#535 Enable checking VID matchings while adding x509 certificate (#545)

* #535 VID scoped x509 certificates

- Enable checking of VID Scoping while adding X509 certificates

Signed-off-by: Abdulbois <abdulbois.tursunov@dsr-corporation.com>
Signed-off-by: Abdulbois <abdulbois123@gmail.com>

* #535 VID scoped x509 certificates

- Minor refactoring

Signed-off-by: Abdulbois <abdulbois.tursunov@dsr-corporation.com>
Signed-off-by: Abdulbois <abdulbois123@gmail.com>

* Fix error messages

---------

Signed-off-by: Abdulbois <abdulbois.tursunov@dsr-corporation.com>
Signed-off-by: Abdulbois <abdulbois123@gmail.com>
Co-authored-by: aziz.karabashov <aziz.karabashov@dsr-corporation.com>

integration_tests/cli/pki-add-vendor-x509-certificates.sh

@@ -0,0 +1,113 @@
+set -euo pipefail
+source integration_tests/cli/common.sh
+
+root_cert_with_vid_65521_subject="MIGYMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTEUMBIGCisGAQQBgqJ8AgEMBEZGRjE="
+root_cert_with_vid_65521_subject_key_id="CE:A8:92:66:EA:E0:80:BD:2B:B5:68:E4:0B:07:C4:FA:2C:34:6D:31"
+root_cert_with_vid_65521_path="integration_tests/constants/root_cert_with_vid"
+root_cert_with_vid_65521_vid=65521
+intermediate_cert_with_vid_subject="MIGuMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTEUMBIGCisGAQQBgqJ8AgEMBEZGRjExFDASBgorBgEEAYKifAICDARGRkYx"
+intermediate_cert_with_vid_subject_key_id="0E:8C:E8:C8:B8:AA:50:BC:25:85:56:B9:B1:9C:C2:C7:D9:C5:2F:17"
+intermediate_cert_with_vid_65521_path="integration_tests/constants/intermediate_cert_with_vid_1"
+intermediate_cert_with_vid_65522_path="integration_tests/constants/intermediate_cert_with_vid_2"
+intermediate_cert_with_vid_65521_serial_number="3"
+intermediate_cert_with_vid_65522_serial_number="4"
+intermediate_cert_with_vid_65521_vid=65521
+intermediate_cert_with_vid_65522_vid=65522
+
+trustee_account="jack"
+second_trustee_account="alice"
+
+test_divider
+
+echo "ADD VID SCOPED X509 CERTIFICATES"
+
+vendor_vid_65521=$root_cert_with_vid_65521_vid
+vendor_account_65521=vendor_account_$vendor_vid_65521
+echo "Create Vendor account - $vendor_account_65521"
+create_new_vendor_account $vendor_account_65521 $vendor_vid_65521
+
+echo "Propose and approve root certificate with vid=$root_cert_with_vid_65521_vid"
+result=$(echo "$passphrase" | dcld tx pki propose-add-x509-root-cert --certificate="$root_cert_with_vid_65521_path" --vid "$root_cert_with_vid_65521_vid" --from $trustee_account --yes)
+check_response "$result" "\"code\": 0"
+result=$(echo "$passphrase" | dcld tx pki approve-add-x509-root-cert --subject="$root_cert_with_vid_65521_subject" --subject-key-id="$root_cert_with_vid_65521_subject_key_id" --from $second_trustee_account --yes)
+check_response "$result" "\"code\": 0"
+
+echo "Add an intermediate certificate with vid=$intermediate_cert_with_vid_65521_vid by $vendor_account_65521 with vid=$vendor_vid_65521"
+result=$(echo "$passphrase" | dcld tx pki add-x509-cert --certificate="$intermediate_cert_with_vid_65521_path" --from $vendor_account_65521 --yes)
+check_response "$result" "\"code\": 0"
+
+echo "Request all approved root certificates."
+result=$(dcld query pki all-x509-certs)
+echo $result | jq
+check_response "$result" "\"subject\": \"$root_cert_with_vid_65521_subject\""
+check_response "$result" "\"subjectKeyId\": \"$root_cert_with_vid_65521_subject_key_id\""
+check_response "$result" "\"subject\": \"$intermediate_cert_with_vid_subject\""
+check_response "$result" "\"subjectKeyId\": \"$intermediate_cert_with_vid_subject_key_id\""
+check_response "$result" "\"serialNumber\": \"$intermediate_cert_with_vid_65521_serial_number\""
+
+echo "Try to add an intermediate certificate with vid=$intermediate_cert_with_vid_65522_vid by $vendor_account_65521 with vid=$vendor_vid_65521"
+result=$(echo "$passphrase" | dcld tx pki add-x509-cert --certificate="$intermediate_cert_with_vid_65522_path" --from $vendor_account_65521 --yes)
+check_response "$result" "\"code\": 440"
+
+echo "Request all approved root certificates should not contain intermediate cert with serialNumber=$intermediate_cert_with_vid_65522_serial_number"
+result=$(dcld query pki all-x509-certs)
+echo $result | jq
+check_response "$result" "\"subject\": \"$root_cert_with_vid_65521_subject\""
+check_response "$result" "\"subject\": \"$intermediate_cert_with_vid_subject\""
+check_response "$result" "\"subjectKeyId\": \"$root_cert_with_vid_65521_subject_key_id\""
+check_response "$result" "\"subjectKeyId\": \"$intermediate_cert_with_vid_subject_key_id\""
+check_response "$result" "\"serialNumber\": \"$intermediate_cert_with_vid_65521_serial_number\""
+response_does_not_contain "$result" "\"serialNumber\": \"$intermediate_cert_with_vid_65522_serial_number\""
+
+root_cert_with_no_vid_path="integration_tests/constants/paa_cert_no_vid"
+root_cert_with_no_vid_subject="MBoxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBQQ=="
+root_cert_with_no_vid_subject_key_id="78:5C:E7:05:B8:6B:8F:4E:6F:C7:93:AA:60:CB:43:EA:69:68:82:D5"
+intermediate_cert_with_vid_65522_path="integration_tests/constants/pai_cert_numeric_vid"
+intermediate_cert_with_vid_65522_subject="MDAxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBSTEUMBIGCisGAQQBgqJ8AgEMBEZGRjI="
+intermediate_cert_with_vid_65522_subject_key_id="61:3D:D0:87:35:5E:F0:8B:AE:01:E4:C6:9A:8F:C7:3D:AC:8C:7D:FD"
+intermediate_cert_with_vid_65522_vid=65522
+intermediate_cert_with_vid_65522_serial_number="4428370313154203676"
+
+echo "Propose and approve non-vid root certificate"
+result=$(echo "$passphrase" | dcld tx pki propose-add-x509-root-cert --certificate="$root_cert_with_no_vid_path" --vid "65522" --from $trustee_account --yes)
+check_response "$result" "\"code\": 0"
+result=$(echo "$passphrase" | dcld tx pki approve-add-x509-root-cert --subject="$root_cert_with_no_vid_subject" --subject-key-id="$root_cert_with_no_vid_subject_key_id" --from $second_trustee_account --yes)
+check_response "$result" "\"code\": 0"
+
+vendor_vid_65523=65523
+vendor_account_65523=vendor_account_$vendor_vid_65523
+echo "Create Vendor account - $vendor_account_65523"
+create_new_vendor_account $vendor_account_65523 $vendor_vid_65523
+
+echo "Try to add an intermediate certificate with vid=$intermediate_cert_with_vid_65522_vid by $vendor_account_65523 with vid=$vendor_vid_65523"
+result=$(echo "$passphrase" | dcld tx pki add-x509-cert --certificate="$intermediate_cert_with_vid_65522_path" --from $vendor_account_65523 --yes)
+check_response "$result" "\"code\": 439"
+
+echo "Request all approved root certificates should not contain intermediate cert with serialNumber=$intermediate_cert_with_vid_65522_serial_number"
+result=$(dcld query pki all-x509-certs)
+echo $result | jq
+check_response "$result" "\"subject\": \"$root_cert_with_no_vid_subject\""
+check_response "$result" "\"subjectKeyId\": \"$root_cert_with_no_vid_subject_key_id\""
+response_does_not_contain "$result" "\"subject\": \"$intermediate_cert_with_vid_65522_subject\""
+response_does_not_contain "$result" "\"subjectKeyId\": \"$intermediate_cert_with_vid_65522_subject_key_id"
+response_does_not_contain "$result" "\"serialNumber\": \"$intermediate_cert_with_vid_65522_serial_number\""
+
+vendor_vid_65522=65522
+vendor_account_65522=vendor_account_$vendor_vid_65522
+echo "Create Vendor account - $vendor_account_65522"
+create_new_vendor_account $vendor_account_65522 $vendor_vid_65522
+
+echo "Add an intermediate certificate with vid=$intermediate_cert_with_vid_65522_vid by $vendor_account_65522 with vid=$vendor_vid_65522"
+result=$(echo "$passphrase" | dcld tx pki add-x509-cert --certificate="$intermediate_cert_with_vid_65522_path" --from $vendor_account_65522 --yes)
+check_response "$result" "\"code\": 0"
+
+echo "Request all approved root certificates should contain intermediate cert with serialNumber=$intermediate_cert_with_vid_65522_serial_number"
+result=$(dcld query pki all-x509-certs)
+echo $result | jq
+check_response "$result" "\"subject\": \"$root_cert_with_no_vid_subject\""
+check_response "$result" "\"subjectKeyId\": \"$root_cert_with_no_vid_subject_key_id\""
+check_response "$result" "\"subject\": \"$intermediate_cert_with_vid_65522_subject\""
+check_response "$result" "\"subjectKeyId\": \"$intermediate_cert_with_vid_65522_subject_key_id"
+check_response "$result" "\"serialNumber\": \"$intermediate_cert_with_vid_65522_serial_number\""
+
+test_divider

integration_tests/constants/constants.go

@@ -315,8 +315,11 @@ CU3r1RXsbs8zuBEVIl8yUogwHwYDVR0jBBgwFoAUav0idx9RH+y/FkGXZxDc3DGh
 cX4wCgYIKoZIzj0EAwIDSAAwRQIhAJbJyM8uAYhgBdj1vHLAe3X9mldpWsSRETET
 i+oDPOUDAiAlVJQ75X1T1sR199I+v8/CA2zSm6Y5PsfvrYcUq3GCGQ==
 -----END CERTIFICATE-----`
-	PAICertWithNumericPidVidVid = 65521
-	PAICertWithNumericPidVidPid = 32768
+
+	PAICertWithNumericPidVidSubject      = "MEYxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBSTEUMBIGCisGAQQBgqJ8AgEMBEZGRjExFDASBgorBgEEAYKifAICDAQ4MDAw"
+	PAICertWithNumericPidVidSubjectKeyID = "AF:42:B7:09:4D:EB:D5:15:EC:6E:CF:33:B8:11:15:22:5F:32:52:88"
+	PAICertWithNumericPidVidVid          = 65521
+	PAICertWithNumericPidVidPid          = 32768
 
 	PAICertWithPidVid = `
 -----BEGIN CERTIFICATE-----
@@ -346,6 +349,9 @@ Q+ppaILVMAoGCCqGSM49BAMCA0gAMEUCIQDfwJ3oS/qVbWDW/vTirREL3iIqMogw
 pn4/F7keUYUaeAIgce2XGOSIsrjPlUQ1zj/zLqUFVhQ8TyycBaIK8z7Uytk=
 -----END CERTIFICATE-----`
 
+	PAICertWithNumericVidSubject      = "MDAxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBSTEUMBIGCisGAQQBgqJ8AgEMBEZGRjI="
+	PAICertWithNumericVidSubjectKeyID = "61:3D:D0:87:35:5E:F0:8B:AE:01:E4:C6:9A:8F:C7:3D:AC:8C:7D:FD"
+
 	PAICertWithVid = `-----BEGIN CERTIFICATE-----
 MIIBmzCCAUKgAwIBAgIIIt8JcSeGaqMwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwP
 TWF0dGVyIFRlc3QgUEFBMCAXDTIxMDYyODE0MjM0M1oYDzk5OTkxMjMxMjM1OTU5
@@ -439,6 +445,7 @@ p6lc3hTEQsQZsUwVzH74wu+whWZdKHHrEY7rONc/QiLmwZl+w2nGs+S62z20GueU
 XSNIRw5NvAwLCvnog8A47MIqpuF211kdKvu2QFM/ekMvduL8BpkIFVKULSOY1t9d
 XPz2ZlXABob+/ovGOyGPDw/3tUmlBXU=
 -----END CERTIFICATE-----`
+
 	RootCertWithSameSubjectAndSKID2 = `-----BEGIN CERTIFICATE-----
 MIID0zCCArugAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMx
 ETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwP
@@ -462,6 +469,7 @@ BQADggEBAENwaLKvyNz0IW1BNH2eTYNvgFl4f/I1pVYPOlA0O0ZB4BupqtgfKdTF
 XWQLy4RZmLIkrm7vj3uFWRpi7lOBkAPOgCm04RTYqJJwnI0UeJmvaxoFd42J+k3D
 xEsSrRoqMgkOX01+kkNn8Ugv3bEfeJ4=
 -----END CERTIFICATE-----`
+
 	IntermediateWithSameSubjectAndSKID1 = `-----BEGIN CERTIFICATE-----
 MIIDlTCCAn2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMx
 ETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwP
@@ -484,6 +492,7 @@ xfBPUaspjiGALO8hBKlbVxt0RWv5MGyg2JJbSt9Ijexa6aoLzynq5gpSoEfQABUp
 wbfDZe4Cbio4ndASlsbtpo/5ZOuQKn9Wp54meOotFDrFntnD7XFohxMJc5YY0F1q
 Yk3FHd02VN0M
 -----END CERTIFICATE-----`
+
 	IntermediateWithSameSubjectAndSKID2 = `-----BEGIN CERTIFICATE-----
 MIIDlTCCAn2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMx
 ETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwP
@@ -526,6 +535,57 @@ fjlqLDHoQ1UhBmEnocFTqd7QEZtUbRWPnlJw0ZK2uFK7IYmlnBKkewPCLVGI3ihx
 al/8sTx3xx7fWpS+rJ3jviCpHgP+cGV/ANg8hOlyr68u0FE+x6pye00TmxcFzDuo
 5/OA9jGQln82Z8inmc05wZPQPpjZxdCQteqJkNl7PrklgO5EevG9JlUArIets2Py
 2Vciq5eYOIi+PlP+HI5QzlZYxSqFjJrFcfzYCJ4=
+-----END CERTIFICATE-----`
+
+	RootCertWithVid = `-----BEGIN CERTIFICATE-----
+MIICdDCCAhmgAwIBAgIBATAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP
+BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhh
+bXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD
+DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDIy
+NjExNTQzMVoYDzMwMjMwNjI5MTE1NDMxWjCBmDELMAkGA1UEBhMCVVMxETAPBgNV
+BAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhhbXBs
+ZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93
+d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEDcguargOjH5nh4SCsflFk1ACqNBOR6Wua8huVYPBfse6
+uwfkgmyTJrCBCUAq9ayPD83jPVor1NN9YAx/V0zbsKNQME4wHQYDVR0OBBYEFM6o
+kmbq4IC9K7Vo5AsHxPosNG0xMB8GA1UdIwQYMBaAFM6okmbq4IC9K7Vo5AsHxPos
+NG0xMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOdYHo1krgzyV+CT
+G+RKcYoxHr6YS9ddNOJibjBx/I63AiEAxNl6kcOH0Rovwi2wySHvTD26kfUYJAmi
+HGBcCo5whZU=
+-----END CERTIFICATE-----`
+
+	IntermediateCertWithVid1 = `-----BEGIN CERTIFICATE-----
+MIICejCCAiGgAwIBAgIBAzAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP
+BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhh
+bXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD
+DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDIy
+NjEyMDczMloYDzMwMjMwNjI5MTIwNzMyWjCBrjELMAkGA1UEBhMCVVMxETAPBgNV
+BAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhhbXBs
+ZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93
+d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMRQwEgYKKwYBBAGC
+onwCAgwERkZGMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOTNh8u27CnRGdj0
+G0/z0oo9rsKcpgUogQ8fYYEg/QClYFHJuhFbf1M+VdeMScbllpt4kGH2ih7aU1b7
+1jRkVsyjQjBAMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME
+GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAKBggqhkjOPQQDAgNHADBEAiAOQSIQ
+sdClGJ86LQ1p7e+kb0Dg+YsyxIv2XHdUvIVn2gIgBkbzBccRbDG3p/+gnPhF+7xP
+T/SKbO+GZvoizizl6Gc=
+-----END CERTIFICATE-----`
+
+	IntermediateCertWithVid2 = `-----BEGIN CERTIFICATE-----
+MIICezCCAiGgAwIBAgIBBDAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP
+BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhh
+bXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD
+DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDIy
+NjEzMDcwNVoYDzMwMjMwNjI5MTMwNzA1WjCBrjELMAkGA1UEBhMCVVMxETAPBgNV
+BAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhhbXBs
+ZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93
+d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYyMRQwEgYKKwYBBAGC
+onwCAgwERkZGMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOTNh8u27CnRGdj0
+G0/z0oo9rsKcpgUogQ8fYYEg/QClYFHJuhFbf1M+VdeMScbllpt4kGH2ih7aU1b7
+1jRkVsyjQjBAMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME
+GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAKBggqhkjOPQQDAgNIADBFAiEAkApx
+PWFFDoptmYnsW1QhKqrcD+xmFgJA4SWTH5Q1efMCIDWqdG0sAgum+FphfM4HF6XV
+M6mDL6NurBAW1pJlg8OT
 -----END CERTIFICATE-----`
 
 	RootIssuer        = "MDQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRAwDgYDVQQKDAdyb290LWNh"
@@ -590,4 +650,15 @@ al/8sTx3xx7fWpS+rJ3jviCpHgP+cGV/ANg8hOlyr68u0FE+x6pye00TmxcFzDuo
 	DataDigest                = "9a5d2c1f4b3e6f8d7b1a0c9e2f5d8b7"
 
 	TestCertPemVid = 4701
+
+	RootCertWithVidSubject      = "MIGYMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTEUMBIGCisGAQQBgqJ8AgEMBEZGRjE="
+	RootCertWithVidSubjectKeyID = "CE:A8:92:66:EA:E0:80:BD:2B:B5:68:E4:0B:07:C4:FA:2C:34:6D:31"
+	RootCertWithVidVid          = 65521
+
+	IntermediateCertWithVidSubject       = "MIGuMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTEUMBIGCisGAQQBgqJ8AgEMBEZGRjExFDASBgorBgEEAYKifAICDARGRkYx"
+	IntermediateCertWithVidSubjectKeyID  = "0E:8C:E8:C8:B8:AA:50:BC:25:85:56:B9:B1:9C:C2:C7:D9:C5:2F:17"
+	IntermediateCertWithVid1SerialNumber = "3"
+	IntermediateCertWithVid2SerialNumber = "4"
+	IntermediateCertWithVid1Vid          = 65521
+	IntermediateCertWithVid2Vid          = 65522
 )

integration_tests/constants/intermediate_cert_with_vid_1

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICejCCAiGgAwIBAgIBAzAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP
+BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhh
+bXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD
+DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDIy
+NjEyMDczMloYDzMwMjMwNjI5MTIwNzMyWjCBrjELMAkGA1UEBhMCVVMxETAPBgNV
+BAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhhbXBs
+ZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93
+d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMRQwEgYKKwYBBAGC
+onwCAgwERkZGMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOTNh8u27CnRGdj0
+G0/z0oo9rsKcpgUogQ8fYYEg/QClYFHJuhFbf1M+VdeMScbllpt4kGH2ih7aU1b7
+1jRkVsyjQjBAMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME
+GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAKBggqhkjOPQQDAgNHADBEAiAOQSIQ
+sdClGJ86LQ1p7e+kb0Dg+YsyxIv2XHdUvIVn2gIgBkbzBccRbDG3p/+gnPhF+7xP
+T/SKbO+GZvoizizl6Gc=
+-----END CERTIFICATE-----

integration_tests/constants/intermediate_cert_with_vid_2

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICezCCAiGgAwIBAgIBBDAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP
+BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhh
+bXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD
+DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDIy
+NjEzMDcwNVoYDzMwMjMwNjI5MTMwNzA1WjCBrjELMAkGA1UEBhMCVVMxETAPBgNV
+BAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhhbXBs
+ZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93
+d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYyMRQwEgYKKwYBBAGC
+onwCAgwERkZGMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOTNh8u27CnRGdj0
+G0/z0oo9rsKcpgUogQ8fYYEg/QClYFHJuhFbf1M+VdeMScbllpt4kGH2ih7aU1b7
+1jRkVsyjQjBAMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME
+GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAKBggqhkjOPQQDAgNIADBFAiEAkApx
+PWFFDoptmYnsW1QhKqrcD+xmFgJA4SWTH5Q1efMCIDWqdG0sAgum+FphfM4HF6XV
+M6mDL6NurBAW1pJlg8OT
+-----END CERTIFICATE-----

integration_tests/constants/root_cert_with_vid

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICdDCCAhmgAwIBAgIBATAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP
+BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhh
+bXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD
+DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDIy
+NjExNTQzMVoYDzMwMjMwNjI5MTE1NDMxWjCBmDELMAkGA1UEBhMCVVMxETAPBgNV
+BAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhhbXBs
+ZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93
+d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEDcguargOjH5nh4SCsflFk1ACqNBOR6Wua8huVYPBfse6
+uwfkgmyTJrCBCUAq9ayPD83jPVor1NN9YAx/V0zbsKNQME4wHQYDVR0OBBYEFM6o
+kmbq4IC9K7Vo5AsHxPosNG0xMB8GA1UdIwQYMBaAFM6okmbq4IC9K7Vo5AsHxPos
+NG0xMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOdYHo1krgzyV+CT
+G+RKcYoxHr6YS9ddNOJibjBx/I63AiEAxNl6kcOH0Rovwi2wySHvTD26kfUYJAmi
+HGBcCo5whZU=
+-----END CERTIFICATE-----