Support custom SANs in test certificates generator

This CL adds an option for generating test certificates with custom
subject alternative name (SAN). This is important e.g. for testing of SAN matching in isolation.

Bug: 1030652
Test: Metadata of generated certificates has not changed (inspected manually).
Change-Id: I95c5003b46e4a78fb176c4d330571e22fc2b5f2b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1949797
Commit-Queue: Omar Morsi <omorsi@google.com>
Reviewed-by: Pavol Marko <pmarko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#722422}

chrome/test/data/extensions/api_test/platform_keys/client_1.pem

@@ -5,31 +5,31 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=Client Cert 1 CA
         Validity
-            Not Before: Sep 25 20:39:04 2019 GMT
-            Not After : Sep 22 20:39:04 2029 GMT
+            Not Before: Dec  6 08:03:35 2019 GMT
+            Not After : Dec  3 08:03:35 2029 GMT
         Subject: CN=Client Cert 1
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 RSA Public-Key: (2048 bit)
                 Modulus:
-                    00:c1:3b:f6:38:22:92:9f:05:43:87:8c:33:a5:13:
-                    88:12:2b:6a:c2:25:a7:5a:4f:0a:d0:f0:60:43:21:
-                    05:62:84:37:cc:85:2c:c1:e5:f3:94:4f:b5:e6:3f:
-                    34:97:75:3f:d0:d1:cc:70:f9:e4:38:b8:82:6c:5e:
-                    74:be:e8:f0:c4:a1:23:84:05:3e:5f:ad:79:f9:bf:
-                    c8:44:d7:b6:b6:c7:87:5f:cc:25:05:e6:cb:cc:65:
-                    62:2f:47:5d:0a:b5:ab:3d:be:6c:b7:b0:a8:fb:1e:
-                    97:cf:cf:a2:5f:79:5d:d5:9d:49:0b:16:c5:69:24:
-                    46:ca:10:bb:5a:55:3a:c0:c0:4d:7f:f7:8f:55:0e:
-                    7c:f0:59:c4:da:50:70:1a:0a:5c:d1:15:d2:fa:1c:
-                    9f:7b:3c:bc:dc:27:63:69:3c:ab:e8:c8:48:56:29:
-                    9e:1d:f5:77:0a:c3:05:98:98:a1:f5:a7:93:e7:ef:
-                    7f:f9:e8:b6:7b:52:47:39:f3:26:e9:eb:42:19:a8:
-                    b2:91:67:cc:fb:57:5c:bf:bd:15:da:82:e0:bf:77:
-                    16:ea:76:b3:73:c8:05:73:d9:ae:25:a2:c1:bd:24:
-                    99:90:f7:06:84:09:fe:e5:c8:5c:68:1e:ed:81:c4:
-                    03:18:fd:29:d5:0f:a9:12:c4:19:b0:a5:b6:3c:2b:
-                    49:97
+                    00:b4:da:6d:17:f7:67:aa:2b:2f:86:11:aa:6c:7f:
+                    63:93:df:7f:b9:d4:dc:83:e0:18:15:90:43:7f:20:
+                    65:b9:c9:41:a8:26:e1:e8:39:9c:a3:20:8a:21:77:
+                    36:38:42:fa:45:ae:24:bc:fe:4e:8f:5a:1a:76:64:
+                    61:b5:33:78:85:05:86:d3:b9:bf:90:03:9b:9a:ae:
+                    a5:1e:16:10:7c:bd:5a:ae:2f:44:b8:aa:59:c4:da:
+                    44:fa:1a:57:ca:23:eb:50:a7:e3:07:85:13:5a:40:
+                    92:96:56:38:df:76:b6:d8:a0:b9:7d:d0:59:ed:f7:
+                    65:21:3f:f2:1e:3c:0a:46:04:da:17:2a:e2:76:46:
+                    d9:87:ce:93:40:ab:4c:7c:f3:57:77:9d:d7:5e:fd:
+                    0b:33:e6:00:5f:65:2b:9e:71:14:96:ad:87:aa:27:
+                    9c:d2:8e:b2:45:2b:39:50:c7:23:8e:e0:a2:5e:65:
+                    0f:d9:bd:b9:0d:2d:bf:b2:fb:e3:c3:95:c5:32:02:
+                    f1:09:d8:28:75:1c:66:34:3f:dc:57:50:94:e6:6a:
+                    c8:cf:86:4f:47:ee:ff:4c:bb:da:b6:ce:eb:3a:74:
+                    92:6d:fa:a9:4b:1a:6b:10:94:0d:d4:02:c8:c5:1a:
+                    0f:52:88:fb:25:b4:e5:a6:6d:cb:1e:b8:28:ea:fe:
+                    41:51
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: critical
@@ -37,36 +37,36 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         55:cf:2b:7a:e0:80:2b:28:44:b8:2d:84:60:a4:b8:1f:b9:c6:
-         6c:80:9d:60:ea:60:f6:e2:b3:09:9a:ce:b2:53:e1:51:c5:eb:
-         33:89:5b:51:b7:af:25:44:d8:41:b7:53:e8:0d:e0:26:6c:0a:
-         66:a4:99:d4:3a:ac:04:d9:12:fc:82:c6:ea:37:e6:64:71:a1:
-         b6:91:4b:28:68:c8:d9:0d:22:f6:8f:64:1c:61:40:34:27:bd:
-         cf:da:d2:48:0b:89:5f:e7:11:13:af:2e:28:2f:a2:9d:57:93:
-         3b:8d:9d:0f:31:c3:29:a3:1d:33:6a:4b:05:25:a1:70:ca:9a:
-         18:f2:92:03:2b:aa:37:fe:45:d1:f1:64:7d:8d:a9:76:f6:cf:
-         5b:ac:70:c0:12:a4:b9:3f:06:a7:45:62:a7:54:4c:d5:70:5c:
-         99:92:5d:16:b0:f5:cf:12:ed:dc:a9:ac:c7:31:81:52:91:21:
-         36:22:eb:2f:77:6a:e3:13:82:6a:b5:17:73:ee:a9:9e:83:73:
-         83:9d:b6:80:eb:85:b2:bd:7d:d5:42:30:3e:2c:e2:ca:e3:2d:
-         4b:bf:c6:59:40:86:d9:d4:a6:90:d5:36:2f:8f:11:ba:d2:a5:
-         ad:1b:b0:6c:4e:e0:ad:bc:d8:38:90:fd:3c:6d:71:20:2a:9f:
-         ea:78:4d:79
+         c8:94:a7:30:da:75:79:13:db:70:ea:28:ab:a2:0e:a0:b8:d8:
+         b4:a7:1e:5e:11:1d:59:88:a9:f7:ce:d5:aa:ab:ae:73:27:de:
+         d8:fd:60:22:c3:25:de:7e:18:9b:ea:06:8f:da:c8:e3:b3:9f:
+         1e:49:b2:26:4e:56:71:c9:ac:83:bc:b6:1a:51:49:f5:70:40:
+         4e:20:bd:f6:ee:f8:1e:d4:78:81:1e:5f:50:ba:f5:94:6d:c0:
+         18:b1:d0:f3:d3:f8:e0:e6:22:8a:c4:9e:ee:71:86:b2:87:e3:
+         d6:e8:f5:7a:ab:ec:3f:12:9f:f0:1d:9a:dd:9d:12:f6:37:9f:
+         be:7f:b4:1e:d3:6b:7f:a7:db:4b:ca:34:fb:6e:b3:54:4b:95:
+         d8:cb:02:a7:d1:c7:04:48:44:01:0f:86:a5:d7:b3:99:ad:e9:
+         5f:55:55:c9:d8:90:51:e6:2b:b9:65:67:4b:8f:f3:69:71:dc:
+         63:04:df:43:18:f0:e8:31:8c:f2:00:fb:cc:13:cf:0b:6b:b6:
+         61:b9:40:39:44:e6:b6:0c:95:f9:79:a3:36:a6:63:6d:1e:49:
+         f2:c8:9e:be:c3:10:64:d8:2d:fe:a0:63:3e:1f:ec:aa:dd:96:
+         52:12:01:7f:bf:b9:f9:12:21:9c:51:dc:d5:01:0d:5e:b2:07:
+         aa:08:27:e2
 -----BEGIN CERTIFICATE-----
 MIIC3jCCAcagAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwGzEZMBcGA1UEAwwQQ2xp
-ZW50IENlcnQgMSBDQTAeFw0xOTA5MjUyMDM5MDRaFw0yOTA5MjIyMDM5MDRaMBgx
+ZW50IENlcnQgMSBDQTAeFw0xOTEyMDYwODAzMzVaFw0yOTEyMDMwODAzMzVaMBgx
 FjAUBgNVBAMMDUNsaWVudCBDZXJ0IDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQDBO/Y4IpKfBUOHjDOlE4gSK2rCJadaTwrQ8GBDIQVihDfMhSzB5fOU
-T7XmPzSXdT/Q0cxw+eQ4uIJsXnS+6PDEoSOEBT5frXn5v8hE17a2x4dfzCUF5svM
-ZWIvR10Ktas9vmy3sKj7HpfPz6JfeV3VnUkLFsVpJEbKELtaVTrAwE1/949VDnzw
-WcTaUHAaClzRFdL6HJ97PLzcJ2NpPKvoyEhWKZ4d9XcKwwWYmKH1p5Pn73/56LZ7
-Ukc58ybp60IZqLKRZ8z7V1y/vRXaguC/dxbqdrNzyAVz2a4losG9JJmQ9waECf7l
-yFxoHu2BxAMY/SnVD6kSxBmwpbY8K0mXAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAw
+ggEKAoIBAQC02m0X92eqKy+GEapsf2OT33+51NyD4BgVkEN/IGW5yUGoJuHoOZyj
+IIohdzY4QvpFriS8/k6PWhp2ZGG1M3iFBYbTub+QA5uarqUeFhB8vVquL0S4qlnE
+2kT6GlfKI+tQp+MHhRNaQJKWVjjfdrbYoLl90Fnt92UhP/IePApGBNoXKuJ2RtmH
+zpNAq0x881d3ndde/Qsz5gBfZSuecRSWrYeqJ5zSjrJFKzlQxyOO4KJeZQ/ZvbkN
+Lb+y++PDlcUyAvEJ2Ch1HGY0P9xXUJTmasjPhk9H7v9Mu9q2zus6dJJt+qlLGmsQ
+lA3UAsjFGg9SiPsltOWmbcseuCjq/kFRAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAw
 HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IB
-AQBVzyt64IArKES4LYRgpLgfucZsgJ1g6mD24rMJms6yU+FRxesziVtRt68lRNhB
-t1PoDeAmbApmpJnUOqwE2RL8gsbqN+ZkcaG2kUsoaMjZDSL2j2QcYUA0J73P2tJI
-C4lf5xETry4oL6KdV5M7jZ0PMcMpox0zaksFJaFwypoY8pIDK6o3/kXR8WR9jal2
-9s9brHDAEqS5PwanRWKnVEzVcFyZkl0WsPXPEu3cqazHMYFSkSE2Iusvd2rjE4Jq
-tRdz7qmeg3ODnbaA64WyvX3VQjA+LOLK4y1Lv8ZZQIbZ1KaQ1TYvjxG60qWtG7Bs
-TuCtvNg4kP08bXEgKp/qeE15
+AQDIlKcw2nV5E9tw6iirog6guNi0px5eER1ZiKn3ztWqq65zJ97Y/WAiwyXefhib
+6gaP2sjjs58eSbImTlZxyayDvLYaUUn1cEBOIL327vge1HiBHl9QuvWUbcAYsdDz
+0/jg5iKKxJ7ucYayh+PW6PV6q+w/Ep/wHZrdnRL2N5++f7Qe02t/p9tLyjT7brNU
+S5XYywKn0ccESEQBD4al17OZrelfVVXJ2JBR5iu5ZWdLj/NpcdxjBN9DGPDoMYzy
+APvME88La7ZhuUA5ROa2DJX5eaM2pmNtHknyyJ6+wxBk2C3+oGM+H+yq3ZZSEgF/
+v7n5EiGcUdzVAQ1esgeqCCfi
 -----END CERTIFICATE-----

chrome/test/data/extensions/api_test/platform_keys/client_2.pem

@@ -5,31 +5,31 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=Client Cert 2 CA
         Validity
-            Not Before: Sep 25 20:39:04 2019 GMT
-            Not After : Sep 22 20:39:04 2029 GMT
+            Not Before: Dec  6 08:03:35 2019 GMT
+            Not After : Dec  3 08:03:35 2029 GMT
         Subject: CN=Client Cert 2
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 RSA Public-Key: (2048 bit)
                 Modulus:
-                    00:d8:75:47:d7:df:06:33:37:0d:30:55:09:be:41:
-                    aa:87:e2:aa:d6:df:8e:6b:7b:18:ad:d0:2c:40:08:
-                    d5:71:3a:66:74:d0:90:03:93:1d:ba:17:0a:80:a7:
-                    ea:8e:02:1f:ab:ed:5c:65:78:84:25:f4:99:2d:e6:
-                    8f:b1:f6:d7:50:66:bf:25:76:ea:22:1f:7f:b3:f3:
-                    ec:4b:65:74:9c:7b:4f:8d:3e:43:dd:33:fa:67:26:
-                    22:f5:ca:75:d7:bf:85:e0:22:3b:2b:a8:3b:5e:d1:
-                    65:53:da:89:40:39:f9:1f:5b:74:10:f3:ee:c4:84:
-                    43:5f:ed:f5:14:91:bd:4b:cf:fc:dd:7e:8c:8f:b2:
-                    e4:45:95:67:93:90:47:66:f1:32:ce:09:87:bb:d2:
-                    1e:cd:34:34:40:23:9e:51:e5:04:db:c1:70:80:95:
-                    3b:47:04:4c:91:25:65:47:9e:f7:43:f0:57:e7:c7:
-                    9b:92:d2:4c:89:e9:40:58:b9:60:e9:09:bb:8f:8e:
-                    ab:fa:35:1b:2b:2a:50:52:1a:a3:72:1e:08:f8:70:
-                    2d:0a:85:87:fa:c5:7e:9c:21:e6:90:b8:aa:77:ce:
-                    a9:77:ce:ed:d2:a0:db:73:07:e3:c1:6b:45:9d:4f:
-                    19:d8:a2:b1:24:d6:8b:2c:0f:49:9b:d3:75:ee:75:
-                    6f:73
+                    00:d8:08:9f:cf:d7:15:51:a8:dd:13:23:d9:6d:9a:
+                    6c:55:8f:85:2e:73:36:48:61:b7:fa:32:78:bd:ed:
+                    8e:94:41:34:20:21:b2:a4:1a:7f:31:a1:51:98:5f:
+                    71:d6:71:83:77:72:c9:33:af:95:8c:c4:3c:e7:a6:
+                    36:d0:9a:65:1f:a1:b5:44:0c:09:cb:a9:30:46:c1:
+                    79:57:de:e2:be:c0:48:a6:c4:ac:69:7d:be:f2:77:
+                    72:dc:5a:32:94:ed:70:59:c7:96:94:00:db:b7:a0:
+                    0e:27:8a:50:68:27:5e:18:1a:58:b4:a3:48:a6:c5:
+                    75:9c:87:e2:00:a4:7b:4e:2c:22:2b:43:81:7c:52:
+                    9a:10:2f:a2:b1:d8:3d:e5:6c:59:5f:d0:7e:32:e6:
+                    ab:3a:e6:42:4c:8b:91:8c:ab:40:ce:7b:92:e6:58:
+                    36:72:eb:4a:0d:fc:98:18:35:a2:b2:00:d3:37:9c:
+                    2e:b9:dc:bc:3c:50:08:65:25:2f:ee:5a:fa:2a:37:
+                    fa:05:1b:bd:7b:65:53:e9:44:9f:62:9b:7f:31:0b:
+                    e3:dc:bb:e1:ed:ba:36:3f:cb:2e:fa:31:44:c9:39:
+                    eb:e9:4b:ef:e0:38:62:81:63:a9:9a:5b:21:7c:fc:
+                    47:77:45:0d:93:2d:f1:6d:1b:a5:19:ce:44:a1:3f:
+                    25:91
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: critical
@@ -37,36 +37,36 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         17:24:30:da:bd:19:5c:51:e7:cb:d9:6e:e9:81:6c:d9:4e:93:
-         f5:2d:53:7c:0d:27:69:b6:0b:20:60:94:cd:37:dc:e7:ef:b3:
-         ca:bc:6c:bf:9a:1f:bf:fa:76:ef:ac:cb:19:c2:f1:bf:4c:b2:
-         35:e2:01:42:bd:9a:ed:36:3b:15:f0:a6:13:6e:82:7b:72:6a:
-         dd:19:4b:2b:3c:a6:02:ce:aa:3d:ca:51:7e:15:75:ef:0d:c3:
-         98:2c:04:d6:40:71:c8:45:be:14:74:b5:5c:7d:9a:f1:db:17:
-         f4:64:96:05:f3:fb:28:dc:22:d5:7e:e8:96:29:78:68:94:16:
-         e0:c7:5a:ff:62:34:ee:f4:b8:89:d5:91:a3:20:da:8b:31:90:
-         d6:6d:cf:f6:d4:5c:03:4e:51:8d:63:7b:c2:9b:f4:a4:76:7f:
-         b9:09:68:10:55:6c:84:a5:82:67:e7:1b:73:55:28:4f:4b:43:
-         bc:3a:6c:bf:f8:64:2b:84:6c:97:05:9a:13:99:1f:95:90:69:
-         2e:a1:74:c0:c9:d3:59:7e:57:59:93:3e:4d:95:94:c9:8c:f5:
-         d8:86:64:1d:77:a7:51:15:38:1a:05:c1:fe:71:4c:3d:04:a3:
-         48:76:cb:57:27:4f:0f:81:ee:59:03:5a:e7:50:e1:24:e7:29:
-         bf:b6:ad:37
+         0b:03:41:f8:ca:7c:51:f4:8f:e9:59:b3:cb:43:d0:37:1b:a6:
+         b4:6f:b3:93:01:73:88:b9:31:b9:77:0a:95:a0:4d:b0:74:6e:
+         a1:74:61:a8:91:c9:2b:0e:ff:ed:1f:14:fb:ae:64:82:f3:85:
+         bb:d0:cb:9c:31:42:c0:5e:63:85:8d:f7:d1:50:db:bc:1c:79:
+         6e:f0:6e:3c:d1:ba:ff:74:08:8a:11:dc:e7:47:6a:8d:6d:39:
+         5e:0d:88:ee:f1:b7:bb:7c:07:7a:f1:ad:c1:f6:3f:f9:a9:70:
+         39:8c:fb:77:32:9c:e6:db:28:85:ba:71:89:a1:37:04:4d:2e:
+         f2:1f:dd:76:1c:76:c7:b1:82:6b:fd:5f:ca:6f:70:d2:13:40:
+         39:9e:f5:3c:6e:d2:b6:61:f5:33:af:29:fd:18:c9:da:5c:f4:
+         21:35:a7:a5:42:35:b1:44:59:2b:56:03:f9:24:0b:e5:60:e5:
+         e6:25:c5:21:33:ef:e0:c4:20:1b:b9:ff:50:ab:b7:43:62:dc:
+         51:5f:da:67:5d:b6:9c:50:4d:8b:18:ef:d4:6b:08:39:0a:14:
+         86:26:55:55:b5:dd:93:4e:f2:6f:46:53:75:8d:9d:e4:f8:a2:
+         e1:1e:0b:47:e1:ad:12:cd:a3:ef:0e:f2:dd:24:92:4d:22:f6:
+         b7:8f:27:35
 -----BEGIN CERTIFICATE-----
 MIIC3jCCAcagAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwGzEZMBcGA1UEAwwQQ2xp
-ZW50IENlcnQgMiBDQTAeFw0xOTA5MjUyMDM5MDRaFw0yOTA5MjIyMDM5MDRaMBgx
+ZW50IENlcnQgMiBDQTAeFw0xOTEyMDYwODAzMzVaFw0yOTEyMDMwODAzMzVaMBgx
 FjAUBgNVBAMMDUNsaWVudCBDZXJ0IDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQDYdUfX3wYzNw0wVQm+QaqH4qrW345rexit0CxACNVxOmZ00JADkx26
-FwqAp+qOAh+r7VxleIQl9Jkt5o+x9tdQZr8lduoiH3+z8+xLZXSce0+NPkPdM/pn
-JiL1ynXXv4XgIjsrqDte0WVT2olAOfkfW3QQ8+7EhENf7fUUkb1Lz/zdfoyPsuRF
-lWeTkEdm8TLOCYe70h7NNDRAI55R5QTbwXCAlTtHBEyRJWVHnvdD8Ffnx5uS0kyJ
-6UBYuWDpCbuPjqv6NRsrKlBSGqNyHgj4cC0KhYf6xX6cIeaQuKp3zql3zu3SoNtz
-B+PBa0WdTxnYorEk1ossD0mb03XudW9zAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAw
+ggEKAoIBAQDYCJ/P1xVRqN0TI9ltmmxVj4UuczZIYbf6Mni97Y6UQTQgIbKkGn8x
+oVGYX3HWcYN3cskzr5WMxDznpjbQmmUfobVEDAnLqTBGwXlX3uK+wEimxKxpfb7y
+d3LcWjKU7XBZx5aUANu3oA4nilBoJ14YGli0o0imxXWch+IApHtOLCIrQ4F8UpoQ
+L6Kx2D3lbFlf0H4y5qs65kJMi5GMq0DOe5LmWDZy60oN/JgYNaKyANM3nC653Lw8
+UAhlJS/uWvoqN/oFG717ZVPpRJ9im38xC+Pcu+HtujY/yy76MUTJOevpS+/gOGKB
+Y6maWyF8/Ed3RQ2TLfFtG6UZzkShPyWRAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAw
 HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IB
-AQAXJDDavRlcUefL2W7pgWzZTpP1LVN8DSdptgsgYJTNN9zn77PKvGy/mh+/+nbv
-rMsZwvG/TLI14gFCvZrtNjsV8KYTboJ7cmrdGUsrPKYCzqo9ylF+FXXvDcOYLATW
-QHHIRb4UdLVcfZrx2xf0ZJYF8/so3CLVfuiWKXholBbgx1r/YjTu9LiJ1ZGjINqL
-MZDWbc/21FwDTlGNY3vCm/Skdn+5CWgQVWyEpYJn5xtzVShPS0O8Omy/+GQrhGyX
-BZoTmR+VkGkuoXTAydNZfldZkz5NlZTJjPXYhmQdd6dRFTgaBcH+cUw9BKNIdstX
-J08Pge5ZA1rnUOEk5ym/tq03
+AQALA0H4ynxR9I/pWbPLQ9A3G6a0b7OTAXOIuTG5dwqVoE2wdG6hdGGokckrDv/t
+HxT7rmSC84W70MucMULAXmOFjffRUNu8HHlu8G480br/dAiKEdznR2qNbTleDYju
+8be7fAd68a3B9j/5qXA5jPt3Mpzm2yiFunGJoTcETS7yH912HHbHsYJr/V/Kb3DS
+E0A5nvU8btK2YfUzryn9GMnaXPQhNaelQjWxRFkrVgP5JAvlYOXmJcUhM+/gxCAb
+uf9Qq7dDYtxRX9pnXbacUE2LGO/Uawg5ChSGJlVVtd2TTvJvRlN1jZ3k+KLhHgtH
+4a0SzaPvDvLdJJJNIva3jyc1
 -----END CERTIFICATE-----

chrome/test/data/extensions/api_test/platform_keys/create_test_certs.sh

@@ -158,14 +158,14 @@ try openssl rsautl \
 CN=root \
   try root_cert root
 
-CA_ID=root CN=l1_leaf \
-  try issue_cert l1_leaf leaf_cert_san_dns as_der
+CA_ID=root CN=l1_leaf SAN="DNS:${CN}"\
+  try issue_cert l1_leaf leaf_cert_san as_der
 
 CA_ID=root CN=l1_interm \
   try issue_cert l1_interm ca_cert as_der
 
-CA_ID=l1_interm CN=l2_leaf \
-  try issue_cert l2_leaf leaf_cert_san_dns as_der
+CA_ID=l1_interm CN=l2_leaf SAN="DNS:${CN}"\
+  try issue_cert l2_leaf leaf_cert_san as_der
 
 
 try rm -rf out

chrome/test/data/extensions/api_test/platform_keys/root.pem

 -----BEGIN CERTIFICATE-----
-MIIDDzCCAfegAwIBAgIUE6DlsbqKeIyd/E9G7Yy3Scd2AUIwDQYJKoZIhvcNAQEL
-BQAwDzENMAsGA1UEAwwEcm9vdDAeFw0xOTA3MTgwOTMxMzNaFw0yOTA3MTUwOTMx
-MzNaMA8xDTALBgNVBAMMBHJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQCg/Ninw2KyS8Y6KsDH9SZw8b/zTLrMCTp3ATparxbXFwm+GTUy8YKPJGxt
-Rft0dz6VHgDU907uOnLHZimF5j6lyzy6bU/xSs85Ut5MxMp/TZ9EhZAOHI2AzSXv
-qwHMxTiTl9or/FQca9TT3ZJDZ7FhAmp/pDByY0N7bYZ/bTAL25xMZabK4u+ibFyq
-I+tKRuus6uFHLq9OEs8Pb0oPoStbFL/oFEI6uFcEUHQVaFT4o8bfkwGbYYZ4vJn+
-Wj7cZsEf0FOB9KODYgPeDU/M/NxcgpiJphBkXipbzZfNcu2q7MHtDW+AqPVgxqrg
-CeTxN8Zmf8+zvhUBSV+S8wc0/tMJAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8w
-HQYDVR0OBBYEFGUUbw2qc80DLlJ+QJHuTQFb+yJkMB8GA1UdIwQYMBaAFGUUbw2q
-c80DLlJ+QJHuTQFb+yJkMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOC
-AQEAfJyc5PBIO+Lm2OlBxSgGEhFq9v938HzBE4B0JvmyGnv86Al7NOkC/7qWjD4U
-170O/lBkSEeFCb6wXRX9cj4Au6r2JxNxG4vTeT9KwQcwXLToRgURQnQYrJaoUGXT
-LUqI0Q/Sf/m4FjxuCWvBlHP3KaQ/uhT98xNbXzdSm83q0ocwCMFAwz8MZRcNj86X
-uTgHxDGJkFFvPNma2AGTVdfX3qJVUh4Sgrm3MvCa2kuntFZYGe8BUvaMPR4dOLoP
-kGCYneXWnxT2e4qIFWEGit3aN6sjA7uYwqBmIJqBdPumlOo1JRGolKj9+viirA7N
-94ODR+OrtgS4lyaetsnooHZIkg==
+MIIDDzCCAfegAwIBAgIUKFStNJeVuPBWrpGKO9aabwf0WxkwDQYJKoZIhvcNAQEL
+BQAwDzENMAsGA1UEAwwEcm9vdDAeFw0xOTEyMDYwODAzMzZaFw0yOTEyMDMwODAz
+MzZaMA8xDTALBgNVBAMMBHJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDicxSkW6mTOB7hUzRu0wUxjVHG2e01Mdztyqw6qh42m2vdZq9J92jXXa3S
+HPHtyw7UTsqHeHJYIclo5IuCRp41+cf+F6OdnPEcLDUg72o/ljFnQQ4L8G5Xga2M
+BzeX/4meO1G3pE6TziLVI+rR65zy6Q4aa4xRWCANIjkclrXd4VXpnQxIJPlfpZqz
+62Drbagdlt+okH+9mmznJfK0W7XFOTNXkwObhClnjj5x3p+P2qu8k6SfPlJNaYbZ
+ru6D9N02XXEs1Cokumuu/K7nkkIAknMIo7L+aEhHijL2CJZ9adwhc1UpY1nt1e+C
+q7fs9rV7HOsHzIoOzkWsvS0dkwlJAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8w
+HQYDVR0OBBYEFFP/zoqWlqGquBycl85O1V3iSo4XMB8GA1UdIwQYMBaAFFP/zoqW
+lqGquBycl85O1V3iSo4XMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOC
+AQEAdzUr80ohIUlfoUB4/8pimdmnL9odrWg4Q0UAAZvNCYHPUFVX5IFwy6vLROmp
+5h41u57vvbYcFUyaBR3D8xYs8ozUU8umOXBtweJmq/mOqvj9tIsdpUKs2sF82d3S
+58v4h1Jo1UJahv//V0FbkJc7xov4PJtbH7U0sHgVrvDPRYi9daSS3J68bwSLw3ID
+maPQb37tT/UBUh25Lg+t3sivh2Oz4oc4XdKApfa3/94rGXleBjRI8uCs0PMGHdbH
+SfJJODFWJ4aYAOD5DztMEQ8LB+QGPPyOiaROh2PuPDxuL/WewG9bCPc5SeYtzKDE
+A8LkKDgX0XmlroqoEFRU/X/zGA==
 -----END CERTIFICATE-----

chrome/test/data/extensions/api_test/platform_keys/signature_client1_sha1_pkcs

-vE=&.^۩;&vjuOl'˳ĸ8~jܗ <
"s}oӠzxZWX9>yg66AeI
-:}B$Y<}\*v2ޓ1{
+Ǹ3ei4ZU­~@Gq	N
þ"ٿcc_K{]CWK].yhgypFaCYXt!UQF<԰?0{ʅeƳ-*]&
Ua+YI<
.Q`sjEM9Zjk6G/!rṨR^*:ȵi
.5ELipj4\q}_c/k2yǧM	E7w
\ No newline at end of file
-e#/0o{I%	-ffۈF9+Ypy7TkAHpMЇ[	rIӴ_A|V2O|NL<1_>	9:1IaQ,*Ҷ 6WfdF=I԰R(^
\ No newline at end of file

chrome/test/data/policy/ca_util/ca.cnf

@@ -21,22 +21,6 @@ policy           = policy_anything
 unique_subject   = no
 copy_extensions  = copy
 
-[leaf_cert_san_ip]
-# Extensions to add when signing a request for an leaf cert
-basicConstraints       = critical, CA:false
-subjectKeyIdentifier   = hash
-authorityKeyIdentifier = keyid:always
-extendedKeyUsage       = serverAuth, clientAuth
-subjectAltName         = IP:${ENV::CN}
-
-[leaf_cert_san_dns]
-# Extensions to add when signing a request for an leaf cert
-basicConstraints       = critical, CA:false
-subjectKeyIdentifier   = hash
-authorityKeyIdentifier = keyid:always
-extendedKeyUsage       = serverAuth, clientAuth
-subjectAltName         = DNS:${ENV::CN}
-
 [leaf_cert_without_san]
 # Extensions to add when signing a request for an leaf cert
 basicConstraints       = critical, CA:false

chrome/test/data/policy/ca_util/ca_util.sh

@@ -62,15 +62,14 @@ root_cert() {
 
 # Create a cert with CommonName $CN signed by $CA_ID.
 # Usage:
-#   CA_ID=<id> CN="<cn>" \
+#   CA_ID=<id> CN="<cn>" [SAN="<san>"] \
 #     issue_cert <$1=file_name> <$2=cert_type> [as_pem] [as_der] [as_pk8]
 # and store it at $1.der /$1.pem.
+# For more information about specifying Subject Alternative Name (SAN) please
+# refer to: https://www.openssl.org/docs/man1.1.1/man5/x509v3_config.html
 # $1 / file_name is the name (without extension) of the created files.
 # $2 / cert_type must one of:
-#  (*) "leaf_cert_san_ip" (for a server/user cert that reuses the $CN as
-#      subjectAltName of type IP)
-#  (*) "leaf_cert_san_dns" (for a server/user cert that reuses the $CN as
-#      subjectAltName of type DNS)
+#  (*) "leaf_cert_san" (for a server/user cert that uses subjectAltName $SAN)
 #  (*) "leaf_cert_without_san" (for a server/user cert that does not have a
 #      subjectAltName)
 #  (*) or "ca_cert" (for a intermediate CA).
@@ -84,9 +83,25 @@ root_cert() {
 #      directory.
 # Will write intermediate output to $CA_CERT_UTIL_OUT_DIR. Do not delete
 # $CA_CERT_UTIL_OUT_DIR before all certificates have been issued.
+
+# Examples:
+
+# CN=root_ca_cert \
+#  try root_cert root_ca_cert
+
+# CA_ID=root_ca_cert CN="127.0.0.1" \
+#  try issue_cert ok_cert_without_san leaf_cert_without_san as_pem
+
+# CA_ID=root_ca_cert CN="127.0.0.1" SAN="DNS:example.com" \
+#  try issue_cert ok_cert_with_dns_san leaf_cert_san as_pem
+
+# CA_ID=root_ca_cert CN="127.0.0.1" SAN="email:example@domain.com" \
+#  try issue_cert ok_cert_with_email_san leaf_cert_san as_pem
+
 issue_cert() {
   cert_name="$1"
   cert_type="$2"
+  config="${CA_CERT_UTIL_DIR}/ca.cnf"
 
   if [[ "${cert_type}" == "ca_cert" ]]
   then
@@ -94,18 +109,28 @@ issue_cert() {
     try touch "${CA_CERT_UTIL_OUT_DIR}/${cert_name}-index.txt"
     try openssl genrsa -out "${CA_CERT_UTIL_OUT_DIR}/${cert_name}.key" 2048
   fi
+
+  case "${cert_type}" in
+    "leaf_cert_san")
+      config="${CA_CERT_UTIL_DIR}/cert_with_san.cnf"
+      ;;
+    "leaf_cert_without_san")
+      config="${CA_CERT_UTIL_DIR}/cert_without_san.cnf"
+      ;;
+  esac
+
   try openssl req \
     -new \
     -keyout "${CA_CERT_UTIL_OUT_DIR}/${cert_name}.key" \
     -out "${CA_CERT_UTIL_OUT_DIR}/${cert_name}.req" \
-    -config "${CA_CERT_UTIL_DIR}/ca.cnf"
+    -config $config
 
   try openssl ca \
     -batch \
     -extensions "${cert_type}" \
     -in "${CA_CERT_UTIL_OUT_DIR}/${cert_name}.req" \
     -out "${CA_CERT_UTIL_OUT_DIR}/${cert_name}.pem" \
-    -config "${CA_CERT_UTIL_DIR}/ca.cnf"
+    -config $config
 
   try openssl x509 -in "${CA_CERT_UTIL_OUT_DIR}/${cert_name}.pem" -outform DER \
     -out "${CA_CERT_UTIL_OUT_DIR}/${cert_name}.der"

chrome/test/data/policy/ca_util/cert_with_san.cnf

+.include ${ENV::CA_CERT_UTIL_DIR}/ca.cnf
+
+[leaf_cert_san]
+# Extensions to add when signing a request for an leaf cert
+basicConstraints       = critical, CA:false
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid:always
+extendedKeyUsage       = serverAuth, clientAuth
+subjectAltName         = ${ENV::SAN}

chrome/test/data/policy/ca_util/cert_without_san.cnf

+.include ${ENV::CA_CERT_UTIL_DIR}/ca.cnf
+
+[leaf_cert_without_san]
+# Extensions to add when signing a request for an leaf cert
+basicConstraints       = critical, CA:false
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid:always
+extendedKeyUsage       = serverAuth, clientAuth

chrome/test/data/policy/test_certs/create_test_certs.sh

@@ -24,14 +24,14 @@ try mkdir out
 CN=root_ca_cert \
   try root_cert root_ca_cert
 
-CA_ID=root_ca_cert CN="127.0.0.1" \
-  try issue_cert ok_cert leaf_cert_san_ip as_pem
+CA_ID=root_ca_cert CN="127.0.0.1" SAN="IP:127.0.0.1" \
+  try issue_cert ok_cert leaf_cert_san as_pem
 
 CA_ID=root_ca_cert CN=intermediate_ca_cert \
   try issue_cert intermediate_ca_cert ca_cert as_pem
 
-CA_ID=intermediate_ca_cert CN="127.0.0.1" \
-  try issue_cert ok_cert_by_intermediate leaf_cert_san_ip as_pem
+CA_ID=intermediate_ca_cert CN="127.0.0.1" SAN="IP:127.0.0.1" \
+  try issue_cert ok_cert_by_intermediate leaf_cert_san as_pem
 
 try rm -rf out
 

chrome/test/data/policy/test_certs/intermediate_ca_cert.pem

@@ -5,74 +5,74 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=root_ca_cert
         Validity
-            Not Before: Jul 18 09:31:32 2019 GMT
-            Not After : Jul 15 09:31:32 2029 GMT
+            Not Before: Dec  5 12:53:24 2019 GMT
+            Not After : Dec  2 12:53:24 2029 GMT
         Subject: CN=intermediate_ca_cert
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 RSA Public-Key: (2048 bit)
                 Modulus:
-                    00:9c:36:53:e3:22:02:c9:fa:57:e8:19:a1:fe:97:
-                    34:6a:45:55:47:e9:6b:60:38:7e:4e:4b:ce:fd:8b:
-                    8d:c4:74:53:2b:1b:bb:f0:1c:ce:5b:f4:4a:20:d8:
-                    07:20:8a:6a:e5:bd:ff:a0:d1:dd:65:6b:cc:04:96:
-                    46:bf:71:2d:bc:bb:15:bc:43:04:28:7a:07:b9:52:
-                    bf:5d:f1:6e:74:4b:b1:64:15:ae:56:70:38:8b:64:
-                    a1:2f:07:8e:49:db:49:42:b6:7f:23:22:12:0f:21:
-                    63:d0:7b:a0:2a:ff:66:51:20:60:44:f3:5c:b5:b8:
-                    b5:da:b2:ee:d5:17:c8:38:e2:b7:11:aa:f8:0b:05:
-                    a2:76:3e:57:4b:9b:f4:5e:7b:ed:97:5a:3a:2a:dc:
-                    d3:e2:ef:66:e7:7e:6d:87:72:6c:08:4a:df:d2:b1:
-                    f2:1c:c8:4f:b7:96:49:ca:9b:f5:5b:ac:23:37:53:
-                    4b:b8:8a:84:ce:cc:2e:b7:b4:ca:ee:4b:d1:71:fd:
-                    a4:f2:53:6b:62:6d:26:35:28:cb:b6:c6:8b:9f:a6:
-                    7a:6e:5b:8d:56:fe:5b:08:4a:2d:2a:f0:e9:a5:48:
-                    5d:ce:97:8d:47:60:6d:70:10:dc:e6:84:6b:f2:98:
-                    4c:be:8e:a8:d2:34:bb:27:12:9c:87:f2:5c:7b:ec:
-                    15:e9
+                    00:a7:8e:b6:1f:bc:0f:eb:6b:76:6f:da:7e:cb:2d:
+                    1d:33:79:27:6b:6a:fb:da:62:1b:f1:6d:87:ad:b0:
+                    19:88:7b:08:79:5c:61:7e:83:c2:20:e3:9d:9c:89:
+                    6c:a9:b0:d9:d5:5f:72:a2:67:6d:e7:5e:df:22:3e:
+                    3e:3c:39:18:94:af:a5:19:fe:5f:5f:bf:8c:88:89:
+                    8b:e2:ef:6c:80:04:a8:58:d8:85:17:36:09:46:13:
+                    94:a5:d6:c4:6f:94:74:01:0c:25:80:5e:38:0f:15:
+                    e0:3f:0f:e9:40:66:5a:e1:fc:14:d5:e9:e5:50:d3:
+                    f2:bf:4a:cd:d5:e6:ea:51:c4:e0:eb:65:73:4a:5b:
+                    70:35:a7:f5:35:4e:9a:9d:00:4e:a3:93:93:2b:28:
+                    0a:f0:0d:90:2e:bd:b9:cc:1a:64:fa:b1:cd:3b:e9:
+                    75:d1:85:d0:44:9e:59:99:77:08:90:67:08:d3:46:
+                    ff:43:89:c0:6f:a8:cd:df:a8:8c:77:86:9a:72:a2:
+                    5a:b2:d3:7e:09:6f:8d:77:ed:c0:1a:f7:c5:4a:2c:
+                    a7:f5:29:9b:71:e4:62:34:ba:e9:29:c4:4a:ac:4f:
+                    18:0f:98:f3:72:4b:1f:fd:81:ca:ae:99:49:06:8f:
+                    74:47:6e:49:9b:44:f3:86:88:e4:57:40:bc:33:97:
+                    b0:5b
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Subject Key Identifier: 
-                98:83:CE:76:1F:C8:B7:83:1B:BC:B7:EA:95:DD:56:5D:EF:B4:50:70
+                31:D7:EC:7F:E7:37:E4:67:ED:11:71:45:B7:2C:A1:E7:76:6C:41:CF
             X509v3 Authority Key Identifier: 
-                keyid:45:DA:86:F6:87:7F:4D:80:C5:95:50:32:E8:CB:3C:35:30:BD:93:71
+                keyid:73:5E:BD:A5:74:8E:8C:C5:31:90:07:60:92:D9:D7:2C:57:AF:4C:67
 
             X509v3 Key Usage: critical
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         29:87:4f:f4:0e:67:be:1d:2f:b0:1e:cd:c8:b2:ce:ca:b7:a0:
-         d3:b4:cf:11:ca:65:05:11:3d:c3:13:3d:a9:5d:f4:58:1b:9b:
-         36:43:4f:f1:6d:0a:96:4c:b4:44:05:bd:f5:de:67:1b:50:17:
-         96:cb:f9:f6:22:07:25:19:84:e8:4f:1a:a3:99:b7:ed:8d:ed:
-         79:d5:2a:fe:fc:5c:5d:06:f1:27:1a:ce:65:a9:5c:ca:c0:d2:
-         16:92:82:3b:47:b4:29:6d:7b:d8:2f:ee:c6:f9:40:93:04:af:
-         37:fc:3e:ff:59:2a:06:95:2d:83:5d:09:7f:7f:68:aa:08:a3:
-         cc:d2:99:77:b0:38:c5:ce:e0:c8:ed:a5:68:b9:3e:be:23:0a:
-         df:f4:8f:58:e1:66:03:4b:c9:92:4e:33:1a:53:38:c1:99:05:
-         c4:ae:95:62:08:c7:c1:c1:1a:d1:88:3f:81:0d:b6:e5:e9:e3:
-         d7:b6:51:13:20:97:49:9f:3a:87:9d:2c:35:a3:9d:55:11:19:
-         a7:32:6d:0b:4d:3b:47:9a:9d:30:39:0a:28:49:a4:38:86:fb:
-         c2:df:e5:aa:f7:db:3f:fd:7e:f2:6e:c7:6c:76:86:07:99:07:
-         25:97:80:39:60:83:49:29:c4:72:68:71:8f:7b:5d:3e:96:ae:
-         04:de:fa:0c
+         32:c7:d4:0a:49:44:1a:cd:e7:d4:d2:3c:9e:5b:aa:47:af:cf:
+         0f:bb:ee:1a:45:fb:5a:63:2f:d2:d4:8f:72:28:db:6a:6b:92:
+         1a:91:3a:45:8e:9b:50:e8:ac:a3:dc:8c:55:f6:69:1b:9e:60:
+         60:24:3d:c1:28:95:a8:11:8c:ec:03:8a:3f:43:fa:f1:c1:35:
+         9c:4c:76:1e:e6:5f:f8:08:4b:e9:f6:31:5b:13:a5:78:e2:37:
+         53:32:55:4b:76:6c:a5:08:e4:4b:74:7e:50:1b:46:25:c1:e8:
+         04:43:f1:a7:9f:6d:2d:be:1b:f2:f8:db:d0:53:ac:3d:1a:50:
+         53:f3:1e:4a:6a:22:89:c0:90:a0:aa:d6:33:e6:68:a9:11:aa:
+         73:a5:04:9e:78:33:ae:0e:dc:70:0e:ef:34:47:7b:88:fa:64:
+         73:72:3d:8f:01:8c:dd:2d:5c:a9:18:e5:5b:d5:2b:e4:44:85:
+         4c:b5:be:4f:89:59:fe:f6:8c:e7:85:d7:89:9b:db:28:e8:43:
+         79:7a:47:5d:c8:4a:d5:00:87:bc:17:41:9c:37:23:61:87:68:
+         71:fa:d8:61:78:2c:c7:fb:04:1c:63:2a:87:c1:e9:83:84:28:
+         f4:df:41:10:ec:2c:52:bc:7e:56:1a:71:8a:e1:ee:b9:f5:3c:
+         00:48:83:36
 -----BEGIN CERTIFICATE-----
 MIIDFDCCAfygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxyb290
-X2NhX2NlcnQwHhcNMTkwNzE4MDkzMTMyWhcNMjkwNzE1MDkzMTMyWjAfMR0wGwYD
+X2NhX2NlcnQwHhcNMTkxMjA1MTI1MzI0WhcNMjkxMjAyMTI1MzI0WjAfMR0wGwYD
 VQQDDBRpbnRlcm1lZGlhdGVfY2FfY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAJw2U+MiAsn6V+gZof6XNGpFVUfpa2A4fk5Lzv2LjcR0Uysbu/Ac
-zlv0SiDYByCKauW9/6DR3WVrzASWRr9xLby7FbxDBCh6B7lSv13xbnRLsWQVrlZw
-OItkoS8HjknbSUK2fyMiEg8hY9B7oCr/ZlEgYETzXLW4tdqy7tUXyDjitxGq+AsF
-onY+V0ub9F577ZdaOirc0+LvZud+bYdybAhK39Kx8hzIT7eWScqb9VusIzdTS7iK
-hM7MLre0yu5L0XH9pPJTa2JtJjUoy7bGi5+mem5bjVb+WwhKLSrw6aVIXc6XjUdg
-bXAQ3OaEa/KYTL6OqNI0uycSnIfyXHvsFekCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
-AwEB/zAdBgNVHQ4EFgQUmIPOdh/It4MbvLfqld1WXe+0UHAwHwYDVR0jBBgwFoAU
-RdqG9od/TYDFlVAy6Ms8NTC9k3EwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB
-CwUAA4IBAQAph0/0Dme+HS+wHs3Iss7Kt6DTtM8RymUFET3DEz2pXfRYG5s2Q0/x
-bQqWTLREBb313mcbUBeWy/n2IgclGYToTxqjmbftje151Sr+/FxdBvEnGs5lqVzK
-wNIWkoI7R7QpbXvYL+7G+UCTBK83/D7/WSoGlS2DXQl/f2iqCKPM0pl3sDjFzuDI
-7aVouT6+Iwrf9I9Y4WYDS8mSTjMaUzjBmQXErpViCMfBwRrRiD+BDbbl6ePXtlET
-IJdJnzqHnSw1o51VERmnMm0LTTtHmp0wOQooSaQ4hvvC3+Wq99s//X7ybsdsdoYH
-mQcll4A5YINJKcRyaHGPe10+lq4E3voM
+ADCCAQoCggEBAKeOth+8D+trdm/afsstHTN5J2tq+9piG/Fth62wGYh7CHlcYX6D
+wiDjnZyJbKmw2dVfcqJnbede3yI+Pjw5GJSvpRn+X1+/jIiJi+LvbIAEqFjYhRc2
+CUYTlKXWxG+UdAEMJYBeOA8V4D8P6UBmWuH8FNXp5VDT8r9KzdXm6lHE4Otlc0pb
+cDWn9TVOmp0ATqOTkysoCvANkC69ucwaZPqxzTvpddGF0ESeWZl3CJBnCNNG/0OJ
+wG+ozd+ojHeGmnKiWrLTfglvjXftwBr3xUosp/Upm3HkYjS66SnESqxPGA+Y83JL
+H/2Byq6ZSQaPdEduSZtE84aI5FdAvDOXsFsCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUMdfsf+c35GftEXFFtyyh53ZsQc8wHwYDVR0jBBgwFoAU
+c169pXSOjMUxkAdgktnXLFevTGcwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB
+CwUAA4IBAQAyx9QKSUQazefU0jyeW6pHr88Pu+4aRftaYy/S1I9yKNtqa5IakTpF
+jptQ6Kyj3IxV9mkbnmBgJD3BKJWoEYzsA4o/Q/rxwTWcTHYe5l/4CEvp9jFbE6V4
+4jdTMlVLdmylCORLdH5QG0YlwegEQ/Gnn20tvhvy+NvQU6w9GlBT8x5KaiKJwJCg
+qtYz5mipEapzpQSeeDOuDtxwDu80R3uI+mRzcj2PAYzdLVypGOVb1SvkRIVMtb5P
+iVn+9oznhdeJm9so6EN5ekddyErVAIe8F0GcNyNhh2hx+thheCzH+wQcYyqHwemD
+hCj030EQ7CxSvH5WGnGK4e659TwASIM2
 -----END CERTIFICATE-----

chrome/test/data/policy/test_certs/ok_cert.pem

@@ -5,76 +5,76 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=root_ca_cert
         Validity
-            Not Before: Jul 18 09:31:32 2019 GMT
-            Not After : Jul 15 09:31:32 2029 GMT
+            Not Before: Dec  5 12:53:23 2019 GMT
+            Not After : Dec  2 12:53:23 2029 GMT
         Subject: CN=127.0.0.1
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 RSA Public-Key: (2048 bit)
                 Modulus:
-                    00:c1:a7:bd:52:43:f9:a9:6b:d6:01:44:93:37:d3:
-                    0c:68:39:f4:5c:05:72:5d:16:34:f1:89:49:25:b8:
-                    05:19:81:8b:a2:cd:97:05:74:b4:97:3e:d1:4b:09:
-                    29:3b:1d:58:50:13:24:92:e1:da:7f:fc:a3:64:78:
-                    14:a0:c3:29:8c:35:56:69:63:fa:a7:4e:10:2c:97:
-                    52:91:30:62:1c:b1:2e:9b:8d:d8:0a:b2:4c:0f:29:
-                    17:8a:47:57:28:31:93:db:b1:71:72:16:cb:e0:9e:
-                    c9:ae:06:de:a4:0e:1c:ed:98:4e:66:02:54:ad:50:
-                    1d:21:9c:68:a3:e2:4c:f6:a8:c6:57:e0:e7:40:62:
-                    91:9d:8c:c8:74:5b:74:94:99:de:14:a8:82:84:32:
-                    14:e8:e4:ed:3e:b4:22:e1:83:54:49:03:9c:35:f0:
-                    8b:cc:0a:bc:a9:2b:0f:9f:e6:cc:5f:2c:56:3c:e6:
-                    e5:c5:11:d7:6d:91:58:c9:c0:0b:28:f5:f3:0e:47:
-                    b3:5c:0f:b9:20:a7:9e:37:e4:19:14:73:52:9c:76:
-                    e3:ef:72:f8:a6:0e:3d:77:a5:6a:03:18:8a:ec:9f:
-                    37:9d:58:f0:77:e9:d0:41:1b:35:23:9a:2f:1c:e0:
-                    26:a7:f3:0b:d5:eb:22:68:b9:66:af:24:35:b7:8b:
-                    7a:af
+                    00:bb:25:90:3d:f7:46:7c:5a:ec:c7:28:37:97:7a:
+                    60:08:e1:89:08:f6:25:2e:4e:24:35:72:7f:3c:f6:
+                    e8:79:6c:b9:da:0e:52:65:5d:3b:89:81:8d:7c:3f:
+                    36:84:30:85:5d:08:e1:05:0e:11:33:7c:e9:bf:7f:
+                    85:78:6c:c9:31:d8:ad:2c:af:41:e5:47:10:b8:06:
+                    a5:99:2a:f1:c3:23:dd:1c:72:2b:3f:bf:46:54:b8:
+                    aa:0d:ee:7b:3e:0c:5b:34:5a:bd:d5:d5:c4:71:cc:
+                    db:25:43:cc:26:31:5a:bf:6a:16:ba:64:de:fb:00:
+                    cd:36:29:9f:0a:e8:e4:7e:df:e4:45:21:9f:05:7e:
+                    be:0c:b1:ad:69:40:87:01:c9:24:42:96:67:38:8d:
+                    26:0e:dc:9e:25:3d:0e:cd:4c:76:01:9e:8a:18:f5:
+                    73:d0:3c:da:7b:b3:98:98:72:3d:f3:8a:c5:df:49:
+                    b9:6e:8c:a1:75:48:4c:92:b3:55:88:43:47:e0:4e:
+                    95:25:23:b4:20:e9:44:33:0e:03:d8:a2:32:8d:49:
+                    ea:a9:e6:b4:a1:82:78:8a:6b:2c:e9:68:ba:d6:63:
+                    d8:ee:ff:52:a9:8a:0b:13:28:cd:39:2b:e3:2a:26:
+                    26:28:d1:6f:3e:c4:da:6d:2b:06:46:e9:8e:fb:ae:
+                    bd:e9
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Subject Key Identifier: 
-                2D:E2:46:99:F3:98:9D:07:A8:32:B5:7D:2B:63:F8:0F:86:EF:37:52
+                A7:D5:9A:CC:0C:F6:64:01:F7:6D:43:C9:88:E8:BB:E0:2C:5B:AB:AB
             X509v3 Authority Key Identifier: 
-                keyid:45:DA:86:F6:87:7F:4D:80:C5:95:50:32:E8:CB:3C:35:30:BD:93:71
+                keyid:73:5E:BD:A5:74:8E:8C:C5:31:90:07:60:92:D9:D7:2C:57:AF:4C:67
 
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Subject Alternative Name: 
                 IP Address:127.0.0.1
     Signature Algorithm: sha256WithRSAEncryption
-         60:e0:7d:c6:c5:95:5b:1a:f2:22:a8:f2:6b:bc:f2:12:72:d5:
-         a5:e2:03:c5:6e:53:70:ea:6c:98:97:18:0b:10:94:21:bf:87:
-         49:16:63:18:d5:b3:08:4d:23:dd:36:98:8e:57:a5:28:55:41:
-         04:c2:e9:5c:58:23:1c:e0:59:68:81:ec:94:74:07:7a:dc:b9:
-         2a:9f:e0:86:42:d1:fa:95:fc:2f:5f:4c:0f:73:70:98:65:6a:
-         24:d7:db:3a:88:e9:62:5a:be:07:e7:53:a1:55:6c:4b:c6:07:
-         bd:05:75:e4:1a:70:c0:df:04:74:36:ec:43:dd:15:4f:2e:a0:
-         ea:d8:4b:f6:cb:56:dc:0f:a5:06:7c:55:11:1e:41:b2:d0:52:
-         a6:61:3a:91:1f:db:3e:a1:0a:c7:e9:11:0a:ad:6b:e8:99:11:
-         64:15:be:ab:c1:6b:5b:03:e4:5d:cb:98:a3:b8:eb:77:b2:3a:
-         71:13:0c:99:bb:58:32:54:87:23:5a:11:c7:e5:b9:79:cc:a2:
-         7f:3d:ec:3a:6f:b0:35:19:82:69:9a:1a:ed:da:ae:f0:4a:b1:
-         c1:60:06:eb:a8:f6:7c:be:64:58:fd:8f:2d:bb:2b:dc:f5:21:
-         cb:14:48:5a:e7:b6:af:fe:04:14:8c:ad:2e:70:7e:ba:fc:a4:
-         da:05:98:f1
+         82:49:5c:d8:42:5e:2f:57:50:2b:a5:8f:36:09:3a:50:6a:54:
+         cc:98:a9:e2:42:31:79:74:18:da:0d:ea:98:2e:fd:3d:74:bd:
+         36:e2:91:83:42:fd:fc:a8:00:e2:ad:5a:70:65:b3:23:8d:9d:
+         63:38:d0:b4:dc:0b:b0:62:16:8f:5e:18:a8:39:d8:bf:aa:07:
+         10:71:26:99:7e:c9:90:22:62:a1:19:1d:37:71:80:16:30:eb:
+         77:92:22:4b:34:84:94:01:83:cc:12:94:c6:80:3e:ce:dd:fb:
+         fb:7a:51:bc:0e:5f:7b:10:c3:bb:4c:f5:67:f8:c2:84:c2:55:
+         1f:28:fe:ce:d5:19:38:d7:39:c3:15:ef:53:8c:c9:3d:97:3e:
+         9f:2a:67:8e:aa:4b:e6:99:e5:2a:b2:ce:0c:2c:a0:d4:dd:e1:
+         41:0b:94:76:ac:48:b5:6e:d4:5c:4f:18:14:48:71:8e:42:94:
+         43:63:27:c5:be:76:b5:2b:5b:90:89:d5:18:08:fc:01:41:ef:
+         b1:62:bc:9b:38:40:20:f3:35:26:f2:a3:3a:35:8f:fb:28:40:
+         3d:4d:a4:a2:ca:a9:b0:3d:b5:9d:39:b4:aa:b0:84:56:2f:21:
+         89:e4:50:0d:91:5d:43:d4:dc:e3:d4:a6:98:dc:9c:80:e8:36:
+         aa:6a:6f:bd
 -----BEGIN CERTIFICATE-----
 MIIDJzCCAg+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxyb290
-X2NhX2NlcnQwHhcNMTkwNzE4MDkzMTMyWhcNMjkwNzE1MDkzMTMyWjAUMRIwEAYD
-VQQDDAkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB
-p71SQ/mpa9YBRJM30wxoOfRcBXJdFjTxiUkluAUZgYuizZcFdLSXPtFLCSk7HVhQ
-EySS4dp//KNkeBSgwymMNVZpY/qnThAsl1KRMGIcsS6bjdgKskwPKReKR1coMZPb
-sXFyFsvgnsmuBt6kDhztmE5mAlStUB0hnGij4kz2qMZX4OdAYpGdjMh0W3SUmd4U
-qIKEMhTo5O0+tCLhg1RJA5w18IvMCrypKw+f5sxfLFY85uXFEddtkVjJwAso9fMO
-R7NcD7kgp5435BkUc1KcduPvcvimDj13pWoDGIrsnzedWPB36dBBGzUjmi8c4Can
-8wvV6yJouWavJDW3i3qvAgMBAAGjgYAwfjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
-BBQt4kaZ85idB6gytX0rY/gPhu83UjAfBgNVHSMEGDAWgBRF2ob2h39NgMWVUDLo
-yzw1ML2TcTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgw
-BocEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAYOB9xsWVWxryIqjya7zyEnLVpeID
-xW5TcOpsmJcYCxCUIb+HSRZjGNWzCE0j3TaYjlelKFVBBMLpXFgjHOBZaIHslHQH
-ety5Kp/ghkLR+pX8L19MD3NwmGVqJNfbOojpYlq+B+dToVVsS8YHvQV15BpwwN8E
-dDbsQ90VTy6g6thL9stW3A+lBnxVER5BstBSpmE6kR/bPqEKx+kRCq1r6JkRZBW+
-q8FrWwPkXcuYo7jrd7I6cRMMmbtYMlSHI1oRx+W5ecyifz3sOm+wNRmCaZoa7dqu
-8EqxwWAG66j2fL5kWP2PLbsr3PUhyxRIWue2r/4EFIytLnB+uvyk2gWY8Q==
+X2NhX2NlcnQwHhcNMTkxMjA1MTI1MzIzWhcNMjkxMjAyMTI1MzIzWjAUMRIwEAYD
+VQQDDAkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7
+JZA990Z8WuzHKDeXemAI4YkI9iUuTiQ1cn889uh5bLnaDlJlXTuJgY18PzaEMIVd
+COEFDhEzfOm/f4V4bMkx2K0sr0HlRxC4BqWZKvHDI90ccis/v0ZUuKoN7ns+DFs0
+Wr3V1cRxzNslQ8wmMVq/aha6ZN77AM02KZ8K6OR+3+RFIZ8Ffr4Msa1pQIcBySRC
+lmc4jSYO3J4lPQ7NTHYBnooY9XPQPNp7s5iYcj3zisXfSblujKF1SEySs1WIQ0fg
+TpUlI7Qg6UQzDgPYojKNSeqp5rShgniKayzpaLrWY9ju/1KpigsTKM05K+MqJiYo
+0W8+xNptKwZG6Y77rr3pAgMBAAGjgYAwfjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
+BBSn1ZrMDPZkAfdtQ8mI6LvgLFurqzAfBgNVHSMEGDAWgBRzXr2ldI6MxTGQB2CS
+2dcsV69MZzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0RBAgw
+BocEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAgklc2EJeL1dQK6WPNgk6UGpUzJip
+4kIxeXQY2g3qmC79PXS9NuKRg0L9/KgA4q1acGWzI42dYzjQtNwLsGIWj14YqDnY
+v6oHEHEmmX7JkCJioRkdN3GAFjDrd5IiSzSElAGDzBKUxoA+zt37+3pRvA5fexDD
+u0z1Z/jChMJVHyj+ztUZONc5wxXvU4zJPZc+nypnjqpL5pnlKrLODCyg1N3hQQuU
+dqxItW7UXE8YFEhxjkKUQ2Mnxb52tStbkInVGAj8AUHvsWK8mzhAIPM1JvKjOjWP
++yhAPU2kosqpsD21nTm0qrCEVi8hieRQDZFdQ9Tc49SmmNycgOg2qmpvvQ==
 -----END CERTIFICATE-----

chrome/test/data/policy/test_certs/ok_cert_by_intermediate.pem

@@ -5,77 +5,77 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN=intermediate_ca_cert
         Validity
-            Not Before: Jul 18 09:31:32 2019 GMT
-            Not After : Jul 15 09:31:32 2029 GMT
+            Not Before: Dec  5 12:53:24 2019 GMT
+            Not After : Dec  2 12:53:24 2029 GMT
         Subject: CN=127.0.0.1
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 RSA Public-Key: (2048 bit)
                 Modulus:
-                    00:ca:5f:9b:3c:f8:4c:20:81:be:60:70:72:92:88:
-                    45:52:1b:bb:3f:12:5a:83:cb:d1:88:78:e9:c3:85:
-                    e1:2d:64:11:4c:b6:9c:36:2e:e7:a7:c1:89:5e:e2:
-                    d9:cc:a6:76:50:c5:fc:6a:58:e4:7c:d9:70:c9:1a:
-                    64:5c:32:41:91:1a:05:e9:21:59:2b:38:65:d0:d5:
-                    54:3a:95:a3:ad:07:de:4f:6b:c6:61:cc:90:50:12:
-                    e0:91:bd:3a:73:61:4b:5b:f0:9c:c3:54:bd:70:db:
-                    72:db:58:18:89:98:07:bf:77:aa:e6:44:9b:09:df:
-                    f1:c6:21:4d:0e:52:e0:a4:62:c5:49:6c:44:ea:c3:
-                    2c:8d:6f:45:5e:85:4a:78:98:cf:79:99:b0:71:08:
-                    95:43:58:ca:7b:c3:28:88:da:f9:78:3e:b6:cf:aa:
-                    f0:20:55:7e:55:7d:4a:72:e4:51:d6:c3:a8:f5:06:
-                    48:3c:08:2b:c1:88:bb:07:c9:ef:a5:f4:3b:93:cd:
-                    5f:d5:3f:c4:f2:ec:67:61:9e:ee:0e:51:65:0a:22:
-                    df:33:57:d7:17:63:06:ba:b8:ff:90:38:96:02:41:
-                    99:53:58:fd:31:7e:64:75:94:10:d4:23:a7:a4:2b:
-                    87:f7:78:6d:bd:99:91:40:4d:c6:7c:5f:6b:61:ca:
-                    e5:5b
+                    00:bc:29:79:d8:52:a4:4a:25:70:67:e4:46:b9:f4:
+                    14:2a:25:8c:5d:ec:34:9d:a7:fb:aa:ac:b8:c3:f2:
+                    16:e2:d4:08:e4:12:44:f6:f8:2a:db:ee:f1:00:69:
+                    9f:fd:31:31:be:f9:de:aa:66:a8:d9:76:54:f4:0e:
+                    75:27:8c:07:c1:ea:0b:08:ad:26:c5:28:59:4d:b1:
+                    56:30:8e:36:8d:7d:c6:90:87:ca:51:65:39:2b:43:
+                    b8:a2:44:a8:b2:06:c7:5e:3e:aa:2a:8f:80:a8:9d:
+                    4b:67:f8:59:ea:50:7e:f6:ef:c1:18:25:ae:9d:46:
+                    93:3e:5a:63:03:96:0d:ab:ce:16:7f:bc:fe:1c:73:
+                    c2:92:3c:38:c5:be:83:de:5a:b1:6a:44:7b:4e:9b:
+                    73:33:c5:94:ab:36:c5:a4:81:4e:c9:c2:f6:4b:da:
+                    5d:c7:86:c4:73:a7:74:4d:92:05:f9:01:70:ed:c4:
+                    10:89:40:74:e8:66:02:63:8a:d8:77:d8:52:80:a0:
+                    81:67:e3:a9:f2:e1:91:2c:cf:9a:31:c1:17:03:78:
+                    b2:b9:12:7c:ec:6e:a3:bf:25:50:ed:5b:c9:c2:64:
+                    b1:09:98:45:d9:34:2a:56:6d:1d:9d:e1:ce:86:f2:
+                    d7:10:82:43:b0:e2:e3:a1:bb:aa:c7:e0:87:97:b6:
+                    2e:5f
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Subject Key Identifier: 
-                4C:5B:DC:F0:80:9E:D8:80:BB:72:FB:C5:DD:24:AF:FA:E7:CD:D4:8B
+                58:D5:57:94:63:04:1A:FD:AB:E6:35:8E:E3:30:65:D8:9A:6B:AF:DD
             X509v3 Authority Key Identifier: 
-                keyid:98:83:CE:76:1F:C8:B7:83:1B:BC:B7:EA:95:DD:56:5D:EF:B4:50:70
+                keyid:31:D7:EC:7F:E7:37:E4:67:ED:11:71:45:B7:2C:A1:E7:76:6C:41:CF
 
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Subject Alternative Name: 
                 IP Address:127.0.0.1
     Signature Algorithm: sha256WithRSAEncryption
-         0c:ee:3f:14:8b:82:f8:eb:ad:ba:8e:2d:47:41:98:8f:27:b8:
-         33:c7:8e:4b:c3:0d:d5:40:0e:18:cc:a6:81:57:71:01:0f:55:
-         05:27:dc:5e:bf:81:cb:a7:6d:e2:a2:bd:04:4e:ce:f8:da:0e:
-         cb:6e:ab:ca:11:1e:19:43:51:f8:ae:a9:7d:f6:39:39:9d:88:
-         e4:3b:90:0b:0e:32:96:15:54:97:16:33:ca:38:dd:1b:c0:f8:
-         b6:66:2f:10:06:ed:c3:67:2c:a8:b9:df:d6:22:31:1a:9e:b9:
-         63:a3:f2:48:db:18:1a:42:65:dd:e0:2f:7d:12:77:bf:a7:c2:
-         49:0c:64:55:87:6d:28:c5:a9:07:e4:f7:4e:de:86:2b:ca:24:
-         9e:16:cd:31:8a:73:bf:15:bb:f1:f2:db:54:e9:e4:93:9d:a3:
-         17:82:a5:c1:ed:a4:0e:51:72:57:12:e6:7b:86:1c:81:ce:98:
-         b9:81:56:cd:be:6e:27:aa:14:a8:0e:f2:aa:10:38:5b:61:fc:
-         6d:bb:0a:74:c5:e8:89:6e:56:42:7d:8d:f5:0d:2d:79:b4:93:
-         2a:1a:4f:37:d2:06:2b:1f:19:93:3e:08:a0:99:8d:fe:d3:25:
-         cc:4b:eb:bb:71:6c:5c:c6:67:a8:37:48:54:f8:6a:7f:15:ef:
-         94:15:c5:1b
+         4e:f3:61:77:56:38:53:56:ba:ec:e0:6d:3b:71:c5:cb:1d:35:
+         ff:55:79:17:c8:26:ec:ce:3e:8d:b8:86:b8:97:8a:e3:b0:d3:
+         17:25:72:17:e0:c5:d1:69:5b:30:62:37:4f:94:31:ee:e0:03:
+         84:16:51:27:0d:63:f2:bb:2a:de:d9:7a:03:78:eb:37:2e:1b:
+         bf:90:4a:48:0f:f8:da:c6:1d:4c:5c:e6:18:6e:8d:e4:24:43:
+         54:ab:69:f1:3c:2f:1a:f3:7d:d7:17:14:1d:2e:3e:e1:35:45:
+         a2:db:30:38:f3:c6:d7:30:c4:75:41:e6:53:8f:38:5e:2b:94:
+         0e:b7:30:81:c9:93:72:ba:51:80:cd:1f:cc:16:8d:7c:ae:4f:
+         a6:73:c1:8a:da:f2:e3:67:bc:ea:a0:64:a3:21:ca:fb:b1:85:
+         f8:42:ba:b8:84:ca:8b:5f:08:64:a3:00:a6:80:ad:72:51:58:
+         9e:74:d2:4a:c5:c8:a0:c9:22:a9:d4:6a:cc:8f:1b:0b:d6:66:
+         17:0a:25:19:0c:d6:36:b6:19:e1:4b:b6:06:48:30:3c:00:c6:
+         37:ae:52:8a:e1:30:cd:68:1d:b6:d8:a3:e1:35:cf:67:fb:e8:
+         c5:50:64:4d:1a:79:e9:49:a6:55:a5:08:3f:cf:31:cd:e8:92:
+         a1:13:03:61
 -----BEGIN CERTIFICATE-----
 MIIDLzCCAhegAwIBAgIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRpbnRl
-cm1lZGlhdGVfY2FfY2VydDAeFw0xOTA3MTgwOTMxMzJaFw0yOTA3MTUwOTMxMzJa
+cm1lZGlhdGVfY2FfY2VydDAeFw0xOTEyMDUxMjUzMjRaFw0yOTEyMDIxMjUzMjRa
 MBQxEjAQBgNVBAMMCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAMpfmzz4TCCBvmBwcpKIRVIbuz8SWoPL0Yh46cOF4S1kEUy2nDYu56fB
-iV7i2cymdlDF/GpY5HzZcMkaZFwyQZEaBekhWSs4ZdDVVDqVo60H3k9rxmHMkFAS
-4JG9OnNhS1vwnMNUvXDbcttYGImYB793quZEmwnf8cYhTQ5S4KRixUlsROrDLI1v
-RV6FSniYz3mZsHEIlUNYynvDKIja+Xg+ts+q8CBVflV9SnLkUdbDqPUGSDwIK8GI
-uwfJ76X0O5PNX9U/xPLsZ2Ge7g5RZQoi3zNX1xdjBrq4/5A4lgJBmVNY/TF+ZHWU
-ENQjp6Qrh/d4bb2ZkUBNxnxfa2HK5VsCAwEAAaOBgDB+MAwGA1UdEwEB/wQCMAAw
-HQYDVR0OBBYEFExb3PCAntiAu3L7xd0kr/rnzdSLMB8GA1UdIwQYMBaAFJiDznYf
-yLeDG7y36pXdVl3vtFBwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAP
-BgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQAM7j8Ui4L46626ji1H
-QZiPJ7gzx45Lww3VQA4YzKaBV3EBD1UFJ9xev4HLp23ior0ETs742g7LbqvKER4Z
-Q1H4rql99jk5nYjkO5ALDjKWFVSXFjPKON0bwPi2Zi8QBu3DZyyoud/WIjEanrlj
-o/JI2xgaQmXd4C99Ene/p8JJDGRVh20oxakH5PdO3oYryiSeFs0xinO/Fbvx8ttU
-6eSTnaMXgqXB7aQOUXJXEuZ7hhyBzpi5gVbNvm4nqhSoDvKqEDhbYfxtuwp0xeiJ
-blZCfY31DS15tJMqGk830gYrHxmTPgigmY3+0yXMS+u7cWxcxmeoN0hU+Gp/Fe+U
-FcUb
+AQoCggEBALwpedhSpEolcGfkRrn0FColjF3sNJ2n+6qsuMPyFuLUCOQSRPb4Ktvu
+8QBpn/0xMb753qpmqNl2VPQOdSeMB8HqCwitJsUoWU2xVjCONo19xpCHylFlOStD
+uKJEqLIGx14+qiqPgKidS2f4WepQfvbvwRglrp1Gkz5aYwOWDavOFn+8/hxzwpI8
+OMW+g95asWpEe06bczPFlKs2xaSBTsnC9kvaXceGxHOndE2SBfkBcO3EEIlAdOhm
+AmOK2HfYUoCggWfjqfLhkSzPmjHBFwN4srkSfOxuo78lUO1bycJksQmYRdk0KlZt
+HZ3hzoby1xCCQ7Di46G7qsfgh5e2Ll8CAwEAAaOBgDB+MAwGA1UdEwEB/wQCMAAw
+HQYDVR0OBBYEFFjVV5RjBBr9q+Y1juMwZdiaa6/dMB8GA1UdIwQYMBaAFDHX7H/n
+N+Rn7RFxRbcsoed2bEHPMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAP
+BgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQBO82F3VjhTVrrs4G07
+ccXLHTX/VXkXyCbszj6NuIa4l4rjsNMXJXIX4MXRaVswYjdPlDHu4AOEFlEnDWPy
+uyre2XoDeOs3Lhu/kEpID/jaxh1MXOYYbo3kJENUq2nxPC8a833XFxQdLj7hNUWi
+2zA488bXMMR1QeZTjzheK5QOtzCByZNyulGAzR/MFo18rk+mc8GK2vLjZ7zqoGSj
+Icr7sYX4Qrq4hMqLXwhkowCmgK1yUViedNJKxcigySKp1GrMjxsL1mYXCiUZDNY2
+thnhS7YGSDA8AMY3rlKK4TDNaB222KPhNc9n++jFUGRNGnnpSaZVpQg/zzHN6JKh
+EwNh
 -----END CERTIFICATE-----

chrome/test/data/policy/test_certs/root-ca-cert.onc

@@ -6,7 +6,7 @@
         "Web"
       ],
       "Type": "Authority",
-      "X509": "-----BEGIN CERTIFICATE-----\nMIIDHzCCAgegAwIBAgIUJLWhYT+PJvUgeZizw0izp52er80wDQYJKoZIhvcNAQEL\nBQAwFzEVMBMGA1UEAwwMcm9vdF9jYV9jZXJ0MB4XDTE5MDcxODA5MzEzMloXDTI5\nMDcxNTA5MzEzMlowFzEVMBMGA1UEAwwMcm9vdF9jYV9jZXJ0MIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo37DFPkSWcQIZxagGvXo3kkifLFGMiZpc3Uu\nMpphoREUuXqueWRMox6swKqbdOCYsY4M49VHO2NdoFYbYpT8mEsUZpIin7unkHF6\njzjDsTRiZ0t+DRsjeovWkT4Fwh/XXx4U35G5EuI5Qt2hJey3KcJ6BVWk5xLAq8/P\nqFPK9JniZ+wBCUgHK1gGL3F10sViL4v+tairCmSsuBdT0cAJuKsnbzMfeh0P9fHm\nNcKHQJtsNyIbHeBL4HEFfufO+AMxuliFettB/pDujOtJpL4eXjqHZBw3ts2PzlNi\n56Poq3kUZ0UStgE0QYbdUBklT2KrgSosBsft1SIEKKPf3k2+bwIDAQABo2MwYTAP\nBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF2ob2h39NgMWVUDLoyzw1ML2TcTAf\nBgNVHSMEGDAWgBRF2ob2h39NgMWVUDLoyzw1ML2TcTAOBgNVHQ8BAf8EBAMCAQYw\nDQYJKoZIhvcNAQELBQADggEBAIjYnEiCmL3p316XN4NSKY9HV/V5osva5bxNEaNV\nLx1SFy1nm3YSD9DyWJsCmWwgFD4clmQ3q3pdEVu62QpnLCewCK0jVQjILEUKEfJ2\nrWKLnOQrtvcu+9gvJyVOcov90KOxbN3ND020/ajgJuGsb3g8tYEI1p2Pm15VLb7d\nRtTTFC9G/58Qq7Rg5vyuqAElJRcS07eXETMOdjEysNTpWW5zuaYTyHvMXs++DLnL\nYjZ4o/BKZ3plUv1jDTtL5axekZBPAmW975eJDXXod7QdzriLYI3N4JGf+02Ngv7e\nxceDsJGBxEaWK2u7Jy1jQ+ZSUFCG4hH/XihkrsnxvMRj+Ao=\n-----END CERTIFICATE-----\n"
+      "X509": "-----BEGIN CERTIFICATE-----\nMIIDHzCCAgegAwIBAgIUKb0vi5cSMIah3JFznmml8NFDPSkwDQYJKoZIhvcNAQEL\nBQAwFzEVMBMGA1UEAwwMcm9vdF9jYV9jZXJ0MB4XDTE5MTIwNTEyNTMyM1oXDTI5\nMTIwMjEyNTMyM1owFzEVMBMGA1UEAwwMcm9vdF9jYV9jZXJ0MIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1JobSyZGOXzNARok+UMWTWJ0PEkXb7qWYGB\nv6eWuEBvUywCUyq8D29qzWGBc2JW3KdI5l8WRoQ2WPfo6+3MHVht13gzN0icAMTW\naQKedk+b6dcQZVESEPFHF8m47iEfQEsoF2RvlYIN/WQuYxAcf0SJFfsgq1A7St94\n0nO3gl5RNjLtFBpTIGyri/SmD1/EEyD3J2XFPGLtVYQH65c8m7kNDuHQawBvEAnv\nAlEsXxNUeqVg887UdkhG4N8i3ULvzI1QZX0WzugCrQX9XCG1w7txzmYKfIYPa2zP\nG7p+MjdEflahrXNCbLnnD7nALUJ3zgRRxZ3ZleUdSDv71bU2fwIDAQABo2MwYTAP\nBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRzXr2ldI6MxTGQB2CS2dcsV69MZzAf\nBgNVHSMEGDAWgBRzXr2ldI6MxTGQB2CS2dcsV69MZzAOBgNVHQ8BAf8EBAMCAQYw\nDQYJKoZIhvcNAQELBQADggEBALVxM5T4JYxv8X8vG/tNRpdStkQUFWSQVDuwjEVx\nbg3DMmR+OT8N4UGwgkzz/wC6VCiNKUStfjtu3vbA98qKykEpBI5G973JZdLNqZuz\nJJxsG1lsma+dHLMFJV8LCYQAjYMTlD9YgJezL0B5jbquOxCXSTbzSuyzIvjyMSZk\nQsxxNsKuGuvdXm8Nd2zOzIixibOsd3kYRAkqLTG5QBm0K6Bt+jdYkGrh8WbFIAZr\nNZ8WwHnPI0DAYwSNrCfx9ofBMoaWa3vxf64rO4+A/snJ4RTEN+Jj+F5anDgTnK9S\nhjk7IYiGv73aNhOZ5wQSsJQAEWdE/h6oeXR2T946XOJIcGI=\n-----END CERTIFICATE-----\n"
     }
   ],
   "Type": "UnencryptedConfiguration"

chrome/test/data/policy/test_certs/root_ca_cert.pem

 -----BEGIN CERTIFICATE-----
-MIIDHzCCAgegAwIBAgIUJLWhYT+PJvUgeZizw0izp52er80wDQYJKoZIhvcNAQEL
-BQAwFzEVMBMGA1UEAwwMcm9vdF9jYV9jZXJ0MB4XDTE5MDcxODA5MzEzMloXDTI5
-MDcxNTA5MzEzMlowFzEVMBMGA1UEAwwMcm9vdF9jYV9jZXJ0MIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo37DFPkSWcQIZxagGvXo3kkifLFGMiZpc3Uu
-MpphoREUuXqueWRMox6swKqbdOCYsY4M49VHO2NdoFYbYpT8mEsUZpIin7unkHF6
-jzjDsTRiZ0t+DRsjeovWkT4Fwh/XXx4U35G5EuI5Qt2hJey3KcJ6BVWk5xLAq8/P
-qFPK9JniZ+wBCUgHK1gGL3F10sViL4v+tairCmSsuBdT0cAJuKsnbzMfeh0P9fHm
-NcKHQJtsNyIbHeBL4HEFfufO+AMxuliFettB/pDujOtJpL4eXjqHZBw3ts2PzlNi
-56Poq3kUZ0UStgE0QYbdUBklT2KrgSosBsft1SIEKKPf3k2+bwIDAQABo2MwYTAP
-BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF2ob2h39NgMWVUDLoyzw1ML2TcTAf
-BgNVHSMEGDAWgBRF2ob2h39NgMWVUDLoyzw1ML2TcTAOBgNVHQ8BAf8EBAMCAQYw
-DQYJKoZIhvcNAQELBQADggEBAIjYnEiCmL3p316XN4NSKY9HV/V5osva5bxNEaNV
-Lx1SFy1nm3YSD9DyWJsCmWwgFD4clmQ3q3pdEVu62QpnLCewCK0jVQjILEUKEfJ2
-rWKLnOQrtvcu+9gvJyVOcov90KOxbN3ND020/ajgJuGsb3g8tYEI1p2Pm15VLb7d
-RtTTFC9G/58Qq7Rg5vyuqAElJRcS07eXETMOdjEysNTpWW5zuaYTyHvMXs++DLnL
-YjZ4o/BKZ3plUv1jDTtL5axekZBPAmW975eJDXXod7QdzriLYI3N4JGf+02Ngv7e
-xceDsJGBxEaWK2u7Jy1jQ+ZSUFCG4hH/XihkrsnxvMRj+Ao=
+MIIDHzCCAgegAwIBAgIUKb0vi5cSMIah3JFznmml8NFDPSkwDQYJKoZIhvcNAQEL
+BQAwFzEVMBMGA1UEAwwMcm9vdF9jYV9jZXJ0MB4XDTE5MTIwNTEyNTMyM1oXDTI5
+MTIwMjEyNTMyM1owFzEVMBMGA1UEAwwMcm9vdF9jYV9jZXJ0MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1JobSyZGOXzNARok+UMWTWJ0PEkXb7qWYGB
+v6eWuEBvUywCUyq8D29qzWGBc2JW3KdI5l8WRoQ2WPfo6+3MHVht13gzN0icAMTW
+aQKedk+b6dcQZVESEPFHF8m47iEfQEsoF2RvlYIN/WQuYxAcf0SJFfsgq1A7St94
+0nO3gl5RNjLtFBpTIGyri/SmD1/EEyD3J2XFPGLtVYQH65c8m7kNDuHQawBvEAnv
+AlEsXxNUeqVg887UdkhG4N8i3ULvzI1QZX0WzugCrQX9XCG1w7txzmYKfIYPa2zP
+G7p+MjdEflahrXNCbLnnD7nALUJ3zgRRxZ3ZleUdSDv71bU2fwIDAQABo2MwYTAP
+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRzXr2ldI6MxTGQB2CS2dcsV69MZzAf
+BgNVHSMEGDAWgBRzXr2ldI6MxTGQB2CS2dcsV69MZzAOBgNVHQ8BAf8EBAMCAQYw
+DQYJKoZIhvcNAQELBQADggEBALVxM5T4JYxv8X8vG/tNRpdStkQUFWSQVDuwjEVx
+bg3DMmR+OT8N4UGwgkzz/wC6VCiNKUStfjtu3vbA98qKykEpBI5G973JZdLNqZuz
+JJxsG1lsma+dHLMFJV8LCYQAjYMTlD9YgJezL0B5jbquOxCXSTbzSuyzIvjyMSZk
+QsxxNsKuGuvdXm8Nd2zOzIixibOsd3kYRAkqLTG5QBm0K6Bt+jdYkGrh8WbFIAZr
+NZ8WwHnPI0DAYwSNrCfx9ofBMoaWa3vxf64rO4+A/snJ4RTEN+Jj+F5anDgTnK9S
+hjk7IYiGv73aNhOZ5wQSsJQAEWdE/h6oeXR2T946XOJIcGI=
 -----END CERTIFICATE-----