diff options
Diffstat (limited to 'build/pgo/certs')
35 files changed, 164 insertions, 0 deletions
diff --git a/build/pgo/certs/README b/build/pgo/certs/README new file mode 100644 index 0000000000..7036e4a87e --- /dev/null +++ b/build/pgo/certs/README @@ -0,0 +1,5 @@ +This directory contains CA and server certificates for testing. + +You can find instructions on how to add or modify certificates at: + +https://firefox-source-docs.mozilla.org/build/buildsystem/test_certificates.html diff --git a/build/pgo/certs/alternateroot.ca b/build/pgo/certs/alternateroot.ca new file mode 100644 index 0000000000..9fa2078b4c --- /dev/null +++ b/build/pgo/certs/alternateroot.ca @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC+zCCAeOgAwIBAgIUb/+pohOlRCuQgMy2GJLCUQq+HeMwDQYJKoZIhvcNAQEL +BQAwJjEkMCIGA1UEAwwbQWx0ZXJuYXRlIFRydXN0ZWQgQXV0aG9yaXR5MCIYDzIw +MTAwMTAxMDAwMDAwWhgPMjA1MDAxMDEwMDAwMDBaMCYxJDAiBgNVBAMMG0FsdGVy +bmF0ZSBUcnVzdGVkIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9RvplraKt1ByMJJisSj +s8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYnYLrmoujzbyPF2YMT +ud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+ZmkdKy3+yElEWQvF +o+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM5oeB3SK2ppzSg3UT +H5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2FnJCqx/W1iFA0YxMC4 +xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMdMBswCwYDVR0PBAQDAgEGMAwG +A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAS+qy/sIFV+oia7zsyFhe3X +j3ZHSvmqJ4mxIg5KOPVP2NvDaxD/+pysxGLf69QDRjIsePBdRJz0zZoVl9pSXIn1 +Kpk0sjzKX2bJtAomog+ZnAZUxtLzoXy/aqaheWm8cRJ8qFOJtSMDRrLISqBXCQLO +ECqXIxf3Nt3S+Riu2Pam3YymFdtmqUJvLhhekWtEEnXyh/xfAsoUgS3SQ27c4dCY +R7XGnFsaXrKXv93QeJmtfvrAZMXEuKaBGPSNHV6QH0S0Loh9Jed2Zp7GxnFtIPYe +J2Q5qtxa8KD/tgGFpAD74eMBdgQ4SxbA/YqqXIt1lLNcr7wm0cPRpP0vIY3hk8k= +-----END CERTIFICATE----- diff --git a/build/pgo/certs/alternateroot.ca.keyspec b/build/pgo/certs/alternateroot.ca.keyspec new file mode 100644 index 0000000000..cbd5f309c0 --- /dev/null +++ b/build/pgo/certs/alternateroot.ca.keyspec @@ -0,0 +1 @@ +alternate diff --git a/build/pgo/certs/alternateroot.certspec b/build/pgo/certs/alternateroot.certspec new file mode 100644 index 0000000000..d831222020 --- /dev/null +++ b/build/pgo/certs/alternateroot.certspec @@ -0,0 +1,7 @@ +issuer:Alternate Trusted Authority
+subject:Alternate Trusted Authority
+validity:20100101-20500101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
+issuerKey:alternate
+subjectKey:alternate
diff --git a/build/pgo/certs/badCertDomain.certspec b/build/pgo/certs/badCertDomain.certspec new file mode 100644 index 0000000000..5d13ffae3b --- /dev/null +++ b/build/pgo/certs/badCertDomain.certspec @@ -0,0 +1,3 @@ +subject:www.badcertdomain.example.com +issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization +extension:subjectAlternativeName:www.badcertdomain.example.com diff --git a/build/pgo/certs/bug1665057cert.certspec b/build/pgo/certs/bug1665057cert.certspec new file mode 100644 index 0000000000..ee338b8d1a --- /dev/null +++ b/build/pgo/certs/bug1665057cert.certspec @@ -0,0 +1,3 @@ +subject:www.suggestion-example.com +extension:subjectAlternativeName:www.suggestion-example.com +issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization diff --git a/build/pgo/certs/bug1706126cert.certspec b/build/pgo/certs/bug1706126cert.certspec new file mode 100644 index 0000000000..5fd2d894ff --- /dev/null +++ b/build/pgo/certs/bug1706126cert.certspec @@ -0,0 +1,3 @@ +subject:www.redirect-example.com +extension:subjectAlternativeName:www.redirect-example.com +issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization diff --git a/build/pgo/certs/bug413909cert.certspec b/build/pgo/certs/bug413909cert.certspec new file mode 100644 index 0000000000..ed4100219a --- /dev/null +++ b/build/pgo/certs/bug413909cert.certspec @@ -0,0 +1,3 @@ +subject:bug413909.xn--hxajbheg2az3al.xn--jxalpdlp +issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization +extension:subjectAlternativeName:bug413909.xn--hxajbheg2az3al.xn--jxalpdlp diff --git a/build/pgo/certs/cert9.db b/build/pgo/certs/cert9.db Binary files differnew file mode 100644 index 0000000000..818c114153 --- /dev/null +++ b/build/pgo/certs/cert9.db diff --git a/build/pgo/certs/dynamicPinningBad.certspec b/build/pgo/certs/dynamicPinningBad.certspec new file mode 100644 index 0000000000..1d377103d2 --- /dev/null +++ b/build/pgo/certs/dynamicPinningBad.certspec @@ -0,0 +1,5 @@ +subject:bad.include-subdomains.pinning-dynamic.example.com +issuer:Alternate Trusted Authority +extension:subjectAlternativeName:bad.include-subdomains.pinning-dynamic.example.com +subjectKey:alternate +issuerKey:alternate diff --git a/build/pgo/certs/dynamicPinningBad.server.keyspec b/build/pgo/certs/dynamicPinningBad.server.keyspec new file mode 100644 index 0000000000..cbd5f309c0 --- /dev/null +++ b/build/pgo/certs/dynamicPinningBad.server.keyspec @@ -0,0 +1 @@ +alternate diff --git a/build/pgo/certs/dynamicPinningGood.certspec b/build/pgo/certs/dynamicPinningGood.certspec new file mode 100644 index 0000000000..2db3836919 --- /dev/null +++ b/build/pgo/certs/dynamicPinningGood.certspec @@ -0,0 +1,3 @@ +subject:dynamic-pinning.example.com +issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization +extension:subjectAlternativeName:*.include-subdomains.pinning-dynamic.example.com,*.pinning-dynamic.example.com diff --git a/build/pgo/certs/escapeattack1.certspec b/build/pgo/certs/escapeattack1.certspec new file mode 100644 index 0000000000..df34d5920c --- /dev/null +++ b/build/pgo/certs/escapeattack1.certspec @@ -0,0 +1,3 @@ +subject:www.bank1.com\00www.bad-guy.com +issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization +extension:subjectAlternativeName:www.bank1.com\00www.bad-guy.com diff --git a/build/pgo/certs/evintermediate.ca b/build/pgo/certs/evintermediate.ca new file mode 100644 index 0000000000..84a6d8e802 --- /dev/null +++ b/build/pgo/certs/evintermediate.ca @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEfDCCA2SgAwIBAgIUETbLA86peOWkUFhyKYIuZVGUEygwDQYJKoZIhvcNAQEL +BQAwgdwxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRh +aW4gVmlldzEjMCEGA1UEChMaTW96aWxsYSAtIEVWIGRlYnVnIHRlc3QgQ0ExHTAb +BgNVBAsTFFNlY3VyaXR5IEVuZ2luZWVyaW5nMTYwNAYDVQQDEy1FViBUZXN0aW5n +ICh1bnRydXN0d29ydGh5KSBDQS9uYW1lPWV2LXRlc3QtY2ExLDAqBgkqhkiG9w0B +CQEWHWNoYXJsYXRhbkB0ZXN0aW5nLmV4YW1wbGUuY29tMCIYDzIwMTAwMTAxMDAw +MDAwWhgPMjA1MDAxMDEwMDAwMDBaMIHcMQswCQYDVQQGEwJVUzELMAkGA1UECBMC +Q0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxIzAhBgNVBAoTGk1vemlsbGEgLSBF +ViBkZWJ1ZyB0ZXN0IENBMR0wGwYDVQQLExRTZWN1cml0eSBFbmdpbmVlcmluZzE2 +MDQGA1UEAxMtRVYgVGVzdGluZyAodW50cnVzdHdvcnRoeSkgQ0EvbmFtZT1ldi10 +ZXN0LWNhMSwwKgYJKoZIhvcNAQkBFh1jaGFybGF0YW5AdGVzdGluZy5leGFtcGxl +LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALVJiVydABCNEaH5 +n4ep49Gl21367PGI2le/ZBNojyzkciz/EJA4wXQCyToqRz29KGrtP9zTY89aKRR3 +Ab3YGNdhW/k1a9XTyDNqqowJcTaKBsPNRGG5PlFCThdEuy6q1GqrOM4ZaCGWH4dx +ShZjaT8JdhzfTWuhJerOx74nDTiPeJ9s33iuMUTtKMReeSk4Y6eiKkiYCjakDnLV +ecm5Jd/4x5M2L/1ol6fBdUxel8lnw+rdGq6KoszONIoBabgOKKLXDBqWDG8zXy2g +m5tkP1q/uknoqqmB6WDifYdIC91V3ZQX+hhQn7tVTM+BpDl+i6gSijS98nhlwYnl +c0+yKQUCAwEAAaMwMC4wCwYDVR0PBAQDAgEGMAwGA1UdEwQFMAMBAf8wEQYDVR0g +BAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBCwUAA4IBAQArG5slgBRJuytlKFa4qcHW +pAOfjN9fwi57fDds1yNv6tXhESdkbVPhIgw+GanVbrVcorGdCkfB51+dPJM+cBgH +HSwEB7TQnNYvm/csA1zH4n+CnX9nBL7dwK63n6dyR9f1uvu6KSB+YJm3amKil85a +d7HeDWdh+gNhC58lEC2QzuOMivP593aS5vLJHfp8pjc21XJkO8M7SRw44OJKYq9/ +v0k6v4SznbfZzSLg3gM4aSNuCLExUtUY2myxPFwJs9QQ4xx5zJTjJTRlpxUm630Z +n4IYlseao949U+UbBNU4PZKH7dzSQzfhdFJpvK3dsPOPNnHYiXO0xAhsEvvjq8zQ +-----END CERTIFICATE----- diff --git a/build/pgo/certs/evintermediate.ca.keyspec b/build/pgo/certs/evintermediate.ca.keyspec new file mode 100644 index 0000000000..1a3d76a550 --- /dev/null +++ b/build/pgo/certs/evintermediate.ca.keyspec @@ -0,0 +1 @@ +ev diff --git a/build/pgo/certs/evintermediate.certspec b/build/pgo/certs/evintermediate.certspec new file mode 100644 index 0000000000..a04850d53f --- /dev/null +++ b/build/pgo/certs/evintermediate.certspec @@ -0,0 +1,7 @@ +issuer:printableString/C=US/ST=CA/L=Mountain View/O=Mozilla - EV debug test CA/OU=Security Engineering/CN=EV Testing (untrustworthy) CA/name=ev-test-ca/emailAddress=charlatan@testing.example.com
+subject:printableString/C=US/ST=CA/L=Mountain View/O=Mozilla - EV debug test CA/OU=Security Engineering/CN=EV Testing (untrustworthy) CA/name=ev-test-ca/emailAddress=charlatan@testing.example.com
+subjectKey:ev
+validity:20100101-20500101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
+extension:certificatePolicies:any
diff --git a/build/pgo/certs/expired.certspec b/build/pgo/certs/expired.certspec new file mode 100644 index 0000000000..3193168130 --- /dev/null +++ b/build/pgo/certs/expired.certspec @@ -0,0 +1,4 @@ +subject:expired.example.com +issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization +extension:subjectAlternativeName:expired.example.com +validity:20100105-20100106 diff --git a/build/pgo/certs/imminently_distrusted.certspec b/build/pgo/certs/imminently_distrusted.certspec new file mode 100644 index 0000000000..e44e4e8e07 --- /dev/null +++ b/build/pgo/certs/imminently_distrusted.certspec @@ -0,0 +1,4 @@ +issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization +subject:printableString/CN=Imminently Distrusted End Entity +validity:20100101-20500101 +extension:subjectAlternativeName:imminently-distrusted.example.com diff --git a/build/pgo/certs/key4.db b/build/pgo/certs/key4.db Binary files differnew file mode 100644 index 0000000000..12335f35d7 --- /dev/null +++ b/build/pgo/certs/key4.db diff --git a/build/pgo/certs/mochitest.certspec b/build/pgo/certs/mochitest.certspec new file mode 100644 index 0000000000..31f926290e --- /dev/null +++ b/build/pgo/certs/mochitest.certspec @@ -0,0 +1,3 @@ +subject:Mochitest client +issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization +serialNumber:3 diff --git a/build/pgo/certs/mochitest.client b/build/pgo/certs/mochitest.client Binary files differnew file mode 100644 index 0000000000..41870acc1d --- /dev/null +++ b/build/pgo/certs/mochitest.client diff --git a/build/pgo/certs/mochitest.client.keyspec b/build/pgo/certs/mochitest.client.keyspec new file mode 100644 index 0000000000..4ad96d5159 --- /dev/null +++ b/build/pgo/certs/mochitest.client.keyspec @@ -0,0 +1 @@ +default diff --git a/build/pgo/certs/noSubjectAltName.certspec b/build/pgo/certs/noSubjectAltName.certspec new file mode 100644 index 0000000000..dcbda9ee6e --- /dev/null +++ b/build/pgo/certs/noSubjectAltName.certspec @@ -0,0 +1,2 @@ +issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization +subject:certificate without subjectAlternativeNames diff --git a/build/pgo/certs/pgoca.ca b/build/pgo/certs/pgoca.ca new file mode 100644 index 0000000000..31cf9c33a0 --- /dev/null +++ b/build/pgo/certs/pgoca.ca @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgzCCAmugAwIBAgIUQx5pxD+JMg1qPztfSg1Ucw8xsz0wDQYJKoZIhvcNAQEL +BQAwajEoMCYGA1UEAxMfVGVtcG9yYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eTEY +MBYGA1UEChMPTW96aWxsYSBUZXN0aW5nMSQwIgYDVQQLExtQcm9maWxlIEd1aWRl +ZCBPcHRpbWl6YXRpb24wIhgPMjAxMDAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAw +MFowajEoMCYGA1UEAxMfVGVtcG9yYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eTEY +MBYGA1UEChMPTW96aWxsYSBUZXN0aW5nMSQwIgYDVQQLExtQcm9maWxlIEd1aWRl +ZCBPcHRpbWl6YXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6 +iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr +4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP +8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI +Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ +77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J +I/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1UdDwQEAwIBBjAMBgNVHRMEBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAYFnzom5ROuxDR3WFQatxHs5ekni4uUbEx +6pN8fOzcsllEfCwvmMLVCh36ffSguf/UlmR5Hq1s/S7iMiic5mnK4aaVwixzS4Z3 +ug7Dc+fG7j0VOcBTKWU983xUK/1F409ghQ5KlO38KA7hyx1kzjYjzvxLaweDXRqr +J/RZ1ACP2fKNziEOCbXzzzEx39oc17NBV+LotPFzKZ+pcxMDrtiNts4hwCw/UUw7 +Gp0tKte2CevGJbzjPHP3/6FUzHfOatZSpxEmvAcSTDp5sjdVuOStx4v6jVrwvyAz +VQzDPzaRWh3NtY5JNasrhExr5qxQlygfBngCMgZ9gESG9FvLG+sx +-----END CERTIFICATE----- diff --git a/build/pgo/certs/pgoca.ca.keyspec b/build/pgo/certs/pgoca.ca.keyspec new file mode 100644 index 0000000000..4ad96d5159 --- /dev/null +++ b/build/pgo/certs/pgoca.ca.keyspec @@ -0,0 +1 @@ +default diff --git a/build/pgo/certs/pgoca.certspec b/build/pgo/certs/pgoca.certspec new file mode 100644 index 0000000000..058e5b55a5 --- /dev/null +++ b/build/pgo/certs/pgoca.certspec @@ -0,0 +1,5 @@ +issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization +subject:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization +validity:20100101-20500101 +extension:keyUsage:keyCertSign,cRLSign +extension:basicConstraints:cA, diff --git a/build/pgo/certs/pkcs11.txt b/build/pgo/certs/pkcs11.txt new file mode 100644 index 0000000000..65aead2930 --- /dev/null +++ b/build/pgo/certs/pkcs11.txt @@ -0,0 +1,5 @@ +library= +name=NSS Internal PKCS #11 Module +parameters=configdir='/Users/mozilla/mozilla-unified/build/pgo/certs' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' +NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) + diff --git a/build/pgo/certs/selfsigned.certspec b/build/pgo/certs/selfsigned.certspec new file mode 100644 index 0000000000..be255b497a --- /dev/null +++ b/build/pgo/certs/selfsigned.certspec @@ -0,0 +1,3 @@ +issuer:self-signed.example.com +subject:self-signed.example.com +extension:subjectAlternativeName:self-signed.example.com diff --git a/build/pgo/certs/sha1_end_entity.certspec b/build/pgo/certs/sha1_end_entity.certspec new file mode 100644 index 0000000000..eced653a9a --- /dev/null +++ b/build/pgo/certs/sha1_end_entity.certspec @@ -0,0 +1,4 @@ +subject:sha1ee.example.com +issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization +extension:subjectAlternativeName:sha1ee.example.com +signature:sha1WithRSAEncryption diff --git a/build/pgo/certs/sha256_end_entity.certspec b/build/pgo/certs/sha256_end_entity.certspec new file mode 100644 index 0000000000..c3cb5fda2a --- /dev/null +++ b/build/pgo/certs/sha256_end_entity.certspec @@ -0,0 +1,4 @@ +subject:sha256ee.example.com +issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization +extension:subjectAlternativeName:sha256ee.example.com +signature:sha256WithRSAEncryption diff --git a/build/pgo/certs/staticPinningBad.certspec b/build/pgo/certs/staticPinningBad.certspec new file mode 100644 index 0000000000..7589ff6fc3 --- /dev/null +++ b/build/pgo/certs/staticPinningBad.certspec @@ -0,0 +1,5 @@ +subject:include-subdomains.pinning.example.com +issuer:Alternate Trusted Authority +extension:subjectAlternativeName:include-subdomains.pinning.example.com +subjectKey:alternate +issuerKey:alternate diff --git a/build/pgo/certs/staticPinningBad.server.keyspec b/build/pgo/certs/staticPinningBad.server.keyspec new file mode 100644 index 0000000000..cbd5f309c0 --- /dev/null +++ b/build/pgo/certs/staticPinningBad.server.keyspec @@ -0,0 +1 @@ +alternate diff --git a/build/pgo/certs/unknown_ca.certspec b/build/pgo/certs/unknown_ca.certspec new file mode 100644 index 0000000000..40e1bedc70 --- /dev/null +++ b/build/pgo/certs/unknown_ca.certspec @@ -0,0 +1,5 @@ +issuer:Unknown CA +subject:Unknown CA +validity:20100101-20500101 +extension:keyUsage:keyCertSign,cRLSign +extension:basicConstraints:cA, diff --git a/build/pgo/certs/untrusted.certspec b/build/pgo/certs/untrusted.certspec new file mode 100644 index 0000000000..445d3451b0 --- /dev/null +++ b/build/pgo/certs/untrusted.certspec @@ -0,0 +1,3 @@ +subject:untrusted.example.com +issuer:Unknown CA +extension:subjectAlternativeName:untrusted.example.com diff --git a/build/pgo/certs/untrustedandexpired.certspec b/build/pgo/certs/untrustedandexpired.certspec new file mode 100644 index 0000000000..bed16c7694 --- /dev/null +++ b/build/pgo/certs/untrustedandexpired.certspec @@ -0,0 +1,4 @@ +subject:untrusted-expired.example.com +issuer:Unknown CA +extension:subjectAlternativeName:untrusted-expired.example.com +validity:20121012-20121012 |