diff --git a/v3/integration/config.json b/v3/integration/config.json index ad902376d..a8b8d1b53 100644 --- a/v3/integration/config.json +++ b/v3/integration/config.json @@ -979,6 +979,9 @@ }, "e_ev_extra_subject_attribs": { "ErrCount": 12279 + }, + "e_subj_contains_html_entities": { + "ErrCount": 14 } } } diff --git a/v3/lints/community/lint_subj_contains_html_entities.go b/v3/lints/community/lint_subj_contains_html_entities.go new file mode 100644 index 000000000..ff73d5844 --- /dev/null +++ b/v3/lints/community/lint_subj_contains_html_entities.go @@ -0,0 +1,101 @@ +/* + * ZLint Copyright 2024 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +package community + +import ( + "github.com/zmap/zcrypto/x509" + "github.com/zmap/zlint/v3/lint" + "github.com/zmap/zlint/v3/util" + + "fmt" + "reflect" + "regexp" +) + +func init() { + lint.RegisterCertificateLint(&lint.CertificateLint{ + LintMetadata: lint.LintMetadata{ + Name: "e_subj_contains_html_entities", + Description: "Detects the presence of HTML entities (e.g. '&') in the Subject, which probably shouldn't be there", + Source: lint.Community, + EffectiveDate: util.ZeroDate, + }, + Lint: NewSubjectContainsHTMLEntities, + }) +} + +type subjectContainsHTMLEntities struct { + Skip bool `comment:"Set this to true to skip this lint"` +} + +func NewSubjectContainsHTMLEntities() lint.LintInterface { + return &subjectContainsHTMLEntities{ + Skip: false, + } +} + +func (l *subjectContainsHTMLEntities) Configure() interface{} { + return l +} + +func (l *subjectContainsHTMLEntities) CheckApplies(c *x509.Certificate) bool { + return true +} + +var htmlEntitiesRegExp = regexp.MustCompile("&#?[a-zA-Z0-9]+;") + +func containsHTMLEntities(s string) bool { + return htmlEntitiesRegExp.MatchString(s) +} + +func (l *subjectContainsHTMLEntities) Execute(c *x509.Certificate) *lint.LintResult { + + if l.Skip { + return &lint.LintResult{Status: lint.Pass} + } + + targetFields := []string{ + "GivenName", + "Surname", + "CommonNames", + "OrganizationalUnit", + "Organization", + "Locality", + "Province", + "StreetAddress", + "PostalCode", + "OrganizationIDs", + "JurisdictionLocality", + "JurisdictionProvince", + } + + value := reflect.ValueOf(c.Subject) + + for _, fieldName := range targetFields { + field := value.FieldByName(fieldName) + strSlice := field.Interface().([]string) + + if len(strSlice) > 0 { + if containsHTMLEntities(strSlice[0]) { + return &lint.LintResult{ + Status: lint.Error, + Details: fmt.Sprintf("Subject.%s contains an HTML entity", fieldName), + } + } + } + } + + return &lint.LintResult{Status: lint.Pass} +} diff --git a/v3/lints/community/lint_subj_contains_html_entities_test.go b/v3/lints/community/lint_subj_contains_html_entities_test.go new file mode 100644 index 000000000..137f709b1 --- /dev/null +++ b/v3/lints/community/lint_subj_contains_html_entities_test.go @@ -0,0 +1,85 @@ +/* + * ZLint Copyright 2024 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +package community + +import ( + "testing" + + "github.com/zmap/zlint/v3/lint" + "github.com/zmap/zlint/v3/test" +) + +/* + TEST CASES + + File Result Description + =============== ====== =========== + html_entity_ok1 Pass Clean certificate (no HTML entities) + html_entity_ok2 Pass With a pattern that resembles, but is not, an HTML entity + html_entity_ok3 Pass With an HTML entity, but lint is bypassed via configuration + html_entity_ko1 Error HTML entity in organization + html_entity_ko2 Error HTML entity in stateOrProvince (Turks & Caicos Islands) + html_entity_ko3 Error HTML entity in locality (La Roque-d'Anthéron) +*/ + +func TestSubjectContainsHTMLEntities(t *testing.T) { + + type Data struct { + input string + config string + want lint.LintStatus + } + + data := []Data{ + { + input: "html_entity_ok1.pem", + want: lint.Pass, + }, + { + input: "html_entity_ok2.pem", + want: lint.Pass, + }, + { + input: "html_entity_ok3.pem", + config: ` + [e_subj_contains_html_entities] + Skip = true + `, + want: lint.Pass, + }, + { + input: "html_entity_ko1.pem", + want: lint.Error, + }, + { + input: "html_entity_ko2.pem", + want: lint.Error, + }, + { + input: "html_entity_ko3.pem", + want: lint.Error, + }, + } + for _, testData := range data { + testData := testData + t.Run(testData.input, func(t *testing.T) { + out := test.TestLintWithConfig("e_subj_contains_html_entities", testData.input, testData.config) + if out.Status != testData.want { + t.Errorf("expected %s, got %s", testData.want, out.Status) + } + }) + } + +} diff --git a/v3/testdata/html_entity_ko1.pem b/v3/testdata/html_entity_ko1.pem new file mode 100644 index 000000000..3b924df63 --- /dev/null +++ b/v3/testdata/html_entity_ko1.pem @@ -0,0 +1,100 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4f:47:38:4f:0f:c3:45:b6:91:f7:9d:15:ee:77:03:11 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = XX, O = Some CA, CN = Fake CA for zlint testing + Validity + Not Before: Dec 18 11:12:37 2024 GMT + Not After : Dec 18 11:12:37 2025 GMT + Subject: C = DE, ST = Hamburg, L = Hamburg, O = "Steinway & Sons", CN = example.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b2:e8:30:07:2e:bb:73:1c:e9:9d:f7:96:5c:ee: + 54:5c:10:0f:9c:92:e5:53:d8:b5:ba:0c:3f:82:9f: + e2:66:bd:a4:a8:16:8f:d1:c0:5d:c3:f4:9f:65:17: + 9e:f5:ec:e8:79:c4:4e:8b:38:ca:2a:76:4d:e9:0c: + 1f:0c:ac:8b:b4:5c:55:29:f0:25:e6:59:2f:b0:74: + 44:cf:2e:0a:85:1d:31:9e:11:36:76:4a:77:97:68: + 43:81:1e:05:ed:99:13:73:30:45:ee:97:ce:27:5b: + d3:1b:29:df:7a:8f:91:94:ee:7a:18:48:9d:c2:9f: + be:57:ad:57:a5:d8:47:8a:8c:93:fa:a2:4b:f5:b8: + ce:c0:88:c0:86:c0:a8:58:44:7c:e0:5a:92:e5:3f: + b1:fc:42:bf:76:ed:4c:75:91:0e:8e:36:e2:2f:42: + 72:92:50:d6:6b:62:0c:84:bf:dc:a6:67:3a:38:5e: + 6f:73:b9:af:ab:a0:7c:d1:80:b4:73:83:0e:9b:0c: + a1:d1:4f:8a:d9:40:90:6a:fe:6d:5b:49:44:5d:6d: + 4f:e0:42:bd:84:c6:de:43:fd:82:6b:33:3c:4c:26: + 3b:e5:9b:17:b0:e8:fb:2d:46:78:d1:d4:bf:05:20: + f9:6d:16:64:28:cd:a2:94:2c:2d:b0:f0:1a:ba:4e: + 37:4d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Subject Key Identifier: + AA:E8:51:AF:70:29:30:58:1B:94:D5:D2:1E:7A:2B:EB:95:92:60:C6 + X509v3 Authority Key Identifier: + keyid:E8:B6:F6:76:4B:D0:3B:E5:46:A5:F9:54:D4:7E:07:B3:DE:0D:60:3E + + Authority Information Access: + OCSP - URI:http://ca.someca-inc.com/ocsp + CA Issuers - URI:http://ca.someca-inc.com/root + + X509v3 Subject Alternative Name: + DNS:example.org + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.2 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://ca.someca-inc.com/crl + + Signature Algorithm: sha256WithRSAEncryption + 89:44:f7:34:c9:a2:c0:7d:3a:65:0a:11:39:69:79:09:ba:b0: + d8:e2:14:e9:a7:81:0a:c8:cc:a3:1d:ca:b2:bf:21:7c:f1:67: + e0:08:0c:c6:7b:09:26:1d:b1:e9:f4:5f:7b:bb:36:c2:63:10: + 14:cc:90:25:52:3a:62:58:20:17:56:7b:77:47:cd:e2:45:90: + f7:22:f3:f6:fe:90:e9:f6:50:f1:84:58:e0:35:24:20:dd:fc: + ec:b4:8c:c2:88:cf:0f:1b:3f:de:95:a2:26:f8:db:d6:c7:b1: + bc:8a:0f:4c:53:e7:ea:cf:3f:2c:ac:66:94:9c:d0:d7:70:9f: + cc:9c:f2:b9:ec:1c:77:63:33:b4:6b:65:4b:a8:43:84:e5:99: + bd:c1:16:4d:ed:ee:ec:5d:4f:ae:bc:93:9e:77:b0:de:eb:1b: + f5:b4:e7:88:26:0b:18:0a:b3:2e:2a:b3:e5:5b:50:d3:e6:e3: + 87:c5:48:fa:be:6d:a0:52:9c:38:13:dd:08:59:ad:da:28:54: + 36:df:ea:0e:b2:fa:56:a5:bb:5d:62:ca:59:8b:66:3a:df:b0: + a5:d2:40:0a:13:0f:07:b8:cf:55:ad:e7:fb:3e:fb:23:44:11: + 32:3d:e8:c7:7b:7b:ae:15:7c:8f:c5:a7:66:72:80:84:e8:40: + a0:62:a9:c3 +-----BEGIN CERTIFICATE----- +MIIEaTCCA1GgAwIBAgIQT0c4Tw/DRbaR950V7ncDETANBgkqhkiG9w0BAQsFADBD +MQswCQYDVQQGEwJYWDEQMA4GA1UEChMHU29tZSBDQTEiMCAGA1UEAxMZRmFrZSBD +QSBmb3IgemxpbnQgdGVzdGluZzAeFw0yNDEyMTgxMTEyMzdaFw0yNTEyMTgxMTEy +MzdaMGUxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdI +YW1idXJnMRwwGgYDVQQKDBNTdGVpbndheSAmYW1wOyBTb25zMRQwEgYDVQQDEwtl +eGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLoMAcu +u3Mc6Z33llzuVFwQD5yS5VPYtboMP4Kf4ma9pKgWj9HAXcP0n2UXnvXs6HnETos4 +yip2TekMHwysi7RcVSnwJeZZL7B0RM8uCoUdMZ4RNnZKd5doQ4EeBe2ZE3MwRe6X +zidb0xsp33qPkZTuehhIncKfvletV6XYR4qMk/qiS/W4zsCIwIbAqFhEfOBakuU/ +sfxCv3btTHWRDo424i9CcpJQ1mtiDIS/3KZnOjheb3O5r6ugfNGAtHODDpsModFP +itlAkGr+bVtJRF1tT+BCvYTG3kP9gmszPEwmO+WbF7Do+y1GeNHUvwUg+W0WZCjN +opQsLbDwGrpON00CAwEAAaOCATUwggExMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE +FjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFKroUa9wKTBYG5TV0h56 +K+uVkmDGMB8GA1UdIwQYMBaAFOi29nZL0DvlRqX5VNR+B7PeDWA+MGQGCCsGAQUF +BwEBBFgwVjApBggrBgEFBQcwAYYdaHR0cDovL2NhLnNvbWVjYS1pbmMuY29tL29j +c3AwKQYIKwYBBQUHMAKGHWh0dHA6Ly9jYS5zb21lY2EtaW5jLmNvbS9yb290MBYG +A1UdEQQPMA2CC2V4YW1wbGUub3JnMBMGA1UdIAQMMAowCAYGZ4EMAQICMC0GA1Ud +HwQmMCQwIqAgoB6GHGh0dHA6Ly9jYS5zb21lY2EtaW5jLmNvbS9jcmwwDQYJKoZI +hvcNAQELBQADggEBAIlE9zTJosB9OmUKETlpeQm6sNjiFOmngQrIzKMdyrK/IXzx +Z+AIDMZ7CSYdsen0X3u7NsJjEBTMkCVSOmJYIBdWe3dHzeJFkPci8/b+kOn2UPGE +WOA1JCDd/Oy0jMKIzw8bP96Voib429bHsbyKD0xT5+rPPyysZpSc0Ndwn8yc8rns +HHdjM7RrZUuoQ4Tlmb3BFk3t7uxdT668k553sN7rG/W054gmCxgKsy4qs+VbUNPm +44fFSPq+baBSnDgT3QhZrdooVDbf6g6y+lalu11iylmLZjrfsKXSQAoTDwe4z1Wt +5/s++yNEETI96Md7e64VfI/Fp2ZygIToQKBiqcM= +-----END CERTIFICATE----- diff --git a/v3/testdata/html_entity_ko2.pem b/v3/testdata/html_entity_ko2.pem new file mode 100644 index 000000000..50ae58d0f --- /dev/null +++ b/v3/testdata/html_entity_ko2.pem @@ -0,0 +1,100 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 47:7b:e1:33:e3:20:b3:49:9c:d4:c2:06:02:46:97:71 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = XX, O = Some CA, CN = Fake CA for zlint testing + Validity + Not Before: Dec 18 11:19:10 2024 GMT + Not After : Dec 18 11:19:10 2025 GMT + Subject: C = TC, ST = "Turks & Caicos Islands", L = Cockburn Town, O = Grand Lodge, CN = example.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:be:2f:1e:62:8d:04:cf:2c:7f:90:e8:c3:11:f2: + 51:1d:95:4e:a8:0f:f1:4f:28:c1:c4:ea:8a:14:70: + 62:9a:b1:72:42:bf:ea:bb:5c:d5:7c:33:32:a8:89: + 43:9e:48:11:62:d0:a7:6c:74:b9:e9:21:13:d1:6f: + 00:ee:7b:7f:a2:7c:84:06:04:d8:9d:44:91:56:eb: + 4e:d3:f0:c3:9e:51:4a:b5:7e:87:81:10:17:23:7a: + 46:d8:61:44:78:d5:28:40:fe:48:37:cc:00:85:86: + 32:82:ff:72:11:8a:c0:49:64:da:04:70:74:f6:ae: + e4:7f:93:04:6f:a3:60:b3:1d:d0:98:dc:03:08:3b: + db:f0:38:36:34:9a:4d:0f:4f:95:14:94:2e:dc:97: + 4a:83:4c:f0:3f:df:7f:f5:cd:61:19:52:ec:3c:6b: + 34:ff:2b:91:98:2e:f1:06:dd:a2:1b:3c:28:3d:28: + 6b:98:26:45:e3:e0:92:cb:18:04:f4:ce:07:d5:85: + 23:2f:e8:70:75:72:5a:e8:bc:07:ef:ae:05:3f:4d: + 02:21:bc:b2:99:ee:0c:95:b1:7d:22:8a:68:bf:e6: + a1:a0:1c:83:c6:90:41:50:b4:ac:e9:b4:da:d6:5a: + c7:35:81:92:7a:47:5d:ff:87:d5:a9:77:e7:c6:36: + 76:09 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Subject Key Identifier: + 9B:41:57:4E:12:2C:2C:01:30:5C:01:08:4B:5C:25:0E:A8:AA:D3:10 + X509v3 Authority Key Identifier: + keyid:E8:B6:F6:76:4B:D0:3B:E5:46:A5:F9:54:D4:7E:07:B3:DE:0D:60:3E + + Authority Information Access: + OCSP - URI:http://ca.someca-inc.com/ocsp + CA Issuers - URI:http://ca.someca-inc.com/root + + X509v3 Subject Alternative Name: + DNS:example.org + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.2 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://ca.someca-inc.com/crl + + Signature Algorithm: sha256WithRSAEncryption + 63:44:de:77:d7:94:56:70:1c:cb:8f:50:87:7d:9c:e6:4b:91: + 8a:aa:71:6d:28:a3:f4:60:e6:43:87:0e:99:e9:e1:93:9d:d0: + 85:52:48:1f:3f:53:bc:cf:85:60:a9:b9:50:10:9a:5c:c4:55: + bb:14:42:75:91:80:c6:e4:e5:ed:cd:52:f2:f4:0d:25:8d:d7: + 50:20:a8:12:7e:c8:0b:6b:da:cf:d0:f5:20:fc:6c:bd:8f:0a: + 16:6d:31:48:e5:59:db:de:34:12:b5:ec:47:e7:7e:ce:76:7a: + b6:c6:fd:ad:16:cd:93:58:c6:27:47:67:1d:f8:ab:b8:d6:e7: + 4f:be:f8:f7:2b:7f:3a:ac:32:36:c3:d6:65:d8:22:97:68:4a: + 8b:34:43:9f:f4:a5:91:1a:2e:16:45:04:05:7d:78:2f:0b:a5: + 68:e2:f3:9c:ac:75:99:11:05:8f:1d:24:e7:3c:e0:8f:62:c8: + 13:3e:9b:48:e3:0c:f4:d4:78:21:65:04:ea:08:20:dd:f3:9f: + f1:47:ff:70:28:0d:f1:1a:17:a6:73:ec:b7:85:3b:d6:ae:5c: + 4a:7f:37:4f:25:c6:9c:04:eb:4e:f0:fb:f6:67:f5:b3:83:d3: + ac:74:7e:da:68:0e:32:9f:4f:50:95:64:ac:db:54:40:16:85: + 00:e6:23:e8 +-----BEGIN CERTIFICATE----- +MIIEejCCA2KgAwIBAgIQR3vhM+Mgs0mc1MIGAkaXcTANBgkqhkiG9w0BAQsFADBD +MQswCQYDVQQGEwJYWDEQMA4GA1UEChMHU29tZSBDQTEiMCAGA1UEAxMZRmFrZSBD +QSBmb3IgemxpbnQgdGVzdGluZzAeFw0yNDEyMTgxMTE5MTBaFw0yNTEyMTgxMTE5 +MTBaMHYxCzAJBgNVBAYTAlRDMSMwIQYDVQQIDBpUdXJrcyAmYW1wOyBDYWljb3Mg +SXNsYW5kczEWMBQGA1UEBxMNQ29ja2J1cm4gVG93bjEUMBIGA1UEChMLR3JhbmQg +TG9kZ2UxFDASBgNVBAMTC2V4YW1wbGUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAvi8eYo0Ezyx/kOjDEfJRHZVOqA/xTyjBxOqKFHBimrFyQr/q +u1zVfDMyqIlDnkgRYtCnbHS56SET0W8A7nt/onyEBgTYnUSRVutO0/DDnlFKtX6H +gRAXI3pG2GFEeNUoQP5IN8wAhYYygv9yEYrASWTaBHB09q7kf5MEb6Ngsx3QmNwD +CDvb8Dg2NJpND0+VFJQu3JdKg0zwP99/9c1hGVLsPGs0/yuRmC7xBt2iGzwoPShr +mCZF4+CSyxgE9M4H1YUjL+hwdXJa6LwH764FP00CIbyyme4MlbF9Iopov+ahoByD +xpBBULSs6bTa1lrHNYGSekdd/4fVqXfnxjZ2CQIDAQABo4IBNTCCATEwDgYDVR0P +AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4E +FgQUm0FXThIsLAEwXAEIS1wlDqiq0xAwHwYDVR0jBBgwFoAU6Lb2dkvQO+VGpflU +1H4Hs94NYD4wZAYIKwYBBQUHAQEEWDBWMCkGCCsGAQUFBzABhh1odHRwOi8vY2Eu +c29tZWNhLWluYy5jb20vb2NzcDApBggrBgEFBQcwAoYdaHR0cDovL2NhLnNvbWVj +YS1pbmMuY29tL3Jvb3QwFgYDVR0RBA8wDYILZXhhbXBsZS5vcmcwEwYDVR0gBAww +CjAIBgZngQwBAgIwLQYDVR0fBCYwJDAioCCgHoYcaHR0cDovL2NhLnNvbWVjYS1p +bmMuY29tL2NybDANBgkqhkiG9w0BAQsFAAOCAQEAY0Ted9eUVnAcy49Qh32c5kuR +iqpxbSij9GDmQ4cOmenhk53QhVJIHz9TvM+FYKm5UBCaXMRVuxRCdZGAxuTl7c1S +8vQNJY3XUCCoEn7IC2vaz9D1IPxsvY8KFm0xSOVZ2940ErXsR+d+znZ6tsb9rRbN +k1jGJ0dnHfiruNbnT7749yt/OqwyNsPWZdgil2hKizRDn/SlkRouFkUEBX14Lwul +aOLznKx1mREFjx0k5zzgj2LIEz6bSOMM9NR4IWUE6ggg3fOf8Uf/cCgN8RoXpnPs +t4U71q5cSn83TyXGnATrTvD79mf1s4PTrHR+2mgOMp9PUJVkrNtUQBaFAOYj6A== +-----END CERTIFICATE----- diff --git a/v3/testdata/html_entity_ko3.pem b/v3/testdata/html_entity_ko3.pem new file mode 100644 index 000000000..200104f41 --- /dev/null +++ b/v3/testdata/html_entity_ko3.pem @@ -0,0 +1,101 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + e8:60:2f:5f:81:b6:ef:bf:53:59:da:bf:43:aa:91:b4 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = XX, O = Some CA, CN = Fake CA for zlint testing + Validity + Not Before: Dec 18 11:24:51 2024 GMT + Not After : Dec 18 11:24:51 2025 GMT + Subject: C = FR, ST = Provence-Alpes-C\C3\B4te d'Azur, L = "La Roque-d'Anthéron", O = Le Jas Restaurant, CN = example.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e6:86:4c:37:a3:a3:3e:ed:fa:a8:42:a8:c8:04: + 35:bd:0b:6f:eb:ba:05:3f:e2:f6:86:d4:1f:19:93: + a5:f7:bc:61:03:69:b5:17:bb:ad:21:d6:1a:35:dd: + 7e:29:99:97:15:5f:c4:28:d0:66:02:fd:7d:fb:14: + 6b:1b:9e:ee:73:ce:5a:16:e6:ac:f9:94:b3:33:d6: + 9c:34:9f:1c:eb:2c:5c:d5:a7:6f:a0:13:cb:55:23: + ab:fd:da:5b:82:51:ec:ed:c5:93:f3:e4:39:cc:f1: + bd:46:dd:c6:6e:15:b8:71:8c:0d:cc:a0:52:6c:b9: + e4:6e:4b:78:ba:d7:81:fb:74:bb:73:41:1e:c9:25: + 74:a5:9b:ba:6e:21:a1:75:44:c7:5f:e8:cc:c8:3c: + 94:72:c2:8e:e0:59:1e:ab:b2:59:71:40:bd:47:ba: + 3e:93:52:c4:ec:da:b8:d1:40:fb:d8:9d:3b:77:29: + 72:85:94:41:34:a1:4d:cb:16:f0:3e:4e:a9:73:57: + 08:83:be:71:08:9e:ab:a7:a9:52:0d:29:34:5b:5d: + ad:e0:2d:e8:42:d6:ba:17:31:61:ad:27:1f:ce:d3: + 20:d6:43:4e:c6:7a:f1:d5:a5:15:85:5e:ee:0b:08: + 3c:d3:67:b6:90:92:1e:88:c7:ab:54:89:b0:62:0b: + 96:07 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Subject Key Identifier: + 98:B2:0A:EE:E9:7E:13:0E:27:9E:B4:77:C0:33:0D:9C:EF:28:70:43 + X509v3 Authority Key Identifier: + keyid:E8:B6:F6:76:4B:D0:3B:E5:46:A5:F9:54:D4:7E:07:B3:DE:0D:60:3E + + Authority Information Access: + OCSP - URI:http://ca.someca-inc.com/ocsp + CA Issuers - URI:http://ca.someca-inc.com/root + + X509v3 Subject Alternative Name: + DNS:example.org + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.2 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://ca.someca-inc.com/crl + + Signature Algorithm: sha256WithRSAEncryption + 44:c4:47:d6:c8:63:0a:ef:86:5b:4c:c4:db:31:ea:c7:71:6e: + fd:80:bf:4f:a2:72:d7:80:50:c2:8b:40:8d:79:ae:43:21:72: + f6:91:6c:ea:36:71:04:8a:f1:80:d6:a2:33:f3:bf:c6:62:d4: + 73:95:76:70:3c:f9:f6:9b:9f:60:cd:0e:a4:c9:4a:df:a0:a4: + 1d:2c:62:a3:64:70:1b:4a:69:46:70:65:6f:18:73:df:9e:8f: + be:e9:ed:e2:80:87:84:e4:08:af:b3:f9:e1:17:2c:0e:78:d4: + 23:84:66:4e:ab:3f:f1:1f:e4:f5:09:90:83:d1:a3:bf:7d:64: + e8:dc:a1:3f:a5:4c:2b:f6:b7:66:41:54:f4:63:88:cd:48:26: + ed:55:9c:74:df:2e:57:2b:c0:59:c4:5b:5f:68:4d:e8:7e:73: + d2:2c:5f:c4:58:2e:12:17:ed:9d:61:e4:88:cc:93:b0:5b:bf: + 5b:03:b9:38:26:1a:22:79:e8:58:77:42:2c:f4:aa:d2:24:a0: + 7c:f5:5b:5a:5b:bb:04:c0:97:45:6f:6b:b5:4f:d8:e9:c9:ac: + ec:96:98:50:58:f6:e8:98:b4:3d:a8:a9:8e:65:25:d0:39:a0: + ff:ff:78:36:5d:d3:ec:f5:83:ce:bc:b9:87:9a:2b:a4:22:46: + 26:a1:6c:b0 +-----BEGIN CERTIFICATE----- +MIIEkzCCA3ugAwIBAgIRAOhgL1+Btu+/U1nav0OqkbQwDQYJKoZIhvcNAQELBQAw +QzELMAkGA1UEBhMCWFgxEDAOBgNVBAoTB1NvbWUgQ0ExIjAgBgNVBAMTGUZha2Ug +Q0EgZm9yIHpsaW50IHRlc3RpbmcwHhcNMjQxMjE4MTEyNDUxWhcNMjUxMjE4MTEy +NDUxWjCBjTELMAkGA1UEBhMCRlIxJDAiBgNVBAgMG1Byb3ZlbmNlLUFscGVzLUPD +tHRlIGQnQXp1cjEmMCQGA1UEBwwdTGEgUm9xdWUtZCYjeDI3O0FudGgmI3hFOTty +b24xGjAYBgNVBAoTEUxlIEphcyBSZXN0YXVyYW50MRQwEgYDVQQDEwtleGFtcGxl +Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOaGTDejoz7t+qhC +qMgENb0Lb+u6BT/i9obUHxmTpfe8YQNptRe7rSHWGjXdfimZlxVfxCjQZgL9ffsU +axue7nPOWhbmrPmUszPWnDSfHOssXNWnb6ATy1Ujq/3aW4JR7O3Fk/PkOczxvUbd +xm4VuHGMDcygUmy55G5LeLrXgft0u3NBHskldKWbum4hoXVEx1/ozMg8lHLCjuBZ +HquyWXFAvUe6PpNSxOzauNFA+9idO3cpcoWUQTShTcsW8D5OqXNXCIO+cQieq6ep +Ug0pNFtdreAt6ELWuhcxYa0nH87TINZDTsZ68dWlFYVe7gsIPNNntpCSHojHq1SJ +sGILlgcCAwEAAaOCATUwggExMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr +BgEFBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFJiyCu7pfhMOJ560d8AzDZzvKHBD +MB8GA1UdIwQYMBaAFOi29nZL0DvlRqX5VNR+B7PeDWA+MGQGCCsGAQUFBwEBBFgw +VjApBggrBgEFBQcwAYYdaHR0cDovL2NhLnNvbWVjYS1pbmMuY29tL29jc3AwKQYI +KwYBBQUHMAKGHWh0dHA6Ly9jYS5zb21lY2EtaW5jLmNvbS9yb290MBYGA1UdEQQP +MA2CC2V4YW1wbGUub3JnMBMGA1UdIAQMMAowCAYGZ4EMAQICMC0GA1UdHwQmMCQw +IqAgoB6GHGh0dHA6Ly9jYS5zb21lY2EtaW5jLmNvbS9jcmwwDQYJKoZIhvcNAQEL +BQADggEBAETER9bIYwrvhltMxNsx6sdxbv2Av0+icteAUMKLQI15rkMhcvaRbOo2 +cQSK8YDWojPzv8Zi1HOVdnA8+fabn2DNDqTJSt+gpB0sYqNkcBtKaUZwZW8Yc9+e +j77p7eKAh4TkCK+z+eEXLA541COEZk6rP/Ef5PUJkIPRo799ZOjcoT+lTCv2t2ZB +VPRjiM1IJu1VnHTfLlcrwFnEW19oTeh+c9IsX8RYLhIX7Z1h5IjMk7Bbv1sDuTgm +GiJ56Fh3Qiz0qtIkoHz1W1pbuwTAl0Vva7VP2OnJrOyWmFBY9uiYtD2oqY5lJdA5 +oP//eDZd0+z1g868uYeaK6QiRiahbLA= +-----END CERTIFICATE----- diff --git a/v3/testdata/html_entity_ok1.pem b/v3/testdata/html_entity_ok1.pem new file mode 100644 index 000000000..ed7478336 --- /dev/null +++ b/v3/testdata/html_entity_ok1.pem @@ -0,0 +1,100 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 65:06:83:30:4d:b5:c9:67:3d:8d:fa:b7:8f:f9:cd:29 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = XX, O = Some CA, CN = Fake CA for zlint testing + Validity + Not Before: Dec 18 11:00:16 2024 GMT + Not After : Dec 18 11:00:16 2025 GMT + Subject: C = IT, ST = Milano, L = Milano, O = Qualche Azienda SpA, CN = example.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b7:d7:ce:d9:e3:31:b1:5d:fb:14:24:c8:b9:90: + 73:eb:12:aa:42:9d:4e:79:90:3d:77:50:d3:29:93: + d7:c2:63:c3:df:90:09:83:10:f3:44:35:30:72:09: + 67:8c:9e:a6:1d:5b:54:51:9e:02:b3:af:04:d1:6f: + 96:70:34:b0:96:1f:7b:a5:09:a8:4f:83:67:19:29: + d7:e6:dd:c2:af:ce:b4:45:86:45:37:61:b4:b4:89: + f0:ac:48:06:70:dc:19:f5:7a:d0:7d:b0:31:1a:49: + d6:6e:6d:7b:87:2c:2f:f0:6f:c1:27:70:4a:6e:b4: + 91:29:69:ee:85:90:e3:e6:53:c6:3e:79:1e:33:4d: + 0b:f9:ad:69:fd:a5:6d:6f:9b:8e:dd:30:76:78:91: + e4:ed:2b:c9:d2:c3:e8:07:36:01:99:68:af:1a:2e: + e8:f2:54:e7:97:5e:c1:a5:e5:c6:10:e2:19:7e:6f: + cc:d4:1d:09:b4:06:99:9c:98:b3:98:01:bc:b0:70: + 02:84:84:bb:91:64:de:0c:df:85:8c:32:c7:92:83: + 91:4b:c9:e2:12:d2:66:df:76:45:f2:d9:0f:10:a5: + 0f:b2:30:60:03:78:3f:31:4a:dd:ce:6b:e5:30:17: + 3d:24:dd:04:d3:b6:6a:92:ee:74:d0:83:bc:fb:c3: + c7:ed + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Subject Key Identifier: + 5F:63:C5:7D:41:9F:E7:20:25:77:F9:B2:D6:14:D7:7F:EE:98:31:2D + X509v3 Authority Key Identifier: + keyid:E8:B6:F6:76:4B:D0:3B:E5:46:A5:F9:54:D4:7E:07:B3:DE:0D:60:3E + + Authority Information Access: + OCSP - URI:http://ca.someca-inc.com/ocsp + CA Issuers - URI:http://ca.someca-inc.com/root + + X509v3 Subject Alternative Name: + DNS:example.org + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.2 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://ca.someca-inc.com/crl + + Signature Algorithm: sha256WithRSAEncryption + 71:3f:84:05:a3:70:08:4d:2f:db:1a:c1:0d:f7:70:2b:1a:50: + cb:7e:df:2b:33:d2:d7:dc:54:c8:7c:46:05:8f:29:5b:58:a9: + 7d:a8:6a:7f:a6:06:a6:8d:5b:43:12:db:1e:37:29:99:67:8c: + fc:fb:84:fe:37:f0:6e:d7:a3:67:fd:da:b9:10:fa:ec:1a:7b: + d8:fc:d8:e6:7d:50:47:1b:a9:74:b0:a2:23:e1:fe:b3:da:d7: + be:7e:70:0f:57:3b:8c:40:e0:a7:ee:6d:7e:52:92:26:2a:b5: + f4:04:1e:69:87:66:05:bf:25:35:20:df:3f:01:c5:18:c5:63: + 93:e4:81:64:ae:d5:c2:1f:64:bf:3f:67:b8:91:6e:0d:d9:d4: + 38:30:52:ce:9f:8f:28:e9:81:a5:dc:2e:05:20:76:6b:a0:a1: + 6c:18:97:5d:b9:8b:4e:eb:5b:b2:cc:bc:90:18:23:e7:8b:cf: + b1:c5:94:7e:de:e9:e7:9f:37:2b:34:fb:20:d0:a5:4d:21:b0: + 8b:15:2e:69:f7:9a:94:c8:6b:13:97:2b:ce:07:a4:c8:e5:76: + 33:9e:d6:d9:0a:04:77:16:81:ec:a3:bd:72:6e:d2:a4:51:41: + 7f:3f:25:df:2c:0d:77:df:ba:95:0b:d8:fa:64:c1:bb:60:71: + bd:8a:40:f9 +-----BEGIN CERTIFICATE----- +MIIEZzCCA0+gAwIBAgIQZQaDME21yWc9jfq3j/nNKTANBgkqhkiG9w0BAQsFADBD +MQswCQYDVQQGEwJYWDEQMA4GA1UEChMHU29tZSBDQTEiMCAGA1UEAxMZRmFrZSBD +QSBmb3IgemxpbnQgdGVzdGluZzAeFw0yNDEyMTgxMTAwMTZaFw0yNTEyMTgxMTAw +MTZaMGMxCzAJBgNVBAYTAklUMQ8wDQYDVQQIEwZNaWxhbm8xDzANBgNVBAcTBk1p +bGFubzEcMBoGA1UEChMTUXVhbGNoZSBBemllbmRhIFNwQTEUMBIGA1UEAxMLZXhh +bXBsZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3187Z4zGx +XfsUJMi5kHPrEqpCnU55kD13UNMpk9fCY8PfkAmDEPNENTByCWeMnqYdW1RRngKz +rwTRb5ZwNLCWH3ulCahPg2cZKdfm3cKvzrRFhkU3YbS0ifCsSAZw3Bn1etB9sDEa +SdZubXuHLC/wb8EncEputJEpae6FkOPmU8Y+eR4zTQv5rWn9pW1vm47dMHZ4keTt +K8nSw+gHNgGZaK8aLujyVOeXXsGl5cYQ4hl+b8zUHQm0BpmcmLOYAbywcAKEhLuR +ZN4M34WMMseSg5FLyeIS0mbfdkXy2Q8QpQ+yMGADeD8xSt3Oa+UwFz0k3QTTtmqS +7nTQg7z7w8ftAgMBAAGjggE1MIIBMTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw +FAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBRfY8V9QZ/nICV3+bLWFNd/ +7pgxLTAfBgNVHSMEGDAWgBTotvZ2S9A75Ual+VTUfgez3g1gPjBkBggrBgEFBQcB +AQRYMFYwKQYIKwYBBQUHMAGGHWh0dHA6Ly9jYS5zb21lY2EtaW5jLmNvbS9vY3Nw +MCkGCCsGAQUFBzAChh1odHRwOi8vY2Euc29tZWNhLWluYy5jb20vcm9vdDAWBgNV +HREEDzANggtleGFtcGxlLm9yZzATBgNVHSAEDDAKMAgGBmeBDAECAjAtBgNVHR8E +JjAkMCKgIKAehhxodHRwOi8vY2Euc29tZWNhLWluYy5jb20vY3JsMA0GCSqGSIb3 +DQEBCwUAA4IBAQBxP4QFo3AITS/bGsEN93ArGlDLft8rM9LX3FTIfEYFjylbWKl9 +qGp/pgamjVtDEtseNymZZ4z8+4T+N/Bu16Nn/dq5EPrsGnvY/NjmfVBHG6l0sKIj +4f6z2te+fnAPVzuMQOCn7m1+UpImKrX0BB5ph2YFvyU1IN8/AcUYxWOT5IFkrtXC +H2S/P2e4kW4N2dQ4MFLOn48o6YGl3C4FIHZroKFsGJdduYtO61uyzLyQGCPni8+x +xZR+3unnnzcrNPsg0KVNIbCLFS5p95qUyGsTlyvOB6TI5XYzntbZCgR3FoHso71y +btKkUUF/PyXfLA1337qVC9j6ZMG7YHG9ikD5 +-----END CERTIFICATE----- diff --git a/v3/testdata/html_entity_ok2.pem b/v3/testdata/html_entity_ok2.pem new file mode 100644 index 000000000..e933e1e38 --- /dev/null +++ b/v3/testdata/html_entity_ok2.pem @@ -0,0 +1,100 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + d9:13:d5:df:17:08:81:2a:1d:d7:48:dd:92:c3:66:f3 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = XX, O = Some CA, CN = Fake CA for zlint testing + Validity + Not Before: Dec 18 11:05:48 2024 GMT + Not After : Dec 18 11:05:48 2025 GMT + Subject: C = DE, ST = Hesse, L = Frankfurt, O = Mustermann R&D GmbH, CN = example.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b2:e3:4b:68:53:f9:ac:e2:91:cd:2a:b4:87:71: + 56:0d:34:5c:66:11:d7:b6:fc:fa:00:6d:47:ce:f2: + 02:42:1e:68:43:e3:64:dc:48:25:4e:15:5c:80:5d: + 39:3b:4c:a1:c1:e0:5d:7a:bb:bb:15:25:34:c3:09: + 2a:7c:f5:27:e7:1d:cd:21:37:14:d7:08:32:b8:13: + 03:0b:d8:3a:cc:5f:0c:5b:d3:c1:62:5c:86:76:e8: + 98:a0:d9:a0:14:46:44:1f:44:e2:67:80:c5:da:3b: + 50:fd:5d:28:6d:3d:43:fd:62:70:69:b8:5c:35:a1: + ac:72:b6:a6:44:1c:84:f2:f2:47:79:74:af:77:86: + 9e:be:48:01:33:8b:c3:14:38:23:ae:11:d0:4d:6e: + 0b:48:5a:a6:c7:d8:5a:a5:34:fb:88:f0:7e:b0:7e: + d7:c5:d2:98:fc:43:ff:b7:d8:e2:40:70:c2:cd:4e: + a0:4a:e3:cf:89:7c:62:2d:8a:af:53:a7:f4:1e:89: + 74:70:37:cf:fe:a3:03:6f:d7:79:c4:1e:61:65:03: + c7:27:fb:db:f6:3c:32:94:d0:f1:8a:c7:25:78:13: + 6b:ec:6f:a7:eb:c9:e4:fb:21:bb:b5:db:14:5a:5f: + 09:2b:91:ac:5d:5b:ea:1c:8f:fa:64:59:9a:ea:a6: + 8b:75 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Subject Key Identifier: + 8E:A1:D4:56:F9:10:34:5C:B0:D8:AF:53:08:07:70:70:A5:98:FE:69 + X509v3 Authority Key Identifier: + keyid:E8:B6:F6:76:4B:D0:3B:E5:46:A5:F9:54:D4:7E:07:B3:DE:0D:60:3E + + Authority Information Access: + OCSP - URI:http://ca.someca-inc.com/ocsp + CA Issuers - URI:http://ca.someca-inc.com/root + + X509v3 Subject Alternative Name: + DNS:example.org + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.2 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://ca.someca-inc.com/crl + + Signature Algorithm: sha256WithRSAEncryption + 00:42:37:dd:9b:72:71:9b:05:3e:f8:d1:6f:47:0a:40:d5:4b: + e6:31:8b:62:6e:e4:4b:22:14:a0:50:0f:16:df:51:08:7f:f3: + 51:0e:77:fb:81:ca:38:28:73:85:f3:8f:1f:f7:18:67:0c:d8: + a7:ef:88:b7:e9:5d:88:82:2d:9d:8a:7c:01:ba:f7:b9:07:c1: + 40:33:be:4f:44:6e:0b:ce:64:44:c0:fb:5f:76:5b:fb:33:61: + 1c:33:42:70:be:83:6e:8e:48:9f:5e:3c:6b:45:37:a3:cb:ee: + c0:68:7b:75:65:90:6a:10:f2:f0:50:75:02:75:f7:a7:4f:96: + c2:35:f4:9d:b4:91:68:5b:b7:6a:77:4d:be:08:98:5e:17:6b: + f8:54:4a:61:6d:9c:0d:85:33:cc:a9:ed:58:35:b0:1f:6e:6e: + 09:0f:ab:bd:b7:4f:69:74:f5:69:33:8e:33:1c:50:44:c8:cf: + 8f:af:e0:28:12:3a:70:85:83:c6:d9:af:8e:f6:bf:6f:56:83: + 75:0e:f6:ed:59:b6:57:b9:6b:d2:4b:2f:d2:07:dd:ab:69:27: + ab:b4:99:be:60:41:bd:37:fe:d0:9d:00:c4:0c:e0:2c:bd:d9: + b3:47:7d:2d:f2:19:b8:a5:98:fc:f9:2e:4f:f4:87:20:d0:0f: + 38:a0:4b:d5 +-----BEGIN CERTIFICATE----- +MIIEajCCA1KgAwIBAgIRANkT1d8XCIEqHddI3ZLDZvMwDQYJKoZIhvcNAQELBQAw +QzELMAkGA1UEBhMCWFgxEDAOBgNVBAoTB1NvbWUgQ0ExIjAgBgNVBAMTGUZha2Ug +Q0EgZm9yIHpsaW50IHRlc3RpbmcwHhcNMjQxMjE4MTEwNTQ4WhcNMjUxMjE4MTEw +NTQ4WjBlMQswCQYDVQQGEwJERTEOMAwGA1UECBMFSGVzc2UxEjAQBgNVBAcTCUZy +YW5rZnVydDEcMBoGA1UECgwTTXVzdGVybWFubiBSJkQgR21iSDEUMBIGA1UEAxML +ZXhhbXBsZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy40to +U/ms4pHNKrSHcVYNNFxmEde2/PoAbUfO8gJCHmhD42TcSCVOFVyAXTk7TKHB4F16 +u7sVJTTDCSp89SfnHc0hNxTXCDK4EwML2DrMXwxb08FiXIZ26Jig2aAURkQfROJn +gMXaO1D9XShtPUP9YnBpuFw1oaxytqZEHITy8kd5dK93hp6+SAEzi8MUOCOuEdBN +bgtIWqbH2FqlNPuI8H6wftfF0pj8Q/+32OJAcMLNTqBK48+JfGItiq9Tp/QeiXRw +N8/+owNv13nEHmFlA8cn+9v2PDKU0PGKxyV4E2vsb6fryeT7Ibu12xRaXwkrkaxd +W+ocj/pkWZrqpot1AgMBAAGjggE1MIIBMTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l +BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBSOodRW+RA0XLDYr1MI +B3BwpZj+aTAfBgNVHSMEGDAWgBTotvZ2S9A75Ual+VTUfgez3g1gPjBkBggrBgEF +BQcBAQRYMFYwKQYIKwYBBQUHMAGGHWh0dHA6Ly9jYS5zb21lY2EtaW5jLmNvbS9v +Y3NwMCkGCCsGAQUFBzAChh1odHRwOi8vY2Euc29tZWNhLWluYy5jb20vcm9vdDAW +BgNVHREEDzANggtleGFtcGxlLm9yZzATBgNVHSAEDDAKMAgGBmeBDAECAjAtBgNV +HR8EJjAkMCKgIKAehhxodHRwOi8vY2Euc29tZWNhLWluYy5jb20vY3JsMA0GCSqG +SIb3DQEBCwUAA4IBAQAAQjfdm3JxmwU++NFvRwpA1UvmMYtibuRLIhSgUA8W31EI +f/NRDnf7gco4KHOF848f9xhnDNin74i36V2Igi2dinwBuve5B8FAM75PRG4LzmRE +wPtfdlv7M2EcM0JwvoNujkifXjxrRTejy+7AaHt1ZZBqEPLwUHUCdfenT5bCNfSd +tJFoW7dqd02+CJheF2v4VEphbZwNhTPMqe1YNbAfbm4JD6u9t09pdPVpM44zHFBE +yM+Pr+AoEjpwhYPG2a+O9r9vVoN1DvbtWbZXuWvSSy/SB92raSertJm+YEG9N/7Q +nQDEDOAsvdmzR30t8hm4pZj8+S5P9Icg0A84oEvV +-----END CERTIFICATE----- diff --git a/v3/testdata/html_entity_ok3.pem b/v3/testdata/html_entity_ok3.pem new file mode 100644 index 000000000..3b924df63 --- /dev/null +++ b/v3/testdata/html_entity_ok3.pem @@ -0,0 +1,100 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4f:47:38:4f:0f:c3:45:b6:91:f7:9d:15:ee:77:03:11 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = XX, O = Some CA, CN = Fake CA for zlint testing + Validity + Not Before: Dec 18 11:12:37 2024 GMT + Not After : Dec 18 11:12:37 2025 GMT + Subject: C = DE, ST = Hamburg, L = Hamburg, O = "Steinway & Sons", CN = example.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b2:e8:30:07:2e:bb:73:1c:e9:9d:f7:96:5c:ee: + 54:5c:10:0f:9c:92:e5:53:d8:b5:ba:0c:3f:82:9f: + e2:66:bd:a4:a8:16:8f:d1:c0:5d:c3:f4:9f:65:17: + 9e:f5:ec:e8:79:c4:4e:8b:38:ca:2a:76:4d:e9:0c: + 1f:0c:ac:8b:b4:5c:55:29:f0:25:e6:59:2f:b0:74: + 44:cf:2e:0a:85:1d:31:9e:11:36:76:4a:77:97:68: + 43:81:1e:05:ed:99:13:73:30:45:ee:97:ce:27:5b: + d3:1b:29:df:7a:8f:91:94:ee:7a:18:48:9d:c2:9f: + be:57:ad:57:a5:d8:47:8a:8c:93:fa:a2:4b:f5:b8: + ce:c0:88:c0:86:c0:a8:58:44:7c:e0:5a:92:e5:3f: + b1:fc:42:bf:76:ed:4c:75:91:0e:8e:36:e2:2f:42: + 72:92:50:d6:6b:62:0c:84:bf:dc:a6:67:3a:38:5e: + 6f:73:b9:af:ab:a0:7c:d1:80:b4:73:83:0e:9b:0c: + a1:d1:4f:8a:d9:40:90:6a:fe:6d:5b:49:44:5d:6d: + 4f:e0:42:bd:84:c6:de:43:fd:82:6b:33:3c:4c:26: + 3b:e5:9b:17:b0:e8:fb:2d:46:78:d1:d4:bf:05:20: + f9:6d:16:64:28:cd:a2:94:2c:2d:b0:f0:1a:ba:4e: + 37:4d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Subject Key Identifier: + AA:E8:51:AF:70:29:30:58:1B:94:D5:D2:1E:7A:2B:EB:95:92:60:C6 + X509v3 Authority Key Identifier: + keyid:E8:B6:F6:76:4B:D0:3B:E5:46:A5:F9:54:D4:7E:07:B3:DE:0D:60:3E + + Authority Information Access: + OCSP - URI:http://ca.someca-inc.com/ocsp + CA Issuers - URI:http://ca.someca-inc.com/root + + X509v3 Subject Alternative Name: + DNS:example.org + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.2 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://ca.someca-inc.com/crl + + Signature Algorithm: sha256WithRSAEncryption + 89:44:f7:34:c9:a2:c0:7d:3a:65:0a:11:39:69:79:09:ba:b0: + d8:e2:14:e9:a7:81:0a:c8:cc:a3:1d:ca:b2:bf:21:7c:f1:67: + e0:08:0c:c6:7b:09:26:1d:b1:e9:f4:5f:7b:bb:36:c2:63:10: + 14:cc:90:25:52:3a:62:58:20:17:56:7b:77:47:cd:e2:45:90: + f7:22:f3:f6:fe:90:e9:f6:50:f1:84:58:e0:35:24:20:dd:fc: + ec:b4:8c:c2:88:cf:0f:1b:3f:de:95:a2:26:f8:db:d6:c7:b1: + bc:8a:0f:4c:53:e7:ea:cf:3f:2c:ac:66:94:9c:d0:d7:70:9f: + cc:9c:f2:b9:ec:1c:77:63:33:b4:6b:65:4b:a8:43:84:e5:99: + bd:c1:16:4d:ed:ee:ec:5d:4f:ae:bc:93:9e:77:b0:de:eb:1b: + f5:b4:e7:88:26:0b:18:0a:b3:2e:2a:b3:e5:5b:50:d3:e6:e3: + 87:c5:48:fa:be:6d:a0:52:9c:38:13:dd:08:59:ad:da:28:54: + 36:df:ea:0e:b2:fa:56:a5:bb:5d:62:ca:59:8b:66:3a:df:b0: + a5:d2:40:0a:13:0f:07:b8:cf:55:ad:e7:fb:3e:fb:23:44:11: + 32:3d:e8:c7:7b:7b:ae:15:7c:8f:c5:a7:66:72:80:84:e8:40: + a0:62:a9:c3 +-----BEGIN CERTIFICATE----- +MIIEaTCCA1GgAwIBAgIQT0c4Tw/DRbaR950V7ncDETANBgkqhkiG9w0BAQsFADBD +MQswCQYDVQQGEwJYWDEQMA4GA1UEChMHU29tZSBDQTEiMCAGA1UEAxMZRmFrZSBD +QSBmb3IgemxpbnQgdGVzdGluZzAeFw0yNDEyMTgxMTEyMzdaFw0yNTEyMTgxMTEy +MzdaMGUxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdI +YW1idXJnMRwwGgYDVQQKDBNTdGVpbndheSAmYW1wOyBTb25zMRQwEgYDVQQDEwtl +eGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLoMAcu +u3Mc6Z33llzuVFwQD5yS5VPYtboMP4Kf4ma9pKgWj9HAXcP0n2UXnvXs6HnETos4 +yip2TekMHwysi7RcVSnwJeZZL7B0RM8uCoUdMZ4RNnZKd5doQ4EeBe2ZE3MwRe6X +zidb0xsp33qPkZTuehhIncKfvletV6XYR4qMk/qiS/W4zsCIwIbAqFhEfOBakuU/ +sfxCv3btTHWRDo424i9CcpJQ1mtiDIS/3KZnOjheb3O5r6ugfNGAtHODDpsModFP +itlAkGr+bVtJRF1tT+BCvYTG3kP9gmszPEwmO+WbF7Do+y1GeNHUvwUg+W0WZCjN +opQsLbDwGrpON00CAwEAAaOCATUwggExMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE +FjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFKroUa9wKTBYG5TV0h56 +K+uVkmDGMB8GA1UdIwQYMBaAFOi29nZL0DvlRqX5VNR+B7PeDWA+MGQGCCsGAQUF +BwEBBFgwVjApBggrBgEFBQcwAYYdaHR0cDovL2NhLnNvbWVjYS1pbmMuY29tL29j +c3AwKQYIKwYBBQUHMAKGHWh0dHA6Ly9jYS5zb21lY2EtaW5jLmNvbS9yb290MBYG +A1UdEQQPMA2CC2V4YW1wbGUub3JnMBMGA1UdIAQMMAowCAYGZ4EMAQICMC0GA1Ud +HwQmMCQwIqAgoB6GHGh0dHA6Ly9jYS5zb21lY2EtaW5jLmNvbS9jcmwwDQYJKoZI +hvcNAQELBQADggEBAIlE9zTJosB9OmUKETlpeQm6sNjiFOmngQrIzKMdyrK/IXzx +Z+AIDMZ7CSYdsen0X3u7NsJjEBTMkCVSOmJYIBdWe3dHzeJFkPci8/b+kOn2UPGE +WOA1JCDd/Oy0jMKIzw8bP96Voib429bHsbyKD0xT5+rPPyysZpSc0Ndwn8yc8rns +HHdjM7RrZUuoQ4Tlmb3BFk3t7uxdT668k553sN7rG/W054gmCxgKsy4qs+VbUNPm +44fFSPq+baBSnDgT3QhZrdooVDbf6g6y+lalu11iylmLZjrfsKXSQAoTDwe4z1Wt +5/s++yNEETI96Md7e64VfI/Fp2ZygIToQKBiqcM= +-----END CERTIFICATE-----