security_RootCA: Format baseline for easier updates
Having a consistent format makes it easier to see the diffs of
programmatic updates. This CL adds a python script that can be run to
re-format an updated baseline, re-formats the current baseline with it,
adds another python script that can be used to update the baseline with
new openssl roots (can be useful at the time of updating
app-misc/ca-certificates), and removes the old bash script seemed to
exist for the same purpose, but was hard to read and extend.
BUG=b:78572490
TEST=The test still passes with the reformatted baseline
Change-Id: I01ab2a99354f340e6f1017ad2fe95f95e9a53e86
Reviewed-on: https://chromium-review.googlesource.com/1083225
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Daniel Wang <wonderfly@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
diff --git a/client/site_tests/security_RootCA/add-openssl-roots.sh b/client/site_tests/security_RootCA/add-openssl-roots.sh
deleted file mode 100755
index 23aac80..0000000
--- a/client/site_tests/security_RootCA/add-openssl-roots.sh
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/sh
-# Usage: add-openssl-roots.sh <roots dir> <baseline file>
-
-# Strip all openssl entries
-sed -i -e '/openssl/d' "$2"
-sed -i -e 's/both/nss/' "$2"
-
-# Re-add them as needed
-fingerprints=$(for x in "$1"/*.pem; do \
- openssl x509 -in "$x" -noout -fingerprint | cut -f2 -d=; \
- done)
-for x in $fingerprints; do
- if grep -q "nss $x" "$2"; then
- sed -i -e "s/nss $x/both $x/" "$2"
- fi
- if grep -qE "(both|openssl) $x" "$2"; then
- continue
- fi
- echo "openssl $x" >> "$2"
-done
-
-# Re-sort the file
-mv "$2" "$2.tmp"
-sort "$2.tmp" > "$2"
-rm "$2.tmp"
diff --git a/client/site_tests/security_RootCA/baseline b/client/site_tests/security_RootCA/baseline
index d951aca..fe73c77 100644
--- a/client/site_tests/security_RootCA/baseline
+++ b/client/site_tests/security_RootCA/baseline
@@ -1,415 +1,212 @@
-{"both": {
- "02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68":
- "AddTrust External Root",
- "03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD":
- "GeoTrust Primary Certification Authority - G3",
- "04:83:ED:33:99:AC:36:08:05:87:22:ED:BC:5E:46:00:E3:BE:F9:D7":
- "UTN USERFirst Hardware Root CA",
- "05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43":
- "DigiCert Assured ID Root CA",
- "06:08:3F:59:3F:15:A1:04:A0:69:A4:6B:A9:03:D0:06:B7:97:09:91":
- "NetLock Arany (Class Gold) Főtanúsítvány",
- "07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E":
- "Certum Trusted Network CA",
- "13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6":
- "Verisign Class 3 Public Primary Certification Authority - G3",
- "1B:4B:39:61:26:27:6B:64:91:A2:68:6D:D7:02:43:21:2D:1F:1D:96":
- "TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3",
- "1F:49:14:F7:D8:74:95:1D:DD:AE:02:C0:BE:FD:3A:2D:82:75:51:85":
- "QuoVadis Root CA 3",
- "22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A":
- "VeriSign Class 3 Public Primary Certification Authority - G4",
- "27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4":
- "Go Daddy Class 2 CA",
- "29:36:21:02:8B:20:ED:02:F5:66:C5:32:D1:D6:ED:90:9F:45:00:2F":
- "AffirmTrust Networking",
- "2A:B6:28:48:5E:78:FB:F3:AD:9E:79:10:DD:6B:DF:99:72:2C:96:E5":
- "AddTrust Public Services Root",
- "2E:14:DA:EC:28:F0:FA:1E:8E:38:9A:4E:AB:EB:26:C0:0A:D3:83:C3":
- "Certinomis - Autorité Racine",
- "2F:78:3D:25:52:18:A7:4A:65:39:71:B5:2C:A2:9C:45:15:6F:E9:19":
- "Izenpe.com",
- "31:F1:FD:68:22:63:20:EE:C6:3B:3F:9D:EA:4A:3E:53:7C:7C:39:17":
- "StartCom Certification Authority G2",
- "32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96":
- "GeoTrust Primary Certification Authority",
- "33:9B:6B:14:50:24:9B:55:7A:01:87:72:84:D9:E0:2F:C3:D2:D8:E9":
- "Camerfirma Global Chambersign Root",
- "36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54":
- "VeriSign Universal Root Certification Authority",
- "36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7":
- "Security Communication Root CA",
- "37:9A:19:7B:41:85:45:35:0C:A6:03:69:F3:3C:2E:AF:47:4F:20:79":
- "GeoTrust Universal CA 2",
- "37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27":
- "Sonera Class 2 Root CA",
- "3B:C0:38:0B:33:C3:F6:A6:0C:86:15:22:93:D9:DF:F5:4B:81:C0:04":
- "Trustis FPS Root CA",
- "3B:C4:9F:48:F8:F3:73:A0:9C:1E:BD:F8:5B:B1:C3:65:C7:D8:11:B3":
- "SecureSign RootCA11",
- "3A:44:73:5A:E5:81:90:1F:24:86:61:46:1E:3B:9C:C4:5F:F5:3A:1B":
- "Secure Global CA",
- "3E:2B:F7:F2:03:1B:96:F3:8C:E6:C4:D8:A8:5D:3E:2D:58:47:6A:0F":
- "StartCom Ltd.",
- "40:54:DA:6F:1C:3F:40:74:AC:ED:0F:EC:CD:DB:79:D1:53:FB:90:1D":
- "DST ACES CA X6",
- "47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B":
- "Go Daddy Root Certificate Authority - G2",
- "49:0A:75:74:DE:87:0A:47:FE:58:EE:F6:C7:6B:EB:C6:0B:12:40:99":
- "Buypass Class 2 Root CA",
- "4A:65:D5:F4:1D:EF:39:B8:B8:90:4A:4A:D3:64:81:33:CF:C7:A1:D1":
- "Comodo Secure Services root",
- "4A:BD:EE:EC:95:0D:35:9C:89:AE:C7:52:A1:2C:5B:29:F6:D6:AA:0C":
- "Global Chambersign Root - 2008",
- "4D:23:78:EC:91:95:39:B5:00:7F:75:8F:03:3B:21:1E:C5:4D:8B:CF":
- "AddTrust Qualified Certificates Root",
- "4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5":
- "VeriSign Class 3 Public Primary Certification Authority - G5",
- "55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1":
- "T-TeleSec GlobalRoot Class 3",
- "59:22:A1:E1:5A:EA:16:35:21:F8:98:39:6A:46:46:B0:44:1B:0F:A9":
- "OISTE WISeKey Global Root GA CA",
- "59:AF:82:79:91:86:C7:B4:75:07:CB:CF:03:57:46:EB:04:DD:B7:16":
- "Staat der Nederlanden Root CA - G2",
- "5F:3A:FC:0A:8B:64:F6:86:67:34:74:DF:7E:A9:A2:FE:F9:FA:7A:51":
- "Swisscom Root CA 1",
- "5F:3B:8C:F2:F8:10:B3:7D:78:B4:CE:EC:19:19:C3:73:34:B9:C7:74":
- "Security Communication RootCA2",
- "5F:43:E5:B1:BF:F8:78:8C:AC:1C:C7:CA:4A:9A:C6:22:2B:CC:34:C6":
- "Cybertrust Global Root",
- "5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25":
- "DigiCert High Assurance EV Root CA",
- "62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18":
- "Certum Root CA",
- "66:31:BF:9E:F7:4F:9E:B6:C9:D5:A6:0C:BA:6A:BE:D1:F7:BD:EF:7B":
- "COMODO Certification Authority",
- "67:65:0D:F1:7E:8E:7E:5B:82:40:A4:F4:56:4B:CF:E2:3D:69:C6:F0":
- "ePKI Root Certification Authority",
- "6E:3A:55:A4:19:0C:19:5C:93:84:3C:C0:DB:72:2E:31:30:61:F0:B1":
- "Camerfirma Chambers of Commerce Root",
- "70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62":
- "Visa eCommerce Root",
- "74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB":
- "Certplus Class 2 Primary CA",
- "74:F8:A3:C3:EF:E7:B3:90:06:4B:83:90:3C:21:64:60:20:E5:DF:CE":
- "Network Solutions Certificate Authority",
- "75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE":
- "GlobalSign Root CA - R2",
- "78:6A:74:AC:76:AB:14:7F:9C:6A:30:50:BA:9E:A8:7E:FE:9A:CE:3C":
- "Chambers of Commerce Root - 2008",
- "85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF":
- "Deutsche Telekom Root CA 2",
- "87:82:C6:C3:04:35:3B:CF:D2:96:92:D2:59:3E:7D:44:D9:34:FF:11":
- "SecureTrust CA",
- "89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E":
- "Microsec e-Szigno Root CA 2009",
- "8B:AF:4C:9B:1D:F0:2A:92:F7:DA:12:8E:B9:1B:AC:F4:98:60:4B:6F":
- "CNNIC ROOT",
- "8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0":
- "GeoTrust Primary Certification Authority - G2",
- "91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81":
- "thawte Primary Root CA",
- "92:5A:8F:8D:2C:6D:04:E0:66:5F:59:6A:FF:22:D8:63:E8:25:6F:3F":
- "Starfield Services Root Certificate Authority - G2",
- "9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB":
- "SwissSign Silver CA - G2",
- "9F:74:4E:9F:2B:4D:BA:EC:0F:31:2C:50:B6:56:3B:8E:2D:93:C3:11":
- "COMODO ECC Certification Authority",
- "A3:F1:33:3F:E2:42:BF:CF:C5:D1:4E:8F:39:42:98:40:68:10:D1:A0":
- "StartCom Certification Authority",
- "A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36":
- "DigiCert Global Root CA",
- "A9:E9:78:08:14:37:58:88:F2:05:19:B0:6D:2B:0D:2B:60:16:90:7D":
- "GeoTrust Global CA 2",
- "AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12":
- "thawte Primary Root CA - G2",
- "AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A":
- "Starfield Class 2 CA",
- "AE:C5:FB:3F:C8:E1:BF:C4:E5:4F:03:07:5A:9A:E8:00:B7:F7:B6:FA":
- "Autoridad de Certificacion Firmaprofesional CIF A62634068",
- "B1:2E:13:63:45:86:A4:6F:1A:B2:60:68:37:58:2D:C4:AC:FD:94:97":
- "Certigna",
- "B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C":
- "GlobalSign Root CA",
- "B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9":
- "Entrust Root Certification Authority",
- "B5:1C:06:7C:EE:2B:0C:3D:F8:55:AB:2D:92:F4:FE:39:D4:E7:0F:0E":
- "Starfield Root Certificate Authority - G2",
- "B8:01:86:D1:EB:9C:86:A5:41:04:CF:30:54:F3:4C:52:B7:E5:58:C6":
- "XRamp Global CA Root",
- "B8:23:6B:00:2F:1D:16:86:53:01:55:6C:11:A4:37:CA:EB:FF:C3:BB":
- "AffirmTrust Premium ECC",
- "C9:A8:B9:E7:55:80:5E:58:E3:53:77:A7:25:EB:AF:C3:7B:27:CC:D7":
- "EE Certification Centre Root CA",
- "CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7":
- "QuoVadis Root CA 2",
- "CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D":
- "AddTrust Low-Value Services Root",
- "CF:9E:87:6D:D3:EB:FC:42:26:97:A3:B5:A3:7A:A0:76:A9:06:23:48":
- "TWCA Root Certification Authority",
- "D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49":
- "Comodo AAA Services root",
- "D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74":
- "Baltimore CyberTrust Root",
- "D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD":
- "GlobalSign Root CA - R3",
- "D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58":
- "Hongkong Post Root CA 1",
- "D8:A6:33:2C:E0:03:6F:B1:85:F6:63:4F:7D:6A:06:65:26:32:28:27":
- "AffirmTrust Premium",
- "D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61":
- "SwissSign Gold CA - G2",
- "DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13":
- "DST Root CA X3",
- "DA:FA:F7:FA:66:84:EC:06:8F:14:50:BD:C7:C2:81:A5:BC:A9:64:57":
- "Buypass Class 3 Root CA",
- "DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12":
- "GeoTrust Global CA",
- "DE:3F:40:BD:50:93:D3:9B:6C:60:F6:DA:BC:07:62:01:00:89:76:C9":
- "QuoVadis Root CA",
- "E0:B4:32:2E:B2:F6:A5:68:B6:54:53:84:48:18:4A:50:36:87:43:84":
- "ACEDICOM Root",
- "E1:9F:E3:0E:8B:84:60:9E:80:9B:17:0D:72:A8:C5:BA:6E:14:09:BD":
- "Comodo Trusted Services root",
- "E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79":
- "GeoTrust Universal CA",
- "F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2":
- "thawte Primary Root CA - G3",
- "F3:73:B3:87:06:5A:28:84:8A:F2:F3:4A:CE:19:2B:DD:C7:8E:9C:AC":
- "Actalis Authentication Root CA",
- "F4:8B:11:BF:DE:AB:BE:94:54:20:71:E6:41:DE:6B:BE:88:2B:40:B9":
- "Taiwan GRCA",
- "F9:B5:B6:32:45:5F:9C:BE:EC:57:5F:80:DC:E9:6E:2C:C7:B2:78:B7":
- "AffirmTrust Commercial",
- "FA:B7:EE:36:97:26:62:FB:2D:B0:2A:F6:BF:03:FD:E8:7C:4B:2F:9B":
- "certSIGN ROOT CA",
- "FE:45:65:9B:79:03:5B:98:A1:61:B5:51:2E:AC:DA:58:09:48:22:4D":
- "Hellenic Academic and Research Institutions RootCA 2011",
- "FE:B8:C4:32:DC:F9:76:9A:CE:AE:3D:D8:90:8F:FD:28:86:65:64:7D":
- "Security Communication EV RootCA1"
- },
- "nss": {
- "28:90:3A:63:5B:52:80:FA:E6:77:4C:0B:6D:A7:D6:BA:A6:4A:F2:E8":
- "EC-ACC",
- "4F:99:AA:93:FB:2B:D1:37:26:A1:99:4A:CE:7F:F0:05:F2:93:5D:1E":
- "China Internet Network Information Center EV Certificates Root",
- "50:30:06:09:1D:97:D4:F5:AE:39:F7:CB:E7:92:7D:7D:65:2D:34:31":
- "Entrust.net Premium 2048 Secure Server CA",
- "70:C1:8D:74:B4:28:81:0A:E4:FD:A5:75:D7:01:9F:99:B0:3D:50:74":
- "PSCProcert",
- "F1:7F:6F:B6:31:DC:99:E3:A3:C8:7F:FE:1C:F1:81:10:88:D9:60:33":
- "TURKTRUST Certificate Services Provider Root 2007",
- "B5:61:EB:EA:A4:DE:E4:25:4B:69:1A:98:A5:57:47:C2:34:C7:D9:71":
- "CA Disig Root R2",
- "58:E8:AB:B0:36:15:33:FB:80:F7:9B:1B:6D:29:D3:FF:8D:5F:00:F0":
- "D-TRUST Root Class 3 CA 2 2009",
- "8E:1C:74:F8:A6:20:B9:E5:8A:F4:61:FA:EC:2B:47:56:51:1A:52:C6":
- "CA Disig Root R1",
- "93:05:7A:88:15:C6:4F:CE:88:2F:FA:91:16:52:28:78:BC:53:64:17":
- "ACCVRAIZ1",
- "96:C9:1B:0B:95:B4:10:98:42:FA:D0:D8:22:79:FE:60:FA:B9:16:83":
- "D-TRUST Root Class 3 CA 2 EV 2009",
- "9C:BB:48:53:F6:A4:F6:D3:52:A4:E8:32:52:55:60:13:F5:AD:AF:65":
- "TWCA Global Root CA",
- "E7:A1:90:29:D3:D5:52:DC:0D:0F:C6:92:D3:EA:88:0D:15:2E:1A:6B":
- "Swisscom Root EV CA 2",
- "77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC":
- "Swisscom Root CA 2",
- "2B:B1:F5:3E:55:0C:1D:C5:F1:D4:E6:B7:6A:46:4B:55:06:02:AC:21":
- "Atos TrustedRoot 2011",
- "59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9":
- "T-TeleSec GlobalRoot Class 2",
- "43:13:BB:96:F1:D5:86:9B:C1:4E:6A:92:F6:CF:F6:34:69:87:82:37":
- "TeliaSonera Root CA v1",
- "51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39":
- "E-Tugra Certification Authority",
- "09:3C:61:F3:8B:8B:DC:7D:55:DF:75:38:02:05:00:E1:25:F5:C8:36":
- "QuoVadis Root CA 2 G3",
- "A1:4B:48:D9:43:EE:0A:0E:40:90:4F:3C:E0:A4:C0:91:93:51:5D:3F":
- "DigiCert Assured ID Root G2",
- "1B:8E:EA:57:96:29:1A:C9:39:EA:B8:0A:81:1A:73:73:C0:93:79:67":
- "QuoVadis Root CA 1 G3",
- "7E:04:DE:89:6A:3E:66:6D:00:E6:87:D3:3F:FA:D9:3B:E8:3D:34:9E":
- "DigiCert Global Root G3",
- "16:32:47:8D:89:F9:21:3A:92:00:85:63:F5:A4:A7:D3:12:40:8A:D6":
- "WoSign China",
- "DD:FB:16:CD:49:31:C9:73:A2:03:7D:3F:C8:3A:4D:7D:77:5D:05:E4":
- "DigiCert Trusted Root G4",
- "F5:17:A2:4F:9A:48:C6:C9:F8:A2:00:26:9F:DC:0F:48:2C:AB:30:89":
- "DigiCert Assured ID Root G3",
- "48:12:BD:92:3C:A8:C4:39:06:E7:30:6D:27:96:E6:A4:CF:22:2E:7D":
- "QuoVadis Root CA 3 G3",
- "DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4":
- "DigiCert Global Root G2",
- "B9:42:94:BF:91:EA:8F:B6:4B:E6:10:97:C7:FB:00:13:59:B6:76:CB":
- "WoSign",
- "AF:E5:D2:44:A8:D1:19:42:30:FF:47:9F:E2:F8:97:BB:CD:7A:8C:B4":
- "COMODO RSA Certification Authority",
- "69:69:56:2E:40:80:F4:24:A1:E7:19:9F:14:BA:F3:EE:58:AB:6A:BB":
- "GlobalSign ECC Root CA - R4",
- "1F:24:C6:30:CD:A4:18:EF:20:69:FF:AD:4F:DD:5F:46:3A:1B:69:AA":
- "GlobalSign ECC Root CA - R5",
- "2B:8F:1B:57:33:0D:BB:A2:D0:7A:6C:51:F7:0E:E9:0D:DA:B9:AD:8E":
- "USERTrust RSA Certification Authority",
- "D1:CB:CA:5D:B2:D5:2A:7F:69:3B:67:4D:E5:F0:5A:1D:0C:95:7D:F0":
- "USERTrust ECC Certification Authority",
- "D8:EB:6B:41:51:92:59:E0:F3:E7:85:00:C0:3D:B6:88:97:C9:EE:FC":
- "Staat der Nederlanden Root CA - G3",
- "76:E2:7E:C1:4F:DB:82:C1:C0:A6:75:B5:05:BE:3D:29:B4:ED:DB:BB":
- "Staat der Nederlanden EV Root CA",
- "8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4":
- "Entrust Root Certification Authority - G2",
- "9D:70:BB:01:A5:A4:A0:18:11:2E:F7:1C:01:B9:32:C5:34:E7:88:A8":
- "Certinomis - Root CA",
- "C4:18:F6:4D:46:D1:DF:00:3D:27:30:13:72:43:A9:12:11:C6:75:FB":
- "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5",
- "BA:29:41:60:77:98:3F:F4:F3:EF:F2:31:05:3B:2E:EA:6D:4D:45:FD":
- "IdenTrust Public Sector Root CA 1",
- "E2:B8:29:4B:55:84:AB:6B:58:C2:90:46:6C:AC:3F:B8:39:8F:84:83":
- "CFCA EV ROOT",
- "DF:71:7E:AA:4A:D9:4E:C9:55:84:99:60:2D:48:DE:5F:BC:F0:3A:25":
- "IdenTrust Commercial Root CA 1",
- "20:D8:06:40:DF:9B:25:F5:12:25:3A:11:EA:F7:59:8A:EB:14:B5:47":
- "Entrust Root Certification Authority - EC1",
- "0F:F9:40:76:18:D3:D7:6A:4B:98:F0:A8:35:9E:0C:FD:27:AC:CC:ED":
- "OISTE WISeKey Global Root GB CA",
- "FB:ED:DC:90:65:B7:27:20:37:BC:55:0C:9C:56:DE:BB:F2:78:94:E1":
- "Certification Authority of WoSign G2",
- "D2:7A:D2:BE:ED:94:C0:A1:3C:C7:25:21:EA:5D:71:BE:81:19:F3:2B":
- "CA WoSign ECC Root",
- "E2:52:FA:95:3F:ED:DB:24:60:BD:6E:28:F3:9C:CC:CF:5E:B3:3F:DE":
- "SZAFIR ROOT CA2",
- "D3:DD:48:3E:2B:BF:4C:05:E8:AF:10:F5:FA:76:26:CF:D3:DC:30:92":
- "Certum Trusted Network CA 2",
- "9F:F1:71:8D:92:D5:9A:F3:7D:74:97:B4:BC:6F:84:68:0B:BA:B6:66":
- "Hellenic Academic and Research Institutions ECC RootCA 2015",
- "CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8":
- "ISRG Root X1",
- "EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20":
- "AC RAIZ FNMT-RCM",
- "0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E":
- "Amazon Root CA 3",
- "79:5F:88:60:C5:AB:7C:3D:92:E6:CB:F4:8D:E1:45:CD:11:EF:60:0B":
- "OpenTrust Root CA G2",
- "22:FD:D0:B7:FD:A2:4E:0D:AC:49:2C:A0:AC:A6:7B:6A:1F:E3:F7:66":
- "Certplus Root CA G1",
- "01:0C:06:95:A6:98:19:14:FF:BF:5F:C6:B0:B6:95:EA:29:E9:12:A6":
- "Hellenic Academic and Research Institutions RootCA 2015",
- "6E:26:64:F3:56:BF:34:55:BF:D1:93:3F:7C:01:DE:D8:13:DA:8A:A6":
- "OpenTrust Root CA G3",
- "4F:65:8E:1F:E9:06:D8:28:02:E9:54:47:41:C9:54:25:5D:69:CC:1A":
- "Certplus Root CA G2",
- "5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A":
- "Amazon Root CA 2",
- "79:91:E8:34:F7:E2:EE:DD:08:95:01:52:E9:55:2D:14:E9:58:D5:7E":
- "OpenTrust Root CA G1",
- "1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F":
- "LuxTrust Global Root 2",
- "F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE":
- "Amazon Root CA 4",
- "8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16":
- "Amazon Root CA 1",
- "31:43:64:9B:EC:CE:27:EC:ED:3A:3F:0B:8F:0D:E4:E8:91:DD:EE:CA":
- "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
- },
- "openssl": {
- "39:4F:F6:85:0B:06:BE:52:E5:18:56:CC:10:E1:80:E8:82:B3:85:CC":
- "Equifax Secure eBusiness CA 2",
- "80:1D:62:D0:7B:44:9D:5C:5C:03:5C:98:EA:61:FA:44:3C:2A:58:FE":
- "Entrust.net Premium 2048 Secure Server CA",
- "81:96:8B:3A:EF:1C:DC:70:F5:FA:32:69:C2:92:A3:63:5B:D1:23:D3":
- "Digital Signature Trust Co. Global CA 1",
- "93:E6:AB:22:03:03:B5:23:28:DC:DA:56:9E:BA:E4:D1:D1:CC:FB:65":
- "Wells Fargo Root CA",
- "96:56:CD:7B:57:96:98:95:D0:E1:41:46:68:06:FB:B8:C6:11:06:87":
- "TC TrustCenter Universal CA III",
- "AB:48:F3:33:DB:04:AB:B9:C0:72:DA:5B:0C:C1:D0:57:F0:36:9B:46":
- "Digital Signature Trust Co. Global CA 3",
- "A9:62:8F:4B:98:A9:1B:48:35:BA:D2:C1:46:32:86:BB:66:64:6A:8C":
- "Autoridad de Certificacion Firmaprofesional CIF A62634068",
- "74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2":
- "VeriSign, Inc.",
- "21:FC:BD:8E:7F:6C:AF:05:1B:D1:B3:43:EC:A8:E7:61:47:F2:0F:8A":
- "TDC Internet Root CA",
- "CB:A1:C5:F8:B0:E3:5E:B8:B9:45:12:D3:F9:34:A2:E9:06:10:D3:36":
- "Sociedad Cameral de Certificaci.n Digital - Certic.mara S.A.",
- "69:BD:8C:F4:9C:D3:00:FB:59:2E:17:93:CA:55:6A:F3:EC:AA:35:FB":
- "RSA Root Certificate 1",
- "87:9F:4B:EE:05:DF:98:58:3B:E3:60:D6:33:E7:0D:3F:FE:98:71:AF":
- "NetLock Business (Class B) Root",
- "A1:DB:63:93:91:6F:17:E4:18:55:09:40:04:15:C7:02:40:B0:AE:6B":
- "Verisign Class 3 Public Primary Certification Authority",
- "31:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6":
- "ValiCert Class 2 VA",
- "99:A6:9B:E6:1A:FE:88:6B:4D:2B:82:00:7C:B8:54:FC:31:7E:15:39":
- "Entrust.net Secure Server CA",
- "E5:DF:74:3C:B6:01:C4:9B:98:43:DC:AB:8C:E8:6A:81:10:9F:E4:8E":
- "ValiCert Class 1 VA",
- "E3:92:51:2F:0A:CF:F5:05:DF:F6:DE:06:7F:75:37:E1:65:EA:57:4B":
- "NetLock Express (Class C) Root",
- "DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41":
- "Equifax Secure eBusiness CA 1",
- "85:37:1C:A6:E5:50:14:3D:CE:28:03:47:1B:DE:3A:09:E8:F8:77:0F":
- "Verisign Class 3 Public Primary Certification Authority - G2",
- "39:21:C1:15:C1:5D:0E:CA:5C:CB:5B:C4:F0:7D:21:D8:05:0B:56:6A":
- "America Online Root Certification Authority 1",
- "62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A":
- "Thawte Premium Server CA",
- "23:E5:94:94:51:95:F2:41:48:03:B4:D5:64:D2:A3:A3:F5:D8:8B:8C":
- "Thawte Server CA",
- "97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74":
- "GTE CyberTrust Global Root",
- "85:B5:FF:67:9B:0C:79:96:1F:C8:6E:44:22:00:46:13:DB:17:92:84":
- "America Online Root Certification Authority 2",
- "F9:CD:0E:2C:DA:76:24:C1:8F:BD:F0:F0:AB:B6:45:B8:F7:FE:D5:7A":
- "ComSign Secured CA",
- "AE:50:83:ED:7C:F4:5C:BC:8F:61:C6:21:FE:68:5D:79:42:21:15:6E":
- "TC TrustCenter Class 2 CA II",
- "61:57:3A:11:DF:0E:D8:7E:D5:92:65:22:EA:D0:56:D7:44:B3:23:71":
- "Buypass Class 3 CA 1",
- "80:25:EF:F4:6E:70:C8:D4:72:24:65:84:FE:40:3B:8A:8D:6A:DB:F5":
- "TC TrustCenter Class 3 CA II",
- "79:98:A3:08:E1:4D:65:85:E6:C2:1E:15:3A:71:9F:BA:5A:D3:4A:D9":
- "TURKTRUST Certificate Services Provider Root 1",
- "7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45":
- "Equifax Secure Global eBusiness CA",
- "6B:2F:34:AD:89:58:BE:62:FD:B0:6B:5C:CE:BB:9D:D9:4F:4E:39:F3":
- "TC TrustCenter Universal CA I",
- "DD:E1:D2:A9:01:80:2E:1D:87:5E:84:B3:80:7E:4B:B1:FD:99:41:34":
- "E-Guven Kok Elektronik Sertifika Hizmet Saglayicisi",
- "D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A":
- "Equifax Secure CA",
- "58:11:9F:0E:12:82:87:EA:50:FD:D9:87:45:6F:4F:78:DC:FA:D6:D4":
- "UTN DATACorp SGC Root CA",
- "C8:EC:8C:87:92:69:CB:4B:AB:39:E9:8D:7E:57:67:F3:14:95:73:9D":
- "Verisign Class 4 Public Primary Certification Authority - G3",
- "B4:35:D4:E1:11:9D:1C:66:90:A7:49:EB:B3:94:BD:63:7B:A7:82:B7":
- "TURKTRUST Certificate Services Provider Root 2",
- "D3:C0:63:F2:19:ED:07:3E:34:AD:5D:75:0B:32:76:29:FF:D5:9A:F2":
- "A-Trust-nQual-03",
- "10:1D:FA:3F:D5:0B:CB:BB:9B:B5:60:0C:19:55:A4:1A:F4:73:3A:04":
- "Staat der Nederlanden Root CA",
- "2A:C8:D5:8B:57:CE:BF:2F:49:AF:F2:FC:76:8F:51:14:62:90:7A:41":
- "CA Disig",
- "AC:ED:5F:65:53:FD:25:CE:01:5F:1F:7A:48:3B:6A:74:9F:61:78:C6":
- "NetLock Notary (Class A) Root",
- "8C:96:BA:EB:DD:2B:07:07:48:EE:30:32:66:A0:F3:98:6E:7C:AE:58":
- "EBG Elektronik Sertifika Hizmet Sa...",
- "A0:73:E5:C5:BD:43:61:0D:86:4C:21:13:0A:85:58:57:CC:9C:EA:46":
- "Root CA Generalitat Valenciana",
- "25:01:90:19:CF:FB:D9:99:1C:B7:68:25:74:8D:94:5F:30:93:95:42":
- "RSA Security 2048 v3",
- "60:D6:89:74:B5:C2:65:9E:8A:0F:C1:88:7C:88:D2:46:69:1B:18:2C":
- "IGC/A",
- "40:9D:4B:D9:17:B5:5C:27:B6:9B:64:CB:98:22:44:0D:CD:09:B8:89":
- "Juur-SK",
- "A0:A1:AB:90:C9:FC:84:7B:3B:12:61:E8:97:7D:5F:D3:22:61:D3:CC":
- "Buypass Class 2 CA 1",
- "E7:B4:F6:9D:61:EC:90:69:DB:7E:90:A7:40:1A:3C:F4:7D:4F:E8:EE":
- "WellsSecure Public Root Certificate Authority",
- "7F:8A:B0:CF:D0:51:87:6A:66:F3:36:0F:47:C8:8D:8C:D3:35:FC:74":
- "ApplicationCA - Japanese Government",
- "23:88:C9:D3:71:CC:9E:96:3D:FF:7D:3C:A7:CE:FC:D6:25:EC:19:0D":
- "Microsec e-Szigno Root CA"
- }
-}
+{
+ "both": {
+ "02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68": "AddTrust External Root",
+ "03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD": "GeoTrust Primary Certification Authority - G3",
+ "04:83:ED:33:99:AC:36:08:05:87:22:ED:BC:5E:46:00:E3:BE:F9:D7": "UTN USERFirst Hardware Root CA",
+ "05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43": "DigiCert Assured ID Root CA",
+ "06:08:3F:59:3F:15:A1:04:A0:69:A4:6B:A9:03:D0:06:B7:97:09:91": "NetLock Arany (Class Gold) Főtanúsítvány",
+ "07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E": "Certum Trusted Network CA",
+ "13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6": "Verisign Class 3 Public Primary Certification Authority - G3",
+ "1B:4B:39:61:26:27:6B:64:91:A2:68:6D:D7:02:43:21:2D:1F:1D:96": "TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3",
+ "1F:49:14:F7:D8:74:95:1D:DD:AE:02:C0:BE:FD:3A:2D:82:75:51:85": "QuoVadis Root CA 3",
+ "22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A": "VeriSign Class 3 Public Primary Certification Authority - G4",
+ "27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4": "Go Daddy Class 2 CA",
+ "29:36:21:02:8B:20:ED:02:F5:66:C5:32:D1:D6:ED:90:9F:45:00:2F": "AffirmTrust Networking",
+ "2A:B6:28:48:5E:78:FB:F3:AD:9E:79:10:DD:6B:DF:99:72:2C:96:E5": "AddTrust Public Services Root",
+ "2E:14:DA:EC:28:F0:FA:1E:8E:38:9A:4E:AB:EB:26:C0:0A:D3:83:C3": "Certinomis - Autorité Racine",
+ "2F:78:3D:25:52:18:A7:4A:65:39:71:B5:2C:A2:9C:45:15:6F:E9:19": "Izenpe.com",
+ "31:F1:FD:68:22:63:20:EE:C6:3B:3F:9D:EA:4A:3E:53:7C:7C:39:17": "StartCom Certification Authority G2",
+ "32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96": "GeoTrust Primary Certification Authority",
+ "33:9B:6B:14:50:24:9B:55:7A:01:87:72:84:D9:E0:2F:C3:D2:D8:E9": "Camerfirma Global Chambersign Root",
+ "36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54": "VeriSign Universal Root Certification Authority",
+ "36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7": "Security Communication Root CA",
+ "37:9A:19:7B:41:85:45:35:0C:A6:03:69:F3:3C:2E:AF:47:4F:20:79": "GeoTrust Universal CA 2",
+ "37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27": "Sonera Class 2 Root CA",
+ "3A:44:73:5A:E5:81:90:1F:24:86:61:46:1E:3B:9C:C4:5F:F5:3A:1B": "Secure Global CA",
+ "3B:C0:38:0B:33:C3:F6:A6:0C:86:15:22:93:D9:DF:F5:4B:81:C0:04": "Trustis FPS Root CA",
+ "3B:C4:9F:48:F8:F3:73:A0:9C:1E:BD:F8:5B:B1:C3:65:C7:D8:11:B3": "SecureSign RootCA11",
+ "3E:2B:F7:F2:03:1B:96:F3:8C:E6:C4:D8:A8:5D:3E:2D:58:47:6A:0F": "StartCom Ltd.",
+ "40:54:DA:6F:1C:3F:40:74:AC:ED:0F:EC:CD:DB:79:D1:53:FB:90:1D": "DST ACES CA X6",
+ "47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B": "Go Daddy Root Certificate Authority - G2",
+ "49:0A:75:74:DE:87:0A:47:FE:58:EE:F6:C7:6B:EB:C6:0B:12:40:99": "Buypass Class 2 Root CA",
+ "4A:65:D5:F4:1D:EF:39:B8:B8:90:4A:4A:D3:64:81:33:CF:C7:A1:D1": "Comodo Secure Services root",
+ "4A:BD:EE:EC:95:0D:35:9C:89:AE:C7:52:A1:2C:5B:29:F6:D6:AA:0C": "Global Chambersign Root - 2008",
+ "4D:23:78:EC:91:95:39:B5:00:7F:75:8F:03:3B:21:1E:C5:4D:8B:CF": "AddTrust Qualified Certificates Root",
+ "4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5": "VeriSign Class 3 Public Primary Certification Authority - G5",
+ "55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1": "T-TeleSec GlobalRoot Class 3",
+ "59:22:A1:E1:5A:EA:16:35:21:F8:98:39:6A:46:46:B0:44:1B:0F:A9": "OISTE WISeKey Global Root GA CA",
+ "59:AF:82:79:91:86:C7:B4:75:07:CB:CF:03:57:46:EB:04:DD:B7:16": "Staat der Nederlanden Root CA - G2",
+ "5F:3A:FC:0A:8B:64:F6:86:67:34:74:DF:7E:A9:A2:FE:F9:FA:7A:51": "Swisscom Root CA 1",
+ "5F:3B:8C:F2:F8:10:B3:7D:78:B4:CE:EC:19:19:C3:73:34:B9:C7:74": "Security Communication RootCA2",
+ "5F:43:E5:B1:BF:F8:78:8C:AC:1C:C7:CA:4A:9A:C6:22:2B:CC:34:C6": "Cybertrust Global Root",
+ "5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25": "DigiCert High Assurance EV Root CA",
+ "62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18": "Certum Root CA",
+ "66:31:BF:9E:F7:4F:9E:B6:C9:D5:A6:0C:BA:6A:BE:D1:F7:BD:EF:7B": "COMODO Certification Authority",
+ "67:65:0D:F1:7E:8E:7E:5B:82:40:A4:F4:56:4B:CF:E2:3D:69:C6:F0": "ePKI Root Certification Authority",
+ "6E:3A:55:A4:19:0C:19:5C:93:84:3C:C0:DB:72:2E:31:30:61:F0:B1": "Camerfirma Chambers of Commerce Root",
+ "70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62": "Visa eCommerce Root",
+ "74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB": "Certplus Class 2 Primary CA",
+ "74:F8:A3:C3:EF:E7:B3:90:06:4B:83:90:3C:21:64:60:20:E5:DF:CE": "Network Solutions Certificate Authority",
+ "75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE": "GlobalSign Root CA - R2",
+ "78:6A:74:AC:76:AB:14:7F:9C:6A:30:50:BA:9E:A8:7E:FE:9A:CE:3C": "Chambers of Commerce Root - 2008",
+ "85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF": "Deutsche Telekom Root CA 2",
+ "87:82:C6:C3:04:35:3B:CF:D2:96:92:D2:59:3E:7D:44:D9:34:FF:11": "SecureTrust CA",
+ "89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E": "Microsec e-Szigno Root CA 2009",
+ "8B:AF:4C:9B:1D:F0:2A:92:F7:DA:12:8E:B9:1B:AC:F4:98:60:4B:6F": "CNNIC ROOT",
+ "8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0": "GeoTrust Primary Certification Authority - G2",
+ "91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81": "thawte Primary Root CA",
+ "92:5A:8F:8D:2C:6D:04:E0:66:5F:59:6A:FF:22:D8:63:E8:25:6F:3F": "Starfield Services Root Certificate Authority - G2",
+ "9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB": "SwissSign Silver CA - G2",
+ "9F:74:4E:9F:2B:4D:BA:EC:0F:31:2C:50:B6:56:3B:8E:2D:93:C3:11": "COMODO ECC Certification Authority",
+ "A3:F1:33:3F:E2:42:BF:CF:C5:D1:4E:8F:39:42:98:40:68:10:D1:A0": "StartCom Certification Authority",
+ "A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36": "DigiCert Global Root CA",
+ "A9:E9:78:08:14:37:58:88:F2:05:19:B0:6D:2B:0D:2B:60:16:90:7D": "GeoTrust Global CA 2",
+ "AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12": "thawte Primary Root CA - G2",
+ "AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A": "Starfield Class 2 CA",
+ "AE:C5:FB:3F:C8:E1:BF:C4:E5:4F:03:07:5A:9A:E8:00:B7:F7:B6:FA": "Autoridad de Certificacion Firmaprofesional CIF A62634068",
+ "B1:2E:13:63:45:86:A4:6F:1A:B2:60:68:37:58:2D:C4:AC:FD:94:97": "Certigna",
+ "B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C": "GlobalSign Root CA",
+ "B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9": "Entrust Root Certification Authority",
+ "B5:1C:06:7C:EE:2B:0C:3D:F8:55:AB:2D:92:F4:FE:39:D4:E7:0F:0E": "Starfield Root Certificate Authority - G2",
+ "B8:01:86:D1:EB:9C:86:A5:41:04:CF:30:54:F3:4C:52:B7:E5:58:C6": "XRamp Global CA Root",
+ "B8:23:6B:00:2F:1D:16:86:53:01:55:6C:11:A4:37:CA:EB:FF:C3:BB": "AffirmTrust Premium ECC",
+ "C9:A8:B9:E7:55:80:5E:58:E3:53:77:A7:25:EB:AF:C3:7B:27:CC:D7": "EE Certification Centre Root CA",
+ "CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7": "QuoVadis Root CA 2",
+ "CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D": "AddTrust Low-Value Services Root",
+ "CF:9E:87:6D:D3:EB:FC:42:26:97:A3:B5:A3:7A:A0:76:A9:06:23:48": "TWCA Root Certification Authority",
+ "D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49": "Comodo AAA Services root",
+ "D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74": "Baltimore CyberTrust Root",
+ "D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD": "GlobalSign Root CA - R3",
+ "D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58": "Hongkong Post Root CA 1",
+ "D8:A6:33:2C:E0:03:6F:B1:85:F6:63:4F:7D:6A:06:65:26:32:28:27": "AffirmTrust Premium",
+ "D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61": "SwissSign Gold CA - G2",
+ "DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13": "DST Root CA X3",
+ "DA:FA:F7:FA:66:84:EC:06:8F:14:50:BD:C7:C2:81:A5:BC:A9:64:57": "Buypass Class 3 Root CA",
+ "DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12": "GeoTrust Global CA",
+ "DE:3F:40:BD:50:93:D3:9B:6C:60:F6:DA:BC:07:62:01:00:89:76:C9": "QuoVadis Root CA",
+ "E0:B4:32:2E:B2:F6:A5:68:B6:54:53:84:48:18:4A:50:36:87:43:84": "ACEDICOM Root",
+ "E1:9F:E3:0E:8B:84:60:9E:80:9B:17:0D:72:A8:C5:BA:6E:14:09:BD": "Comodo Trusted Services root",
+ "E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79": "GeoTrust Universal CA",
+ "F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2": "thawte Primary Root CA - G3",
+ "F3:73:B3:87:06:5A:28:84:8A:F2:F3:4A:CE:19:2B:DD:C7:8E:9C:AC": "Actalis Authentication Root CA",
+ "F4:8B:11:BF:DE:AB:BE:94:54:20:71:E6:41:DE:6B:BE:88:2B:40:B9": "Taiwan GRCA",
+ "F9:B5:B6:32:45:5F:9C:BE:EC:57:5F:80:DC:E9:6E:2C:C7:B2:78:B7": "AffirmTrust Commercial",
+ "FA:B7:EE:36:97:26:62:FB:2D:B0:2A:F6:BF:03:FD:E8:7C:4B:2F:9B": "certSIGN ROOT CA",
+ "FE:45:65:9B:79:03:5B:98:A1:61:B5:51:2E:AC:DA:58:09:48:22:4D": "Hellenic Academic and Research Institutions RootCA 2011",
+ "FE:B8:C4:32:DC:F9:76:9A:CE:AE:3D:D8:90:8F:FD:28:86:65:64:7D": "Security Communication EV RootCA1"
+ },
+ "nss": {
+ "01:0C:06:95:A6:98:19:14:FF:BF:5F:C6:B0:B6:95:EA:29:E9:12:A6": "Hellenic Academic and Research Institutions RootCA 2015",
+ "09:3C:61:F3:8B:8B:DC:7D:55:DF:75:38:02:05:00:E1:25:F5:C8:36": "QuoVadis Root CA 2 G3",
+ "0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E": "Amazon Root CA 3",
+ "0F:F9:40:76:18:D3:D7:6A:4B:98:F0:A8:35:9E:0C:FD:27:AC:CC:ED": "OISTE WISeKey Global Root GB CA",
+ "16:32:47:8D:89:F9:21:3A:92:00:85:63:F5:A4:A7:D3:12:40:8A:D6": "WoSign China",
+ "1B:8E:EA:57:96:29:1A:C9:39:EA:B8:0A:81:1A:73:73:C0:93:79:67": "QuoVadis Root CA 1 G3",
+ "1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F": "LuxTrust Global Root 2",
+ "1F:24:C6:30:CD:A4:18:EF:20:69:FF:AD:4F:DD:5F:46:3A:1B:69:AA": "GlobalSign ECC Root CA - R5",
+ "20:D8:06:40:DF:9B:25:F5:12:25:3A:11:EA:F7:59:8A:EB:14:B5:47": "Entrust Root Certification Authority - EC1",
+ "22:FD:D0:B7:FD:A2:4E:0D:AC:49:2C:A0:AC:A6:7B:6A:1F:E3:F7:66": "Certplus Root CA G1",
+ "28:90:3A:63:5B:52:80:FA:E6:77:4C:0B:6D:A7:D6:BA:A6:4A:F2:E8": "EC-ACC",
+ "2B:8F:1B:57:33:0D:BB:A2:D0:7A:6C:51:F7:0E:E9:0D:DA:B9:AD:8E": "USERTrust RSA Certification Authority",
+ "2B:B1:F5:3E:55:0C:1D:C5:F1:D4:E6:B7:6A:46:4B:55:06:02:AC:21": "Atos TrustedRoot 2011",
+ "31:43:64:9B:EC:CE:27:EC:ED:3A:3F:0B:8F:0D:E4:E8:91:DD:EE:CA": "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1",
+ "43:13:BB:96:F1:D5:86:9B:C1:4E:6A:92:F6:CF:F6:34:69:87:82:37": "TeliaSonera Root CA v1",
+ "48:12:BD:92:3C:A8:C4:39:06:E7:30:6D:27:96:E6:A4:CF:22:2E:7D": "QuoVadis Root CA 3 G3",
+ "4F:65:8E:1F:E9:06:D8:28:02:E9:54:47:41:C9:54:25:5D:69:CC:1A": "Certplus Root CA G2",
+ "4F:99:AA:93:FB:2B:D1:37:26:A1:99:4A:CE:7F:F0:05:F2:93:5D:1E": "China Internet Network Information Center EV Certificates Root",
+ "50:30:06:09:1D:97:D4:F5:AE:39:F7:CB:E7:92:7D:7D:65:2D:34:31": "Entrust.net Premium 2048 Secure Server CA",
+ "51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39": "E-Tugra Certification Authority",
+ "58:E8:AB:B0:36:15:33:FB:80:F7:9B:1B:6D:29:D3:FF:8D:5F:00:F0": "D-TRUST Root Class 3 CA 2 2009",
+ "59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9": "T-TeleSec GlobalRoot Class 2",
+ "5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A": "Amazon Root CA 2",
+ "69:69:56:2E:40:80:F4:24:A1:E7:19:9F:14:BA:F3:EE:58:AB:6A:BB": "GlobalSign ECC Root CA - R4",
+ "6E:26:64:F3:56:BF:34:55:BF:D1:93:3F:7C:01:DE:D8:13:DA:8A:A6": "OpenTrust Root CA G3",
+ "70:C1:8D:74:B4:28:81:0A:E4:FD:A5:75:D7:01:9F:99:B0:3D:50:74": "PSCProcert",
+ "76:E2:7E:C1:4F:DB:82:C1:C0:A6:75:B5:05:BE:3D:29:B4:ED:DB:BB": "Staat der Nederlanden EV Root CA",
+ "77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC": "Swisscom Root CA 2",
+ "79:5F:88:60:C5:AB:7C:3D:92:E6:CB:F4:8D:E1:45:CD:11:EF:60:0B": "OpenTrust Root CA G2",
+ "79:91:E8:34:F7:E2:EE:DD:08:95:01:52:E9:55:2D:14:E9:58:D5:7E": "OpenTrust Root CA G1",
+ "7E:04:DE:89:6A:3E:66:6D:00:E6:87:D3:3F:FA:D9:3B:E8:3D:34:9E": "DigiCert Global Root G3",
+ "8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4": "Entrust Root Certification Authority - G2",
+ "8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16": "Amazon Root CA 1",
+ "8E:1C:74:F8:A6:20:B9:E5:8A:F4:61:FA:EC:2B:47:56:51:1A:52:C6": "CA Disig Root R1",
+ "93:05:7A:88:15:C6:4F:CE:88:2F:FA:91:16:52:28:78:BC:53:64:17": "ACCVRAIZ1",
+ "96:C9:1B:0B:95:B4:10:98:42:FA:D0:D8:22:79:FE:60:FA:B9:16:83": "D-TRUST Root Class 3 CA 2 EV 2009",
+ "9C:BB:48:53:F6:A4:F6:D3:52:A4:E8:32:52:55:60:13:F5:AD:AF:65": "TWCA Global Root CA",
+ "9D:70:BB:01:A5:A4:A0:18:11:2E:F7:1C:01:B9:32:C5:34:E7:88:A8": "Certinomis - Root CA",
+ "9F:F1:71:8D:92:D5:9A:F3:7D:74:97:B4:BC:6F:84:68:0B:BA:B6:66": "Hellenic Academic and Research Institutions ECC RootCA 2015",
+ "A1:4B:48:D9:43:EE:0A:0E:40:90:4F:3C:E0:A4:C0:91:93:51:5D:3F": "DigiCert Assured ID Root G2",
+ "AF:E5:D2:44:A8:D1:19:42:30:FF:47:9F:E2:F8:97:BB:CD:7A:8C:B4": "COMODO RSA Certification Authority",
+ "B5:61:EB:EA:A4:DE:E4:25:4B:69:1A:98:A5:57:47:C2:34:C7:D9:71": "CA Disig Root R2",
+ "B9:42:94:BF:91:EA:8F:B6:4B:E6:10:97:C7:FB:00:13:59:B6:76:CB": "WoSign",
+ "BA:29:41:60:77:98:3F:F4:F3:EF:F2:31:05:3B:2E:EA:6D:4D:45:FD": "IdenTrust Public Sector Root CA 1",
+ "C4:18:F6:4D:46:D1:DF:00:3D:27:30:13:72:43:A9:12:11:C6:75:FB": "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5",
+ "CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8": "ISRG Root X1",
+ "D1:CB:CA:5D:B2:D5:2A:7F:69:3B:67:4D:E5:F0:5A:1D:0C:95:7D:F0": "USERTrust ECC Certification Authority",
+ "D2:7A:D2:BE:ED:94:C0:A1:3C:C7:25:21:EA:5D:71:BE:81:19:F3:2B": "CA WoSign ECC Root",
+ "D3:DD:48:3E:2B:BF:4C:05:E8:AF:10:F5:FA:76:26:CF:D3:DC:30:92": "Certum Trusted Network CA 2",
+ "D8:EB:6B:41:51:92:59:E0:F3:E7:85:00:C0:3D:B6:88:97:C9:EE:FC": "Staat der Nederlanden Root CA - G3",
+ "DD:FB:16:CD:49:31:C9:73:A2:03:7D:3F:C8:3A:4D:7D:77:5D:05:E4": "DigiCert Trusted Root G4",
+ "DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4": "DigiCert Global Root G2",
+ "DF:71:7E:AA:4A:D9:4E:C9:55:84:99:60:2D:48:DE:5F:BC:F0:3A:25": "IdenTrust Commercial Root CA 1",
+ "E2:52:FA:95:3F:ED:DB:24:60:BD:6E:28:F3:9C:CC:CF:5E:B3:3F:DE": "SZAFIR ROOT CA2",
+ "E2:B8:29:4B:55:84:AB:6B:58:C2:90:46:6C:AC:3F:B8:39:8F:84:83": "CFCA EV ROOT",
+ "E7:A1:90:29:D3:D5:52:DC:0D:0F:C6:92:D3:EA:88:0D:15:2E:1A:6B": "Swisscom Root EV CA 2",
+ "EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20": "AC RAIZ FNMT-RCM",
+ "F1:7F:6F:B6:31:DC:99:E3:A3:C8:7F:FE:1C:F1:81:10:88:D9:60:33": "TURKTRUST Certificate Services Provider Root 2007",
+ "F5:17:A2:4F:9A:48:C6:C9:F8:A2:00:26:9F:DC:0F:48:2C:AB:30:89": "DigiCert Assured ID Root G3",
+ "F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE": "Amazon Root CA 4",
+ "FB:ED:DC:90:65:B7:27:20:37:BC:55:0C:9C:56:DE:BB:F2:78:94:E1": "Certification Authority of WoSign G2"
+ },
+ "openssl": {
+ "10:1D:FA:3F:D5:0B:CB:BB:9B:B5:60:0C:19:55:A4:1A:F4:73:3A:04": "Staat der Nederlanden Root CA",
+ "21:FC:BD:8E:7F:6C:AF:05:1B:D1:B3:43:EC:A8:E7:61:47:F2:0F:8A": "TDC Internet Root CA",
+ "23:88:C9:D3:71:CC:9E:96:3D:FF:7D:3C:A7:CE:FC:D6:25:EC:19:0D": "Microsec e-Szigno Root CA",
+ "23:E5:94:94:51:95:F2:41:48:03:B4:D5:64:D2:A3:A3:F5:D8:8B:8C": "Thawte Server CA",
+ "25:01:90:19:CF:FB:D9:99:1C:B7:68:25:74:8D:94:5F:30:93:95:42": "RSA Security 2048 v3",
+ "2A:C8:D5:8B:57:CE:BF:2F:49:AF:F2:FC:76:8F:51:14:62:90:7A:41": "CA Disig",
+ "31:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6": "ValiCert Class 2 VA",
+ "39:21:C1:15:C1:5D:0E:CA:5C:CB:5B:C4:F0:7D:21:D8:05:0B:56:6A": "America Online Root Certification Authority 1",
+ "39:4F:F6:85:0B:06:BE:52:E5:18:56:CC:10:E1:80:E8:82:B3:85:CC": "Equifax Secure eBusiness CA 2",
+ "40:9D:4B:D9:17:B5:5C:27:B6:9B:64:CB:98:22:44:0D:CD:09:B8:89": "Juur-SK",
+ "58:11:9F:0E:12:82:87:EA:50:FD:D9:87:45:6F:4F:78:DC:FA:D6:D4": "UTN DATACorp SGC Root CA",
+ "60:D6:89:74:B5:C2:65:9E:8A:0F:C1:88:7C:88:D2:46:69:1B:18:2C": "IGC/A",
+ "61:57:3A:11:DF:0E:D8:7E:D5:92:65:22:EA:D0:56:D7:44:B3:23:71": "Buypass Class 3 CA 1",
+ "62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A": "Thawte Premium Server CA",
+ "69:BD:8C:F4:9C:D3:00:FB:59:2E:17:93:CA:55:6A:F3:EC:AA:35:FB": "RSA Root Certificate 1",
+ "6B:2F:34:AD:89:58:BE:62:FD:B0:6B:5C:CE:BB:9D:D9:4F:4E:39:F3": "TC TrustCenter Universal CA I",
+ "74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2": "VeriSign, Inc.",
+ "79:98:A3:08:E1:4D:65:85:E6:C2:1E:15:3A:71:9F:BA:5A:D3:4A:D9": "TURKTRUST Certificate Services Provider Root 1",
+ "7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45": "Equifax Secure Global eBusiness CA",
+ "7F:8A:B0:CF:D0:51:87:6A:66:F3:36:0F:47:C8:8D:8C:D3:35:FC:74": "ApplicationCA - Japanese Government",
+ "80:1D:62:D0:7B:44:9D:5C:5C:03:5C:98:EA:61:FA:44:3C:2A:58:FE": "Entrust.net Premium 2048 Secure Server CA",
+ "80:25:EF:F4:6E:70:C8:D4:72:24:65:84:FE:40:3B:8A:8D:6A:DB:F5": "TC TrustCenter Class 3 CA II",
+ "81:96:8B:3A:EF:1C:DC:70:F5:FA:32:69:C2:92:A3:63:5B:D1:23:D3": "Digital Signature Trust Co. Global CA 1",
+ "85:37:1C:A6:E5:50:14:3D:CE:28:03:47:1B:DE:3A:09:E8:F8:77:0F": "Verisign Class 3 Public Primary Certification Authority - G2",
+ "85:B5:FF:67:9B:0C:79:96:1F:C8:6E:44:22:00:46:13:DB:17:92:84": "America Online Root Certification Authority 2",
+ "87:9F:4B:EE:05:DF:98:58:3B:E3:60:D6:33:E7:0D:3F:FE:98:71:AF": "NetLock Business (Class B) Root",
+ "8C:96:BA:EB:DD:2B:07:07:48:EE:30:32:66:A0:F3:98:6E:7C:AE:58": "EBG Elektronik Sertifika Hizmet Sa...",
+ "93:E6:AB:22:03:03:B5:23:28:DC:DA:56:9E:BA:E4:D1:D1:CC:FB:65": "Wells Fargo Root CA",
+ "96:56:CD:7B:57:96:98:95:D0:E1:41:46:68:06:FB:B8:C6:11:06:87": "TC TrustCenter Universal CA III",
+ "97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74": "GTE CyberTrust Global Root",
+ "99:A6:9B:E6:1A:FE:88:6B:4D:2B:82:00:7C:B8:54:FC:31:7E:15:39": "Entrust.net Secure Server CA",
+ "A0:73:E5:C5:BD:43:61:0D:86:4C:21:13:0A:85:58:57:CC:9C:EA:46": "Root CA Generalitat Valenciana",
+ "A0:A1:AB:90:C9:FC:84:7B:3B:12:61:E8:97:7D:5F:D3:22:61:D3:CC": "Buypass Class 2 CA 1",
+ "A1:DB:63:93:91:6F:17:E4:18:55:09:40:04:15:C7:02:40:B0:AE:6B": "Verisign Class 3 Public Primary Certification Authority",
+ "A9:62:8F:4B:98:A9:1B:48:35:BA:D2:C1:46:32:86:BB:66:64:6A:8C": "Autoridad de Certificacion Firmaprofesional CIF A62634068",
+ "AB:48:F3:33:DB:04:AB:B9:C0:72:DA:5B:0C:C1:D0:57:F0:36:9B:46": "Digital Signature Trust Co. Global CA 3",
+ "AC:ED:5F:65:53:FD:25:CE:01:5F:1F:7A:48:3B:6A:74:9F:61:78:C6": "NetLock Notary (Class A) Root",
+ "AE:50:83:ED:7C:F4:5C:BC:8F:61:C6:21:FE:68:5D:79:42:21:15:6E": "TC TrustCenter Class 2 CA II",
+ "B4:35:D4:E1:11:9D:1C:66:90:A7:49:EB:B3:94:BD:63:7B:A7:82:B7": "TURKTRUST Certificate Services Provider Root 2",
+ "C8:EC:8C:87:92:69:CB:4B:AB:39:E9:8D:7E:57:67:F3:14:95:73:9D": "Verisign Class 4 Public Primary Certification Authority - G3",
+ "CB:A1:C5:F8:B0:E3:5E:B8:B9:45:12:D3:F9:34:A2:E9:06:10:D3:36": "Sociedad Cameral de Certificaci.n Digital - Certic.mara S.A.",
+ "D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A": "Equifax Secure CA",
+ "D3:C0:63:F2:19:ED:07:3E:34:AD:5D:75:0B:32:76:29:FF:D5:9A:F2": "A-Trust-nQual-03",
+ "DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41": "Equifax Secure eBusiness CA 1",
+ "DD:E1:D2:A9:01:80:2E:1D:87:5E:84:B3:80:7E:4B:B1:FD:99:41:34": "E-Guven Kok Elektronik Sertifika Hizmet Saglayicisi",
+ "E3:92:51:2F:0A:CF:F5:05:DF:F6:DE:06:7F:75:37:E1:65:EA:57:4B": "NetLock Express (Class C) Root",
+ "E5:DF:74:3C:B6:01:C4:9B:98:43:DC:AB:8C:E8:6A:81:10:9F:E4:8E": "ValiCert Class 1 VA",
+ "E7:B4:F6:9D:61:EC:90:69:DB:7E:90:A7:40:1A:3C:F4:7D:4F:E8:EE": "WellsSecure Public Root Certificate Authority",
+ "F9:CD:0E:2C:DA:76:24:C1:8F:BD:F0:F0:AB:B6:45:B8:F7:FE:D5:7A": "ComSign Secured CA"
+ }
+}
\ No newline at end of file
diff --git a/client/site_tests/security_RootCA/format_baseline.py b/client/site_tests/security_RootCA/format_baseline.py
new file mode 100755
index 0000000..8d0b131
--- /dev/null
+++ b/client/site_tests/security_RootCA/format_baseline.py
@@ -0,0 +1,20 @@
+#!/usr/bin/env python
+# Copyright 2018 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+import json
+
+
+def dump_baseline(baseline):
+ return json.dumps(baseline, indent=4, ensure_ascii=False,
+ sort_keys=True, separators=(',', ': ')).encode('utf-8')
+
+
+if __name__ == '__main__':
+ with open('./baseline', 'r+') as fp:
+ baseline = json.load(fp)
+ formatted = dump_baseline(baseline)
+ fp.seek(0)
+ fp.write(formatted)
+ fp.truncate()
diff --git a/client/site_tests/security_RootCA/update_baseline.py b/client/site_tests/security_RootCA/update_baseline.py
new file mode 100755
index 0000000..b2c5174
--- /dev/null
+++ b/client/site_tests/security_RootCA/update_baseline.py
@@ -0,0 +1,102 @@
+#!/usr/bin/env python
+# Copyright 2018 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+"""A script to update "baseline" with new openssl roots.
+
+Usage:
+ ./add_openssl_roots.py ./baseline /path/to/new/roots/
+
+This reads the NSS store from baseline, updates the openssl section with certs
+from /path/to/new/certs, and updates the diffs between NSS and openssl. It
+updates the baseline file in place.
+
+/path/to/new/roots can be the unpacked certificate directory from
+app-misc/ca-certificates, or
+chroot/build/${BOARD}/usr/share/ca-certificates/mozilla/ if you have emerged the
+upgraded package for ${BOARD}.
+"""
+
+from __future__ import absolute_import
+from __future__ import division
+from __future__ import print_function
+
+import argparse
+import glob
+import json
+import os
+import subprocess
+import sys
+
+from format_baseline import dump_baseline
+
+
+SSL_CMD = ['openssl', 'x509', '-fingerprint', '-noout', '-in']
+
+
+def get_nss_store(baseline_file):
+ """Parses baseline for the NSS store."""
+ with open(baseline_file) as f:
+ baseline = json.load(f)
+
+ nss_store = baseline['nss'].copy()
+ nss_store.update(baseline['both'])
+ return nss_store
+
+
+def get_openssl_store(certs_dir):
+ """Gets the new openssl store that should be updated to."""
+ openssl_store = {}
+ for cert in glob.glob(os.path.join(certs_dir, '*.crt')):
+ cn = os.path.basename(cert) # certs are named after their common names
+ cn = cn.replace('_', ' ').replace('.crt', '')
+ fingerprint = subprocess.check_output(
+ SSL_CMD + [cert]).strip().partition('=')[2]
+ openssl_store[fingerprint.decode('utf-8')] = cn.decode('utf-8')
+ return openssl_store
+
+
+def store_diff(store_a, store_b):
+ """Returns certs in store_a but not store_b."""
+ fingerprints_a = set(store_a.keys())
+ fingerprints_b = set(store_b.keys())
+ a_min_b = fingerprints_a - fingerprints_b
+ return dict((fingerprint, store_a[fingerprint]) for fingerprint in a_min_b)
+
+
+def store_common(store_a, store_b):
+ """Returns certs in both stores."""
+ fingerprints_a = set(store_a.keys())
+ fingerprints_b = set(store_b.keys())
+ a_and_b = fingerprints_a & fingerprints_b
+ return dict((fingerprint, store_a[fingerprint]) for fingerprint in a_and_b)
+
+
+def parse_args(argv):
+ parser = argparse.ArgumentParser(description=__doc__)
+ parser.add_argument('baseline', default='./baseline',
+ help='Path to baseline file')
+ parser.add_argument('rootsdir',
+ help='Directory to the openssl certs to be installed')
+ opts = parser.parse_args(argv)
+ return opts
+
+
+def main(argv):
+ opts = parse_args(argv)
+ nss_store = get_nss_store(opts.baseline)
+ openssl_store = get_openssl_store(opts.rootsdir)
+
+ new_baseline = {
+ u'both': store_common(openssl_store, nss_store),
+ u'nss': store_diff(nss_store, openssl_store),
+ u'openssl': store_diff(openssl_store, nss_store),
+ }
+ serialized = dump_baseline(new_baseline)
+ with open(opts.baseline, 'w') as f:
+ f.write(serialized)
+
+
+if __name__ == '__main__':
+ sys.exit(main(sys.argv[1:]))