regenerate x509/custom/ca/ca.pem to expire in 2100

docs/development/test-vectors.rst

@@ -107,7 +107,9 @@ Custom asymmetric vectors
   ``asymmetric/public/PKCS1/rsa.pub.der`` are PKCS1 conversions of the public
   key from ``asymmetric/PKCS8/unenc-rsa-pkcs8.pem`` using PEM and DER encoding.
 * ``x509/custom/ca/ca_key.pem`` - An unencrypted PCKS8 ``secp256r1`` key. It is
-  the private key for the certificate ``x509/custom/ca/ca.pem``. This key is
+  the private key for the certificate ``x509/custom/ca/ca.pem``.
+* ``pkcs12/ca/ca_key.pem`` - An unencrypted PCKS8 ``secp256r1`` key. It is
+  the private key for the certificate ``pkcs12/ca/ca.pem``. This key is
   encoded in several of the PKCS12 custom vectors.
 * ``x509/custom/ca/rsa_key.pem`` - An unencrypted PCKS8 4096 bit RSA key. It is
   the private key for the certificate ``x509/custom/ca/rsa_ca.pem``.
@@ -464,8 +466,10 @@ Custom X.509 Vectors
   information access extension with both a CA repository entry and a custom
   OID entry.
 * ``ca/ca.pem`` - A self-signed certificate with ``basicConstraints`` set to
-  true. Its private key is ``ca/ca_key.pem``. This certificate is encoded in
-  several of the PKCS12 custom vectors.
+  true. Its private key is ``ca/ca_key.pem``.
+* ``pkcs12/ca/ca.pem`` - A self-signed certificate with ``basicConstraints``
+  set to true. Its private key is ``pkcs12/ca/ca_key.pem``.  This key is
+  encoded in several of the PKCS12 custom vectors.
 * ``negative_serial.pem`` - A certificate with a serial number that is a
   negative number.
 * ``rsa_pss.pem`` - A certificate with an RSA PSS signature.
@@ -686,90 +690,90 @@ Custom X.509 OCSP Test Vectors
 Custom PKCS12 Test Vectors
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 * ``pkcs12/cert-key-aes256cbc.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``)
+  (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``)
   both encrypted with AES 256 CBC with the password ``cryptography``.
 * ``pkcs12/cert-none-key-none.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``)
+  (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``)
   with no encryption. The password (used for integrity checking only) is
   ``cryptography``.
 * ``pkcs12/cert-rc2-key-3des.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) encrypted with RC2 and key
-  (``x509/custom/ca/ca_key.pem``) encrypted via 3DES with the password
+  (``pkcs12/ca/ca.pem``) encrypted with RC2 and key
+  (``pkcs12/ca/ca_key.pem``) encrypted via 3DES with the password
   ``cryptography``.
 * ``pkcs12/no-password.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``) with no
+  (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``) with no
   encryption and no password.
 * ``pkcs12/no-cert-key-aes256cbc.p12`` - A PKCS12 file containing a key
-  (``x509/custom/ca/ca_key.pem``) encrypted via AES 256 CBC with the
+  (``pkcs12/ca/ca_key.pem``) encrypted via AES 256 CBC with the
   password ``cryptography`` and no certificate.
 * ``pkcs12/cert-aes256cbc-no-key.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) encrypted via AES 256 CBC with the
+  (``pkcs12/ca/ca.pem``) encrypted via AES 256 CBC with the
   password ``cryptography`` and no private key.
 * ``pkcs12/no-name-no-pwd.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``),
+  (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``),
   as well as two additional certificates (``x509/cryptography.io.pem``
   and ``x509/letsencryptx3.pem``).
 * ``pkcs12/name-all-no-pwd.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``)
+  (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``)
   with friendly name ``name``, as well as two additional certificates
   (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``)
   with friendly names ``name2`` and ``name3``, respectively.
 * ``pkcs12/name-1-no-pwd.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``)
+  (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``)
   with friendly name ``name``, as well as two additional certificates
   (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``).
 * ``pkcs12/name-2-3-no-pwd.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``),
+  (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``),
   as well as two additional certificates (``x509/cryptography.io.pem``
   and ``x509/letsencryptx3.pem``) with friendly names ``name2`` and
   ``name3``, respectively.
 * ``pkcs12/name-2-no-pwd.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``),
+  (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``),
   as well as two additional certificates (``x509/cryptography.io.pem``
   and ``x509/letsencryptx3.pem``), the first having friendly name ``name2``.
 * ``pkcs12/name-3-no-pwd.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``),
+  (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``),
   as well as two additional certificates (``x509/cryptography.io.pem``
   and ``x509/letsencryptx3.pem``), the latter having friendly name ``name3``.
 * ``pkcs12/name-unicode-no-pwd.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``)
+  (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``)
   with friendly name ``☺``, as well as two additional certificates
   (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``)
   with friendly names ``ä`` and ``ç``, respectively.
 * ``pkcs12/no-name-pwd.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``),
+  (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``),
   as well as two additional certificates (``x509/cryptography.io.pem``
   and ``x509/letsencryptx3.pem``),
   encrypted via AES 256 CBC with the password ``cryptography``.
 * ``pkcs12/name-all-pwd.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``)
+  (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``)
   with friendly name ``name``, as well as two additional certificates
   (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``)
   with friendly names ``name2`` and ``name3`` respectively,
   encrypted via AES 256 CBC with the password ``cryptography``.
 * ``pkcs12/name-1-pwd.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``)
+  (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``)
   with friendly name ``name``, as well as two additional certificates
   (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``),
   encrypted via AES 256 CBC with the password ``cryptography``.
 * ``pkcs12/name-2-3-pwd.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``),
+  (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``),
   as well as two additional certificates (``x509/cryptography.io.pem``
   and ``x509/letsencryptx3.pem``) with friendly names ``name2` and
   ``name3`` respectively, encrypted via AES 256 CBC with the password
   ``cryptography``.
 * ``pkcs12/name-2-pwd.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``),
+  (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``),
   as well as two additional certificates (``x509/cryptography.io.pem``
   and ``x509/letsencryptx3.pem``), the first having friendly name ``name2``,
   encrypted via AES 256 CBC with the password ``cryptography``.
 * ``pkcs12/name-3-pwd.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``),
+  (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``),
   as well as two additional certificates (``x509/cryptography.io.pem``
   and ``x509/letsencryptx3.pem``), the latter having friendly name ``name2``,
   encrypted via AES 256 CBC with the password ``cryptography``.
 * ``pkcs12/name-unicode-pwd.p12`` - A PKCS12 file containing a cert
-  (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``)
+  (``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``)
   with friendly name ``☺``, as well as two additional certificates
   (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``)
   with friendly names ``ä`` and ``ç`` respectively, encrypted via

tests/hazmat/primitives/test_pkcs12.py

@@ -49,20 +49,7 @@ def _skip_curve_unsupported(backend, curve):
 )
 class TestPKCS12Loading:
     def _test_load_pkcs12_ec_keys(self, filename, password, backend):
-        cert = load_vectors_from_file(
-            os.path.join("x509", "custom", "ca", "ca.pem"),
-            lambda pemfile: x509.load_pem_x509_certificate(
-                pemfile.read(), backend
-            ),
-            mode="rb",
-        )
-        key = load_vectors_from_file(
-            os.path.join("x509", "custom", "ca", "ca_key.pem"),
-            lambda pemfile: load_pem_private_key(
-                pemfile.read(), None, backend
-            ),
-            mode="rb",
-        )
+        cert, key = _load_ca(backend)
         assert isinstance(key, ec.EllipticCurvePrivateKey)
         parsed_key, parsed_cert, parsed_more_certs = load_vectors_from_file(
             os.path.join("pkcs12", filename),
@@ -101,13 +88,7 @@ def test_load_pkcs12_ec_keys_rc2(self, filename, password, backend):
         self._test_load_pkcs12_ec_keys(filename, password, backend)
 
     def test_load_pkcs12_cert_only(self, backend):
-        cert = load_vectors_from_file(
-            os.path.join("x509", "custom", "ca", "ca.pem"),
-            lambda pemfile: x509.load_pem_x509_certificate(
-                pemfile.read(), backend
-            ),
-            mode="rb",
-        )
+        cert, _ = _load_ca(backend)
         parsed_key, parsed_cert, parsed_more_certs = load_vectors_from_file(
             os.path.join("pkcs12", "cert-aes256cbc-no-key.p12"),
             lambda data: load_key_and_certificates(
@@ -120,13 +101,7 @@ def test_load_pkcs12_cert_only(self, backend):
         assert parsed_more_certs == [cert]
 
     def test_load_pkcs12_key_only(self, backend):
-        key = load_vectors_from_file(
-            os.path.join("x509", "custom", "ca", "ca_key.pem"),
-            lambda pemfile: load_pem_private_key(
-                pemfile.read(), None, backend
-            ),
-            mode="rb",
-        )
+        _, key = _load_ca(backend)
         assert isinstance(key, ec.EllipticCurvePrivateKey)
         parsed_key, parsed_cert, parsed_more_certs = load_vectors_from_file(
             os.path.join("pkcs12", "no-cert-key-aes256cbc.p12"),
@@ -290,9 +265,9 @@ def _load_cert(backend, path):
 
 
 def _load_ca(backend):
-    cert = _load_cert(backend, os.path.join("x509", "custom", "ca", "ca.pem"))
+    cert = _load_cert(backend, os.path.join("pkcs12", "ca", "ca.pem"))
     key = load_vectors_from_file(
-        os.path.join("x509", "custom", "ca", "ca_key.pem"),
+        os.path.join("pkcs12", "ca", "ca_key.pem"),
         lambda pemfile: load_pem_private_key(pemfile.read(), None, backend),
         mode="rb",
     )

vectors/cryptography_vectors/pkcs12/ca/ca.pem

@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBUTCB96ADAgECAgIDCTAKBggqhkjOPQQDAjAnMQswCQYDVQQGEwJVUzEYMBYG
+A1UEAwwPY3J5cHRvZ3JhcGh5IENBMB4XDTE3MDEwMTEyMDEwMFoXDTM4MTIzMTA4
+MzAwMFowJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD2NyeXB0b2dyYXBoeSBDQTBZ
+MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBj/z7v5Obj13cPuwECLBnUGq0/N2CxS
+JE4f4BBGZ7VfFblivTvPDG++Gve0oQ+0uctuhrNQ+WxRv8GC177F+QWjEzARMA8G
+A1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANES742XWm64tkGnz8Dn
+pG6u2lHkZFQr3oaVvPcemvlbAiEA0WGGzmYx5C9UvfXIK7NEziT4pQtyESE0uRVK
+Xw4nMqk=
+-----END CERTIFICATE-----

vectors/cryptography_vectors/pkcs12/ca/ca_key.pem

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgA8Zqz5vLeR0ePZUe
+jBfdyMmnnI4U5uAJApWTsMn/RuWhRANCAAQY/8+7+Tm49d3D7sBAiwZ1BqtPzdgs
+UiROH+AQRme1XxW5Yr07zwxvvhr3tKEPtLnLboazUPlsUb/Bgte+xfkF
+-----END PRIVATE KEY-----

vectors/cryptography_vectors/x509/custom/ca/ca.pem

@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIIBUTCB96ADAgECAgIDCTAKBggqhkjOPQQDAjAnMQswCQYDVQQGEwJVUzEYMBYG
-A1UEAwwPY3J5cHRvZ3JhcGh5IENBMB4XDTE3MDEwMTEyMDEwMFoXDTM4MTIzMTA4
-MzAwMFowJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD2NyeXB0b2dyYXBoeSBDQTBZ
-MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBj/z7v5Obj13cPuwECLBnUGq0/N2CxS
-JE4f4BBGZ7VfFblivTvPDG++Gve0oQ+0uctuhrNQ+WxRv8GC177F+QWjEzARMA8G
-A1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANES742XWm64tkGnz8Dn
-pG6u2lHkZFQr3oaVvPcemvlbAiEA0WGGzmYx5C9UvfXIK7NEziT4pQtyESE0uRVK
-Xw4nMqk=
+MIIBUzCB+aADAgECAgIDCTAKBggqhkjOPQQDAjAnMQswCQYDVQQGEwJVUzEYMBYG
+A1UEAwwPY3J5cHRvZ3JhcGh5IENBMCAXDTE3MDEwMTAxMDAwMFoYDzIxMDAwMTAx
+MDAwMDAwWjAnMQswCQYDVQQGEwJVUzEYMBYGA1UEAwwPY3J5cHRvZ3JhcGh5IENB
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGP/Pu/k5uPXdw+7AQIsGdQarT83Y
+LFIkTh/gEEZntV8VuWK9O88Mb74a97ShD7S5y26Gs1D5bFG/wYLXvsX5BaMTMBEw
+DwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAvbYZS/FHzNtLGGyt
+HRNVDdcwLWISWOBz6p9ZvS6C42sCIQDThR22DuYZPUMQ3/AEylxYnMN+yBHiUUfU
+7hDv+IKvTA==
 -----END CERTIFICATE-----