Regenerate broken test vectors

2024-06-25 04:54:49 +02:00 · 2023-06-24 10:11:03 +02:00 · 2023-06-24 10:11:03 +02:00 · ce62d2a243
parent 4c04e1ee3f
commit ce62d2a243
6 changed files with 318 additions and 33 deletions
--- a/pgpainless-wot/src/testFixtures/java/org/pgpainless/wot/testfixtures/WotTestVectors.java
+++ b/pgpainless-wot/src/testFixtures/java/org/pgpainless/wot/testfixtures/WotTestVectors.java
@ -0,0 +1,285 @@
+// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.wot.testfixtures;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPPublicKeyRing;
+import org.bouncycastle.openpgp.PGPSecretKeyRing;
+import org.pgpainless.PGPainless;
+import org.pgpainless.algorithm.Trustworthiness;
+import org.pgpainless.key.protection.SecretKeyRingProtector;
+import org.pgpainless.signature.subpackets.CertificationSubpackets;
+import org.pgpainless.util.Passphrase;
+
+public class WotTestVectors {
+
+    private static WotTestVectors INSTANCE = null;
+
+    public static WotTestVectors getTestVectors() {
+        if (INSTANCE == null) {
+            INSTANCE = new WotTestVectors();
+        }
+        return INSTANCE;
+    }
+
+    public PGPSecretKeyRing getFreshFooBankCaKey() throws IOException {
+        return PGPainless.readKeyRing().secretKeyRing(getTestResourceInputStream("test_vectors/freshly_generated/foobankCaKey.asc"));
+    }
+
+    public PGPPublicKeyRing getFreshFooBankCaCert() throws IOException {
+        return PGPainless.readKeyRing().publicKeyRing(getTestResourceInputStream("test_vectors/freshly_generated/foobankCaCert.asc"));
+    }
+
+    public String getFooBankCaPassphrase() {
+        return "superS3cureP4ssphrase";
+    }
+
+    public SecretKeyRingProtector getFooBankCaProtector() {
+        return SecretKeyRingProtector.unlockAnyKeyWith(Passphrase.fromPassword(getFooBankCaPassphrase()));
+    }
+
+    public PGPSecretKeyRing getFreshFooBankEmployeeKey() throws IOException {
+        return PGPainless.readKeyRing().secretKeyRing(getTestResourceInputStream("test_vectors/freshly_generated/foobankEmployeeKey.asc"));
+    }
+
+    public PGPPublicKeyRing getFreshFooBankEmployeeCert() throws IOException {
+        return PGPainless.readKeyRing().publicKeyRing(getTestResourceInputStream("test_vectors/freshly_generated/foobankEmployeeCert.asc"));
+    }
+
+    public String getFooBankEmployeePassphrase() {
+        return "iLoveWorking@FooBank";
+    }
+
+    public SecretKeyRingProtector getFooBankEmployeeProtector() {
+        return SecretKeyRingProtector.unlockAnyKeyWith(Passphrase.fromPassword(getFooBankEmployeePassphrase()));
+    }
+
+    public PGPSecretKeyRing getFreshFooBankAdminKey() throws IOException {
+        return PGPainless.readKeyRing().secretKeyRing(getTestResourceInputStream("test_vectors/freshly_generated/foobankAdminKey.asc"));
+    }
+
+    public PGPPublicKeyRing getFreshFooBankAdminCert() throws IOException {
+        return PGPainless.readKeyRing().publicKeyRing(getTestResourceInputStream("test_vectors/freshly_generated/foobankAdminCert.asc"));
+    }
+
+    public String getFooBankAdminPassphrase() {
+        return "keepFooBankSecure";
+    }
+
+    public SecretKeyRingProtector getFooBankAdminProtector() {
+        return SecretKeyRingProtector.unlockAnyKeyWith(Passphrase.fromPassword(getFooBankAdminPassphrase()));
+    }
+
+    public PGPSecretKeyRing getFreshFooBankCustomerKey() throws IOException {
+        return PGPainless.readKeyRing().secretKeyRing(getTestResourceInputStream("test_vectors/freshly_generated/foobankCustomerKey.asc"));
+    }
+
+    public PGPPublicKeyRing getFreshFooBankCustomerCert() throws IOException {
+        return PGPainless.readKeyRing().publicKeyRing(getTestResourceInputStream("test_vectors/freshly_generated/foobankCustomerCert.asc"));
+    }
+
+    public PGPSecretKeyRing getFreshBarBankCaKey() throws IOException {
+        return PGPainless.readKeyRing().secretKeyRing(getTestResourceInputStream("test_vectors/freshly_generated/barbankCaKey.asc"));
+    }
+
+    public PGPPublicKeyRing getFreshBarBankCaCert() throws IOException {
+        return PGPainless.readKeyRing().publicKeyRing(getTestResourceInputStream("test_vectors/freshly_generated/barbankCaCert.asc"));
+    }
+
+    public PGPSecretKeyRing getFreshBarBankEmployeeKey() throws IOException {
+        return PGPainless.readKeyRing().secretKeyRing(getTestResourceInputStream("test_vectors/freshly_generated/barbankEmployeeKey.asc"));
+    }
+
+    public PGPPublicKeyRing getFreshBarBankEmployeeCert() throws IOException {
+        return PGPainless.readKeyRing().publicKeyRing(getTestResourceInputStream("test_vectors/freshly_generated/barbankEmployeeCert.asc"));
+    }
+
+    public PGPSecretKeyRing getFreshFakeFooBankEmployeeKey() throws IOException {
+        return PGPainless.readKeyRing().secretKeyRing(getTestResourceInputStream("test_vectors/freshly_generated/fakeFoobankEmployeeKey.asc"));
+    }
+
+    public PGPPublicKeyRing getFreshFakeFooBankEmployeeCert() throws IOException {
+        return PGPainless.readKeyRing().publicKeyRing(getTestResourceInputStream("test_vectors/freshly_generated/fakeFoobankEmployeeCert.asc"));
+    }
+
+    public PGPPublicKeyRing getCrossSignedBarBankCaCert() throws IOException {
+        return PGPainless.readKeyRing().publicKeyRing(getTestResourceInputStream("cross_signed/barbankCaCert.asc"));
+    }
+
+    public PGPPublicKeyRing getCrossSignedBarBankEmployeeCert() throws IOException {
+        return PGPainless.readKeyRing().publicKeyRing(getTestResourceInputStream("cross_signed/barbankEmployeeCert.asc"));
+    }
+
+    public PGPPublicKeyRing getCrossSignedFooBankAdminCert() throws IOException {
+        return PGPainless.readKeyRing().publicKeyRing(getTestResourceInputStream("cross_signed/foobankAdminCert.asc"));
+    }
+
+    public PGPPublicKeyRing getCrossSignedFooBankCaCert() throws IOException {
+        return PGPainless.readKeyRing().publicKeyRing(getTestResourceInputStream("cross_signed/foobankCaCert.asc"));
+    }
+
+    public PGPPublicKeyRing getCrossSignedFooBankEmployeeCert() throws IOException {
+        return PGPainless.readKeyRing().publicKeyRing(getTestResourceInputStream("cross_signed/foobankEmployeeCert.asc"));
+    }
+
+    public static void main(String[] args) throws PGPException, IOException {
+        new WotTestVectors().crossSign();
+    }
+
+    // Generate cross signed test vectors from freshly generated
+    public void crossSign() throws IOException, PGPException {
+        PGPSecretKeyRing freshFooBankCaKey = getFreshFooBankCaKey();
+        PGPPublicKeyRing freshFooBankCaCert = getFreshFooBankCaCert();
+
+        PGPSecretKeyRing freshFooBankEmployeeKey = getFreshFooBankEmployeeKey();
+        PGPPublicKeyRing freshFooBankEmployeeCert = getFreshFooBankEmployeeCert();
+
+        PGPSecretKeyRing freshFooBankAdminKey = getFreshFooBankAdminKey();
+        PGPPublicKeyRing freshFooBankAdminCert = getFreshFooBankAdminCert();
+
+        PGPSecretKeyRing freshFooBankCustomerKey = getFreshFooBankCustomerKey();
+        PGPPublicKeyRing freshFooBankCustomerCert = getFreshFooBankCustomerCert();
+
+        PGPSecretKeyRing freshBarBankCaKey = getFreshBarBankCaKey();
+        PGPPublicKeyRing freshBarBankCaCert = getFreshBarBankCaCert();
+
+        PGPSecretKeyRing freshBarBankEmployeeKey = getFreshBarBankEmployeeKey();
+        PGPPublicKeyRing freshBarBankEmployeeCert = getFreshBarBankEmployeeCert();
+
+        PGPSecretKeyRing freshFakeFooBankEmployeeKey = getFreshFakeFooBankEmployeeKey();
+        PGPPublicKeyRing freshFakeFooBankEmployeeCert = getFreshFakeFooBankEmployeeCert();
+
+        final String fooBankRegex = "<[^>]+[@.]foobank\\.com>$";
+        final String barBankRegex = "<[^>]+[@.]barbank\\.com>$";
+
+        // Foo CA signs Foo Employee
+        PGPPublicKeyRing caCertifiedFooBankEmployeeCert = PGPainless.certify()
+                .userIdOnCertificate("Foo Bank Employee <employee@foobank.com>", freshFooBankEmployeeCert)
+                .withKey(freshFooBankCaKey, getFooBankCaProtector())
+                .buildWithSubpackets(new CertificationSubpackets.Callback() {
+                    @Override
+                    public void modifyHashedSubpackets(CertificationSubpackets hashedSubpackets) {
+                        hashedSubpackets.addNotationData(false, "affiliation@foobank.com", "employee");
+                    }
+                })
+                .getCertifiedCertificate();
+
+        // Foo CA signs Foo Admin
+        PGPPublicKeyRing caCertifiedFooBankAdminCert = PGPainless.certify()
+                .userIdOnCertificate("Foo Bank Admin <admin@foobank.com>", freshFooBankAdminCert)
+                .withKey(freshFooBankCaKey, getFooBankCaProtector())
+                .buildWithSubpackets(new CertificationSubpackets.Callback() {
+                    @Override
+                    public void modifyHashedSubpackets(CertificationSubpackets hashedSubpackets) {
+                        hashedSubpackets.addNotationData(false, "affiliation@foobank.com", "administrator");
+                    }
+                })
+                .getCertifiedCertificate();
+
+        // Foo Employee delegates trust to Foo CA
+        PGPPublicKeyRing employeeDelegatedCaCert = PGPainless.certify()
+                .certificate(freshFooBankCaCert, Trustworthiness.fullyTrusted().introducer())
+                .withKey(freshFooBankEmployeeKey, getFooBankEmployeeProtector())
+                .buildWithSubpackets(new CertificationSubpackets.Callback() {
+                    @Override
+                    public void modifyHashedSubpackets(CertificationSubpackets hashedSubpackets) {
+                        hashedSubpackets.setRegularExpression(fooBankRegex);
+                    }
+                })
+                .getCertifiedCertificate();
+
+        // Foo Admin delegates trust to Foo CA
+        PGPPublicKeyRing adminDelegatedCaCert = PGPainless.certify()
+                .certificate(freshFooBankCaCert, Trustworthiness.fullyTrusted().introducer())
+                .withKey(freshFooBankAdminKey, getFooBankAdminProtector())
+                .buildWithSubpackets(new CertificationSubpackets.Callback() {
+                    @Override
+                    public void modifyHashedSubpackets(CertificationSubpackets hashedSubpackets) {
+                        hashedSubpackets.setRegularExpression(fooBankRegex);
+                    }
+                })
+                .getCertifiedCertificate();
+
+        // Customer delegates trust to Foo CA
+        PGPPublicKeyRing customerDelegatedCaCert = PGPainless.certify()
+                .certificate(freshFooBankCaCert, Trustworthiness.fullyTrusted().introducer())
+                .withKey(freshFooBankCustomerKey, SecretKeyRingProtector.unprotectedKeys())
+                .buildWithSubpackets(new CertificationSubpackets.Callback() {
+                    @Override
+                    public void modifyHashedSubpackets(CertificationSubpackets hashedSubpackets) {
+                        hashedSubpackets.setRegularExpression(fooBankRegex);
+                    }
+                })
+                .getCertifiedCertificate();
+
+        PGPPublicKeyRing mergedFooCa = PGPPublicKeyRing.join(employeeDelegatedCaCert, adminDelegatedCaCert);
+        mergedFooCa = PGPPublicKeyRing.join(mergedFooCa, customerDelegatedCaCert);
+
+        // Foo Admin delegates trust to Bar CA
+        PGPPublicKeyRing fooAdminDelegatedBarCa = PGPainless.certify()
+                .certificate(freshBarBankCaCert, Trustworthiness.fullyTrusted().introducer())
+                .withKey(freshFooBankAdminKey, getFooBankAdminProtector())
+                .buildWithSubpackets(new CertificationSubpackets.Callback() {
+                    @Override
+                    public void modifyHashedSubpackets(CertificationSubpackets hashedSubpackets) {
+                        hashedSubpackets.setRegularExpression("<[^>]+[@.]barbank\\.com>$");
+                    }
+                }).getCertifiedCertificate();
+
+        // Bar Employee delegates Bar CA
+        PGPPublicKeyRing barEmployeeDelegatesBarCa = PGPainless.certify()
+                .certificate(freshBarBankCaCert, Trustworthiness.fullyTrusted().introducer())
+                .withKey(freshBarBankEmployeeKey, SecretKeyRingProtector.unprotectedKeys())
+                .buildWithSubpackets(new CertificationSubpackets.Callback() {
+                    @Override
+                    public void modifyHashedSubpackets(CertificationSubpackets hashedSubpackets) {
+                        hashedSubpackets.setRegularExpression(barBankRegex);
+                    }
+                })
+                .getCertifiedCertificate();
+
+        PGPPublicKeyRing mergedBarCa = PGPPublicKeyRing.join(fooAdminDelegatedBarCa, barEmployeeDelegatesBarCa);
+
+        // Bar CA signs Bar Employee
+        PGPPublicKeyRing barCaCertifiedEmployeeCert = PGPainless.certify()
+                .userIdOnCertificate("Bar Bank Employee <employee@barbank.com>", freshBarBankEmployeeCert)
+                .withKey(freshBarBankCaKey, SecretKeyRingProtector.unprotectedKeys())
+                .buildWithSubpackets(new CertificationSubpackets.Callback() {
+                    @Override
+                    public void modifyHashedSubpackets(CertificationSubpackets hashedSubpackets) {
+                        hashedSubpackets.addNotationData(false, "affiliation@barbank.com", "employee");
+                    }
+                })
+                .getCertifiedCertificate();
+
+        // CHECKSTYLE:OFF
+        System.out.println("Foo Employee");
+        System.out.println(PGPainless.asciiArmor(caCertifiedFooBankEmployeeCert));
+
+        System.out.println("Foo Admin");
+        System.out.println(PGPainless.asciiArmor(caCertifiedFooBankAdminCert));
+
+        System.out.println("Foo CA");
+        System.out.println(PGPainless.asciiArmor(mergedFooCa));
+
+        System.out.println("Bar CA");
+        System.out.println(PGPainless.asciiArmor(mergedBarCa));
+
+        System.out.println("Bar Employee");
+        System.out.println(PGPainless.asciiArmor(barCaCertifiedEmployeeCert));
+        // CHECKSTYLE:ON
+    }
+
+    private static InputStream getTestResourceInputStream(String resource) {
+        InputStream inputStream = WotTestVectors.class.getClassLoader().getResourceAsStream(resource);
+        if (inputStream == null) {
+            throw new IllegalArgumentException(String.format("Unknown resource %s", resource));
+        }
+        return inputStream;
+    }
+}
--- a/pgpainless-wot/src/testFixtures/resources/test_vectors/cross_signed/barbankCaCert.asc
+++ b/pgpainless-wot/src/testFixtures/resources/test_vectors/cross_signed/barbankCaCert.asc
@ -4,13 +4,13 @@ Comment: CEE5 FB5D C524 84A6 9B73  9FAD 7DA0 2993 D86B 0355
 Comment: Bar Bank CA <ca@barbank.com>

 mDMEYs1BgxYJKwYBBAHaRw8BAQdA3hOlkHAVyvTwePiifKnwLhkcJnswNidJ7dWo
-UKEQlZWIlAQfFgoARgUCYs1MVwkQ9fHjtTaNbKcWIQSmiOyyabOBYdpNc4/18eO1
-No1spxoGPFtePl0rW0AuXWJhcmJhbmtcLmNvbT4kAAOFAXgAAOfiAQCJIhMid48+
-8FS9IO76ELTYMsy0q/kBd4z3Gs+OYqM3ZQEAjyqoEKT8OHNC3zPkneE4bhsB21CH
-PMBe+pYcUE3tZAmIlAQfFgoARgUCYs1MVwkQitIzV+t4uwgWIQREeoKqA/fXpLHa
-TXyK0jNX63i7CBoGPFtePl0rW0AuXWJhcmJhbmtcLmNvbT4kAAOFAXgAAHb5AP99
-3BHUJhkpc6S0NiTsT1OKifmAuI9bRT++TIqEB6p7uwEA09k6Y59pjZhnISG4+KiK
-Y+ZhGKx6bbyGIXirwlssMQK0HEJhciBCYW5rIENBIDxjYUBiYXJiYW5rLmNvbT6I
+UKEQlZWIlAQfFgoARgUCZJWt6AkQ9fHjtTaNbKcWIQSmiOyyabOBYdpNc4/18eO1
+No1spxoGPFtePl0rW0AuXWJhcmJhbmtcLmNvbT4kAAOFAXgAAHnxAP9rqdEDC34F
+WJPwOOHK1CH37be5Wjuqn9BWIp9l6/yD8gD+K/uTS3gelgN9FeViSbPrrEANlupP
+YpJ1deeQDLysKgiIlAQfFgoARgUCZJWt6AkQitIzV+t4uwgWIQREeoKqA/fXpLHa
+TXyK0jNX63i7CBoGPFtePl0rW0AuXWJhcmJhbmtcLmNvbT4kAAOFAXgAAP0TAQC4
+N3en22vOpCEqJoKg1E32U/qC1n/aSw1fx3MyxfRY8AD8DGftkS8xhchtG9IfnwvQ
+ewk7f1+Z5xy5EjWrXHBVTQ+0HEJhciBCYW5rIENBIDxjYUBiYXJiYW5rLmNvbT6I
 jwQTFgoAQQUCYs1BgwkQfaApk9hrA1UWIQTO5ftdxSSEpptzn619oCmT2GsDVQKe
 AQKbAQUWAgMBAAQLCQgHBRUKCQgLApkBAABltgEA4Ob86bhjLa6Xg4wnzYIGH21W
 EUlc37BBaqwr4qvfsA4A/0BzOdTy3Wty5DkdMiA2yPOxIVuHbTD8pgqpne2yoegN
@ -24,5 +24,5 @@ w/vjcduqJwD+KW23+689GXtu4k3PW60GPsiue22lMGwZY7hsWvZB1hkBAPER8PMs
 0MJAQzcs2u6bYPMDI921umqX8Yvsob1kzs0FAAoJEH2gKZPYawNVdKwBAKz5zfwE
 KZ2dGPCsUJzAXfPxe0LmATcvS5g/LvAreD0KAQDfpfMFO2EqQu6wDt+e5MH3YCjG
 saYwvjB1elj1zhblAg==
-=O9uk
+=LYja
 -----END PGP PUBLIC KEY BLOCK-----
--- a/pgpainless-wot/src/testFixtures/resources/test_vectors/cross_signed/barbankEmployeeCert.asc
+++ b/pgpainless-wot/src/testFixtures/resources/test_vectors/cross_signed/barbankEmployeeCert.asc
@ -8,10 +8,10 @@ KPb6YGO0KEJhciBCYW5rIEVtcGxveWVlIDxlbXBsb3llZUBiYXJiYW5rLmNvbT6I
 jwQTFgoAQQUCYs1CXQkQitIzV+t4uwgWIQREeoKqA/fXpLHaTXyK0jNX63i7CAKe
 AQKbAQUWAgMBAAQLCQgHBRUKCQgLApkBAACgcgD7Bk2Hu+Lu3aA+IyzFyTQOw8zQ
 RUeA/X8neEIezYDTC+MA/jGFyiKW7b+6W3zgdIgiHMeWhG3Wx2oOC1izW2+tP2cJ
-iJ4EEBYKAFAFAmLNTFcJEH2gKZPYawNVFiEEzuX7XcUkhKabc5+tfaApk9hrA1Uo
-FIAAAAAAFwAIYWZmaWxpYXRpb25AYmFyYmFuay5jb21lbXBsb3llZQAAG4ABAMF2
-yTTckIjHNIyv7M8mcUx/zW++oJMxnhztT73cQeNxAQDVoyHqRgLpWR4lKw2b5IwE
-gw9KT9zIA9jveWufwgIvD7g4BGLNQl0SCisGAQQBl1UBBQEBB0Bq216nP4pw9r1F
+iJ4EEBYKAFAFAmSVregJEH2gKZPYawNVFiEEzuX7XcUkhKabc5+tfaApk9hrA1Uo
+FIAAAAAAFwAIYWZmaWxpYXRpb25AYmFyYmFuay5jb21lbXBsb3llZQAAJuwBAJF1
+HZu85/vWv+TUO6SlWoLgI48kZl6xClADx+5pffDGAP9cO0kpMS4Q7Kgbex7GJ916
+Z22KqHpWYXnK2M+N/lMXDrg4BGLNQl0SCisGAQQBl1UBBQEBB0Bq216nP4pw9r1F
 8OMcUWisYUvOePUeULPLYV+jX8UdBgMBCAeIdQQYFgoAHQUCYs1CXQKeAQKbDAUW
 AgMBAAQLCQgHBRUKCQgLAAoJEIrSM1freLsIo5QA/A9zDz8XrjtbJIK60J3kmwvY
 jynF9IkzyFTj4sNeHhJTAP92dTWvbogEwzPhBbofwzOT7PXg7laQ8v9eTqr50lWf
@ -21,5 +21,5 @@ CgAGBQJizUJdAAoJENG3C+ldSVbaPsAA/2giZHcGT0nyAojPds1IfIE97dyAlVgj
 fbTH3H4QNVsAAP9dpakDZya/q8M/wnZOyOBf+dHiUrvDbxiBo4tj2ANJBgAKCRCK
 0jNX63i7CMPgAP4ofxoiit/7nqvndk50NkiM9Ab0yTcLnjY+b28YMDLacwEApoEl
 I15NDk/uTXQRKtXrHKoORwSK3XRPSSGYgMOhkwQ=
-=LiUn
+=lmdc
 -----END PGP PUBLIC KEY BLOCK-----
--- a/pgpainless-wot/src/testFixtures/resources/test_vectors/cross_signed/foobankAdminCert.asc
+++ b/pgpainless-wot/src/testFixtures/resources/test_vectors/cross_signed/foobankAdminCert.asc
@ -8,10 +8,10 @@ mDMEYrcZeRYJKwYBBAHaRw8BAQdABkxvWXwHDD6B3hXYQehQkil3e3Gcg5mNbOdS
 QQUCYrcZeQkQ9fHjtTaNbKcWIQSmiOyyabOBYdpNc4/18eO1No1spwKeAQKbAQUW
 AgMBAAQLCQgHBRUKCQgLApkBAABPGwEAv0TWDMkJV6QiIgm8V4b9uIEzMpQku4UM
 FBHvMKXh0W8A/1pocJBG+K9srn8NJlPBul7duoNbkzzHANkytFVEBOgEiKMEEBYK
-AFUFAmLNTFYJEKFJBrdXMI7wFiEEMUVo/QiegSvLRR4roUkGt1cwjvAtFIAAAAAA
-FwANYWZmaWxpYXRpb25AZm9vYmFuay5jb21hZG1pbmlzdHJhdG9yAADddwEAkcJU
-aQfRbAkUvOp1zPUddQq6+a5C1y33d5s2n9gLqucBALy/kkbN5moNxEtcqTD5K1uD
-OFfEVEIOEAGE7ic1dWcMuDgEYrcZeRIKKwYBBAGXVQEFAQEHQDd1fqNPF27j+Z8B
+AFUFAmSVrecJEKFJBrdXMI7wFiEEMUVo/QiegSvLRR4roUkGt1cwjvAtFIAAAAAA
+FwANYWZmaWxpYXRpb25AZm9vYmFuay5jb21hZG1pbmlzdHJhdG9yAADYwQEApFq3
+DrsHhZAe3doEQEj6jEt+YJtJIhI/A9A1R5jFscMA/07baGWlJgEuQFD/fXDNQy0k
+/90/d4Fln84O9I5ztbIOuDgEYrcZeRIKKwYBBAGXVQEFAQEHQDd1fqNPF27j+Z8B
 PtbyoU6sp63UQfBhJrUKNFjpWNZrAwEIB4h1BBgWCgAdBQJitxl5Ap4BApsMBRYC
 AwEABAsJCAcFFQoJCAsACgkQ9fHjtTaNbKdmNwEAzTQAJ/ML5puyGHR9zCbuAonD
 B0lKoXlJeWX7YpsLSugA/3M4YgzpBfoRNbehCbc2hcd/hbW9gKQs2k2iCUYDoPIN
@ -21,5 +21,5 @@ AAYFAmK3GXkACgkQUqp0e41/iO+PswD+I+dgdOrj/jflr3D0Th8cugj9zFzwFYn9
 aaGmiee5wv8A/RvvJoiwHMTi3QPvR4zGdF5pibOccbWr/dggFjKXTmoFAAoJEPXx
 47U2jWynVbEBANEjxzV8KnujGor79Mc1ag9wxyDgihXRowsoKEnSkyHQAQD6n0Pf
 1q8fl7BxbreVeY+0HN2swKlO9TvO303a3X6/BQ==
-=WtDJ
+=jeYD
 -----END PGP PUBLIC KEY BLOCK-----
--- a/pgpainless-wot/src/testFixtures/resources/test_vectors/cross_signed/foobankCaCert.asc
+++ b/pgpainless-wot/src/testFixtures/resources/test_vectors/cross_signed/foobankCaCert.asc
@ -4,16 +4,16 @@ Comment: 3145 68FD 089E 812B CB45  1E2B A149 06B7 5730 8EF0
 Comment: Foo Bank CA <ca@foobank.com>

 mDMEYrcXbxYJKwYBBAHaRw8BAQdAPIIGHwbBzEIExd70jtw7uDvOymt0nU83uLqR
-4Og+cxCIlAQfFgoARgUCYs1MVgkQIa3PO58zSf4WIQQ7JP05RzLWqc9uBx4hrc87
-nzNJ/hoGPFtePl0rW0AuXWZvb2JhbmtcLmNvbT4kAAOFAXgAAD4CAPwIMuVG2f+b
-UfDsrtbQx8UO8TUnoRVHhwW/ogsp9Mop6AD/SoMIK1aNxzha56NOgCmAHo3hvdVp
-gflXu5SlMpDcBgyIlAQfFgoARgUCYs1MVwkQ9fHjtTaNbKcWIQSmiOyyabOBYdpN
-c4/18eO1No1spxoGPFtePl0rW0AuXWZvb2JhbmtcLmNvbT4kAAOFAXgAADS+AQD5
-L1q6IO6xnG7pz4iammO7yM5jseDKsnd06q1qXTOxRQEAsYz2dx0owhU+4qZwfEME
-kLIewdsBcjJurlXYDZJSkAuIlAQfFgoARgUCYs1MVwkQ+LtlEBaP0r8WIQQsTMpM
+4Og+cxCIlAQfFgoARgUCZJWt6AkQIa3PO58zSf4WIQQ7JP05RzLWqc9uBx4hrc87
+nzNJ/hoGPFtePl0rW0AuXWZvb2JhbmtcLmNvbT4kAAOFAXgAADn4AP0cJBVPkUi8
+/ZlpeHVmsJIXly3tE156HHLV3PKs7dw+fwEAtMm3ZKffZ/Vt+QpXtAtt5yNbzQ/f
+GeIU5r24oO8HCQGIlAQfFgoARgUCZJWt6AkQ9fHjtTaNbKcWIQSmiOyyabOBYdpN
+c4/18eO1No1spxoGPFtePl0rW0AuXWZvb2JhbmtcLmNvbT4kAAOFAXgAACNJAP4n
+cUOLxTP+O+0uButeYtfxVjl77pDsRwm6kmYc1aJLzAD+JKTnlQwIO+75cYQaWjH4
+ND/IT01S981sKhQ2AFwToQeIlAQfFgoARgUCZJWt6AkQ+LtlEBaP0r8WIQQsTMpM
 iRd/0ZHuo+D4u2UQFo/SvxoGPFtePl0rW0AuXWZvb2JhbmtcLmNvbT4kAAOFAXgA
-AKlYAQDO0czTk2j+CRpYLwH24UT0NZQGcImx/xW+XHUz40y/mgEAmvkBkS0yaDET
-94Nq1FpCL0oaheEybrXPzVT5+67Q2QW0HEZvbyBCYW5rIENBIDxjYUBmb29iYW5r
+AEXgAQCm+3f6BbvLttpX+SKO5my55M3p6XShjEF1ee9N6WP/YgEAmjn1aIlXD7SK
+83o6G4IS3ZbB9if/c/65rfZAT1qbrAm0HEZvbyBCYW5rIENBIDxjYUBmb29iYW5r
 LmNvbT6IjwQTFgoAQQUCYrcXbwkQoUkGt1cwjvAWIQQxRWj9CJ6BK8tFHiuhSQa3
 VzCO8AKeAQKbAQUWAgMBAAQLCQgHBRUKCQgLApkBAAD+HwEAzElDjL9DRUnWd4yK
 jNoB+yT6RAQ9kD6BgRs/vKyQtqcBANfIysKFneE0B4lExhh6hB2cGoMR/YMhJHSd
@ -27,5 +27,5 @@ CgkQKvTwayMtR7nA+wEAzKlKeGvOSUtp5R07BTmOchkP0T3sZ0L4MvBBtpAuU5YA
 /jNm1162I/ceEEtKgyKp0wC5pqYR0b+AWgB0tPaMfaoJAAoJEKFJBrdXMI7w608A
 /0nV1NXH/U0pRzmNNeRJWAMlFXUdxhhYSlqrqYf2GQRlAP9NR9iMwpA0gFP+Uey3
 bCNC8MxtZLKhPkz2Rz4pnnfaDA==
-=y1eO
+=X/+1
 -----END PGP PUBLIC KEY BLOCK-----
--- a/pgpainless-wot/src/testFixtures/resources/test_vectors/cross_signed/foobankEmployeeCert.asc
+++ b/pgpainless-wot/src/testFixtures/resources/test_vectors/cross_signed/foobankEmployeeCert.asc
@ -8,10 +8,10 @@ wMihWlu0KEZvbyBCYW5rIEVtcGxveWVlIDxlbXBsb3llZUBmb29iYW5rLmNvbT6I
 jwQTFgoAQQUCYrcZeQkQIa3PO58zSf4WIQQ7JP05RzLWqc9uBx4hrc87nzNJ/gKe
 AQKbAQUWAgMBAAQLCQgHBRUKCQgLApkBAAA1aAEAthiiVUcYiKVyzfzbrZLkQlTW
 NR6fu85fR5rPns2NUdwA/2vkrneDmkE04osRwUGLMh30iQzduQ3aFW0hEe2OmDUO
-iJ4EEBYKAFAFAmLNTFYJEKFJBrdXMI7wFiEEMUVo/QiegSvLRR4roUkGt1cwjvAo
-FIAAAAAAFwAIYWZmaWxpYXRpb25AZm9vYmFuay5jb21lbXBsb3llZQAAVjoBAOqF
-r5tscY9sx4sxEjgDJ+v4+Jd4KxU8bNljzde4BG+AAP9Dj2IhrpNe8CJJlncV2TC1
-55IXAr/DLYcKwzqEJrVxBLg4BGK3GXkSCisGAQQBl1UBBQEBB0ArMHy+cSuGxSdZ
+iJ4EEBYKAFAFAmSVrecJEKFJBrdXMI7wFiEEMUVo/QiegSvLRR4roUkGt1cwjvAo
+FIAAAAAAFwAIYWZmaWxpYXRpb25AZm9vYmFuay5jb21lbXBsb3llZQAA3OYBAMq8
+ab2X60syKLdT3iOvOQOivZdaFdt8U3XGi0rL7Y0XAP4yvika6/xaFUfEFMMCNMls
+7B6IVrLRll7eBQ2uVLwSAbg4BGK3GXkSCisGAQQBl1UBBQEBB0ArMHy+cSuGxSdZ
 ScGncoxzB9ZLioxTRlR5Mqd/M2rNGAMBCAeIdQQYFgoAHQUCYrcZeQKeAQKbDAUW
 AgMBAAQLCQgHBRUKCQgLAAoJECGtzzufM0n+vDoA/A3p3LMYSUcvELY9Af3nC6/4
 71r5B3MDnURShddOtcRyAP96J1i5ExKnC+Ltw36/QtyxfyHp9Pr9Fw6BX/zq4EFo
@ -21,5 +21,5 @@ CgAGBQJitxl5AAoJEJxjnlk3tCvcxesBAIf5xQYgRFfDeQlr63uglNCsvOXMa8BN
 LzgObT2nn8LrAQC+sqoWycLRFdFqg29E4OjhZd3iRvFWDoIfs67d9ywBDgAKCRAh
 rc87nzNJ/jWHAP4zs2k1MtV2eOcjUzdt8cfMsiHcD29uJsv6O628gqVdqgD/dvb5
 LPKxFPnfhSGOip0q2USrbBZLgupBjsNuVVu2IgM=
-=DqW1
+=WuLE
 -----END PGP PUBLIC KEY BLOCK-----