Merge pull request #416 from inikolcev/refactor_certification_selection

Refactor the certificate selection process

Author: tomato42

tests/serverECDSANonCACert.pem

@@ -0,0 +1,49 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: ecdsa-with-SHA256
+        Issuer: O=Example CA
+        Validity
+            Not Before: Aug 13 13:02:25 2020 GMT
+            Not After : Aug 13 13:02:25 2025 GMT
+        Subject: CN=localhost
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub:
+                    04:1b:30:00:c2:ff:cd:d5:37:13:24:50:ba:58:8f:
+                    b7:cc:ec:b8:da:92:f4:d1:a7:4f:e6:1d:f0:94:d3:
+                    68:50:26:c8:e7:10:58:3c:7e:74:78:fa:02:f6:e1:
+                    22:64:da:37:29:e0:82:9a:29:05:a8:64:25:26:23:
+                    26:4b:fe:ec:ea
+                ASN1 OID: prime256v1
+                NIST CURVE: P-256
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment, Key Agreement
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Subject Key Identifier: 
+                BD:1A:70:34:7D:A1:15:6C:B8:FC:B0:56:6D:AD:4D:0A:B2:E5:C7:82
+            X509v3 Authority Key Identifier: 
+                keyid:65:70:FA:10:EB:62:97:BD:85:FF:6C:04:F0:68:5D:22:F1:E9:83:67
+                DirName:/O=Example CA
+                serial:01
+
+    Signature Algorithm: ecdsa-with-SHA256
+         30:45:02:20:64:8a:57:52:cc:8d:db:8c:a2:26:fc:68:42:e1:
+         e6:76:9c:68:04:23:3a:ba:84:4f:8f:d2:74:17:ee:82:bb:ba:
+         02:21:00:b8:56:9b:fd:ec:2f:65:b4:94:a1:a7:64:b0:90:39:
+         4c:2f:37:df:b0:9c:f9:1e:5e:71:1d:d2:89:1c:41:8f:fb
+-----BEGIN CERTIFICATE-----
+MIIBnzCCAUWgAwIBAgIBAjAKBggqhkjOPQQDAjAVMRMwEQYDVQQKDApFeGFtcGxl
+IENBMB4XDTIwMDgxMzEzMDIyNVoXDTI1MDgxMzEzMDIyNVowFDESMBAGA1UEAwwJ
+bG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGzAAwv/N1TcTJFC6
+WI+3zOy42pL00adP5h3wlNNoUCbI5xBYPH50ePoC9uEiZNo3KeCCmikFqGQlJiMm
+S/7s6qOBhjCBgzAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEw
+HQYDVR0OBBYEFL0acDR9oRVsuPywVm2tTQqy5ceCMD0GA1UdIwQ2MDSAFGVw+hDr
+Ype9hf9sBPBoXSLx6YNnoRmkFzAVMRMwEQYDVQQKDApFeGFtcGxlIENBggEBMAoG
+CCqGSM49BAMCA0gAMEUCIGSKV1LMjduMoib8aELh5nacaAQjOrqET4/SdBfugru6
+AiEAuFab/ewvZbSUoadksJA5TC8337Cc+R5ecR3SiRxBj/s=
+-----END CERTIFICATE-----

tests/serverECDSANonCAKey.pem

@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIMiNFWNbmRjxDs7ea0aJkXyu4neI952tFSF3NJLIKawgoAoGCCqGSM49
+AwEHoUQDQgAEGzAAwv/N1TcTJFC6WI+3zOy42pL00adP5h3wlNNoUCbI5xBYPH50
+ePoC9uEiZNo3KeCCmikFqGQlJiMmS/7s6g==
+-----END EC PRIVATE KEY-----

tests/serverRSANonCACert.pem

@@ -0,0 +1,80 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: O=Example CA
+        Validity
+            Not Before: Aug 13 11:46:53 2020 GMT
+            Not After : Aug 13 11:46:53 2025 GMT
+        Subject: CN=localhost
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:c1:15:0a:48:c5:b9:f9:9c:a2:6d:e3:28:ca:0e:
+                    cf:5c:40:01:e1:2e:1d:89:f0:aa:27:f9:5b:dd:6b:
+                    44:2e:27:09:77:d3:95:3d:fd:af:5f:25:ad:53:9d:
+                    67:19:84:dc:9d:a5:eb:55:53:e3:33:67:1c:5e:c3:
+                    c8:57:66:9b:92:d1:a6:56:1c:0e:d9:f4:22:13:8f:
+                    e5:3b:a6:b7:df:68:16:ea:d6:e6:fb:6c:f4:b8:80:
+                    27:e3:e5:35:db:f7:7c:58:6f:54:61:76:c3:eb:09:
+                    b5:d7:dd:12:a8:8b:1f:a2:6d:67:7c:69:c1:f7:dc:
+                    a2:42:01:dd:95:18:cd:bf:8b:c4:4c:75:98:f9:28:
+                    df:9e:6b:d5:83:e7:dc:89:99:9e:67:d4:0c:94:49:
+                    b4:c3:df:ea:bb:e9:9a:ce:37:27:6d:d4:03:9c:2e:
+                    48:26:e7:c4:ee:68:56:73:a3:84:16:d9:1e:fe:19:
+                    4f:6c:a6:b7:32:cc:28:cd:99:dc:4b:13:07:2c:f3:
+                    5e:85:36:a2:f1:ff:d7:91:5f:ad:88:d7:36:95:3d:
+                    24:b9:eb:94:c7:fb:f9:15:e6:99:a1:f6:f6:96:f6:
+                    9e:9a:a4:37:90:e3:93:b0:66:c4:ac:8c:a6:c7:45:
+                    90:7c:e7:da:ad:42:78:c1:c0:d2:29:f7:79:28:71:
+                    7e:f9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment, Key Agreement
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Subject Key Identifier: 
+                DB:8F:99:D2:AE:F2:33:89:E5:1B:00:2B:DB:52:2B:84:34:FD:50:A7
+            X509v3 Authority Key Identifier: 
+                keyid:73:FC:FA:4F:60:6A:A5:E7:B0:48:15:2A:80:C0:C0:1E:07:A4:75:49
+                DirName:/O=Example CA
+                serial:01
+
+    Signature Algorithm: sha256WithRSAEncryption
+         24:e0:9a:17:43:51:a6:35:71:2c:2b:5d:95:02:2e:06:e6:84:
+         b7:61:29:21:9d:19:47:76:25:57:ee:ff:f2:ab:45:a1:48:00:
+         dc:ec:2d:34:66:6f:ae:63:23:46:b2:b9:42:5e:95:83:e4:e8:
+         69:13:55:f1:7f:ad:7d:a7:e6:7f:96:74:65:20:e7:f1:25:03:
+         78:c5:21:f3:d0:bb:9c:51:ce:34:08:dc:69:89:bb:55:92:80:
+         22:11:3b:3a:fc:af:00:11:a4:15:0d:fb:87:ac:e6:6f:e1:16:
+         82:f4:99:2f:0f:72:6c:6d:28:6e:75:91:ab:d7:ff:fc:34:db:
+         2d:b5:8e:9d:3a:3e:ae:1f:03:4c:12:d3:5a:4e:73:39:b3:ff:
+         c5:33:d2:09:07:7c:f0:a8:7d:65:28:c6:a7:fc:29:c8:a0:ef:
+         0b:2e:8f:61:f4:b8:c4:10:44:db:7e:62:89:7d:8d:6a:e4:72:
+         42:21:6e:76:ef:9b:0b:dd:d1:c4:fe:90:b2:a4:09:94:08:63:
+         fa:e0:48:54:c4:bb:c2:aa:f0:a5:5a:b5:9f:f0:46:82:b2:0f:
+         00:1e:3c:9c:0c:bf:3c:f8:05:f5:35:01:b4:0c:8e:df:83:88:
+         ae:fb:f7:d1:ee:e1:f8:6d:76:09:1a:44:a5:bd:56:e9:bb:66:
+         ae:15:0c:49
+-----BEGIN CERTIFICATE-----
+MIIDKzCCAhOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt
+cGxlIENBMB4XDTIwMDgxMzExNDY1M1oXDTI1MDgxMzExNDY1M1owFDESMBAGA1UE
+AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRUK
+SMW5+ZyibeMoyg7PXEAB4S4difCqJ/lb3WtELicJd9OVPf2vXyWtU51nGYTcnaXr
+VVPjM2ccXsPIV2abktGmVhwO2fQiE4/lO6a332gW6tbm+2z0uIAn4+U12/d8WG9U
+YXbD6wm1190SqIsfom1nfGnB99yiQgHdlRjNv4vETHWY+SjfnmvVg+fciZmeZ9QM
+lEm0w9/qu+mazjcnbdQDnC5IJufE7mhWc6OEFtke/hlPbKa3MswozZncSxMHLPNe
+hTai8f/XkV+tiNc2lT0kueuUx/v5FeaZofb2lvaemqQ3kOOTsGbErIymx0WQfOfa
+rUJ4wcDSKfd5KHF++QIDAQABo4GGMIGDMA4GA1UdDwEB/wQEAwIDqDATBgNVHSUE
+DDAKBggrBgEFBQcDATAdBgNVHQ4EFgQU24+Z0q7yM4nlGwAr21IrhDT9UKcwPQYD
+VR0jBDYwNIAUc/z6T2BqpeewSBUqgMDAHgekdUmhGaQXMBUxEzARBgNVBAoMCkV4
+YW1wbGUgQ0GCAQEwDQYJKoZIhvcNAQELBQADggEBACTgmhdDUaY1cSwrXZUCLgbm
+hLdhKSGdGUd2JVfu//KrRaFIANzsLTRmb65jI0ayuUJelYPk6GkTVfF/rX2n5n+W
+dGUg5/ElA3jFIfPQu5xRzjQI3GmJu1WSgCIROzr8rwARpBUN+4es5m/hFoL0mS8P
+cmxtKG51kavX//w02y21jp06Pq4fA0wS01pOczmz/8Uz0gkHfPCofWUoxqf8Kcig
+7wsuj2H0uMQQRNt+Yol9jWrkckIhbnbvmwvd0cT+kLKkCZQIY/rgSFTEu8Kq8KVa
+tZ/wRoKyDwAePJwMvzz4BfU1AbQMjt+DiK7799Hu4fhtdgkaRKW9Vum7Zq4VDEk=
+-----END CERTIFICATE-----

tests/serverRSANonCAKey.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAwRUKSMW5+ZyibeMoyg7PXEAB4S4difCqJ/lb3WtELicJd9OV
+Pf2vXyWtU51nGYTcnaXrVVPjM2ccXsPIV2abktGmVhwO2fQiE4/lO6a332gW6tbm
++2z0uIAn4+U12/d8WG9UYXbD6wm1190SqIsfom1nfGnB99yiQgHdlRjNv4vETHWY
++SjfnmvVg+fciZmeZ9QMlEm0w9/qu+mazjcnbdQDnC5IJufE7mhWc6OEFtke/hlP
+bKa3MswozZncSxMHLPNehTai8f/XkV+tiNc2lT0kueuUx/v5FeaZofb2lvaemqQ3
+kOOTsGbErIymx0WQfOfarUJ4wcDSKfd5KHF++QIDAQABAoIBAHf88kotDhivnUU6
+sIN41qYWZNSiCttJAwUacltUKKehvMGJbCp89zniuSbIH2T9avhRPsDlA8FS54+A
+jYS7EB0aSgsjHpuVmoObnbIHNicQkYVZDWvb1uy9P4zhSSosT0rJzJ9Q5gmvHCFM
+kibJZlxTLsdjFZZJt0/bxu673kiUp37dgQ7TMgAuFARYseXoJRIsci5ALvt4D68x
+uGu5IolXsYCpiUvb/4tC0Wh+MBgAaK4lR5QWLUi+K1FJ+bs9qS6UkzfQlYErHwgP
+1EHMMAUfF5hZA8S7GaTd0z4t7lX76D3qYXTQ5DX/RreeZavj4Y+gJL4qB1vMOpYu
+HdLi4vECgYEA44TQga5HwQCBCD0Fbq83LvHL1XZPo5nsuZTB6ivJeKhHGJysFOeE
+f8i9px5JYeaxqpRQ0VgGpCbLwir7/UGsofONQYwkRhnlqjNPaMAZVgEBAU1w/YCP
+haoPa+/uH9q5F5LS41g/EW4UFG6RdR7TXNKdM1mFETZWXuHEkjQ0J/UCgYEA2UCm
+6HYnvCEYGiFSlzJtyATinjL5qc2WN+oxd3zmJCyNv6fSccUAky1IZYfHaf02EJkj
+66oFOPNTvk5asfqjeLCPOsVxF+J54gTYKpMr9F72YX4pxJg4uRfAxn7xW7ehoHBN
+Sb3d9eFGLnxkS9lTs1Ni+Iy6W99/JzcsLsM0zHUCgYAvqIKEp50gMJrWvvGEXe+R
+RdUMwdusyXFs7lwwUTvCqn06CpeBSX3XxpTzjMSSXWCZ+rdzIp1BhV7pLVfblQY0
+ZnAQauquRH53SIg5yQOFoHA1daNVdriZpyXT1k5rHcXnyjmipbmQTR6nqQGPJwXf
+S77iIr5c/KTa+y/R8F18gQKBgQDXExopqE9N/7VMqRCKfnIQQkXXN7/SSqUcVc0C
+7bMovLLXudyspMsc6Qdy/Ch+1R5g8DqPY5In/zw4enlvGSIcqS4ikLSVYLApAYK/
+I1OwaRKhEbVn2wrMsqc12xY2JmTr4EGjb0P91zcTbjIcpNon/bVNOoSDz46h1Az5
+fmcWwQKBgHm7fnlHd9VVknIr2ZtvoD7m7jOoa0lKRrlhIsaMefayly7+JY1VJo2y
+GhsiReMlC+YQ8hX5QuR3XH8sHydI1U2ke0hWq8mNfHjqhlobTxM8QCJuch6oJ9xP
+6mX7L+HUwW1K/bNOpipgi+AkUwtrauoCWo4ON96LNN/+LU9OGpgA
+-----END RSA PRIVATE KEY-----