1[Created by: generate_policies_tests.py] 2 3Cast certificate chain with the following policies: 4 5 Root: policies={} 6 Intermediate: policies={} 7 Leaf: policies={foo} 8 9Certificate: 10 Data: 11 Version: 3 (0x2) 12 Serial Number: 8 (0x8) 13 Signature Algorithm: sha256WithRSAEncryption 14 Issuer: CN=Intermediate 15 Validity 16 Not Before: Jan 1 12:00:00 2015 GMT 17 Not After : Jan 1 12:00:00 2018 GMT 18 Subject: CN=Leaf 19 Subject Public Key Info: 20 Public Key Algorithm: rsaEncryption 21 Public-Key: (2048 bit) 22 Modulus: 23 00:b4:f3:98:76:d2:61:f4:bf:b4:45:b7:c7:90:6b: 24 24:b7:9b:15:c8:1b:85:36:ca:86:72:81:bb:9a:07: 25 dd:07:9b:93:36:82:f5:53:04:b7:3e:af:2a:58:9d: 26 66:5a:61:e5:2c:29:17:24:e0:9a:bf:f5:c7:11:85: 27 51:87:2c:c0:58:57:0e:96:22:22:4d:9e:e3:4f:8b: 28 cb:22:7e:90:d4:e7:e2:8a:a1:16:bd:0d:77:ac:00: 29 c9:dc:6b:10:96:5c:80:48:e8:54:8c:61:11:b1:55: 30 b4:ce:64:f6:cd:3d:d1:6e:7e:2a:19:12:b8:56:df: 31 6e:4c:73:cb:65:84:17:48:e0:5c:f0:20:8b:7d:75: 32 7f:01:4f:1d:d0:39:98:ba:22:f3:5c:45:6c:da:6c: 33 d1:7d:67:dc:bc:2d:33:90:19:9d:18:5c:59:2a:e6: 34 55:81:4b:73:32:5b:b6:90:8e:fb:73:f5:ef:c1:03: 35 75:ef:ce:dc:e3:f7:89:c5:a3:65:a7:40:07:17:df: 36 b6:f3:24:e1:7f:c0:7f:2c:70:8e:0d:b3:99:8e:97: 37 52:5c:c1:fb:1b:15:55:30:f0:a8:44:4e:d1:91:c0: 38 fa:0c:92:31:2f:c3:67:e2:19:9d:97:30:11:e4:30: 39 3a:e9:6c:77:ee:80:1b:da:de:79:9a:22:0b:be:f1: 40 7f:a3 41 Exponent: 65537 (0x10001) 42 X509v3 extensions: 43 X509v3 Subject Key Identifier: 44 A1:81:A2:E3:16:52:66:B3:FF:D3:03:00:D2:B2:C0:94:44:5F:A6:94 45 X509v3 Authority Key Identifier: 46 keyid:DE:56:5F:DE:CA:60:54:D4:8A:CB:84:67:A4:7C:A6:F8:6E:59:CB:CD 47 48 Authority Information Access: 49 CA Issuers - URI:http://url-for-aia/Intermediate.cer 50 51 X509v3 CRL Distribution Points: 52 53 Full Name: 54 URI:http://url-for-crl/Intermediate.crl 55 56 X509v3 Key Usage: critical 57 Digital Signature, Key Encipherment 58 X509v3 Extended Key Usage: 59 TLS Web Client Authentication 60 X509v3 Certificate Policies: 61 Policy: 1.2.840.113554.4.1.72585.2 62 63 Signature Algorithm: sha256WithRSAEncryption 64 2e:65:72:a3:1d:73:c2:9f:a3:b2:25:ca:b8:80:d4:6f:b2:d2: 65 49:6d:60:2c:aa:91:0d:ae:46:2c:e5:a0:a4:7e:2b:7c:15:47: 66 02:b1:2d:3e:f2:a6:7a:6c:93:77:bf:a1:39:5f:b2:10:ea:26: 67 5a:ce:8d:19:bf:f1:b3:0c:33:b7:13:4d:19:d1:a8:a8:74:15: 68 39:08:e4:f8:43:20:85:bc:97:c4:bf:c9:40:54:ef:bf:c2:94: 69 bb:58:29:45:3b:ab:fb:1e:e4:93:61:12:50:ef:5e:73:70:3e: 70 58:00:9a:ab:7f:8e:45:8e:c9:cf:8a:95:87:d8:df:20:bf:57: 71 18:4b:8b:5c:64:16:18:90:24:a3:06:08:6d:58:8a:49:1b:08: 72 33:42:a7:11:18:af:0a:f4:ee:e0:d9:7d:46:02:49:e7:ea:40: 73 17:5a:33:35:28:bc:d7:aa:fd:78:1d:c7:b1:7b:a6:58:35:f6: 74 09:44:39:ff:ff:3a:08:a9:68:58:28:3e:d1:76:9c:88:54:a6: 75 37:50:4a:ff:32:b6:62:78:df:10:cb:0b:05:04:1c:72:62:a0: 76 6a:85:f8:25:ee:0d:0b:66:26:de:5a:98:34:10:40:53:41:80: 77 26:f6:64:a7:5d:15:a1:c0:08:c2:e0:e5:90:95:7a:45:2d:3c: 78 c7:49:ab:d4 79-----BEGIN CERTIFICATE----- 80MIIDnDCCAoSgAwIBAgIBCDANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl 81cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIwMDAwWjAPMQ0wCwYD 82VQQDDARMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPOYdtJh 839L+0RbfHkGskt5sVyBuFNsqGcoG7mgfdB5uTNoL1UwS3Pq8qWJ1mWmHlLCkXJOCa 84v/XHEYVRhyzAWFcOliIiTZ7jT4vLIn6Q1OfiiqEWvQ13rADJ3GsQllyASOhUjGER 85sVW0zmT2zT3Rbn4qGRK4Vt9uTHPLZYQXSOBc8CCLfXV/AU8d0DmYuiLzXEVs2mzR 86fWfcvC0zkBmdGFxZKuZVgUtzMlu2kI77c/XvwQN1787c4/eJxaNlp0AHF9+28yTh 87f8B/LHCODbOZjpdSXMH7GxVVMPCoRE7RkcD6DJIxL8Nn4hmdlzAR5DA66Wx37oAb 882t55miILvvF/owIDAQABo4H6MIH3MB0GA1UdDgQWBBShgaLjFlJms//TAwDSssCU 89RF+mlDAfBgNVHSMEGDAWgBTeVl/eymBU1IrLhGekfKb4blnLzTA/BggrBgEFBQcB 90AQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlh 91dGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRl 92cm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD 93AjAZBgNVHSAEEjAQMA4GDCqGSIb3EgQBhLcJAjANBgkqhkiG9w0BAQsFAAOCAQEA 94LmVyox1zwp+jsiXKuIDUb7LSSW1gLKqRDa5GLOWgpH4rfBVHArEtPvKmemyTd7+h 95OV+yEOomWs6NGb/xswwztxNNGdGoqHQVOQjk+EMghbyXxL/JQFTvv8KUu1gpRTur 96+x7kk2ESUO9ec3A+WACaq3+ORY7Jz4qVh9jfIL9XGEuLXGQWGJAkowYIbViKSRsI 97M0KnERivCvTu4Nl9RgJJ5+pAF1ozNSi816r9eB3HsXumWDX2CUQ5//86CKloWCg+ 980XaciFSmN1BK/zK2YnjfEMsLBQQccmKgaoX4Je4NC2Ym3lqYNBBAU0GAJvZkp10V 99ocAIwuDlkJV6RS08x0mr1A== 100-----END CERTIFICATE----- 101 102Certificate: 103 Data: 104 Version: 3 (0x2) 105 Serial Number: 16 (0x10) 106 Signature Algorithm: sha256WithRSAEncryption 107 Issuer: CN=Root 108 Validity 109 Not Before: Jan 1 12:00:00 2015 GMT 110 Not After : Jan 1 12:00:00 2018 GMT 111 Subject: CN=Intermediate 112 Subject Public Key Info: 113 Public Key Algorithm: rsaEncryption 114 Public-Key: (2048 bit) 115 Modulus: 116 00:ab:dc:90:0c:97:d0:d8:00:b2:82:d1:55:82:1b: 117 2d:8f:f3:df:c2:4d:3c:7b:58:b7:82:a7:21:a4:3b: 118 94:a0:91:84:45:6f:f3:dd:b9:3a:0b:bc:4b:07:0a: 119 d1:45:9d:3c:1b:d4:4c:64:a4:7e:0c:01:d9:12:c5: 120 c4:f2:51:8c:86:02:87:32:9f:f4:86:b6:71:73:96: 121 6f:07:ab:b4:98:cc:3b:3c:75:0c:ef:29:6d:66:e6: 122 ac:45:5a:c7:be:0d:52:f0:e6:7f:65:0a:91:fb:1b: 123 8a:67:3a:e7:ae:bb:b3:78:f5:67:89:d2:6a:37:0d: 124 1b:e4:c2:a1:20:ce:cf:71:d5:4e:5d:7c:a6:53:46: 125 55:bb:92:37:33:ca:9d:10:90:c8:27:12:72:ac:7c: 126 53:7e:4d:d7:d9:46:04:aa:18:35:2b:f2:d8:c2:64: 127 a0:d7:5e:2a:c6:ca:2e:4d:7a:49:cd:4e:d7:55:b8: 128 32:3e:fd:58:d8:38:da:ad:a1:97:85:40:2d:22:13: 129 5e:ff:e1:42:bf:36:8b:35:48:ca:ab:9a:ec:72:9b: 130 0c:8e:cc:ce:de:e6:fe:3f:f9:50:3a:08:1a:3f:95: 131 24:a2:2d:96:fb:7b:f6:07:ed:15:77:cb:b2:bb:8a: 132 2d:07:ee:17:bd:0d:d0:b2:f5:84:e2:3d:b3:5a:19: 133 d0:6b 134 Exponent: 65537 (0x10001) 135 X509v3 extensions: 136 X509v3 Subject Key Identifier: 137 DE:56:5F:DE:CA:60:54:D4:8A:CB:84:67:A4:7C:A6:F8:6E:59:CB:CD 138 X509v3 Authority Key Identifier: 139 keyid:B0:D5:C8:C3:10:56:82:DD:32:BA:88:72:0A:12:17:7E:E8:81:7F:09 140 141 Authority Information Access: 142 CA Issuers - URI:http://url-for-aia/Root.cer 143 144 X509v3 CRL Distribution Points: 145 146 Full Name: 147 URI:http://url-for-crl/Root.crl 148 149 X509v3 Key Usage: critical 150 Certificate Sign, CRL Sign 151 X509v3 Basic Constraints: critical 152 CA:TRUE 153 Signature Algorithm: sha256WithRSAEncryption 154 ac:4c:1c:ee:c1:15:52:c1:7d:f6:78:97:d8:80:84:cd:6b:00: 155 ef:6e:65:53:31:ee:c4:2f:aa:27:e5:c4:0f:ae:ef:8a:45:8d: 156 d0:0d:4e:c0:22:b3:72:c7:60:db:60:9d:cd:74:95:76:f1:bb: 157 1e:9b:ae:f4:e5:09:d4:1b:33:70:a6:f1:ce:ab:6d:7e:d9:11: 158 bb:63:33:d9:49:39:16:9a:f5:e3:b6:37:cb:dc:0d:09:f6:a4: 159 9f:e0:40:a1:8f:1e:79:eb:8b:4c:73:b4:23:ef:7c:c5:0c:e3: 160 8e:c0:48:ed:dd:f6:c1:80:5e:5e:ba:69:a3:d7:ac:93:e1:be: 161 ce:23:93:20:b4:44:74:e3:92:1f:02:d9:4a:f9:f8:f5:86:13: 162 ab:b8:34:b0:4e:e0:2c:ec:2e:56:ab:49:85:47:8c:ce:4c:6d: 163 1f:bc:50:8e:aa:b3:a4:9a:54:9b:80:93:61:70:b7:10:01:c3: 164 05:80:6e:e4:ea:b8:10:26:4f:92:84:3d:65:54:3e:8d:1f:6b: 165 74:68:b5:8c:b2:b0:8e:43:28:56:8d:58:a3:aa:af:70:6c:1e: 166 e9:13:85:d3:9c:8b:ab:65:11:cc:58:4c:c4:03:d9:99:70:c0: 167 3a:cf:e7:3c:7b:1a:fc:aa:5f:f1:62:0b:d6:b0:d9:84:c1:f1: 168 f4:2f:f8:fa 169-----BEGIN CERTIFICATE----- 170MIIDbTCCAlWgAwIBAgIBEDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 171MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 172ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9yQDJfQ 1732ACygtFVghstj/Pfwk08e1i3gqchpDuUoJGERW/z3bk6C7xLBwrRRZ08G9RMZKR+ 174DAHZEsXE8lGMhgKHMp/0hrZxc5ZvB6u0mMw7PHUM7yltZuasRVrHvg1S8OZ/ZQqR 175+xuKZzrnrruzePVnidJqNw0b5MKhIM7PcdVOXXymU0ZVu5I3M8qdEJDIJxJyrHxT 176fk3X2UYEqhg1K/LYwmSg114qxsouTXpJzU7XVbgyPv1Y2DjaraGXhUAtIhNe/+FC 177vzaLNUjKq5rscpsMjszO3ub+P/lQOggaP5Ukoi2W+3v2B+0Vd8uyu4otB+4XvQ3Q 178svWE4j2zWhnQawIDAQABo4HLMIHIMB0GA1UdDgQWBBTeVl/eymBU1IrLhGekfKb4 179blnLzTAfBgNVHSMEGDAWgBSw1cjDEFaC3TK6iHIKEhd+6IF/CTA3BggrBgEFBQcB 180AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs 181BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD 182VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB 183AKxMHO7BFVLBffZ4l9iAhM1rAO9uZVMx7sQvqiflxA+u74pFjdANTsAis3LHYNtg 184nc10lXbxux6brvTlCdQbM3Cm8c6rbX7ZEbtjM9lJORaa9eO2N8vcDQn2pJ/gQKGP 185Hnnri0xztCPvfMUM447ASO3d9sGAXl66aaPXrJPhvs4jkyC0RHTjkh8C2Ur5+PWG 186E6u4NLBO4CzsLlarSYVHjM5MbR+8UI6qs6SaVJuAk2FwtxABwwWAbuTquBAmT5KE 187PWVUPo0fa3RotYyysI5DKFaNWKOqr3BsHukThdOci6tlEcxYTMQD2ZlwwDrP5zx7 188GvyqX/FiC9aw2YTB8fQv+Po= 189-----END CERTIFICATE----- 190 191Certificate: 192 Data: 193 Version: 3 (0x2) 194 Serial Number: 15 (0xf) 195 Signature Algorithm: sha256WithRSAEncryption 196 Issuer: CN=Root 197 Validity 198 Not Before: Jan 1 12:00:00 2015 GMT 199 Not After : Jan 1 12:00:00 2018 GMT 200 Subject: CN=Root 201 Subject Public Key Info: 202 Public Key Algorithm: rsaEncryption 203 Public-Key: (2048 bit) 204 Modulus: 205 00:ba:ae:2f:50:c5:cd:fd:5f:f6:01:bd:69:93:41: 206 20:92:bd:f3:c9:b4:f0:64:d9:c6:c4:27:82:1e:5a: 207 73:ad:7a:4a:8b:de:8d:81:2f:0e:00:7b:ea:9e:15: 208 35:e1:6a:c7:52:89:78:91:b6:9c:ff:64:5d:ef:c4: 209 51:d1:1d:e6:a1:fb:46:56:cf:49:88:1f:ad:9c:46: 210 30:3c:92:8d:a6:f7:8e:f9:d1:39:48:d3:19:3f:93: 211 8b:fe:fa:bf:58:56:72:aa:e7:8a:cc:1f:24:b7:18: 212 5f:74:05:1b:f5:d3:ea:70:a6:19:99:0c:af:6f:1a: 213 eb:3a:c6:b4:6f:59:25:68:01:5a:e2:e1:45:03:cb: 214 60:f3:d2:2e:e5:50:04:a0:29:c3:ab:c3:9c:17:fb: 215 e2:6e:83:12:64:cf:16:b9:14:a0:15:dc:58:67:7c: 216 71:2f:c4:cc:d6:8a:e1:96:59:5b:bd:01:f2:23:cc: 217 c6:1d:da:b3:ad:04:93:59:26:b0:58:34:6f:6e:12: 218 23:4f:04:9d:79:c0:59:8a:94:b7:f0:d3:12:18:a2: 219 c0:fa:38:2e:6a:07:40:1a:5c:28:9b:a1:b7:3b:cb: 220 ba:26:7c:b8:c2:a7:fd:77:f7:5a:76:34:8c:64:ae: 221 93:2c:72:79:27:60:1b:33:03:8c:00:57:93:64:5d: 222 e7:c3 223 Exponent: 65537 (0x10001) 224 X509v3 extensions: 225 X509v3 Subject Key Identifier: 226 B0:D5:C8:C3:10:56:82:DD:32:BA:88:72:0A:12:17:7E:E8:81:7F:09 227 X509v3 Authority Key Identifier: 228 keyid:B0:D5:C8:C3:10:56:82:DD:32:BA:88:72:0A:12:17:7E:E8:81:7F:09 229 230 Authority Information Access: 231 CA Issuers - URI:http://url-for-aia/Root.cer 232 233 X509v3 CRL Distribution Points: 234 235 Full Name: 236 URI:http://url-for-crl/Root.crl 237 238 X509v3 Key Usage: critical 239 Certificate Sign, CRL Sign 240 X509v3 Basic Constraints: critical 241 CA:TRUE 242 Signature Algorithm: sha256WithRSAEncryption 243 b8:fd:07:a2:48:48:d7:9a:30:3a:40:d7:49:94:92:8a:11:98: 244 73:8a:59:fd:02:c6:89:6c:59:ec:a1:4f:b8:f2:b2:74:fe:67: 245 51:97:25:fc:76:70:2d:7f:b4:32:ef:e1:23:ad:69:a4:f7:ca: 246 89:6e:aa:13:bb:30:fa:a5:26:cb:56:6f:f9:84:ab:fc:1f:89: 247 bb:b8:2e:4c:61:46:36:e4:d6:79:30:a4:3e:9a:36:4f:8f:20: 248 43:c5:2c:1f:b7:dc:d6:e6:0f:1c:df:8c:a9:c3:7f:45:61:0d: 249 0c:36:c0:b6:5c:2c:de:5e:0e:ee:21:ea:e1:50:28:3f:96:65: 250 2c:cb:5a:69:e5:1f:0d:04:d4:25:c3:bc:98:74:88:8d:d8:61: 251 86:ea:f9:32:3b:86:be:24:1b:ad:94:d9:4f:1f:47:77:05:8c: 252 e0:5d:dd:59:2f:83:b3:6a:b1:fe:6f:02:74:7f:c6:e3:5a:2f: 253 f3:3a:5f:13:01:e2:5e:71:99:fe:36:da:1e:98:e5:7e:38:6f: 254 54:23:23:7c:c3:3b:27:e7:1e:6c:b3:78:0b:ae:a2:66:9e:0e: 255 b9:13:1b:09:a7:da:f5:ab:7e:64:f6:12:87:9f:40:40:e2:a5: 256 09:dd:f4:3f:0e:9f:88:26:fc:2f:d5:48:fd:db:d5:70:e8:12: 257 c7:ae:ff:72 258-----BEGIN CERTIFICATE----- 259MIIDZTCCAk2gAwIBAgIBDzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 260MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v 261dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALquL1DFzf1f9gG9aZNB 262IJK988m08GTZxsQngh5ac616SovejYEvDgB76p4VNeFqx1KJeJG2nP9kXe/EUdEd 2635qH7RlbPSYgfrZxGMDySjab3jvnROUjTGT+Ti/76v1hWcqrniswfJLcYX3QFG/XT 2646nCmGZkMr28a6zrGtG9ZJWgBWuLhRQPLYPPSLuVQBKApw6vDnBf74m6DEmTPFrkU 265oBXcWGd8cS/EzNaK4ZZZW70B8iPMxh3as60Ek1kmsFg0b24SI08EnXnAWYqUt/DT 266EhiiwPo4LmoHQBpcKJuhtzvLuiZ8uMKn/Xf3WnY0jGSukyxyeSdgGzMDjABXk2Rd 26758MCAwEAAaOByzCByDAdBgNVHQ4EFgQUsNXIwxBWgt0yuohyChIXfuiBfwkwHwYD 268VR0jBBgwFoAUsNXIwxBWgt0yuohyChIXfuiBfwkwNwYIKwYBBQUHAQEEKzApMCcG 269CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw 270IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE 271AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC4/QeiSEjX 272mjA6QNdJlJKKEZhziln9AsaJbFnsoU+48rJ0/mdRlyX8dnAtf7Qy7+EjrWmk98qJ 273bqoTuzD6pSbLVm/5hKv8H4m7uC5MYUY25NZ5MKQ+mjZPjyBDxSwft9zW5g8c34yp 274w39FYQ0MNsC2XCzeXg7uIerhUCg/lmUsy1pp5R8NBNQlw7yYdIiN2GGG6vkyO4a+ 275JButlNlPH0d3BYzgXd1ZL4OzarH+bwJ0f8bjWi/zOl8TAeJecZn+NtoemOV+OG9U 276IyN8wzsn5x5ss3gLrqJmng65ExsJp9r1q35k9hKHn0BA4qUJ3fQ/Dp+IJvwv1Uj9 27729Vw6BLHrv9y 278-----END CERTIFICATE----- 279