew_seconds => 3600,
+          :ocsp_validity_hours => 48,
+          :crl_list_file => crl_list_sio,
+          :crl_number_file => crl_number_sio
+        }
+        ret = R509::Config::CaConfig.new(opts)
+
+        ret.set_profile("server", self.test_ca_server_profile)
+        ret.set_profile("subroot", self.test_ca_subroot_profile)
+        ret.set_profile("ocspsigner", self.test_ca_ocspsigner_profile)
+        ret.set_profile("server_with_subject_item_policy", self.test_ca_server_profile_with_subject_item_policy)
+
+        ret
+    end
+
+    # @return [R509::Config::CaConfig] secondary config
+    def self.second_ca_config
+        opts = {
+          :ca_cert => second_ca_cert(),
+          :cdp_location => 'URI:http://crl.domain.com/test_ca.crl',
+          :ocsp_location => 'URI:http://ocsp.domain.com'
+        }
+        ret = R509::Config::CaConfig.new(opts)
+
+        ret.set_profile("server", self.second_ca_server_profile)
+        ret.set_profile("subroot", self.second_ca_subroot_profile)
+
+        ret
+    end
+end

data/spec/fixtures/cert1.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEEDCCAvigAwIBAgIFMUeG8mMwDQYJKoZIhvcNAQEFBQAwSDELMAkGA1UEBhMC
+VVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5T
+ZWN1cmVUcnVzdCBDQTAeFw0xMDA4MjQxNDEwMDJaFw0xMzA4MjMxNDEwMDJaMFwx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEQMA4GA1UEBxMHQ2hpY2Fn
+bzEUMBIGA1UEChMLUGF1bCBLZWhyZXIxEjAQBgNVBAMTCWxhbmd1aS5zaDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMdaJzUD0I8PRwbK6c3y7Wl+PtP
+IHN5eawaNFWZAVWd/wRZt9MNl4BzVtGYPldPzaC4sdcEDC7YyB+31nVDWVETa3Jw
+LnFZ1lcCrfydeQh2IfXkoH7boRMmqqSYxlHNSijTb7HYYIMb5sekM742v3nQ4Muh
+lDWrgmOrxQiNEp2w0rj0qeM9jeJP4S1TPN6CJZohR4KdFSZYLGTSGZNNtbzbUXHl
+30Ou6Tg+K9HpAWJ9KB+sYmL4wsxnW9ZC4AHppOY2dx3BVy91RuEE4nCI1ZfGh3Vn
+R80hy0IBYjoupnm6efwVCdHlHnwM81tlLAD7BG+syVYyKJ5H+y10XtbXOssCAwEA
+AaOB7DCB6TAJBgNVHRMEAjAAMB0GA1UdDgQWBBQAjd1USmQruNPPCOSePFXkZP4E
+4DAfBgNVHSMEGDAWgBRCMrYW+gT9/l1LesP990xAHVpDrzALBgNVHQ8EBAMCBaAw
+EwYDVR0lBAwwCgYIKwYBBQUHAwEwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2Ny
+bC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwRAYDVR0gBD0wOzA5BgxghkgBhv1k
+AQECAwEwKTAnBggrBgEFBQcCARYbaHR0cDovL3NzbC50cnVzdHdhdmUuY29tL0NB
+MA0GCSqGSIb3DQEBBQUAA4IBAQCp6++bP8QfrJ9W1usAmDcIZu+PVp/wux0OSXf5
+2I4m44NAwT20yevWxnqzF2JZ/R2mCi41sPbV6Uvk+/6YWezSdTFPGPNZ1mwuQ7Bu
+BZB3DR71BJTP/YUOD6uWOFSh8didm3kHNbAvG4X/xWyj07n70Cof0PBDGtw8QKlt
+CBydpPHBeew14n0PXXLB8jrDd6PtlKvKWrLVs9igASBuW584chaWNw039zxRKoqq
+PsMwIw+1he4Bax4hH4fM4wQOFpnhk5Y34VmdZqo1JtF7Vn41ghGwsXVswvl6wPC1
+g4+GUUwJtQ6cJyMmN4sIHDbCFTOWBlUijvMrvl3wxncqDmOp
+-----END CERTIFICATE-----

data/spec/fixtures/config_test_various.yaml

@@ -0,0 +1,46 @@
+ocsp_delegate_ca: {
+    ca_cert: {
+        cert: 'test_ca.cer'
+    },
+    ocsp_cert: {
+        cert: 'test_ca_ocsp.cer',
+        key: 'test_ca_ocsp.key'
+    }
+}
+ocsp_subroot_delegate_ca: {
+    ca_cert: {
+        cert: 'test_ca_subroot.cer'
+    },
+    ocsp_cert: {
+        cert: 'test_ca_subroot_ocsp.cer',
+        key: 'test_ca_subroot_ocsp.key'
+    }
+}
+ocsp_chain_ca: {
+    ca_cert: {
+        cert: 'test_ca.cer'
+    },
+    ocsp_cert: {
+        cert: 'test_ca_ocsp.cer',
+        key: 'test_ca_ocsp.key'
+    },
+    ocsp_chain: 'test_ca_ocsp_chain.txt'
+}
+ocsp_pkcs12_ca: {
+    ca_cert: {
+        cert: 'test_ca.cer'
+    },
+    ocsp_cert: {
+        pkcs12: 'test_ca_ocsp.p12',
+        password: 'r509'
+    }
+}
+ocsp_engine_ca: {
+    ca_cert: {
+        cert: 'test_ca.cer'
+    },
+    ocsp_cert: {
+        cert: 'test_ca_ocsp.cer',
+        engine: 'chil'
+    }
+}

data/spec/fixtures/ocsptest.r509.local.pem

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEgTCCA2mgAwIBAgIVAJjZ5cC0w3NVLfd8XQ8etRKOSUX5MA0GCSqGSIb3DQEB
+BQUAMF4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwH
+Q2hpY2FnbzEYMBYGA1UECgwPUnVieSBDQSBQcm9qZWN0MRAwDgYDVQQDDAdUZXN0
+IENBMB4XDTExMTIwNjE0NDMwNVoXDTEyMTIwNTE0NDMwNVowHjEcMBoGA1UEAwwT
+b2NzcHRlc3QucjUwOS5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAJKYUzUFOARca6xgBdCzcCaBskoybxHO6MP55wqX0NzRJQY39EZVI8cEZb5J
+DHCMiIQVF4LzaV2YeBYxQIcH3wwDchiM68ru4RetzM0lJjTj+Dh9KFQlGrO0Ggq3
+Or1/dDZiYXGKNKisvVALCa8Witak4kN6gPxicbQqBjz5mqQ1fR3XmwLk4ZUoyyzC
+YLtsBRq9BMPb/ACOnpSMPY+/JcNSZq7mfkdZkgIUiSVV3gSi7la039HnIQy47ou4
+gAstE9phBbD3HzyVhHQrUqWH5ySgvWqey/GKw473YtqAkqXiMri/9l0wqoc/z8z/
+8AUsucNWY0fFw6W60DfddLHnLqMCAwEAAaOCAXQwggFwMAwGA1UdEwEB/wQCMAAw
+HQYDVR0OBBYEFA+4ILvXZtq+sTFnuu7bBgNozYxEMAsGA1UdDwQEAwIFoDCBkAYD
+VR0jBIGIMIGFgBR5dbuEOsss3noJvjEbQ7wcKk1TWKFipGAwXjELMAkGA1UEBhMC
+VVMxETAPBgNVBAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRgwFgYDVQQK
+DA9SdWJ5IENBIFByb2plY3QxEDAOBgNVBAMMB1Rlc3QgQ0GCCQD/2ccLhzfRlDAT
+BgNVHSUEDDAKBggrBgEFBQcDATA+BgNVHSAENzA1MDMGC2CGSAHgOQECAwQBMCQw
+IgYIKwYBBQUHAgEWFmh0dHA6Ly9leGFtcGxlLmNvbS9jcHMwHwYDVR0fBBgwFjAU
+oBKgEIYOaHR0cDovL2NybC5jb20wKwYIKwYBBQUHAQEEHzAdMBsGCCsGAQUFBzAB
+hg9odHRwOi8vb2NzcC5jb20wDQYJKoZIhvcNAQEFBQADggEBAGoNhg81fX8piyRL
+l7mxSCn+Ts1xa7cr1c2Hrm/WrdONtoXLrqPKQAYY6gB2LhkBCbAXB3LIWLgvhrUE
+sfcWy7vwZNDtjuuynmwgoRcpjxYV7r9aHsgzUDtaPMRpVn4dMD8fkGtgpDgf49xG
+yGD9f48DXlLIbOYzfucrVDQT6QUeMwCtxvtJcYCplL/jvt87a08e8coDMkiE8wVE
+0sSpJnYuK9WBvcoGaaMrhrMG744pwYaCEXF+gghozNFZ2e3zjMYGRt/XpGkPT9PD
+MWS/UUznolj5htW+8zsITxahjt7D/BKQiKoPpOoLoajyBZWIhy+F8BC0sT+1hafO
+alTAjPE=
+-----END CERTIFICATE-----

data/spec/fixtures/second_ca.cer

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEHjCCAwagAwIBAgIJAMmEWj3f4aUaMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNV
+BAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEQMA4GA1UEBxMHQ2hpY2FnbzESMBAG
+A1UEChMJUjUwOSwgTHRkMR8wHQYDVQQDExZSNTA5IFNlY29uZGFyeSBUZXN0IENB
+MB4XDTExMTIwNjIxMTQ1MFoXDTMwMDcxOTIxMTQ1MFowZzELMAkGA1UEBhMCVVMx
+ETAPBgNVBAgTCElsbGlub2lzMRAwDgYDVQQHEwdDaGljYWdvMRIwEAYDVQQKEwlS
+NTA5LCBMdGQxHzAdBgNVBAMTFlI1MDkgU2Vjb25kYXJ5IFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSV/a39wauzUnEc0r/0+6R4D7m2ESk
+JV8cIx7hQTzxmhPDwk4Vf4UIaC0bxzHQ0TAcZSA3MJEvWGK9TaSOA7mzFQOEbQyw
+Uz4nWsuS+N1UaVkJf6BR98OtpO4jPV0ir0BlgN8vc79CbvsYRjQ8zM10/tIdA6oD
+U9LCLBJfHKm9Lpx8JO8CKweBmoMM/gNSdzC2AZUk6rwvtlZOvUth9Kcoe38ZMvib
+nSXSsIYUUkXWbfxHmPT2yHXi4t/Tuf/7VJqyXh7Mr3m0tg1OuiJXaPR8m63ZPnVB
+yAokJXLaVCWpMm7mHpD2u3s09LTDDcahFLiir1oUofnGQxoIOi7Y4ifvAgMBAAGj
+gcwwgckwHQYDVR0OBBYEFD/HsyH/MoTC4B53HEiiS0HYQ2lZMIGZBgNVHSMEgZEw
+gY6AFD/HsyH/MoTC4B53HEiiS0HYQ2lZoWukaTBnMQswCQYDVQQGEwJVUzERMA8G
+A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xEjAQBgNVBAoTCVI1MDks
+IEx0ZDEfMB0GA1UEAxMWUjUwOSBTZWNvbmRhcnkgVGVzdCBDQYIJAMmEWj3f4aUa
+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAW7C4sjrYU3Xjj0BJJQ
+lc/oT9mszr+UXpgbsk0Mh7Hd7N+gZ27gu5Y+D/Stbm8LLZQWCKl2n/6SLV7nJBFt
+sBmxhDiesWY+J7y9WNGirrBmAF2h6vz1oGB01YvC5ctWuS+eO51BcHg9QaMgxoTA
+mxaF597OmLCa9ICICJHUIBxfv2NeuO/Hy/meQHcI58YmxatdD31Gvy71PHa5Fc4+
+nHe7yOrIj1BU/LaIRAx6iguE4DaRUgQU3orOnzc6mZIWY4sXZu34GX7nYVas0EF7
+SUQFToihSaMBMltW6Jj9IYRXwYLgLg4RQNYfiQ1JrpGnN9CJ5DhnviBAidjEAMJx
+XJo=
+-----END CERTIFICATE-----
+

data/spec/fixtures/second_ca.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA0lf2t/cGrs1JxHNK/9PukeA+5thEpCVfHCMe4UE88ZoTw8JO
+FX+FCGgtG8cx0NEwHGUgNzCRL1hivU2kjgO5sxUDhG0MsFM+J1rLkvjdVGlZCX+g
+UffDraTuIz1dIq9AZYDfL3O/Qm77GEY0PMzNdP7SHQOqA1PSwiwSXxypvS6cfCTv
+AisHgZqDDP4DUncwtgGVJOq8L7ZWTr1LYfSnKHt/GTL4m50l0rCGFFJF1m38R5j0
+9sh14uLf07n/+1Sasl4ezK95tLYNTroiV2j0fJut2T51QcgKJCVy2lQlqTJu5h6Q
+9rt7NPS0ww3GoRS4oq9aFKH5xkMaCDou2OIn7wIDAQABAoIBAF4ohEfbq8EqImBv
+X95fZ4cjg+TgYPG9zPKSgitBgd+BImHaJAwZllqqD69Envcj/U5osmAiPIueHC0z
+iXsNDd6thHKOQkTYLpV9Xm2/O4yiz/mhiQnISG79yqA5wuxY2RHW+5GJVc+OUJaQ
+Lqgc4cgCndnhHwT4S/shsWOkOBN37q5GjiHq+Vfxi64HbGq3k+h7uH+b9O9pIt9m
+rj63i1PSy4t6EUR98bN/HjH0O3uhUYbILOLn6CE30XMfbr6O6KIyDEOpsajb6exh
+P7nGT/VMQOiJYBT2K+kVEJat+qUjte82MGa5Ytygdf5/3EjwrjEcEsYzxS0Z9M8G
+PtFTqyECgYEA+vi1BJVOF3mbrlS3DvZfDgxPdCuWbif1tmpZVzJNQJE+oGyaVTnB
+qPtiPn3s2fYDeM5cyBHY0iTgI18d7g0DXg2j++fjxFL4Mo/4GyMH0UnFlIc7x6VY
+lMbIfHouBLBhpOGYP6S1MQSt72HE3gZ8lk4EYgMQjtmW0QyWOMz6jPECgYEA1o7d
+zQx9esl27sMxVfyuqBXuDTlFU2/zfulFtAlZCgvhLADVXa5tgokPR3/ldy/caAUn
+PETkGDWhMGaa61pBJyHspe25FYNpNCRvE32pXc6YyXXNg0t9NkfqFciJCYhJ0hTS
++MkK9kBWqinUyE9dvMKCvgmAE1CT8Jh8AVv/gt8CgYB8ffRlMp7LHEKyZklr/aBH
+OqoLCTgUqnPDKdvpWgViGupC77xavEypQxGHyDU+JT+xpEP35op0K2CXiy4wkHn0
+JLYMVgnwr+t4QVwkMetF0N9WfwKTVRysqDJ5NK4xG0FEZbd9Ennit9yD2y6pp/QT
+Jt4btEN5aMvcJO87e8ppMQKBgQDB2C2X9fLgHmhvaraGI1aA0d9S3y09JuXtAUBS
+Wiexpe333YDntJGH3+CIDor4Vath51X9Y5hYLwvEOM86Vz6J5mJxvwb64tEHpOsd
+xuhfsinjyaS1PFyR0AMzTwxQKmvXe6znzGs09AfYkRaHKv1bbrjEjLzDtocSVhGj
+AMUmLQKBgAw5O+Zaw8RI4xpsi2y+y44Tt1QGtdwcdlBMhi7lTRDGT21RxMvypKi4
+lzMaPm+qQ8lLIep68RbttZZ3FCZ/l3mr6D/SHEcKotl4Z8aLsg5T3sd2WZAfOJvQ
+XQEi9pUgRj4MKTWIKtc7V26+WpdnNlyk1VLfnb4zS7zjoIDM9cxh
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/stca.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x
+FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz
+MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv
+cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz
+Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO
+0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao
+wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj
+7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS
+8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT
+BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg
+JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC
+NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3
+6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/
+3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm
+D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS
+CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR
+3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE=
+-----END CERTIFICATE-----

data/spec/fixtures/test_ca.cer

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDjzCCAnegAwIBAgIJAP/ZxwuHN9GUMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV
+BAYTAlVTMREwDwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzEYMBYG
+A1UECgwPUnVieSBDQSBQcm9qZWN0MRAwDgYDVQQDDAdUZXN0IENBMB4XDTExMDIy
+MDIwNDkxMloXDTMwMDQyMTIwNDkxMlowXjELMAkGA1UEBhMCVVMxETAPBgNVBAgM
+CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRgwFgYDVQQKDA9SdWJ5IENBIFBy
+b2plY3QxEDAOBgNVBAMMB1Rlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCot8/z3jxARkwyRk0csM84dlWs91W95wPpunx3P3otqUxCJaOAyQl/
+uY8deg0xDmsime2JQ6aG6m76y3LfT4J1tlkhtmiGKhNJir1kgL8sL0wTXYXvwZEw
+qEEYD5mKi7Na9eo4R0ydqd9KAquVIhKywXvV1+Y4RDTx+f1WXmMCBaYZ76/rXmIe
+oE0avriRiihOtlgto+VNJw7VRnvq+cEd81BT62wRk1fG1lcpCqTEfEtKEI6PqqZh
+E2f+6lNmhZZ3Tj7NeNgYQLd4q+L1y030Vj4onpAIJrwfQq3dxTmrLDqnN2WOFsbo
+0qGh3s4yqUaOYd2wIBgCp7fEf5X/yh53AgMBAAGjUDBOMB0GA1UdDgQWBBR5dbuE
+Osss3noJvjEbQ7wcKk1TWDAfBgNVHSMEGDAWgBR5dbuEOsss3noJvjEbQ7wcKk1T
+WDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAp/Fh+WWjN7x/SZzMm
+H1INAS4loufHXzkqI+3bClAzlhzpBVbY7dHwD6H8oKh06EtppbN0Bw3iqXSRyoNd
++lDXccPij5dCuTFQ97DOrv7kGlhiM95XVkx4mvnd+i6jKwgOpllgDE/nKOwC42bq
+lIikcp7XLQUPt7amyX9UeJ8lxQ/niSkT868ls2IZQkF3XEhCi+5VlefEoaiMQZmD
+RyEd/vlsSnpXI5LLpkFq+NFGvgdI7+UADNIyDplyivD4VyQ6+zisX3r1ojroa6Y+
+WyXxLx+AVJVnGjngr2fDKr4ggsYWlJEs8lJ0r90jliYrSPA6rIldTbs3k9AbUp8G
+kS6X
+-----END CERTIFICATE-----

data/spec/fixtures/test_ca.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCot8/z3jxARkwy
+Rk0csM84dlWs91W95wPpunx3P3otqUxCJaOAyQl/uY8deg0xDmsime2JQ6aG6m76
+y3LfT4J1tlkhtmiGKhNJir1kgL8sL0wTXYXvwZEwqEEYD5mKi7Na9eo4R0ydqd9K
+AquVIhKywXvV1+Y4RDTx+f1WXmMCBaYZ76/rXmIeoE0avriRiihOtlgto+VNJw7V
+Rnvq+cEd81BT62wRk1fG1lcpCqTEfEtKEI6PqqZhE2f+6lNmhZZ3Tj7NeNgYQLd4
+q+L1y030Vj4onpAIJrwfQq3dxTmrLDqnN2WOFsbo0qGh3s4yqUaOYd2wIBgCp7fE
+f5X/yh53AgMBAAECggEAMlRS5m6fDpVp2X17N1nPFwrF2AkYPMQTOL/2rSP0cHaW
+Vw0fTyWpfb5+4M4t7Tpd3z6Hy3Cw1oJMhOf35oGzayXwRMxDNfKLOl72zGpTnPym
+9wfpEnJtu1QVxvWwWdH+uN2u9wbd5hJsl4lgYeZ+KXDqXgo/lP1TxfNLDV6urkVA
+wsR5URtG2ddOTOUjhUvizWPt1QCVE6Z5YVe9haTtQ4EtLjPywd8LB01AXRkvLIlL
+2XpL/EeuzF8GLd3GRMjEwgnT7WWBLHe7zIZqsRVx318Pu+WoWRFXUbKxrwH05tUV
+kx9Gh//L01uNwGx7qHSyJxTmYibjJXQAyQqVpPY4oQKBgQDgTbRVX65AEj5x8J3A
+1UEBDZE6ZQL/AnM+yPZGFSTfM04ebLUKyeIDvoSUxrbWMSf8JJwU1OCA+zJiXSld
+0BNBwd/irr9aglEuOBx6ITJypaKtehR5TtZGWsrvJT9f7IZ5Tc29gC0wiKNOqQ09
+O4J7/tvk2j4viAawGHSlRvJDnwKBgQDAj0X1kLwaH+QlVHU9QyRbK8qJsouot8Km
+BEjkZQ4D+7BQ/3mfFszJ/AG6tMA6FgikskyEics7XrtNYPZOGZ1xxKpi1an6o8cm
+GKUavZnkR5eHNwUEl2c9V5lNMbtAbCbIz30sCBFluicw37M2O8n38xTDSnXcRTbN
+n3rqpu52KQKBgE3MRc8Sx7JrYYNNjLnUfZ5q4UNaw8ZFSEmvlFPMg6Ry/BZraAPc
+7+qSixO7NLFoDVFUNVq4V0IFXn1liLKEOBmnsArEx5QR/SxFxALMPt4q+ximbjGB
+Gar/VMHLroaL2Dx8su6WZZYe3l2rHu9tE54EUKq407bSvFcZtGObDu5LAoGAfxmS
+ueYQ4sWOF73JrOg2hR9AjucVHAY/KsnFO0wglix5Ut1ub73i6qe2lIBeKXkFt4Ag
+1ZMGXGfJBegsa5youcFwHdCeY9vaxaCayi2/+FfxAsUkQMWW1XyOqc9bo8g/SWj7
+XCbvJNBcsfvWFMQeKdV/LPBnHz9oTw0nWt9YoxECgYAA9f2l6btaIV2JuDEzR8LK
+8MjXZMwmg9pEiUT0DsiiVIkJDsHdb2i54DhkfEKxi+ZDTO8AoFpqc4GTwobQHgPk
+N6Qa+wvig8SAWTS0dbPq2usvmx8cOiuqbn88VVl9jmFT6WTRJzNVRgVMM8xwl3uS
+odNmWsnOyWhM8h5LMVNb5w==
+-----END PRIVATE KEY-----

data/spec/fixtures/test_ca_ocsp.cer

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEWjCCA0KgAwIBAgIVAL6KQp4q0lBnlTg3fdk1VWh02squMA0GCSqGSIb3DQEB
+BQUAMF4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwH
+Q2hpY2FnbzEYMBYGA1UECgwPUnVieSBDQSBQcm9qZWN0MRAwDgYDVQQDDAdUZXN0
+IENBMB4XDTEyMDEwNjEwMjYyNloXDTIyMDEwMzE2MjYyNlowYDELMAkGA1UEBhMC
+VVMxETAPBgNVBAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMREwDwYDVQQK
+DAhyNTA5IExMQzEZMBcGA1UEAwwQcjUwOSBPQ1NQIFNpZ25lcjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAL1bj6l9fXWxFxdXIlzRewUKcMIjSvehpL5j
+CJ/7AqejfsV6K1all9CgOoXF1j7fAT8IkcuwcIQaq3zAV1vXxYtHRiWlQfYeXSWq
+zwQ8WzBAzIa6HRMZxtjbFzfrAPWEKRNyOlF/R98+VTD2MCRbbeVPLRkOtzHuiG0x
+ap+vVbGG7bO+kt8cRthVdYm1gkIP4Ox7cSi+JAR9JsZL1kk+QhIgU9BKE4BS0ior
+jC/FXHd6l3ub1DCoKPr5lw16MpmLwhjnn0myAy6Fr4eTAr69vDoA/KtoszFWO2Ea
+QsW0rJcRjwKAfliBQu1bVzfhBEpo2fFwjH9ydxp7NWHIf+/y1yECAwEAAaOCAQsw
+ggEHMAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYE
+FE7QZeVFxt67S7tR1FuFGA+DjTiMMIGQBgNVHSMEgYgwgYWAFHl1u4Q6yyzeegm+
+MRtDvBwqTVNYoWKkYDBeMQswCQYDVQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMx
+EDAOBgNVBAcMB0NoaWNhZ28xGDAWBgNVBAoMD1J1YnkgQ0EgUHJvamVjdDEQMA4G
+A1UEAwwHVGVzdCBDQYIJAP/ZxwuHN9GUMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6
+Ly9jcmwucjUwOS5vcmcvdGVzdF9jYS5jcmwwDQYJKoZIhvcNAQEFBQADggEBAAGM
+Zg+p84GjC0gzeQZROqS6s4GDJgRn0/kEpnSQO8wDsjLjyyzbW8xIyX9w1EdVaSS8
+mTe/oZ9SvMS8ONHlINyQtM0GuS6OOxtEQcx5/IJxdC+TDXQ27TvBgNg2KUIWxDgG
+9V18jdS/fV3pDFbUfulGciQkUrReCjchM52XUg0mb13VCCLjEUETPVYV6akOgglM
+Lg22je3F6fiEctwHHMABv6fOSrKa3Qg0SCx1WA+uHLnrLjc5vYljAzvQYz8UywoS
+RBnW6UInYvBs6KZmWv9acWGew3pQLOp0+FOrvgnxLWG7D4QuMulaYgKP1cpValmU
+iCkw4FfJqeDBTxrenF4=
+-----END CERTIFICATE-----