CMAKE_MINIMUM_REQUIRED(VERSION 2.6)
-PROJECT(certsvc C)
+PROJECT(certsvc)
+
+SET(CMAKE_VERBOSE_MAKEFILE off)
SET(PREFIX ${CMAKE_INSTALL_PREFIX})
SET(EXEC_PREFIX "\${prefix}")
SET(INCLUDEDIR "\${prefix}/include")
SET(VERSION_MAJOR 1)
SET(VERSION "${VERSION_MAJOR}.0.0")
+SET(TARGET_VCORE_LIB "cert-svc-vcore")
INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include)
INCLUDE(FindPkgConfig)
-pkg_check_modules(pkgs REQUIRED openssl dlog)
+pkg_check_modules(pkgs REQUIRED openssl dlog glib-2.0)
FOREACH(flag ${pkgs_CFLAGS})
SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -fvisibility=hidden")
SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS}")
+SET(CMAKE_SHARED_LINKER_FLAGS "-Wl,--as-needed")
+SET(CMAKE_EXE_LINKER_FLAGS "-Wl,--as-needed")
+SET(CMAKE_SKIP_RPATH "TRUE")
+SET(CMAKE_CXX_FLAGS "-O2 -std=c++0x -g -Wall")
###################################################################################################
# for libcert-svc.so
SET(libcert-svc_CPPFLAGS " -DPIC ")
ADD_LIBRARY(cert-svc SHARED ${libcert-svc_SOURCES})
-TARGET_LINK_LIBRARIES(cert-svc ${pkgs_LDFLAGS} -L${prefix}/lib -lpthread)
+TARGET_LINK_LIBRARIES(cert-svc ${pkgs_LDFLAGS} ${pkgs_LIBRARIES} -L${prefix}/lib -lpthread)
SET_TARGET_PROPERTIES(cert-svc PROPERTIES COMPILE_FLAGS "${libcert-svc_CFLAGS} ${libcert-svc_CPPFLAGS}")
SET_TARGET_PROPERTIES(cert-svc PROPERTIES SOVERSION ${VERSION_MAJOR})
SET_TARGET_PROPERTIES(cert-svc PROPERTIES VERSION ${VERSION})
###################################################################################################
CONFIGURE_FILE(cert-svc.pc.in cert-svc.pc @ONLY)
+CONFIGURE_FILE(cert-svc-vcore.pc.in cert-svc-vcore.pc @ONLY)
+
+INSTALL(TARGETS cert-svc DESTINATION /usr/lib COMPONENT RuntimeLibraries)
+INSTALL(PROGRAMS ${CMAKE_BINARY_DIR}/dpkg-pki-sig DESTINATION /usr/bin)
+INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/cert-svc.pc DESTINATION /usr/lib/pkgconfig)
+INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/cert-svc-vcore.pc DESTINATION /usr/lib/pkgconfig)
+INSTALL(FILES ${PROJECT_SOURCE_DIR}/targetinfo DESTINATION /opt/share/cert-svc/)
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/include/cert-service.h DESTINATION /usr/include)
+
+# Now we must create empty directory for certificates.
+# Without this directories rpm package will fail during build.
+INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
+ DESTINATION /usr/share/cert-svc/ca-certs/code-signing/native
+ FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
+)
+INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
+ DESTINATION /usr/share/cert-svc/ca-certs/code-signing/wac
+ FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
+)
+INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
+ DESTINATION /opt/share/cert-svc/certs/code-signing/wac
+ FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
+)
+INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
+ DESTINATION /opt/share/cert-svc/certs/sim/operator
+ FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
+)
+INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
+ DESTINATION /opt/share/cert-svc/certs/sim/thirdparty
+ FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
+)
+INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
+ DESTINATION /opt/share/cert-svc/certs/ssl
+ FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
+)
+INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
+ DESTINATION /opt/share/cert-svc/certs/user
+ FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
+)
+INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
+ DESTINATION /opt/share/cert-svc/certs/trusteduser
+ FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
+)
+INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
+ DESTINATION /opt/share/cert-svc/certs/mdm/security
+ FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
+)
+INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
+ DESTINATION /opt/share/cert-svc/certs/mdm/security/cert
+ FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
+)
-INSTALL(TARGETS cert-svc DESTINATION lib COMPONENT RuntimeLibraries)
-INSTALL(PROGRAMS ${CMAKE_BINARY_DIR}/dpkg-pki-sig DESTINATION bin)
-INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/cert-svc.pc DESTINATION lib/pkgconfig)
-INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/targetinfo DESTINATION /opt/share/cert-svc/)
-INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/include/cert-service.h DESTINATION include)
+ADD_SUBDIRECTORY(vcore)
+ADD_SUBDIRECTORY(etc)
+ADD_SUBDIRECTORY(tests)
-Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd. All rights reserved.
+Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved.
Apache License
Version 2.0, January 2004
same "printed page" as the copyright notice for easier
identification within third-party archives.
- Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
--- /dev/null
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=${prefix}/lib
+includedir=${prefix}/include/cert-svc
+
+Name: cert-svc-vcore
+Description: cert-svc-vcore
+Version: @VERSION@
+Requires: cert-svc libxml-2.0 libxslt openssl libsoup-2.4 dpl-efl secure-storage xmlsec1
+Libs: -lcert-svc-vcore -L${libdir}
+Cflags: -I${includedir}
+
+cert-svc (1.0.1-31) unstable; urgency=low
+
+ * Add dependencies to xmlsec1 and libxml-2.0.
+
+ * Git : framework/security/cert-svc
+ * Tag : cert-svc_1.0.1-31
+
+ -- Bartlomiej Grzelewski <b.grzelewski@samsung.com> Thu, 17 Aug 2012 10:45:00 +0200
+
+cert-svc (1.0.1-30) unstable; urgency=low
+
+ * Remove UI from cert-svc repository.
+
+ * Git : slp/pkgs/c/cert-svc
+ * Tag : cert-svc_1.0.1-30
+
+ -- Bartlomiej Grzelewski <b.grzelewski@samsung.com> Thu, 16 Aug 2012 16:25:00 +0200
+
+cert-svc (1.0.1-29) unstable; urgency=low
+
+ * Fixed cert-svc-vcore pc file
+
+ * Git : slp/pkgs/c/cert-svc
+ * Tag : cert-svc_1.0.1-29
+
+ -- Tomasz Swierczek <t.swierczek@samsung.com> Tue, 14 Aug 2012 10:12:00 +0200
+
+
+cert-svc (1.0.1-28) unstable; urgency=low
+
+ * Remove "com.samsung" from source
+ * Add an "delete pkcs12/pfx" funcionality and screen to Cert UI
+ * Switch dependencies from ui-gadget to ui-gadget-1
+ * Link ubuntu certificates into cert-svc store.
+ * Fix api.
+
+ * Git : framework/security/cert-svc
+ * Tag : cert-svc_1.0.1-28
+
+ -- Tomasz Swierczek <t.swierczek@samsung.com> Mon, 13 Aug 2012 18:51:00 +0200
+
+cert-svc (1.0.1-27) unstable; urgency=low
+
+ * Selection screen added as separate EFL gadget
+
+ * Git : slp/pkgs/c/cert-svc
+ * Tag : cert-svc_1.0.1-27
+
+ -- Tomasz Swierczek <t.swierczek@samsung.com> Tue, 31 Jul 2012 17:14:00 +0200
+
+cert-svc (1.0.1-26) unstable; urgency=low
+
+ * Selection screen runs correctly with another EFL app
+ * Added test for selection screen
+ * Corrected comments in cert-ui-api.h
+
+ * Git : slp/pkgs/c/cert-svc
+ * Tag : cert-svc_1.0.1-26
+
+ -- Tomasz Swierczek <t.swierczek@samsung.com> Wed, 25 Jul 2012 18:39:00 +0200
+
+cert-svc (1.0.1-25) unstable; urgency=low
+
+ * another RPMization
+ * added selection screen
+ * added pkcs12 container install/browse menu
+ * added cert-svc-ui-api library
+
+ * Git : slp/pkgs/c/cert-svc
+ * Tag : cert-svc_1.0.1-25
+
+ -- Tomasz Swierczek <t.swierczek@samsung.com> Tue, 24 Jul 2012 22:55:00 +0200
+
+cert-svc (1.0.1-24) unstable; urgency=low
+
+ * added selection screen
+ * added pkcs12 container install/browse menu
+ * added cert-svc-ui-api library
+
+ * Git : slp/pkgs/c/cert-svc
+ * Tag : cert-svc_1.0.1-24
+
+ -- Tomasz Swierczek <t.swierczek@samsung.com> Tue, 24 Jul 2012 22:55:00 +0200
+
+cert-svc (1.0.1-23) unstable; urgency=low
+
+ * Redebianized.
+ * Remove deprecated dependency from tapi and pkgmgr.
+
+ * Git : slp/pkgs/c/cert-svc
+ * Tag : cert-svc_1.0.1-23
+
+ -- Bartlomiej Grzelewski <b.grzelewski@samsung.com> Mon, 18 Jul 2012 18:05:11 +0100
+
+cert-svc (1.0.1-22) unstable; urgency=low
+
+ * Redebianized.
+ * Remove deprecated function call from lib.
+
+ * Git : slp/pkgs/c/cert-svc
+ * Tag : cert-svc_1.0.1-22
+
+ -- Bartlomiej Grzelewski <b.grzelewski@samsung.com> Mon, 17 Jul 2012 18:15:00 +0100
+
+cert-svc (1.0.1-19) unstable; urgency=low
+
+ * Redebianized
+
+ * Git : slp/pkgs/c/cert-svc
+ * Tag : cert-svc_1.0.1-19
+
+ -- Tomasz Swierczek <t.swierczek@samsung.com> Mon, 04 Jun 2012 17:41:00 +0100
+
+cert-svc (1.0.1-18) unstable; urgency=low
+
+ * Move VCore to cert-svc repository
+ * Add test for vcore c-api.
+ * Added Cert UI Package
+
+ * Git : slp/pkgs/c/cert-svc
+ * Tag : cert-svc_1.0.1-18
+
+ -- Tomasz Swierczek <t.swierczek@samsung.com> Mon, 04 Jun 2012 17:20:00 +0100
+
cert-svc (1.0.1-17) unstable; urgency=low
- * add certificate store for MDM
- * Git: pkgs/c/cert-svc
+ * add certificate store for MDM
+ * Git: slp/pkgs/c/cert-svc
* Tag: cert-svc_1.0.1-17
-- Kidong Kim <kd0228.kim@samsung.com> Thu, 02 Feb 2012 09:29:17 +0900
* 11/12/21
* - remove self-signed certificate from certificate chain
- * Git: pkgs/c/cert-svc
+ * Git: slp/pkgs/c/cert-svc
* Tag: cert-svc_1.0.1-16
-- Kidong Kim <kd0228.kim@samsung.com> Wed, 21 Dec 2011 10:06:41 +0900
* 11/12/07
* - add boiler-plate on testcases
- * Git: pkgs/c/cert-svc
+ * Git: 165.213.180.234:slp/pkgs/c/cert-svc
* Tag: cert-svc_1.0.1-15
-- Kidong Kim <kd0228.kim@samsung.com> Wed, 07 Dec 2011 09:47:17 +0900
+
+cert-svc (1.0.1-14) unstable; urgency=low
+
+ * 11/12/02
+ * - change license : LGPL -> apache
+ * Git: 165.213.180.234:slp/pkgs/c/cert-svc
+ * Tag: cert-svc_1.0.1-14
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Fri, 02 Dec 2011 16:59:02 +0900
+
+cert-svc (1.0.1-13) unstable; urgency=low
+
+ * 11/11/30
+ * - make all certificate stores and change ownership and permission of those
+ * - use dlog instead of console(fprintf) for logging
+ * - get length of private key when using PFX format certificate
+ * Git: 165.213.180.234:slp/pkgs/c/cert-svc
+ * Tag: cert-svc_1.0.1-13
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Wed, 30 Nov 2011 16:17:49 +0900
+
+cert-svc (1.0.1-12) unstable; urgency=low
+
+ * add testcases
+ * Git: 165.213.180.234:slp/pkgs/c/cert-svc
+ * Tag: cert-svc_1.0.1-12
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Fri, 14 Oct 2011 14:00:11 +0900
+
+cert-svc (1.0.1-11) unstable; urgency=low
+
+ * fix dependency problem
+ * Git: 165.213.180.234:slp/pkgs/c/cert-svc
+ * Tag: cert-svc_1.0.1-11
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Mon, 29 Aug 2011 09:39:01 +0900
+
+cert-svc (1.0.1-10) unstable; urgency=low
+
+ * remove dnet dependency
+ * Git: 165.213.180.234:slp/pkgs/c/cert-svc
+ * Tag: cert-svc_1.0.1-10
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Fri, 26 Aug 2011 10:18:08 +0900
+
+cert-svc (1.0.1-9) unstable; urgency=low
+
+ * fix name field parsing problem (temp)
+ * Git: 165.213.180.234:slp/pkgs/c/cert-svc
+ * Tag: cert-svc_1.0.1-9
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Mon, 25 Jul 2011 17:22:13 +0900
+
+cert-svc (1.0.1-8) unstable; urgency=low
+
+ * fix search problem
+ * Git: 165.213.180.234:slp/pkgs/c/cert-svc
+ * Tag: cert-svc_1.0.1-8
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Thu, 14 Jul 2011 10:04:11 +0900
+
+cert-svc (1.0.1-7) unstable; urgency=low
+
+ * fix install bug
+ * Git: 165.213.180.234:slp/pkgs/c/cert-svc
+ * Tag: cert-svc_1.0.1-7
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Wed, 13 Jul 2011 12:27:53 +0900
+
+cert-svc (1.0.1-6) unstable; urgency=low
+
+ * fix boiler-plate
+ * Git: 165.213.180.234:slp/pkgs/c/cert-svc
+ * Tag: cert-svc_1.0.1-6
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Wed, 13 Jul 2011 10:12:13 +0900
+
+cert-svc (1.0.1-5) unstable; urgency=low
+
+ * fix bug - verify certificate, postinst
+ * Git: 165.213.180.234:slp/pkgs/c/cert-svc
+ * Tag: cert-svc_1.0.1-5
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Thu, 23 Jun 2011 15:27:48 +0900
+
+cert-svc (1.0.1-4) unstable; urgency=low
+
+ * fix bug - cannot calculate message length if message is not character string
+ * Git: 165.213.180.234:slp/pkgs/c/cert-svc
+ * Tag: cert-svc_1.0.1-4
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Sat, 18 Jun 2011 12:56:47 +0900
+
+cert-svc (1.0.1-3) unstable; urgency=low
+
+ * fix full-build error
+ * Git: 165.213.180.234:slp/pkgs/c/cert-svc
+ * Tag: cert-svc_1.0.1-3
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Tue, 14 Jun 2011 10:15:33 +0900
+
+cert-svc (1.0.1-2) unstable; urgency=low
+
+ * fix installation bug
+ * Git: 165.213.180.234:slp/pkgs/c/cert-svc
+ * Tag: cert-svc_1.0.1-2
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Sat, 11 Jun 2011 10:36:30 +0900
+
+cert-svc (1.0.1-1) unstable; urgency=low
+
+ * add dpkg-pki-sig, fix some bugs
+ * Git: 165.213.180.234:slp/pkgs/c/cert-svc
+ * Tag: cert-svc_1.0.1-1
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Fri, 10 Jun 2011 11:38:26 +0900
+
+cert-svc (1.0.0-1) unstable; urgency=low
+
+ * Initial Release
+ * Git: 165.213.180.234:slp/pkgs/c/cert-svc
+ * Tag: cert-svc_1.0.0-1
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Tue, 07 Jun 2011 13:48:44 +0900
--- /dev/null
+mgr-app (0.0.1-1) unstable; urgency=low
+
+ * first source package for building
+
+ -- ManHyun Hwang <mh222.hwang@samsung.com> Thu, 30 JUN 2011 13:43:34 +0900
+
--- /dev/null
+libug-setting-manage-application-efl (0.0.1-1) unstable; urgency=low
+
+ * first source package for building
+
+ -- ManHyun Hwang <mh222.hwang@samsung.com> Thu, 30 JUN 2011 13:43:34 +0900
+
--- /dev/null
+Name=manage application
+Exec=${PREFIX}/bin/mgr-app
+Hidden=False
+Version=@VERSION@
+Type=Application
+X-TIZEN-TaskManage=True
+X-TIZEN-Multiple=False
+
+Name[en_US]=manage application
+Name[nl_NL]=manage application
+Name[de_DE]=manage application
+Name[zh_HK]=manage application
+Name[zh_CN]=manage application
+Name[ru_RU]=manage application
+Name[ko_KR]=manage application
+Name[zh_TW]=manage application
+Name[ja_JP]=manage application
+Name[es_ES]=manage application
+Name[el_GR]=manage application
+Name[it_IT]=manage application
+Name[tr_TR]=manage application
+Name[pt_PT]=manage application
+Name[fr_FR]=manage application
+
--- /dev/null
+#!/bin/sh
+
+# file owner
+if [ ${USER} == "root" ]
+then
+ echo "Test if"
+else
+ eche "Test else"
+fi
+
Section: libs
Priority: extra
Maintainer: KiDong Kim <kd0228.kim@samsung.com>
-Uploaders:
-Build-Depends: libssl-dev, dlog-dev, ca-certificates
-Standards-Version: 1.0.0
-Homepage: N/A
+Build-Depends: debhelper (>= 5),
+ libappcore-efl-dev,
+ autotools-dev,
+ libelm-dev,
+ libslp-setting-dev,
+ libui-gadget-dev,
+ libbundle-dev,
+ libaul-1-dev,
+ libefreet-dev,
+ libeina-dev,
+ shared-mime-info,
+# java-runtime-dev,
+ libail-0-dev,
+ libpkgmgr-client-dev,
+ libjava-parser-dev,
+ debhelper (>= 7.0.50),
+ libssl-dev,
+ dlog-dev,
+ ca-certificates,
+ wrt-commons-dev,
+ libxmlsec1-dev,
+ libsoup2.4-dev,
+ libecore-dev,
+ libxml2-dev,
+ libpcre-dev,
+ libslp-tapi-dev,
+ libappsvc-dev
-Package: libcert-svc-dev
+Package: libcert-svc1-ui
Section: libs
Architecture: any
-Depends: ${misc:Depends}, libcert-svc-0 (= ${Source-Version}), libssl-dev, dlog-dev
+Depends: ${shlibs:Depends}, ${misc:Depends}, libappsvc-dev
+Description: Manage Application package
+
+#Package: libug-setting-manage-application-efl-dbg
+#Section: debug
+#Architecture: any
+#Depends: ${shlibs:Depends}, ${misc:Depends}, libug-setting-manage-application-efl-0 (= ${binary:Version})
+#Description: Manage Application debug(unstripped) package
+
+Package: libcert-svc-dev
+Section: libdevel
+Architecture: any
+Depends: ${misc:Depends}, libcert-svc1 (= ${binary:Version}), libssl-dev, dlog-dev
Description: Certification service development package
-Package: libcert-svc-0
+Package: libcert-svc1
Section: libs
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Provides: libcert-svc-0
+Replaces: libcert-svc-0
+Depends: ${shlibs:Depends}, ${misc:Depends}, sqlite3
Description: Certification service library and executable
-Package: libcert-svc-dbg
+Package: libcert-svc1-dbg
Section: debug
Architecture: any
-Depends: ${misc:Depends}, libcert-svc-0
+Provides: libcert-svc-dbg
+Replaces: libcert-svc-dbg
+Depends: ${misc:Depends}, libcert-svc1 (= ${binary:Version})
Description: debug package of cert-svc library
+
+Package: libcert-svc1-test
+Section: libs
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}, libcert-svc1 (= ${binary:Version})
+Description: test program for cert-svc
--- /dev/null
+Source: mgr-app
+Section: libs
+Priority: extra
+Maintainer: SangJun Na <juni.na@samsung.com>, Manhyun Hwang <mh222.hwang@samsung.com>, Eunmi Son <eunmi.son@samsung.com>
+Build-Depends: debhelper (>= 5),
+ libappcore-efl-dev,
+ autotools-dev,
+ libelm-dev,
+ libslp-setting-dev,
+ libui-gadget-dev,
+ libbundle-dev,
+ libaul-1-dev,
+ libefreet-dev,
+ libeina-dev,
+ shared-mime-info,
+# java-runtime-dev,
+ libail-0-dev,
+ libpkgmgr-client-dev,
+ libjava-parser-dev
+
+Package: mgr-app-0
+Section: libs
+Architecture: armel
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: Manage Application package
+
+Package: mgr-app-dbg
+Section: debug
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, mgr-app-0 (= ${binary:Version})
+Description: Manage Application debug(unstripped) package
--- /dev/null
+Source: libug-setting-manage-application-efl
+Section: libs
+Priority: extra
+Maintainer: SangJun Na <juni.na@samsung.com>, Manhyun Hwang <mh222.hwang@samsung.com>, Eunmi Son <eunmi.son@samsung.com>
+Build-Depends: debhelper (>= 5),
+ libappcore-efl-dev,
+ autotools-dev,
+ libelm-dev,
+ libslp-setting-dev,
+ libui-gadget-dev,
+ libbundle-dev,
+ libaul-1-dev,
+ libefreet-dev,
+ libeina-dev,
+ shared-mime-info,
+# java-runtime-dev,
+ libail-0-dev,
+ libpkgmgr-client-dev,
+ libjava-parser-dev
+
+Package: libug-setting-manage-application-efl-0
+Section: libs
+Architecture: armel
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: Manage Application package
+
+Package: libug-setting-manage-application-efl-dbg
+Section: debug
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, libug-setting-manage-application-efl-0 (= ${binary:Version})
+Description: Manage Application debug(unstripped) package
+++ /dev/null
-usr/bin
-usr/sbin
+++ /dev/null
-CMakeLists.txt
+++ /dev/null
-@PREFIX@/lib/*.so*
-@PREFIX@/bin/dpkg-pki-sig
-/opt/share/cert-svc/targetinfo
+++ /dev/null
-#!/bin/sh
-
-USE_CERT=6524
-
-# make certificate store directory
-mkdir -p /usr/share/cert-svc/ca-certs/code-signing/java/operator
-mkdir -p /usr/share/cert-svc/ca-certs/code-signing/java/manufacture
-mkdir -p /usr/share/cert-svc/ca-certs/code-signing/java/thirdparty
-mkdir -p /usr/share/cert-svc/ca-certs/code-signing/debian
-mkdir -p /usr/share/cert-svc/ca-certs/code-signing/wac
-
-mkdir -p /opt/share/cert-svc/certs/code-signing/java/operator
-mkdir -p /opt/share/cert-svc/certs/code-signing/java/manufacture
-mkdir -p /opt/share/cert-svc/certs/code-signing/java/thirdparty
-mkdir -p /opt/share/cert-svc/certs/code-signing/wac
-mkdir -p /opt/share/cert-svc/certs/sim/operator
-mkdir -p /opt/share/cert-svc/certs/sim/thirdparty
-mkdir -p /opt/share/cert-svc/certs/ssl
-mkdir -p /opt/share/cert-svc/certs/user
-mkdir -p /opt/share/cert-svc/certs/trusteduser
-mkdir -p /opt/share/cert-svc/certs/mdm/security/cert
-
-if [ ${USER} == "root" ]
-then
- chown -R root:${USE_CERT} /opt/share/cert-svc/certs/
- chmod -R 0775 /opt/share/cert-svc/certs/
-fi
-
-if [ -e "/opt/etc/ssl/certs" ]
-then
- if [ ! -L "/usr/share/cert-svc/ca-certs/ssl" ]
- then
- ln -s /opt/etc/ssl/certs/ /usr/share/cert-svc/ca-certs/ssl
- fi
-fi
--- /dev/null
+/usr/include/*
+/usr/lib/pkgconfig/*
+/usr/lib/*.so
+++ /dev/null
-@PREFIX@/include/*
-@PREFIX@/lib/pkgconfig/*
--- /dev/null
+/usr/bin/cert-svc-test*
+/opt/apps/widget/tests/vcore_widget_uncompressed/*
+/opt/apps/widget/tests/vcore_keys/*
+/opt/apps/widget/tests/vcore_certs/*
+/opt/apps/widget/tests/pkcs12/*
+/opt/share/cert-svc/certs/code-signing/wac/root_cacert0.pem
--- /dev/null
+/opt/ug/lib/libmgr-cert-common.so
+/opt/ug/lib/libmgr-cert-view.so
+/opt/ug/lib/libug-setting-manage-certificates-efl.so.*
+/opt/ug/lib/libug-setting-manage-certificates-efl.so
+/opt/ug/res/edje/ug-setting-manage-certificates-efl/
+/opt/ug/res/images/ug-setting-manage-certificates-efl/
+/opt/ug/res/locale/*/*/ug-setting-manage-certificates-efl.mo
--- /dev/null
+/usr/share/cert-svc/ca-certs/code-signing/java/operator
+/usr/share/cert-svc/ca-certs/code-signing/java/manufacture
+/usr/share/cert-svc/ca-certs/code-signing/java/thirdparty
+/usr/share/cert-svc/ca-certs/code-signing/debian
+/usr/share/cert-svc/ca-certs/code-signing/wac
+/opt/share/cert-svc/certs/code-signing/java/operator
+/opt/share/cert-svc/certs/code-signing/java/manufacture
+/opt/share/cert-svc/certs/code-signing/java/thirdparty
+/opt/share/cert-svc/certs/code-signing/wac
+/opt/share/cert-svc/certs/sim/operator
+/opt/share/cert-svc/certs/sim/thirdparty
+/opt/share/cert-svc/certs/ssl
+/opt/share/cert-svc/certs/user
+/opt/share/cert-svc/certs/trusteduser
+/opt/share/cert-svc/certs/mdm/security/cert
--- /dev/null
+/usr/bin/cert_svc_create_clean_db.sh
+/usr/lib/*.so.*
+/usr/bin/dpkg-pki-sig
+/opt/share/cert-svc/targetinfo
+/usr/share/cert-svc/cert_svc_vcore_db.sql
+/usr/share/cert-svc/fingerprint_list.xml
+/usr/share/cert-svc/fingerprint_list.xsd
+/usr/share/cert-svc/schema.xsd
+/opt/share/cert-svc/certs/code-signing/wac/wac0.root.preproduction.pem
+/opt/share/cert-svc/certs/code-signing/wac/wac0.root.production.pem
+/opt/share/cert-svc/certs/code-signing/wac/wac0.publisherid.pem
+/opt/share/cert-svc/certs/code-signing/wac/tizen0.root.preproduction.cert.pem
+
--- /dev/null
+/opt/etc/ssl/certs/ /usr/share/cert-svc/ca-certs/ssl
--- /dev/null
+#!/bin/sh -e
+
+USE_CERT=6524
+
+case "$1" in
+ configure)
+ if [ `whoami` = "root" ]
+ then
+ chown -R root:${USE_CERT} /opt/share/cert-svc/certs/
+ chmod -R 0775 /opt/share/cert-svc/certs/
+ fi
+
+ if [ -z ${2} ]
+ then
+ echo "This is new install of wrt-security"
+ echo "Calling /usr/bin/cert_svc_create_clean_db.sh"
+ /usr/bin/cert_svc_create_clean_db.sh
+ else
+ # Find out old and new version of databases
+ VCORE_OLD_DB_VERSION=`sqlite3 /opt/dbspace/.cert_svc_vcore.db ".tables" | grep "DB_VERSION_"`
+ VCORE_NEW_DB_VERSION=`cat /usr/share/cert-svc/cert_svc_vcore_db.sql | tr '[:blank:]' '\n' | grep DB_VERSION_`
+ echo "OLD vcore database version ${VCORE_OLD_DB_VERSION}"
+ echo "NEW vcore database version ${VCORE_NEW_DB_VERSION}"
+
+ if [ ${VCORE_OLD_DB_VERSION} -a ${VCORE_NEW_DB_VERSION} ]
+ then
+ if [ ${VCORE_OLD_DB_VERSION} = ${VCORE_NEW_DB_VERSION} ]
+ then
+ echo "Equal database detected so db installation ignored"
+ else
+ echo "Calling /usr/bin/cert_svc_create_clean_db.sh"
+ /usr/bin/cert_svc_create_clean_db.sh
+ fi
+ else
+ echo "Calling /usr/bin/cert_svc_create_clean_db.sh"
+ /usr/bin/cert_svc_create_clean_db.sh
+ fi
+ fi
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
+ppTYPE ?= ugapp
+
CFLAGS ?= -Wall -g
-CXXFLAGS ?= -Wall -g
-LDFLAGS ?=
-PREFIX ?= /usr
-DATADIR ?= /opt
+LDFLAGS ?=
+ifneq (,$(findstring app,$(TYPE)))
+ PKGNAME ?= mgr-app
+ PREFIX ?= /opt/apps/mgr-app
+ RESDIR ?= /opt/apps/mgr-app/res
+ DATADIR ?= /opt/apps/mgr-app/data
+else
+ PKGNAME ?= libug-setting-manage-certificates-efl
+ PREFIX ?= /opt/ug
+ RESDIR ?= /opt/ug/res
+ DATADIR ?= /opt/ug/res/etc
+endif
ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
- CFLAGS += -O0
- CXXFLAGS += -O0
+ CFLAGS += -O0
+ BUILD_TYPE=Debug
else
- CFLAGS += -O2
- CXXFLAGS += -O2
+ CFLAGS += -O2
+ BUILD_TYPE=Release
endif
LDFLAGS += -Wl,--rpath=$(PREFIX)/lib -Wl,--as-needed
+CMAKE_BUILD_DIR ?= $(CURDIR)/cmake_build_tmp
+CMAKE_CERT_SVC_BUILD_DIR ?= $(CURDIR)/library
+
+
configure: configure-stamp
configure-stamp:
dh_testdir
# Add here commands to configure the package.
- CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" cmake . -DCMAKE_INSTALL_PREFIX=$(PREFIX)
-
- touch configure-stamp
+ cd $(CMAKE_CERT_SVC_BUILD_DIR) && cmake .
+ mkdir -p $(CMAKE_BUILD_DIR) && cd $(CMAKE_BUILD_DIR) && CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" cmake ../ui/ -DCMAKE_INSTALL_PREFIX="$(PREFIX)" -DCMAKE_BUILD_TYPE="$(BUILD_TYPE)" -DPKGNAME="$(PKGNAME)" -DTYPE="$(TYPE)"
+ touch $(CMAKE_BUILD_DIR)/configure-stamp
+ touch $(CMAKE_CERT_SVC_BUILD_DIR)/configure-stamp
build: build-stamp
-
-build-stamp: configure-stamp
+build-stamp: configure-stamp
dh_testdir
# Add here commands to compile the package.
- $(MAKE)
- #docbook-to-man debian/wavplayer.sgml > wavplayer.1
-
- for f in `find $(CURDIR)/debian/ -name "*.in"`; do \
+ cd $(CMAKE_CERT_SVC_BUILD_DIR) && $(MAKE)
+ cd $(CMAKE_BUILD_DIR) && $(MAKE)
+
+ for f in `find $(CURDIR)/debian/ -name "$(PREFIX)*.in"`; do \
cat $$f > $${f%.in}; \
sed -i -e "s#@PREFIX@#$(PREFIX)#g" $${f%.in}; \
+ sed -i -e "s#@RESDIR@#$(RESDIR)#g" $${f%.in}; \
sed -i -e "s#@DATADIR@#$(DATADIR)#g" $${f%.in}; \
+ sed -i -e "s#@PKGNAME@#$(PKGNAME)#g" $${f%.in}; \
done
-
- touch $@
+ touch $(CMAKE_BUILD_DIR)/$@
+ touch $(CMAKE_CERT_SVC_BUILD_DIR)/$@
clean:
dh_testdir
dh_testroot
rm -f build-stamp configure-stamp
- # Add here commands to clean up after the build process.
- -$(MAKE) clean
- rm -rf CMakeCache.txt
- rm -rf CMakeFiles
- rm -rf cmake_install.cmake
- rm -rf Makefile
- rm -rf install_manifest.txt
- rm -rf *.so
- rm -rf *.pc
- rm -rf *.service
+ # Add here commands to clean up after the build process.
+ rm -rf $(CMAKE_BUILD_DIR)
for f in `find $(CURDIR)/debian/ -name "*.in"`; do \
rm -f $${f%.in}; \
done
-
dh_clean
install: build
dh_clean -k
dh_installdirs
- # Add here commands to install the package into debian/wavplayer.
- $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install
+ cd $(CMAKE_BUILD_DIR) && $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install
+ cd $(CMAKE_CERT_SVC_BUILD_DIR) && $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install
# Build architecture-independent files here.
binary-arch: build install
dh_testdir
dh_testroot
- dh_installchangelogs
- dh_installdocs
- dh_installexamples
+ #dh_installchangelogs
+ #dh_installdocs
+ #dh_installexamples
dh_install --sourcedir=debian/tmp
-# dh_installmenu
-# dh_installdebconf
-# dh_installlogrotate
-# dh_installemacsen
-# dh_installpam
-# dh_installmime
-# dh_python
-# dh_installinit
-# dh_installcron
-# dh_installinfo
+ #dh_installmenu
+ #dh_installdebconf
+ #dh_installlogrotate
+ #dh_installemacsen
+ #dh_installpam
+ #dh_installmime
+ #dh_python
+ #dh_installinit
+ #dh_installcron
+ #dh_installinfo
dh_installman
dh_link
- dh_strip --dbg-package=libcert-svc-dbg
+ #dh_strip --dbg-package=$(PKGNAME)-dbg
dh_compress
dh_fixperms
-# dh_perl
+ #dh_perl
dh_makeshlibs
dh_installdeb
dh_shlibdeps
binary: binary-indep binary-arch
.PHONY: build clean binary-indep binary-arch binary install configure
+
--- /dev/null
+
+SET(ETC_DIR ${PROJECT_SOURCE_DIR}/etc)
+
+ INSTALL(FILES
+ ${ETC_DIR}/cert_svc_create_clean_db.sh
+ DESTINATION /usr/bin
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE
+ )
+
+INSTALL(FILES
+ ${ETC_DIR}/schema.xsd
+ DESTINATION /usr/share/cert-svc/
+ )
+
+INSTALL(FILES
+ ${ETC_DIR}/fingerprint_list.xsd
+ DESTINATION /usr/share/cert-svc/
+ )
+
+INSTALL(FILES
+ ${ETC_DIR}/fingerprint_list.xml
+ DESTINATION /usr/share/cert-svc/
+ )
+
+ADD_SUBDIRECTORY(certificates)
--- /dev/null
+#!/bin/sh
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+for name in cert_svc_vcore
+do
+ rm -f /opt/dbspace/.$name.db
+ rm -f /opt/dbspace/.$name.db-journal
+ SQL="PRAGMA journal_mode = PERSIST;"
+ sqlite3 /opt/dbspace/.$name.db "$SQL"
+ SQL=".read /usr/share/cert-svc/"$name"_db.sql"
+ sqlite3 /opt/dbspace/.$name.db "$SQL"
+ touch /opt/dbspace/.$name.db-journal
+ chown root:6026 /opt/dbspace/.$name.db
+ chown root:6026 /opt/dbspace/.$name.db-journal
+ chmod 660 /opt/dbspace/.$name.db
+ chmod 660 /opt/dbspace/.$name.db-journal
+done
+
+
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+# @author Yunchan Cho (yunchan.cho@samsung.com)
+# @version 1.0
+# @brief
+#
+
+SET(CERT_DIR ${PROJECT_SOURCE_DIR}/etc/certificates)
+
+INSTALL(FILES
+ ${CERT_DIR}/wac0.root.preproduction.pem
+ ${CERT_DIR}/wac0.root.production.pem
+ ${CERT_DIR}/wac0.publisherid.pem
+ ${CERT_DIR}/tizen0.root.preproduction.cert.pem
+ DESTINATION /opt/share/cert-svc/certs/code-signing/wac/
+ )
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ b3:cb:d1:5b:de:6e:66:95
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=Suwon, O=Samsung Electronics, OU=SLP, CN=SLP WebApp Temporary CA/emailAddress=yunchan.cho@samsung.com
+ Validity
+ Not Before: Dec 8 10:27:32 2011 GMT
+ Not After : Nov 30 10:27:32 2021 GMT
+ Subject: C=KR, ST=Suwon, O=Samsung Electronics, OU=SLP, CN=SLP WebApp Temporary CA/emailAddress=yunchan.cho@samsung.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:cb:46:b8:94:81:b1:83:d7:29:05:2a:33:01:9e:
+ 66:15:f8:be:bb:95:17:dd:7a:c4:c2:f5:d9:e4:aa:
+ fd:c8:8d:a9:48:65:fc:3d:dc:47:d7:2a:2f:5e:c7:
+ 1f:22:ed:e0:98:e6:43:6d:74:82:ca:7d:22:9c:60:
+ 44:18:cd:ca:d6:6b:16:ca:ed:63:c9:7a:f1:00:df:
+ e4:6b:33:47:2f:78:75:61:d7:c9:29:3e:a9:ee:76:
+ dd:2e:fe:9d:e7:3c:0d:02:f4:e9:2d:46:74:49:52:
+ ef:a0:d6:9d:4d:08:65:ea:6b:35:72:a5:08:d8:46:
+ 46:03:99:7c:66:8c:60:c4:91
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 47:A8:8F:CD:1F:22:BA:69:85:13:55:21:2D:C2:19:2D:5F:FF:DC:03
+ X509v3 Authority Key Identifier:
+ keyid:47:A8:8F:CD:1F:22:BA:69:85:13:55:21:2D:C2:19:2D:5F:FF:DC:03
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ c2:c4:62:f2:ec:6f:2b:05:9c:09:cc:ae:e9:77:a9:1d:66:6b:
+ 03:7b:01:3a:e6:29:bb:2a:b8:15:d8:a1:7d:9b:05:b4:8c:cb:
+ ae:c7:eb:68:c0:e3:29:c7:e7:5a:ca:1a:0c:3a:ab:91:80:4f:
+ 9b:36:d4:45:b4:7b:2c:ef:f3:fd:cb:84:84:85:42:3d:ec:18:
+ 3f:5f:9e:b1:1f:8d:0a:57:89:51:e4:eb:7e:da:e9:79:82:61:
+ 38:ad:ca:94:43:71:00:73:13:b9:e9:ef:bc:68:c5:ff:5e:0a:
+ f6:b9:2a:3d:1d:21:77:22:d0:4e:e7:ad:da:31:0b:51:fa:44:
+ cd:fa
+-----BEGIN CERTIFICATE-----
+MIIC9jCCAl+gAwIBAgIJALPL0VvebmaVMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYD
+VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xHDAaBgNVBAoME1NhbXN1bmcgRWxlY3Ry
+b25pY3MxDDAKBgNVBAsMA1NMUDEgMB4GA1UEAwwXU0xQIFdlYkFwcCBUZW1wb3Jh
+cnkgQ0ExJjAkBgkqhkiG9w0BCQEWF3l1bmNoYW4uY2hvQHNhbXN1bmcuY29tMB4X
+DTExMTIwODEwMjczMloXDTIxMTEzMDEwMjczMlowgZMxCzAJBgNVBAYTAktSMQ4w
+DAYDVQQIDAVTdXdvbjEcMBoGA1UECgwTU2Ftc3VuZyBFbGVjdHJvbmljczEMMAoG
+A1UECwwDU0xQMSAwHgYDVQQDDBdTTFAgV2ViQXBwIFRlbXBvcmFyeSBDQTEmMCQG
+CSqGSIb3DQEJARYXeXVuY2hhbi5jaG9Ac2Ftc3VuZy5jb20wgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAMtGuJSBsYPXKQUqMwGeZhX4vruVF916xML12eSq/ciN
+qUhl/D3cR9cqL17HHyLt4JjmQ210gsp9IpxgRBjNytZrFsrtY8l68QDf5GszRy94
+dWHXySk+qe523S7+nec8DQL06S1GdElS76DWnU0IZeprNXKlCNhGRgOZfGaMYMSR
+AgMBAAGjUDBOMB0GA1UdDgQWBBRHqI/NHyK6aYUTVSEtwhktX//cAzAfBgNVHSME
+GDAWgBRHqI/NHyK6aYUTVSEtwhktX//cAzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
+DQEBBQUAA4GBAMLEYvLsbysFnAnMrul3qR1mawN7ATrmKbsquBXYoX2bBbSMy67H
+62jA4ynH51rKGgw6q5GAT5s21EW0eyzv8/3LhISFQj3sGD9fnrEfjQpXiVHk637a
+6XmCYTitypRDcQBzE7np77xoxf9eCva5Kj0dIXci0E7nrdoxC1H6RM36
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIID9DCCAtygAwIBAgIOZscBAQACO65mNg72468wDQYJKoZIhvcNAQEFBQAwgZQx
+CzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMTEwLwYD
+VQQLEyhQcmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMTQw
+MgYDVQQDEytQcmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENB
+IElJMB4XDTA2MDYwODE0MTYwMVoXDTI1MTIzMTIyNTk1OVowgZQxCzAJBgNVBAYT
+AkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMTEwLwYDVQQLEyhQcmUt
+UHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMTQwMgYDVQQDEytQ
+cmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBIElJMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Ewnr8E24AqXnf1Lu7w/g79Hht+W
+lvWQg7cPC7685oj0htT0SmDy94uQaC3qRzBJktLKCyuniABykhdTr04rGWgzqD8n
+EzcFCt5k0gF39l3ND/JL+S2YJK/f/xc884hjcLsHUU7cAd6mDlVkOszFK86DNbu0
+noz0y1y462RIOvPCjkYl/GJ5zL62bdDbgFqrWMPZ54JFG0Rj1v575ygfOd2LwOXe
+xjzqfYI4JOx9frKWakPTehW+0UY5UdF0cMvHuLJie9H0vOobR4vtkenbS283b6j7
+0WCoU/BeAr4qskvMs9WwkwDquO4XnzYQDsEVgjBu4H2W0ihNUYJbRo8wtQIDAQAB
+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU
+DTX6+fYyziPR1HZxViaGOj66QOYwDQYJKoZIhvcNAQEFBQADggEBALZ0pfjOfePn
+D/6QDCt+cjQ5+U4eKcOlJMXrpEAlnC6oAnN1hqbOQaj44aIAbNap36E/Hl9s0Uga
+c4nz73o5uPvdDmbWzNnMz6ey5NU0XXNzHxQWFdb0+Z7Cho5txoZjjynYXmyQc3RJ
+rrPI+6Uej6sEv15ZGirjABza6pNJ+2NLojLyUb+8et3OCLS+wJ4qrX/5uwgL50Lt
+0M2iPdZv+gjZwNmNWYIflYrSXa3ujclH+EAkkk/G1JxPzhVI3cII3y2DUZQAPCcX
+XQDXIX2zJo7bYaUYJhlEeiGX17cdXMXDT1tbXKKg2mRIga1K4lknn9U/vzkjMJXL
+GA38dUZRZ2Y=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIOMwoBAQAuBBKsIqIni7QwDQYJKoZIhvcNAQELBQAwYDEL
+MAkGA1UEBhMCR0IxJTAjBgNVBAoMHFdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBM
+dGQxKjAoBgNVBAMMIVdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQgVEVTVDAe
+Fw0xMTAzMDMxNTA3MTlaFw0zNjAzMDMxNTA3MTlaMGAxCzAJBgNVBAYTAkdCMSUw
+IwYDVQQKDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkMSowKAYDVQQDDCFX
+QUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkIFRFU1QwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC1PB3UrpAQgLSVqHRPhHqdDJsjKQe/CT9oS4lA+mI/
+vkhAvam/EvcNrNHcLVvSph+Mj0d2Y2J9wkcNW7fS3qZJXtpMNU36r7XdBk9kiYhc
+PwJbckCo9Pp8YFxkuR6xV6Cc4o54mO2mumxDQ1hbwCsc5CT7yQz0FVVhCE01X6JJ
+D61DvqmAzCUpehmEXthNV/s/o8fL+I2mD75p8vNDyIZHSJX59czO3PriT3tH2h+0
+tQx7NEWG70fQEU2CzcH9UngPYU7xXqNOhT9GmI/yL3HTeYGNH3i5VHrBjxeTF11t
+IWSUDWQX1W0Y7TbN06XcGcuqPgjZ9xMcV7S4OiCBJz5nAgMBAAGjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQp5dzy2tJEArpT
+qcQWNXG6J7y5WTANBgkqhkiG9w0BAQsFAAOCAQEAoXuyi8AjMx2yKVpss7xpVi5v
+aUjcHU3AlptjNCFrXI6Bw+KJGNo8ydYlEASRd5dL/pJ6/V+UuUt9EngjUSdYOZGB
+OgCeB2sJI8EZSay2LLhOCmkAxltC94Y/KRzkKqsYvNc6yvF85d+d4gbokf4APjmR
+1TSlZLZsVhwfR0k0mer2rHQGE5Ljezdk7ZGeEMLdn6WFScwjo980EI0OqEoJU3on
++1TTBYudZ4o3qMgHiFwJafUJ6i3zuYbi9x86zMqeI4dJTbsTKLM0QV8vIdzI9fkV
+t1tO/uBBAsNFUv8PAYwP4AFyGvyJbR4uxwxuQZKrltgjSTkPGYR14JtrGk7Y9g==
+-----END CERTIFICATE-----
+
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIPAKTxAAEALtiV8/+rhB6+MA0GCSqGSIb3DQEBCwUAMFsx
+CzAJBgNVBAYTAkdCMSUwIwYDVQQKDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMg
+THRkMSUwIwYDVQQDDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkMB4XDTEx
+MDMxNDE0MDEwNFoXDTM2MDMxNDE0MDEwNFowWzELMAkGA1UEBhMCR0IxJTAjBgNV
+BAoMHFdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQxJTAjBgNVBAMMHFdBQyBB
+cHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDCf6RHUPVBUY4YXYMdrmt5yO95eRCOG6vJtI9w0UM2w/2fihD5SMYa
+3cCVam4j6F8FSspMIx+4CTCwdDSUixBGENwGEhD4qxqqV3KTObmxmYbELa97S1IP
+qwoFelzUX6e+qHmYHi+eu/hONeiZaPBLtUtCd6ppCd5ACrD/kf/Ug/tfUtngozjG
+sJ1UB10Ezi3fKs3OkkZMuecJvjWmDpRAyvIeeV8xfzeyn+DMpvhnI9RrSY0j4huE
+ud6Lzzg0jV8+m54v0j7hv9klyNcGiZ+bmHr0LIyAtT+uktcms/4p3V9j01SI9Tmw
+HcHKDXnM6kuThWpr6DR9KFSZ8zD2Nx5nAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBT5bKdU2+CGE17R+o/rMCZHHMn+
+WzANBgkqhkiG9w0BAQsFAAOCAQEAXmO+J5suIGuzbfYBoTdr8gahFfWEbhm1y6mJ
+eZAc+Mf5L+In20p+Oj5uy6LsTmJsE9VE/+gi1eALKl9EhgYhET2ZlAzRFCN5dTWv
+NTAFxJfGMkn2U5iW+luJ+lejyYBqEEFRpzwhXZbVDZQLim4CU75H75KzFkUgTulG
+5M6U/Plt6S1rKgMkeYiR27W4C2NZMFXYqctt0m+eKEa3ueZE9pYUxqVcvQKSI017
+Nbc1kSkcuSKFV2Bk2T5dh5jQvywykdWLubAe6XiiC5CIT31kcSX6AlVhgNxWRRKP
+QFO7lWqxnQMR2Or38ve7oSg1oL5Sx80fcbp3ovaYSKt5jnVWfg==
+-----END CERTIFICATE-----
+
--- /dev/null
+<CertificateSet>
+ <CertificateDomain name="wacpublisher">
+ <FingerprintSHA1>AF:90:29:D2:B2:E1:6F:D6:7E:7E:EC:8E:BE:74:FA:4C:00:9C:49:FE</FingerprintSHA1><!-- root.cert.pem w3c signature tests -->
+ <FingerprintSHA1>A6:00:BC:53:AC:37:5B:6A:03:C3:7A:8A:E0:1B:87:8B:82:94:9B:C2</FingerprintSHA1><!-- wac.publisher.pem -->
+ <FingerprintSHA1>C2:C4:B5:72:9A:CF:D9:72:C5:DE:C1:E1:30:FF:74:7F:7A:AF:27:12</FingerprintSHA1><!-- root_cacert.pem certificate for internal tests -->
+ </CertificateDomain>
+ <CertificateDomain name="wacroot">
+ <FingerprintSHA1>AF:90:29:D2:B2:E1:6F:D6:7E:7E:EC:8E:BE:74:FA:4C:00:9C:49:FE</FingerprintSHA1><!-- root.cert.pem w3c signature tests -->
+ <FingerprintSHA1>C2:C4:B5:72:9A:CF:D9:72:C5:DE:C1:E1:30:FF:74:7F:7A:AF:27:12</FingerprintSHA1><!-- root_cacert.pem certificate for internal tests -->
+ <FingerprintSHA1>A0:59:D3:37:E8:C8:2E:7F:38:84:7D:21:A9:9E:19:A9:8E:EC:EB:E1</FingerprintSHA1><!-- wac.root.production.pem -->
+ <FingerprintSHA1>8D:1F:CB:31:68:11:DA:22:59:26:58:13:6C:C6:72:C9:F0:DE:84:2A</FingerprintSHA1><!-- wac.root.preproduction.pem -->
+ </CertificateDomain>
+ <CertificateDomain name="developer">
+ <FingerprintSHA1>4A:9D:7A:4B:3B:29:D4:69:0A:70:B3:80:EC:A9:44:6B:03:7C:9A:38</FingerprintSHA1><!-- operator.root.cert.pem internal tests-->
+ </CertificateDomain>
+ <CertificateDomain name="wacmember">
+ </CertificateDomain>
+ <CertificateDomain name="tizenmember">
+ <FingerprintSHA1>AD:A1:44:89:6A:35:6D:17:01:E9:6F:46:C6:00:7B:78:BE:2E:D9:4E</FingerprintSHA1><!-- tizen.root.preproduction.cert.pem for internal test of SDK -->
+ </CertificateDomain>
+</CertificateSet>
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+
+<xs:element name="CertificateSet" type="CertificateSetType" />
+<xs:complexType name="CertificateSetType">
+ <xs:sequence>
+ <xs:element ref="CertificateDomain" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+</xs:complexType>
+
+<xs:element name="CertificateDomain" type="CertificateDomainType" />
+<xs:complexType name="CertificateDomainType">
+ <xs:sequence>
+ <xs:element ref="FingerprintSHA1" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+ <xs:attribute name="name" type="xs:string" use="required" />
+</xs:complexType>
+
+<xs:element name="FingerprintSHA1" type="xs:string"/>
+
+</xs:schema>
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE schema
+ PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "http://www.w3.org/2001/XMLSchema.dtd"
+ [
+ <!ATTLIST schema
+ xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
+ <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
+ <!ENTITY % p ''>
+ <!ENTITY % s ''>
+ ]>
+
+<!-- Schema for XML Signatures
+ http://www.w3.org/2000/09/xmldsig#
+ $Revision: 1.1 $ on $Date: 2002/02/08 20:32:26 $ by $Author: reagle $
+
+ Copyright 2001 The Internet Society and W3C (Massachusetts Institute
+ of Technology, Institut National de Recherche en Informatique et en
+ Automatique, Keio University). All Rights Reserved.
+ http://www.w3.org/Consortium/Legal/
+
+ This document is governed by the W3C Software License [1] as described
+ in the FAQ [2].
+
+ [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
+ [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
+-->
+
+
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ targetNamespace="http://www.w3.org/2000/09/xmldsig#"
+ version="0.1" elementFormDefault="qualified">
+
+<!-- Basic Types Defined for Signatures -->
+
+<simpleType name="CryptoBinary">
+ <restriction base="base64Binary">
+ </restriction>
+</simpleType>
+
+<!-- Start Signature -->
+
+<element name="Signature" type="ds:SignatureType"/>
+<complexType name="SignatureType">
+ <sequence>
+ <element ref="ds:SignedInfo"/>
+ <element ref="ds:SignatureValue"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureValue" type="ds:SignatureValueType"/>
+ <complexType name="SignatureValueType">
+ <simpleContent>
+ <extension base="base64Binary">
+ <attribute name="Id" type="ID" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+<!-- Start SignedInfo -->
+
+<element name="SignedInfo" type="ds:SignedInfoType"/>
+<complexType name="SignedInfoType">
+ <sequence>
+ <element ref="ds:CanonicalizationMethod"/>
+ <element ref="ds:SignatureMethod"/>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
+ <complexType name="CanonicalizationMethodType" mixed="true">
+ <sequence>
+ <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+ <element name="SignatureMethod" type="ds:SignatureMethodType"/>
+ <complexType name="SignatureMethodType" mixed="true">
+ <sequence>
+ <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
+ <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) external namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- Start Reference -->
+
+<element name="Reference" type="ds:ReferenceType"/>
+<complexType name="ReferenceType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ <element ref="ds:DigestMethod"/>
+ <element ref="ds:DigestValue"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="URI" type="anyURI" use="optional"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+</complexType>
+
+ <element name="Transforms" type="ds:TransformsType"/>
+ <complexType name="TransformsType">
+ <sequence>
+ <element ref="ds:Transform" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+
+ <element name="Transform" type="ds:TransformType"/>
+ <complexType name="TransformType" mixed="true">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ <element name="XPath" type="string"/>
+ </choice>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- End Reference -->
+
+<element name="DigestMethod" type="ds:DigestMethodType"/>
+<complexType name="DigestMethodType" mixed="true">
+ <sequence>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+</complexType>
+
+<element name="DigestValue" type="ds:DigestValueType"/>
+<simpleType name="DigestValueType">
+ <restriction base="base64Binary"/>
+</simpleType>
+
+<!-- End SignedInfo -->
+
+<!-- Start KeyInfo -->
+
+<element name="KeyInfo" type="ds:KeyInfoType"/>
+<complexType name="KeyInfoType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <element ref="ds:KeyName"/>
+ <element ref="ds:KeyValue"/>
+ <element ref="ds:RetrievalMethod"/>
+ <element ref="ds:X509Data"/>
+ <element ref="ds:PGPData"/>
+ <element ref="ds:SPKIData"/>
+ <element ref="ds:MgmtData"/>
+ <any processContents="lax" namespace="##other"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ </choice>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="KeyName" type="string"/>
+ <element name="MgmtData" type="string"/>
+
+ <element name="KeyValue" type="ds:KeyValueType"/>
+ <complexType name="KeyValueType" mixed="true">
+ <choice>
+ <element ref="ds:DSAKeyValue"/>
+ <element ref="ds:RSAKeyValue"/>
+ <element ref="ds:ECKeyValue"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+
+<!-- ECDSA KEY DEFINITIONS -->
+
+ <element name="ECKeyValue" type="ds:ECKeyValueType"/>
+ <complexType name="ECKeyValueType">
+ <sequence>
+ <choice>
+ <element name="ECParameters" type="ds:ECParametersType"/>
+ <element name="NamedCurve" type="ds:NamedCurveType"/>
+ </choice>
+ <element name="PublicKey" type="ds:ECPointType"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+ <complexType name="NamedCurveType">
+ <attribute name="URI" type="anyURI" use="required"/>
+ </complexType>
+
+ <simpleType name="ECPointType">
+ <restriction base="ds:CryptoBinary"/>
+ </simpleType>
+
+ <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
+ <complexType name="RetrievalMethodType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ </sequence>
+ <attribute name="URI" type="anyURI"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+ </complexType>
+
+ <complexType name="ECParametersType">
+ <sequence>
+ <element name="FieldID" type="ds:FieldIDType"/>
+ <element name="Curve" type="ds:CurveType"/>
+ <element name="Base" type="ds:ECPointType"/>
+ <element name="Order" type="ds:CryptoBinary"/>
+ <element name="CoFactor" type="integer" minOccurs="0"/>
+ <element name="ValidationData" type="ds:ECValidationDataType" minOccurs="0"/>
+ </sequence>
+ </complexType>
+
+ <complexType name="FieldIDType">
+ <choice>
+ <element ref="ds:Prime"/>
+ <element ref="ds:TnB"/>
+ <element ref="ds:PnB"/>
+ <element ref="ds:GnB"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+
+ <element name="Prime" type="ds:PrimeFieldParamsType"/>
+ <complexType name="PrimeFieldParamsType">
+ <sequence>
+ <element name="P" type="ds:CryptoBinary"/>
+ </sequence>
+ </complexType>
+
+ <element name="GnB" type="ds:CharTwoFieldParamsType"/>
+ <complexType name="CharTwoFieldParamsType">
+ <sequence>
+ <element name="M" type="positiveInteger"/>
+ </sequence>
+ </complexType>
+
+ <element name="TnB" type="ds:TnBFieldParamsType"/>
+ <complexType name="TnBFieldParamsType">
+ <complexContent>
+ <extension base="ds:CharTwoFieldParamsType">
+ <sequence>
+ <element name="K" type="positiveInteger"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <element name="PnB" type="ds:PnBFieldParamsType"/>
+ <complexType name="PnBFieldParamsType">
+ <complexContent>
+ <extension base="ds:CharTwoFieldParamsType">
+ <sequence>
+ <element name="K1" type="positiveInteger"/>
+ <element name="K2" type="positiveInteger"/>
+ <element name="K3" type="positiveInteger"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <complexType name="CurveType">
+ <sequence>
+ <element name="A" type="ds:CryptoBinary"/>
+ <element name="B" type="ds:CryptoBinary"/>
+ </sequence>
+ </complexType>
+
+ <complexType name="ECValidationDataType">
+ <sequence>
+ <element name="seed" type="ds:CryptoBinary"/>
+ </sequence>
+ <attribute name="hashAlgorithm" type="anyURI" use="required"/>
+ </complexType>
+
+
+<!-- Start X509Data -->
+
+<element name="X509Data" type="ds:X509DataType"/>
+<complexType name="X509DataType">
+ <sequence maxOccurs="unbounded">
+ <choice>
+ <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+ <element name="X509SKI" type="base64Binary"/>
+ <element name="X509SubjectName" type="string"/>
+ <element name="X509Certificate" type="base64Binary"/>
+ <element name="X509CRL" type="base64Binary"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </sequence>
+</complexType>
+
+<complexType name="X509IssuerSerialType">
+ <sequence>
+ <element name="X509IssuerName" type="string"/>
+ <element name="X509SerialNumber" type="integer"/>
+ </sequence>
+</complexType>
+
+<!-- End X509Data -->
+
+<!-- Begin PGPData -->
+
+<element name="PGPData" type="ds:PGPDataType"/>
+<complexType name="PGPDataType">
+ <choice>
+ <sequence>
+ <element name="PGPKeyID" type="base64Binary"/>
+ <element name="PGPKeyPacket" type="base64Binary" minOccurs="0"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ <sequence>
+ <element name="PGPKeyPacket" type="base64Binary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ </choice>
+</complexType>
+
+<!-- End PGPData -->
+
+<!-- Begin SPKIData -->
+
+<element name="SPKIData" type="ds:SPKIDataType"/>
+<complexType name="SPKIDataType">
+ <sequence maxOccurs="unbounded">
+ <element name="SPKISexp" type="base64Binary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"/>
+ </sequence>
+</complexType>
+
+<!-- End SPKIData -->
+
+<!-- End KeyInfo -->
+
+<!-- Start Object (Manifest, SignatureProperty) -->
+
+<element name="Object" type="ds:ObjectType"/>
+<complexType name="ObjectType" mixed="true">
+ <sequence minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
+ <attribute name="Encoding" type="anyURI" use="optional"/>
+</complexType>
+
+<element name="Manifest" type="ds:ManifestType"/>
+<complexType name="ManifestType">
+ <sequence>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
+<complexType name="SignaturePropertiesType">
+ <sequence>
+ <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
+ <complexType name="SignaturePropertyType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (1,unbounded) namespaces -->
+ </choice>
+ <attribute name="Target" type="anyURI" use="required"/>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+<!-- End Object (Manifest, SignatureProperty) -->
+
+<!-- Start Algorithm Parameters -->
+
+<simpleType name="HMACOutputLengthType">
+ <restriction base="integer"/>
+</simpleType>
+
+<!-- Start KeyValue Element-types -->
+
+<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+<complexType name="DSAKeyValueType">
+ <sequence>
+ <sequence minOccurs="0">
+ <element name="P" type="ds:CryptoBinary"/>
+ <element name="Q" type="ds:CryptoBinary"/>
+ </sequence>
+ <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="Y" type="ds:CryptoBinary"/>
+ <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ <sequence minOccurs="0">
+ <element name="Seed" type="ds:CryptoBinary"/>
+ <element name="PgenCounter" type="ds:CryptoBinary"/>
+ </sequence>
+ </sequence>
+</complexType>
+
+<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+<complexType name="RSAKeyValueType">
+ <sequence>
+ <element name="Modulus" type="ds:CryptoBinary"/>
+ <element name="Exponent" type="ds:CryptoBinary"/>
+ </sequence>
+</complexType>
+
+<!-- End KeyValue Element-types -->
+
+<!-- End Signature -->
+
+</schema>
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
#define CERT_SVC_ERR_PERMISSION_DENIED -16
#define CERT_SVC_ERR_IS_EXPIRED -17
/* default certificate file path */
-#define CERT_SVC_STORE_PATH "/opt/share/cert-svc/certs/"
-#define CERT_SVC_STORE_PATH_DEFAULT "/opt/share/cert-svc/certs/ssl/"
-#define CERT_SVC_SEARCH_PATH_RO "/usr/share/cert-svc/ca-certs/"
-#define CERT_SVC_SEARCH_PATH_RW "/opt/share/cert-svc/certs/"
+#define CERT_SVC_STORE_PATH "/opt/share/cert-svc/certs/"
+#define CERT_SVC_STORE_PATH_KEYS "/opt/share/cert-svc/keys/"
+#define CERT_SVC_STORE_PATH_DEFAULT "//* opt/share/cert-svc/certs/ssl/ */"
+#define CERT_SVC_SEARCH_PATH_RO "/usr/share/cert-svc/ca-certs/"
+#define CERT_SVC_SEARCH_PATH_RW "/opt/share/cert-svc/certs/"
+#define CERT_SVC_STORE_PATH_PKCS12 "/opt/share/cert-svc/pkcs12"
/*********************************************************************************/
/* Type definitions */
-Name: cert-svc
-Summary: Certification service
-Version: 1.0.1
-Release: 0
-Group: System/Libraries
-License: Apache2.0
-Source0: cert-svc-%{version}.tar.gz
+#sbs-git:slp/pkgs/c/cert-svc cert-svc 1.0.1 ad7eb7efcefb37b06017c69cb2fc44e6f7b6cab7
+Name: cert-svc
+Summary: Certification service
+Version: 1.0.1
+Release: 31
+Group: System/Libraries
+License: SAMSUNG
+Source0: %{name}-%{version}.tar.gz
+
+Requires(post): /sbin/ldconfig
+Requires(postun): /sbin/ldconfig
BuildRequires: cmake
-
BuildRequires: pkgconfig(dlog)
BuildRequires: pkgconfig(openssl)
-
+BuildRequires: pkgconfig(evas)
+BuildRequires: pkgconfig(dpl-efl)
+BuildRequires: pkgconfig(libsoup-2.4)
+BuildRequires: pkgconfig(libpcre)
+BuildRequires: pkgconfig(libpcrecpp)
+BuildRequires: pkgconfig(xmlsec1)
+BuildRequires: pkgconfig(secure-storage)
+BuildRequires: pkgconfig(glib-2.0)
+BuildRequires: pkgconfig(libxml-2.0)
+BuildRequires: pkgconfig(libxslt)
+
+Provides: libcert-svc-vcore.so.1
%description
-Certification service
+Certification service
%package devel
-Summary: Download agent
+Summary: Certification service (development files)
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
%description devel
-Certification service (developement files)
+Certification service (developement files)
+
+%package test
+Summary: Certification service (tests)
+Group: System/Misc
+Requires: %{name} = %{version}-%{release}
+
+%description test
+Certification service (tests)
%prep
%setup -q
-
%build
cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix}
-
-
make %{?jobs:-j%jobs}
%install
rm -rf %{buildroot}
%make_install
+%clean
+rm -rf %{buildroot}
%post
-mkdir -p /usr/share/cert-svc/ca-certs/code-signing/java/operator
-mkdir -p /usr/share/cert-svc/ca-certs/code-signing/java/manufacture
-mkdir -p /usr/share/cert-svc/ca-certs/code-signing/java/thirdparty
-mkdir -p /usr/share/cert-svc/ca-certs/code-signing/debian
-mkdir -p /usr/share/cert-svc/ca-certs/code-signing/wac
-
-mkdir -p /opt/share/cert-svc/certs/code-signing/java/operator
-mkdir -p /opt/share/cert-svc/certs/code-signing/java/manufacture
-mkdir -p /opt/share/cert-svc/certs/code-signing/java/thirdparty
-mkdir -p /opt/share/cert-svc/certs/code-signing/wac
-mkdir -p /opt/share/cert-svc/certs/sim/operator
-mkdir -p /opt/share/cert-svc/certs/sim/thirdparty
-mkdir -p /opt/share/cert-svc/certs/ssl
-mkdir -p /opt/share/cert-svc/certs/user
-mkdir -p /opt/share/cert-svc/certs/trusteduser
-mkdir -p /opt/share/cert-svc/certs/mdm/security/cert
-
-chown -R :6524 /opt/share/cert-svc/certs/
-chmod -R 0775 /opt/share/cert-svc/certs/
-
-ln -s /opt/etc/ssl/certs/ /usr/share/cert-svc/ca-certs/ssl
-
+/sbin/ldconfig
+if [ -z ${2} ]; then
+ echo "This is new install of wrt-security"
+ echo "Calling /usr/bin/cert_svc_create_clean_db.sh"
+ /usr/bin/cert_svc_create_clean_db.sh
+else
+ # Find out old and new version of databases
+ VCORE_OLD_DB_VERSION=`sqlite3 /opt/dbspace/.cert_svc_vcore.db ".tables" | grep "DB_VERSION_"`
+ VCORE_NEW_DB_VERSION=`cat /usr/share/cert-svc/cert_svc_vcore_db.sql | tr '[:blank:]' '\n' | grep DB_VERSION_`
+ echo "OLD vcore database version ${VCORE_OLD_DB_VERSION}"
+ echo "NEW vcore database version ${VCORE_NEW_DB_VERSION}"
+
+ if [ ${VCORE_OLD_DB_VERSION} -a ${VCORE_NEW_DB_VERSION} ]; then
+ if [ ${VCORE_OLD_DB_VERSION} = ${VCORE_NEW_DB_VERSION} ]; then
+ echo "Equal database detected so db installation ignored"
+ else
+ echo "Calling /usr/bin/cert_svc_create_clean_db.sh"
+ /usr/bin/cert_svc_create_clean_db.sh
+ fi
+ else
+ echo "Calling /usr/bin/cert_svc_create_clean_db.sh"
+ /usr/bin/cert_svc_create_clean_db.sh
+ fi
+fi
+
+ln -s /opt/etc/ssl/certs /usr/share/cert-svc/ca-certs/ssl
%postun
-
+/sbin/ldconfig
+rm /usr/share/cert-svc/ca-certs/ssl
%files
%defattr(-,root,root,-)
-/usr/bin/dpkg-pki-sig
+%{_bindir}/cert_svc_create_clean_db.sh
+%{_libdir}/*.so.*
+%{_bindir}/dpkg-pki-sig
/opt/share/cert-svc/targetinfo
-/usr/lib/libcert-svc.so.1
-/usr/lib/libcert-svc.so.1.0.0
+%{_datadir}/cert-svc/cert_svc_vcore_db.sql
+%{_datadir}/cert-svc/fingerprint_list.xml
+%{_datadir}/cert-svc/fingerprint_list.xsd
+%{_datadir}/cert-svc/schema.xsd
+%dir %attr(0755,root,use_cert) /usr/share/cert-svc
+%dir %attr(0755,root,use_cert) /usr/share/cert-svc/ca-certs
+%dir %attr(0755,root,use_cert) /usr/share/cert-svc/ca-certs/code-signing
+%dir %attr(0755,root,use_cert) /usr/share/cert-svc/ca-certs/code-signing/native
+%dir %attr(0755,root,use_cert) /usr/share/cert-svc/ca-certs/code-signing/wac
+%dir %attr(0777,root,use_cert) /opt/share/cert-svc
+%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs
+%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/code-signing
+%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/code-signing/wac
+%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/sim
+%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/sim/operator
+%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/sim/thirdparty
+%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/ssl
+%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/user
+%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/trusteduser
+%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/mdm
+%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/mdm/security
+%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/mdm/security/cert
+%dir %attr(0777,root,use_cert) /opt/share/cert-svc/pkcs12
+/opt/share/cert-svc/certs/code-signing/wac/wac0.root.preproduction.pem
+/opt/share/cert-svc/certs/code-signing/wac/wac0.root.production.pem
+/opt/share/cert-svc/certs/code-signing/wac/wac0.publisherid.pem
+/opt/share/cert-svc/certs/code-signing/wac/tizen0.root.preproduction.cert.pem
%files devel
%defattr(-,root,root,-)
-/usr/lib/pkgconfig/cert-svc.pc
-/usr/lib/libcert-svc.so
-/usr/include/cert-service.h
-
+%{_includedir}/*
+%{_libdir}/pkgconfig/*
+%{_libdir}/*.so
+%files test
+%defattr(-,root,root,-)
+%{_bindir}/cert-svc-test*
+/opt/apps/widget/tests/vcore_widget_uncompressed/*
+/opt/apps/widget/tests/vcore_keys/*
+/opt/apps/widget/tests/vcore_certs/*
+/opt/apps/widget/tests/pkcs12/*
+/opt/share/cert-svc/certs/code-signing/wac/root_cacert0.pem
+/opt/share/cert-svc/pkcs12/*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
/*
* certification service
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+ADD_SUBDIRECTORY(capi)
+ADD_SUBDIRECTORY(pkcs12)
+ADD_SUBDIRECTORY(vcore)
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+# @version 1.0
+# @brief
+#
+INCLUDE(FindPkgConfig)
+SET(TARGET_VCOREC_TEST "cert-svc-tests-capi")
+
+PKG_CHECK_MODULES(VCOREC_TEST_DEP
+ libsoup-2.4
+ dpl-test-efl
+ dpl-db-efl
+ libpcrecpp
+ REQUIRED
+ )
+
+SET(VCOREC_TESTS_SOURCES
+ ${PROJECT_SOURCE_DIR}/tests/capi/api_tests.cpp
+ ${PROJECT_SOURCE_DIR}/tests/capi/test_cases.cpp
+ )
+
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/vcore/src
+ ${PROJECT_SOURCE_DIR}/tests/capi
+ ${VCOREC_TEST_DEP_INCLUDE_DIRS}
+ )
+
+ADD_EXECUTABLE(${TARGET_VCOREC_TEST} ${VCOREC_TESTS_SOURCES})
+
+ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
+
+TARGET_LINK_LIBRARIES(${TARGET_VCOREC_TEST}
+ ${TARGET_VCORE_LIB}
+ ${VCOREC_TEST_DEP_LIBRARIES}
+ )
+
+INSTALL(TARGETS ${TARGET_VCOREC_TEST}
+ DESTINATION /usr/bin
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/capi/data/cert_a.pem
+ ${PROJECT_SOURCE_DIR}/tests/capi/data/cert_b.pem
+ ${PROJECT_SOURCE_DIR}/tests/capi/data/pkey.pem
+ DESTINATION /opt/share/cert-svc/pkcs12/test1st
+ PERMISSIONS OWNER_READ
+ GROUP_READ
+ WORLD_READ
+ )
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file main.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of main
+ */
+#include <dpl/test/test_runner.h>
+
+#include <cert-svc/ccert.h>
+
+//#include <vcore/VCore.h>
+//#include <libsoup/soup.h> // includes headers with g_type_init
+
+CertSvcInstance vinstance;
+
+int main (int argc, char *argv[])
+{
+// g_type_init();
+// g_thread_init(NULL);
+ certsvc_instance_new(&vinstance);
+ int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+ certsvc_instance_free(vinstance);
+ return status;
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file api_tests.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of main
+ */
+
+#include <cert-svc/cinstance.h>
+#include <cert-svc/ccert.h>
+#include <cert-svc/ccrl.h>
+#include <cert-svc/cocsp.h>
+#include <cert-svc/cpkcs12.h>
+#include <cert-svc/cprimitives.h>
+
+extern CertSvcInstance vinstance;
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file crl_cache.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Example implementation of memory cache for crl.
+ */
+#ifndef _CRL_MEMORY_CACHE_H_
+#define _CRL_MEMORY_CACHE_H_
+
+#include <map>
+#include <string>
+#include <vector>
+
+#include <string.h>
+#include <time.h>
+
+typedef std::vector<char> BinaryBuffer;
+
+typedef struct CrlRecord_t {
+ BinaryBuffer buffer;
+ time_t nextUpdate;
+} CrlRecord;
+
+typedef std::map<std::string,CrlRecord> MemoryCache;
+
+void memoryCacheWrite(
+ const char *distributionPoint,
+ const char *body,
+ int bodySize,
+ time_t nextUpdateTime,
+ void *userParam)
+{
+ MemoryCache *cache = static_cast<MemoryCache*>(userParam);
+
+ CrlRecord record;
+ record.buffer.resize(bodySize);
+ memcpy(&record.buffer[0], body, bodySize);
+ record.nextUpdate = nextUpdateTime;
+
+ cache->insert(std::make_pair(std::string(distributionPoint),record));
+}
+
+int memoryCacheRead(
+ const char *distributorPoint,
+ char **body,
+ int *bodySize,
+ time_t *nextUpdateTime,
+ void *userParam)
+{
+ MemoryCache *cache = static_cast<MemoryCache*>(userParam);
+ auto iter = cache->find(distributorPoint);
+ if (iter == cache->end()) {
+ return 0;
+ }
+ CrlRecord record = iter->second;
+ *bodySize = record.buffer.size();
+ *body = new char[*bodySize];
+ memcpy(*body, &record.buffer[0], *bodySize);
+ *nextUpdateTime = record.nextUpdate;
+ return 1;
+}
+
+void memoryCacheFree(
+ char *buffer,
+ void *)
+{
+ delete[] buffer;
+}
+
+#endif // _CRL_MEMORY_CACHE_H_
+
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 85:7d:e1:c5:d9:de:7a:20
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=PL, ST=Mazowieckie, O=Samsung, OU=SPRC, CN=Operator Test Root Certificate/emailAddress=operator@samsung.com
+ Validity
+ Not Before: Jan 4 17:34:31 2011 GMT
+ Not After : Jan 4 17:34:31 2012 GMT
+ Subject: C=PL, ST=Malopolskie, L=Krakow, O=Samsung, OU=N/A, CN=Operator Test Second Level Certificate/emailAddress=second.operator@samsung.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ba:3c:58:ca:87:1e:59:68:54:8a:54:34:43:61:
+ f1:81:e6:35:c1:46:74:16:c7:ff:f9:15:9e:0c:5a:
+ 6a:89:c1:13:0c:61:2e:ba:00:e0:71:ea:7e:31:ae:
+ 4e:ef:93:58:51:98:97:f3:bf:8a:9b:b2:c1:b7:0c:
+ 5f:3f:56:b3:13:3b:d0:80:be:04:66:89:84:50:ca:
+ fe:f6:f7:6b:05:3b:30:4e:96:9c:5b:c5:80:bc:d6:
+ be:6e:69:f4:b9:9b:4c:06:7a:ed:37:67:b2:fe:45:
+ 69:57:62:54:cb:69:69:48:b9:7d:a0:42:f1:b6:dc:
+ f2:7f:eb:75:2a:d4:83:69:b9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ D9:F3:11:BF:98:5A:60:12:7A:85:B5:E7:A7:38:4F:CF:51:1D:C6:B2
+ X509v3 Authority Key Identifier:
+ keyid:25:A5:90:9F:4D:3A:A4:19:0A:80:46:5E:F3:FB:20:CE:56:30:33:DA
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 69:6c:26:81:51:91:a6:e6:11:dc:81:35:03:73:85:4f:2f:29:
+ 1f:20:f2:23:54:82:ca:8f:b8:a6:e3:3f:cd:72:5e:d7:e7:f5:
+ 84:8a:33:e2:51:9f:36:4b:30:85:f4:4f:87:c7:9a:69:0b:15:
+ 6e:92:c7:1f:2f:58:a4:57:f8:c2:cd:59:6c:d2:11:63:ae:bb:
+ b0:32:3f:09:e7:2e:ad:db:1b:fe:e7:a4:21:43:47:76:e1:de:
+ 36:bb:26:3f:16:76:20:ed:a4:68:c1:48:ae:2b:95:fb:f6:d2:
+ f2:7f:74:f6:83:e2:89:06:b5:89:54:6e:7f:cf:88:94:66:e8:
+ da:32
+-----BEGIN CERTIFICATE-----
+MIIDPjCCAqegAwIBAgIJAIV94cXZ3nogMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
+VQQGEwJQTDEUMBIGA1UECBMLTWF6b3dpZWNraWUxEDAOBgNVBAoTB1NhbXN1bmcx
+DTALBgNVBAsTBFNQUkMxJzAlBgNVBAMTHk9wZXJhdG9yIFRlc3QgUm9vdCBDZXJ0
+aWZpY2F0ZTEjMCEGCSqGSIb3DQEJARYUb3BlcmF0b3JAc2Ftc3VuZy5jb20wHhcN
+MTEwMTA0MTczNDMxWhcNMTIwMTA0MTczNDMxWjCBsTELMAkGA1UEBhMCUEwxFDAS
+BgNVBAgTC01hbG9wb2xza2llMQ8wDQYDVQQHEwZLcmFrb3cxEDAOBgNVBAoTB1Nh
+bXN1bmcxDDAKBgNVBAsTA04vQTEvMC0GA1UEAxMmT3BlcmF0b3IgVGVzdCBTZWNv
+bmQgTGV2ZWwgQ2VydGlmaWNhdGUxKjAoBgkqhkiG9w0BCQEWG3NlY29uZC5vcGVy
+YXRvckBzYW1zdW5nLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAujxY
+yoceWWhUilQ0Q2HxgeY1wUZ0Fsf/+RWeDFpqicETDGEuugDgcep+Ma5O75NYUZiX
+87+Km7LBtwxfP1azEzvQgL4EZomEUMr+9vdrBTswTpacW8WAvNa+bmn0uZtMBnrt
+N2ey/kVpV2JUy2lpSLl9oELxttzyf+t1KtSDabkCAwEAAaN7MHkwCQYDVR0TBAIw
+ADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
+HQYDVR0OBBYEFNnzEb+YWmASeoW156c4T89RHcayMB8GA1UdIwQYMBaAFCWlkJ9N
+OqQZCoBGXvP7IM5WMDPaMA0GCSqGSIb3DQEBBQUAA4GBAGlsJoFRkabmEdyBNQNz
+hU8vKR8g8iNUgsqPuKbjP81yXtfn9YSKM+JRnzZLMIX0T4fHmmkLFW6Sxx8vWKRX
++MLNWWzSEWOuu7AyPwnnLq3bG/7npCFDR3bh3ja7Jj8WdiDtpGjBSK4rlfv20vJ/
+dPaD4okGtYlUbn/PiJRm6Noy
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 85:7d:e1:c5:d9:de:7a:1f
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=PL, ST=Mazowieckie, O=Samsung, OU=SPRC, CN=Operator Test Root Certificate/emailAddress=operator@samsung.com
+ Validity
+ Not Before: Jan 4 17:27:08 2011 GMT
+ Not After : Jan 3 17:27:08 2014 GMT
+ Subject: C=PL, ST=Mazowieckie, O=Samsung, OU=SPRC, CN=Operator Test Root Certificate/emailAddress=operator@samsung.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c3:39:17:a8:f9:d0:69:37:9a:56:44:39:67:10:
+ 14:a9:4b:a2:0b:c7:fc:a1:e8:e8:f7:1c:06:f4:9c:
+ 83:f7:37:07:9d:9c:2c:1b:46:43:5f:f1:7b:91:a8:
+ cd:c0:76:00:d5:9c:c9:28:f7:91:28:b6:97:ec:85:
+ b1:10:0f:58:2e:f6:6f:98:b6:ab:7b:ca:08:10:7f:
+ 55:32:bf:32:db:a7:c2:86:83:03:ee:41:0a:24:de:
+ 17:e3:9d:8f:5b:fa:46:70:78:98:b4:c1:14:77:44:
+ ab:59:7c:4c:d3:4a:f7:54:f2:30:0d:38:73:95:9f:
+ 21:0e:a9:86:3e:fc:82:4e:0b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 25:A5:90:9F:4D:3A:A4:19:0A:80:46:5E:F3:FB:20:CE:56:30:33:DA
+ X509v3 Authority Key Identifier:
+ keyid:25:A5:90:9F:4D:3A:A4:19:0A:80:46:5E:F3:FB:20:CE:56:30:33:DA
+ DirName:/C=PL/ST=Mazowieckie/O=Samsung/OU=SPRC/CN=Operator Test Root Certificate/emailAddress=operator@samsung.com
+ serial:85:7D:E1:C5:D9:DE:7A:1F
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ b9:d7:72:49:09:d8:6f:61:94:51:40:9d:c3:d3:23:53:97:b8:
+ 12:ee:cb:dd:57:e6:1f:a2:76:38:5d:42:51:bd:a9:30:19:f7:
+ 67:5b:a8:67:4a:9e:a1:f0:a9:22:14:94:77:32:27:79:37:9c:
+ 0a:0f:52:80:14:62:00:94:45:85:3b:fd:ad:b4:c3:20:45:ba:
+ b7:91:1a:9e:38:51:0f:9b:d5:ce:74:c7:bd:4a:21:9a:2d:b5:
+ 71:0b:42:d2:95:72:66:fe:eb:11:ad:62:44:6c:32:4e:b4:00:
+ 37:d7:b8:d5:4b:f6:74:36:78:d6:ae:66:b3:ca:6e:42:ff:cb:
+ c2:e6
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAwigAwIBAgIJAIV94cXZ3nofMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
+VQQGEwJQTDEUMBIGA1UECBMLTWF6b3dpZWNraWUxEDAOBgNVBAoTB1NhbXN1bmcx
+DTALBgNVBAsTBFNQUkMxJzAlBgNVBAMTHk9wZXJhdG9yIFRlc3QgUm9vdCBDZXJ0
+aWZpY2F0ZTEjMCEGCSqGSIb3DQEJARYUb3BlcmF0b3JAc2Ftc3VuZy5jb20wHhcN
+MTEwMTA0MTcyNzA4WhcNMTQwMTAzMTcyNzA4WjCBkjELMAkGA1UEBhMCUEwxFDAS
+BgNVBAgTC01hem93aWVja2llMRAwDgYDVQQKEwdTYW1zdW5nMQ0wCwYDVQQLEwRT
+UFJDMScwJQYDVQQDEx5PcGVyYXRvciBUZXN0IFJvb3QgQ2VydGlmaWNhdGUxIzAh
+BgkqhkiG9w0BCQEWFG9wZXJhdG9yQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDDOReo+dBpN5pWRDlnEBSpS6ILx/yh6Oj3HAb0nIP3Nwed
+nCwbRkNf8XuRqM3AdgDVnMko95EotpfshbEQD1gu9m+Ytqt7yggQf1UyvzLbp8KG
+gwPuQQok3hfjnY9b+kZweJi0wRR3RKtZfEzTSvdU8jANOHOVnyEOqYY+/IJOCwID
+AQABo4H6MIH3MB0GA1UdDgQWBBQlpZCfTTqkGQqARl7z+yDOVjAz2jCBxwYDVR0j
+BIG/MIG8gBQlpZCfTTqkGQqARl7z+yDOVjAz2qGBmKSBlTCBkjELMAkGA1UEBhMC
+UEwxFDASBgNVBAgTC01hem93aWVja2llMRAwDgYDVQQKEwdTYW1zdW5nMQ0wCwYD
+VQQLEwRTUFJDMScwJQYDVQQDEx5PcGVyYXRvciBUZXN0IFJvb3QgQ2VydGlmaWNh
+dGUxIzAhBgkqhkiG9w0BCQEWFG9wZXJhdG9yQHNhbXN1bmcuY29tggkAhX3hxdne
+eh8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQC513JJCdhvYZRRQJ3D
+0yNTl7gS7svdV+YfonY4XUJRvakwGfdnW6hnSp6h8KkiFJR3Mid5N5wKD1KAFGIA
+lEWFO/2ttMMgRbq3kRqeOFEPm9XOdMe9SiGaLbVxC0LSlXJm/usRrWJEbDJOtAA3
+17jVS/Z0NnjWrmazym5C/8vC5g==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,44C051D8935528BB
+
+iISuf9ELdyP5M0vlWOK4msH09HRAhN+43qRu/RDznpsTs2lX2sJITXXEmJC4EJzS
+Zk4jf3ScTj1JsMGlg5k0mZWLmDb4kUxTRVUqJX2W4uUYEmWav7LQHRAsPwNUSMs3
+DzZabSf1vplnKKoL9mMtX4E0mj79AkJp7tARQu4Zn2FDMg/UnCErzhGeoFysztmM
+v0Biyrf8yTbatMMr7Ea6rIsKS8KbkEeYDk4LpxBXkMeOutnnUUdhUEXZ/mwgJq2e
++8LLPiWdFsrGxPdub7iuLXidXSpOd9VaC9LN/ORKF+EiJtF+twWSBotxYOtwmtgj
+xUHfXBcbaFoPnLKNS0nxwsOHF07LUfsCHzfVm1uGyWFkkLrPfcSjb6PahFlfO6w5
+fv8HnUOgeAjlhK6X+xhmw1tpwMUlmcYmq31eC8rwxP59jNQbhH6GVr5+rEMRHNgp
+loC1WqthoRtBEC0bi99VpIHVIepe9G+p40sIropoUWftfDSLl3RtONg5GyyZWQ4a
+ROxsiLHDZ7+q8eKkJuYPkiZ61/5MHuOsH5k57PG7ppG6/0p+ED4bTwxxDb6PU4pA
+08xUTZQ0CUn1x80o/lKw+1E9TJOTbCvrEJAnMksfOkNkNyedgDJaxfV63wYvnL4+
+BLzCqa6djpe0Mg2olQieV/piRUt7JaGA7bnaMAn+bJ56PzUnMl0/WlxzGTMtHjkf
+zUqgLLdxZpJP7zl4XleSfRWlPgL1iN1s84x48ej+MGgOGi7xTgX/sfCLkN4No/8k
+c5Po+lQU261XAYNuAjtjUFQP/FgIMM9CnJrDWp8xHZXUJBo0c5lOKg==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <string>
+
+#include <openssl/x509.h>
+
+#include <dpl/test/test_runner.h>
+#include <dpl/log/log.h>
+
+#include <api_tests.h>
+
+#include "crl_cache.h"
+
+RUNNER_TEST(test01_certificate_new_from_file)
+{
+ CertSvcCertificate cert;
+ int result = certsvc_certificate_new_from_file(
+ vinstance,
+ "/opt/share/cert-svc/certs/code-signing/wac/wac.root.production.pem",
+ &cert);
+ RUNNER_ASSERT_MSG(CERTSVC_TRUE == result, "Error reading certificate");
+
+ CertSvcString string;
+
+ certsvc_certificate_get_string_field(
+ cert,
+ CERTSVC_SUBJECT_COMMON_NAME,
+ &string);
+
+ const char *ptr = "WAC Application Services Ltd";
+
+ const char *buffer;
+ int len;
+
+ certsvc_string_to_cstring(string, &buffer, &len);
+
+ result = strncmp(
+ buffer,
+ ptr,
+ strlen(ptr));
+
+ RUNNER_ASSERT_MSG(0 == result, "Error reading common name");
+
+ certsvc_certificate_free(cert);
+}
+
+RUNNER_TEST(test02_certificate_search)
+{
+ CertSvcCertificateList handler;
+ int result = certsvc_certificate_search(vinstance,
+ CERTSVC_SUBJECT_COMMON_NAME,
+ "WAC Application Services Ltd",
+ &handler);
+
+ RUNNER_ASSERT_MSG(1 == result, "Error in search method");
+
+ CertSvcCertificate cert;
+
+ result = certsvc_certificate_list_get_one(handler, 0, &cert);
+
+ RUNNER_ASSERT_MSG(CERTSVC_TRUE == result, "Error reading certificate");
+
+ CertSvcString string;
+
+ certsvc_certificate_get_string_field(
+ cert,
+ CERTSVC_SUBJECT_COUNTRY_NAME,
+ &string);
+
+ const char *ptr = "GB";
+ const char *buffer;
+
+ certsvc_string_to_cstring(string, &buffer, NULL);
+
+ result = strncmp(
+ buffer,
+ ptr,
+ strlen(ptr));
+
+ RUNNER_ASSERT_MSG(0 == result, "Country does not match");
+}
+
+RUNNER_TEST(test03_is_signed_by)
+{
+ int result;
+ std::string googleCA =
+ "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG"
+ "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz"
+ "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2"
+ "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV"
+ "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt"
+ "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN"
+ "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE"
+ "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is"
+ "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G"
+ "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do"
+ "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc"
+ "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k";
+
+ std::string google2nd =
+ "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV"
+ "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi"
+ "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw"
+ "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh"
+ "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD"
+ "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx"
+ "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g"
+ "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo"
+ "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG"
+ "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX"
+ "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov"
+ "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG"
+ "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF"
+ "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB"
+ "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc"
+ "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR"
+ "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv";
+
+ CertSvcCertificate cert1, cert2;
+
+ result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)googleCA.c_str(),
+ googleCA.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &cert1);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error reading certificate");
+
+ result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)google2nd.c_str(),
+ google2nd.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &cert2);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error reading certificate");
+
+ int status;
+ result = certsvc_certificate_is_signed_by(cert2, cert1, &status);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Chain verification failed");
+ RUNNER_ASSERT_MSG(CERTSVC_TRUE == status, "Chain verification failed");
+}
+
+RUNNER_TEST(test04_not_before_not_after)
+{
+ std::string google2nd =
+ "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV"
+ "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi"
+ "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw"
+ "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh"
+ "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD"
+ "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx"
+ "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g"
+ "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo"
+ "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG"
+ "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX"
+ "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov"
+ "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG"
+ "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF"
+ "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB"
+ "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc"
+ "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR"
+ "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv";
+
+ CertSvcCertificate cert;
+ int result;
+
+ result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char *)google2nd.c_str(),
+ google2nd.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &cert);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error reading certificate");
+
+ time_t before, after;
+ result = certsvc_certificate_get_not_before(cert, &before);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error extracting NOT_BEFORE");
+ RUNNER_ASSERT_MSG(before == 1084406400, "TODO");
+
+ result = certsvc_certificate_get_not_after(cert, &after);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error extracting NOT_AFTER");
+ //extracted: date --date="May 12 23:59:59 2014 GMT" +%s
+ RUNNER_ASSERT_MSG(after == 1399939199, "TODO");
+}
+
+RUNNER_TEST(test05_get_clr_dist_points)
+{
+ std::string google2nd =
+ "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV"
+ "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi"
+ "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw"
+ "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh"
+ "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD"
+ "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx"
+ "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g"
+ "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo"
+ "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG"
+ "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX"
+ "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov"
+ "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG"
+ "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF"
+ "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB"
+ "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc"
+ "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR"
+ "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv";
+
+ CertSvcCertificate cert;
+
+ int result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)google2nd.c_str(),
+ google2nd.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &cert);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate");
+
+ CertSvcStringList stringList;
+
+ result = certsvc_certificate_get_crl_distribution_points(cert, &stringList);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading distribution points");
+
+ int size;
+
+ result = certsvc_string_list_get_length(stringList, &size);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in string list");
+
+// RUNNER_ASSERT_MSG(1 == size, "Distribution point list is too small");
+
+ CertSvcString vstring;
+
+ result = certsvc_string_list_get_one(stringList, 0, &vstring);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in extracting result from list");
+
+ int len;
+ const char *ptr;
+
+ certsvc_string_to_cstring(vstring, &ptr, &len);
+
+ RUNNER_ASSERT_MSG(0 == strncmp(ptr,"http://crl.verisign.com/pca3.crl", len), "Check distribution points failed!");
+}
+
+RUNNER_TEST(test06_cert_get_field)
+{
+ std::string google2nd =
+ "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV"
+ "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi"
+ "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw"
+ "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh"
+ "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD"
+ "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx"
+ "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g"
+ "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo"
+ "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG"
+ "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX"
+ "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov"
+ "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG"
+ "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF"
+ "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB"
+ "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc"
+ "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR"
+ "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv";
+
+ CertSvcCertificate cert;
+
+ int result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)google2nd.c_str(),
+ google2nd.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &cert);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
+
+ CertSvcString subject, issuer;
+
+ result = certsvc_certificate_get_string_field(
+ cert,
+ CERTSVC_SUBJECT,
+ &subject);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading SUBJECT field.");
+
+ result = certsvc_certificate_get_string_field(
+ cert,
+ CERTSVC_ISSUER,
+ &issuer);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading ISSUER field.");
+
+ int size;
+ const char *ptr;
+
+ certsvc_string_to_cstring(subject, &ptr, &size);
+ RUNNER_ASSERT_MSG(0 == strncmp(ptr, "/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA", size), "Subject does not match.");
+
+ certsvc_string_to_cstring(issuer, &ptr, &size);
+ RUNNER_ASSERT_MSG(0 == strncmp(ptr, "/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority", size), "Issuer does not match.");
+}
+
+RUNNER_TEST(test07_chain_sort)
+{
+ std::string certEE =
+ "MIIDIjCCAougAwIBAgIQK59+5colpiUUIEeCdTqbuTANBgkqhkiG9w0BAQUFADBM"
+ "MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg"
+ "THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x"
+ "MzA5MzAyMzU5NTlaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh"
+ "MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRgw"
+ "FgYDVQQDFA9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ"
+ "AoGBAK85FZho5JL+T0/xu/8NLrD+Jaq9aARnJ+psQ0ynbcvIj36B7ocmJRASVDOe"
+ "qj2bj46Ss0sB4/lKKcMP/ay300yXKT9pVc9wgwSvLgRudNYPFwn+niAkJOPHaJys"
+ "Eb2S5LIbCfICMrtVGy0WXzASI+JMSo3C2j/huL/3OrGGvvDFAgMBAAGjgecwgeQw"
+ "DAYDVR0TAQH/BAIwADA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0"
+ "ZS5jb20vVGhhd3RlU0dDQ0EuY3JsMCgGA1UdJQQhMB8GCCsGAQUFBwMBBggrBgEF"
+ "BQcDAgYJYIZIAYb4QgQBMHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0"
+ "cDovL29jc3AudGhhd3RlLmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3"
+ "dGUuY29tL3JlcG9zaXRvcnkvVGhhd3RlX1NHQ19DQS5jcnQwDQYJKoZIhvcNAQEF"
+ "BQADgYEANYARzVI+hCn7wSjhIOUCj19xZVgdYnJXPOZeJWHTy60i+NiBpOf0rnzZ"
+ "wW2qkw1iB5/yZ0eZNDNPPQJ09IHWOAgh6OKh+gVBnJzJ+fPIo+4NpddQVF4vfXm3"
+ "fgp8tuIsqK7+lNfNFjBxBKqeecPStiSnJavwSI4vw6e7UN0Pz7A=";
+
+ std::string certCA =
+ "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV"
+ "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi"
+ "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw"
+ "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh"
+ "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD"
+ "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx"
+ "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g"
+ "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo"
+ "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG"
+ "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX"
+ "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov"
+ "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG"
+ "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF"
+ "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB"
+ "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc"
+ "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR"
+ "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv";
+
+ std::string certRCA =
+ "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG"
+ "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz"
+ "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2"
+ "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV"
+ "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt"
+ "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN"
+ "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE"
+ "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is"
+ "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G"
+ "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do"
+ "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc"
+ "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k";
+
+ CertSvcCertificate cert1, cert2, cert3;
+
+ int result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)certEE.c_str(),
+ certEE.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &cert1);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
+
+ result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)certCA.c_str(),
+ certCA.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &cert2);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
+
+ result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)certRCA.c_str(),
+ certRCA.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &cert3);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
+
+ CertSvcCertificate collection[3];
+ collection[0] = cert1;
+ collection[1] = cert3;
+ collection[2] = cert2;
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == certsvc_certificate_chain_sort(collection, 3), "FAIL TO SORT CERTIFICATE");
+
+ RUNNER_ASSERT_MSG(collection[2].privateHandler == cert3.privateHandler, "certsvc_certificate_chain_sort failed");
+
+ collection[0] = cert1;
+ collection[1] = cert3;
+
+ RUNNER_ASSERT_MSG(CERTSVC_FAIL == certsvc_certificate_chain_sort(collection, 2), "certsvc_certificate_chain_sort failed");
+}
+
+RUNNER_TEST(test08_message_verify_dsa_sha1)
+{
+ std::string magda =
+ "MIIEDzCCA3igAwIBAgIJAMdKgvadG/Z/MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV"
+ "BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT"
+ "BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA"
+ "c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIxMTMzWhcNMjExMDAyMTIxMTMzWjCBijEL"
+ "MAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMRIwEAYDVQQHEwlsZWdp"
+ "b25vd28xEDAOBgNVBAoTB3NhbXN1bmcxDTALBgNVBAsTBHNwcmMxDjAMBgNVBAMT"
+ "BW1hZ2RhMSAwHgYJKoZIhvcNAQkBFhFtYWdkYUBzYW1zdW5nLmNvbTCCAbcwggEr"
+ "BgcqhkjOOAQBMIIBHgKBgQC1PCOasFhlfMc1yjdcp7zkzXGiW+MpVuFlsdYwkAa9"
+ "sIvNrQLi2ulxcnNBeCHKDbk7U+J3/QwO2XanapQMUqvfjfjL1QQ5Vf7ENUWPNP7c"
+ "Evx82Nb5jWdHyRfV//TciBZN8GLNEbfhtWlhI6CbDW1AaY0nPZ879rSIk7/aNKZ3"
+ "FQIVALcr8uQAmnV+3DLIA5nTo0Bg0bjLAoGAJG7meUtQbMulRMdjzeCoya2FXdm+"
+ "4acvInE9/+MybXTB3bFANMyw6WTvk4K9RK8tm52N95cykTjpAbxqTMaXwkdWbOFd"
+ "VKAKnyxi/UKtY9Q6NmwJB2hbA1GUzhPko8rEda66CGl0VbyM1lKMJjA+wp9pG110"
+ "L0ov19Q9fvqKp5UDgYUAAoGBAKxAQg7MqCgkC0MJftYjNaKM5n1iZv4j1li49zKf"
+ "Y5nTLP+vYAvg0owLNYvJ5ncKfY1DACPU4/+tC7TTua95wgj5rwvAXnzgSyOGuSr0"
+ "fK9DyrH6E0LfXT+WuIQHahm2iSbxqPrChlnp5/EXDTBaO6Qfdpq0BP48ClZebxcA"
+ "+TYFo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy"
+ "YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmSpShswvWtEABd+l3WxccRcCydUw"
+ "HwYDVR0jBBgwFoAUggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQAD"
+ "gYEAgfnAu/gMJRC/BFwkgvrHL0TV4ffPVAf7RSnZS6ib4IHGgrvXJvL+Qh7vHykv"
+ "ZIqD2L96nY2EaSNr0yXrT81YROndOQUJNx4Y/W8m6asu4hzANNZqWCbApPDIMK6V"
+ "cPA1wrKgZqbWp218WBqI2v9pXV0O+jpzxq1+GeQV2UsbRwc=";
+
+ std::string message = "c2lnbmVkIGRhdGEK";
+ std::string signature = "MC0CFQCL2pDA4S/zsHkDUCWOq7K6ebG14gIUHHoLsbeUd+BEqBXB6XjmcTncBRA=";
+
+ CertSvcString msgb64, sigb64, msg, sig;
+
+ int result = certsvc_string_new(vinstance, message.c_str(), message.size(), &msgb64);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading messsage.");
+
+ result = certsvc_string_new(vinstance, signature.c_str(), signature.size(), &sigb64);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading signature.");
+
+ CertSvcCertificate cert;
+
+ result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)magda.c_str(),
+ magda.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &cert);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
+
+ result = certsvc_base64_decode(msgb64, &msg);
+ RUNNER_ASSERT_MSG(result == CERTSVC_TRUE, "Error in decoding base64.");
+ result = certsvc_base64_decode(sigb64, &sig);
+ RUNNER_ASSERT_MSG(result == CERTSVC_TRUE, "Error in decoding base64.");
+
+ int status;
+ result = certsvc_message_verify(cert, msg, sig, "sha1", &status);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in verify message.");
+ RUNNER_ASSERT_MSG(status == CERTSVC_TRUE, "Error in verify message.");
+}
+
+RUNNER_TEST(test09_message_verify_rsa_sha1)
+{
+ std::string filip =
+ "MIIC4zCCAkygAwIBAgIJAMdKgvadG/Z+MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV"
+ "BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT"
+ "BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA"
+ "c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIwMDUxWhcNMjExMDAyMTIwMDUxWjB4MQsw"
+ "CQYDVQQGEwJQTDEMMAoGA1UECBMDTUFaMQwwCgYDVQQHEwNMZWcxDDAKBgNVBAoT"
+ "A1NhbTENMAsGA1UECxMEU1BSQzEOMAwGA1UEAxMFRmlsaXAxIDAeBgkqhkiG9w0B"
+ "CQEWEWZpbGlwQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB"
+ "gQDS/sS0wXSCb34ojN8bWFd4Pl9eTLHh18UNGsPpLpp4itdfuc/OgyqaSoDwBzVh"
+ "EWAVLCTxexUa4Ncva+41NbkW4RCsFzeGs0ktpu1+8Q+v0QEOGqVF2rQkgilzDF/o"
+ "O56Fxw9vG1OA+qdQd3yOAV2EqLNBPrEYB9K5GFyffrakSQIDAQABo3sweTAJBgNV"
+ "HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp"
+ "Y2F0ZTAdBgNVHQ4EFgQUeyy3iV75KtOkpPFd6mnR9dFGZMwwHwYDVR0jBBgwFoAU"
+ "ggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQADgYEADtv0CBrQ1QCM"
+ "H9jKFjpSpq7zFKMXQeVtb/Zie823//woicg8kxnP5sS4dJWNXNb1iMLdhgV80g1y"
+ "t3gTWPxTtFzprQyNiJHTmrbNWXLX1roRVGUE/I8Q4xexqpbNlJIW2Jjm/kqoKfnK"
+ "xORG6HNPXZV29NY2fDRPPOIYoFQzrXI=";
+
+ std::string message = "Q3plZ28gdHUgc3p1a2Fzej8K";
+ std::string signature =
+ "xEIpVjEIUoDkYGtX2ih6Gbya0/gr7OMdvbBKmjqzfNh9GHqwrgjglByeC5sspUzPBUF4Vmg/hZqL"
+ "gSsxXw9bKEa8c6mTQoNX51IC0ELPsoUMIJF1gGdFu0SzKptvU0+ksiiOM+70+s5t8s3z0G5PeA7O"
+ "99oq8UlrX7GDlxaoTU4=";
+
+ CertSvcString msgb64, sigb64, msg, sig;
+
+ int result = certsvc_string_new(vinstance, message.c_str(), message.size(), &msgb64);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading messsage.");
+
+ result = certsvc_string_new(vinstance, signature.c_str(), signature.size(), &sigb64);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading signature.");
+
+ CertSvcCertificate cert;
+
+ result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)filip.c_str(),
+ filip.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &cert);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
+
+ result = certsvc_base64_decode(msgb64, &msg);
+ RUNNER_ASSERT_MSG(result == CERTSVC_TRUE, "Error in decoding base64.");
+
+ result = certsvc_base64_decode(sigb64, &sig);
+ RUNNER_ASSERT_MSG(result == CERTSVC_TRUE, "Error in decoding base64.");
+
+ int status;
+ result = certsvc_message_verify(cert, msg, sig, "sha1", &status);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in verify message.");
+ RUNNER_ASSERT_MSG(status == CERTSVC_SUCCESS, "Error in verify message.");
+
+ message[0] = 'q';
+
+ result = certsvc_string_new(vinstance, message.c_str(), message.size(), &msgb64);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading messsage.");
+
+ result = certsvc_base64_decode(msgb64, &msg);
+ RUNNER_ASSERT_MSG(result == CERTSVC_TRUE, "Error in decoding base64.");
+
+ result = certsvc_message_verify(cert, msg, sig, "sha1", &status);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in verify message.");
+ RUNNER_ASSERT_MSG(status == CERTSVC_INVALID_SIGNATURE, "Error in verify message.");
+}
+
+RUNNER_TEST(test10_message_verify_rsa_sha256)
+{
+ std::string filip =
+ "MIIC4zCCAkygAwIBAgIJAMdKgvadG/Z+MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV"
+ "BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT"
+ "BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA"
+ "c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIwMDUxWhcNMjExMDAyMTIwMDUxWjB4MQsw"
+ "CQYDVQQGEwJQTDEMMAoGA1UECBMDTUFaMQwwCgYDVQQHEwNMZWcxDDAKBgNVBAoT"
+ "A1NhbTENMAsGA1UECxMEU1BSQzEOMAwGA1UEAxMFRmlsaXAxIDAeBgkqhkiG9w0B"
+ "CQEWEWZpbGlwQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB"
+ "gQDS/sS0wXSCb34ojN8bWFd4Pl9eTLHh18UNGsPpLpp4itdfuc/OgyqaSoDwBzVh"
+ "EWAVLCTxexUa4Ncva+41NbkW4RCsFzeGs0ktpu1+8Q+v0QEOGqVF2rQkgilzDF/o"
+ "O56Fxw9vG1OA+qdQd3yOAV2EqLNBPrEYB9K5GFyffrakSQIDAQABo3sweTAJBgNV"
+ "HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp"
+ "Y2F0ZTAdBgNVHQ4EFgQUeyy3iV75KtOkpPFd6mnR9dFGZMwwHwYDVR0jBBgwFoAU"
+ "ggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQADgYEADtv0CBrQ1QCM"
+ "H9jKFjpSpq7zFKMXQeVtb/Zie823//woicg8kxnP5sS4dJWNXNb1iMLdhgV80g1y"
+ "t3gTWPxTtFzprQyNiJHTmrbNWXLX1roRVGUE/I8Q4xexqpbNlJIW2Jjm/kqoKfnK"
+ "xORG6HNPXZV29NY2fDRPPOIYoFQzrXI=";
+
+ std::string message = "Q3plZ28gdHUgc3p1a2Fzej8K";
+ std::string signature =
+ "a5nGT6wnbQ8MLwLkG965E4e1Rv983E+v3nolLvvjuAKnfgWYb+70Da+T9ggYDTjngq+EBgC30w1p"
+ "EScrwye8ELefvRxDWy1+tWR4QRW/Nd4oN2U/pvozoabDSpe9Cvt0ECEOWKDqIYYnoWFjOiXg9VwD"
+ "HVVkQXvsSYu6thX/Xsk=";
+
+ CertSvcString msgb64, sigb64, msg, sig;
+
+ int result = certsvc_string_new(vinstance, message.c_str(), message.size(), &msgb64);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading messsage.");
+
+ result = certsvc_string_new(vinstance, signature.c_str(), signature.size(), &sigb64);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading signature.");
+
+ CertSvcCertificate cert;
+
+ result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)filip.c_str(),
+ filip.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &cert);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
+
+ result = certsvc_base64_decode(msgb64, &msg);
+ RUNNER_ASSERT_MSG(result == CERTSVC_TRUE, "Error in decoding base64.");
+
+ result = certsvc_base64_decode(sigb64, &sig);
+ RUNNER_ASSERT_MSG(result == CERTSVC_TRUE, "Error in decoding base64.");
+
+ int status;
+ result = certsvc_message_verify(cert, msg, sig, "sha256", &status);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in verify message.");
+ RUNNER_ASSERT_MSG(status == CERTSVC_SUCCESS, "Error in verify message.");
+
+ message[0] = 'q';
+
+ result = certsvc_string_new(vinstance, message.c_str(), message.size(), &msgb64);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading messsage.");
+
+ result = certsvc_base64_decode(msgb64, &msg);
+ RUNNER_ASSERT_MSG(result == CERTSVC_TRUE, "Error in decoding base64.");
+
+ result = certsvc_message_verify(cert, msg, sig, "sha256", &status);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in verify message.");
+ RUNNER_ASSERT_MSG(status == CERTSVC_INVALID_SIGNATURE, "Error in verify message.");
+}
+
+RUNNER_TEST(test11_ocsp)
+{
+ std::string certEE =
+ "MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh"
+ "bGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu"
+ "Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24g"
+ "QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAe"
+ "BgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTA0MDYyOTE3MDYyMFoX"
+ "DTI0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBE"
+ "YWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0"
+ "aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgC"
+ "ggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv"
+ "2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+q"
+ "N1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiO"
+ "r18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lN"
+ "f4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEH"
+ "U1jPEX44dMX4/7VpkI+EdOqXG68CAQOjggHhMIIB3TAdBgNVHQ4EFgQU0sSw0pHU"
+ "TBFxs2HLPaH+3ahq1OMwgdIGA1UdIwSByjCBx6GBwaSBvjCBuzEkMCIGA1UEBxMb"
+ "VmFsaUNlcnQgVmFsaWRhdGlvbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwg"
+ "SW5jLjE1MDMGA1UECxMsVmFsaUNlcnQgQ2xhc3MgMiBQb2xpY3kgVmFsaWRhdGlv"
+ "biBBdXRob3JpdHkxITAfBgNVBAMTGGh0dHA6Ly93d3cudmFsaWNlcnQuY29tLzEg"
+ "MB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5jb22CAQEwDwYDVR0TAQH/BAUw"
+ "AwEB/zAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmdv"
+ "ZGFkZHkuY29tMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jZXJ0aWZpY2F0ZXMu"
+ "Z29kYWRkeS5jb20vcmVwb3NpdG9yeS9yb290LmNybDBLBgNVHSAERDBCMEAGBFUd"
+ "IAAwODA2BggrBgEFBQcCARYqaHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv"
+ "bS9yZXBvc2l0b3J5MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQC1"
+ "QPmnHfbq/qQaQlpE9xXUhUaJwL6e4+PrxeNYiY+Sn1eocSxI0YGyeR+sBjUZsE4O"
+ "WBsUs5iB0QQeyAfJg594RAoYC5jcdnplDQ1tgMQLARzLrUc+cb53S8wGd9D0Vmsf"
+ "SxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw==";
+
+
+ std::string certCA =
+ "MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx"
+ "ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g"
+ "RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw"
+ "MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH"
+ "QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j"
+ "b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j"
+ "b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj"
+ "YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN"
+ "AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H"
+ "KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm"
+ "VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR"
+ "SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT"
+ "cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ"
+ "6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu"
+ "MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS"
+ "kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB"
+ "BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f"
+ "BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv"
+ "c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH"
+ "AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO"
+ "BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG"
+ "OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU"
+ "A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o"
+ "0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX"
+ "RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH"
+ "qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV"
+ "U+4=";
+
+ std::string certRCA =
+ "MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0"
+ "IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz"
+ "BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y"
+ "aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG"
+ "9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy"
+ "NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y"
+ "azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs"
+ "YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw"
+ "Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl"
+ "cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY"
+ "dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9"
+ "WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS"
+ "v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v"
+ "UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu"
+ "IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC"
+ "W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd";
+
+ CertSvcCertificate cert1, cert2, cert3;
+
+ int result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)certEE.c_str(),
+ certEE.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &cert1);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
+
+ result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)certCA.c_str(),
+ certCA.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &cert2);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
+
+ result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)certRCA.c_str(),
+ certRCA.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &cert3);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
+
+ CertSvcCertificate collection[3];
+ collection[0] = cert1;
+ collection[1] = cert2;
+ collection[2] = cert3;
+
+ int status;
+ result = certsvc_ocsp_check(collection, 3, collection, 3, NULL, &status);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in ocsp check.");
+
+ RUNNER_ASSERT_MSG(status & CERTSVC_OCSP_GOOD, "Error in ocsp.");
+}
+
+RUNNER_TEST(test12_ocsp)
+{
+ std::string googleCA =
+ "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG"
+ "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz"
+ "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2"
+ "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV"
+ "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt"
+ "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN"
+ "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE"
+ "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is"
+ "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G"
+ "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do"
+ "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc"
+ "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k";
+
+ std::string google2nd =
+ "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV"
+ "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi"
+ "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw"
+ "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh"
+ "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD"
+ "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx"
+ "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g"
+ "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo"
+ "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG"
+ "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX"
+ "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov"
+ "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG"
+ "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF"
+ "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB"
+ "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc"
+ "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR"
+ "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv";
+
+ std::string google3rd =
+ "MIIDIjCCAougAwIBAgIQK59+5colpiUUIEeCdTqbuTANBgkqhkiG9w0BAQUFADBM"
+ "MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg"
+ "THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x"
+ "MzA5MzAyMzU5NTlaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh"
+ "MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRgw"
+ "FgYDVQQDFA9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ"
+ "AoGBAK85FZho5JL+T0/xu/8NLrD+Jaq9aARnJ+psQ0ynbcvIj36B7ocmJRASVDOe"
+ "qj2bj46Ss0sB4/lKKcMP/ay300yXKT9pVc9wgwSvLgRudNYPFwn+niAkJOPHaJys"
+ "Eb2S5LIbCfICMrtVGy0WXzASI+JMSo3C2j/huL/3OrGGvvDFAgMBAAGjgecwgeQw"
+ "DAYDVR0TAQH/BAIwADA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0"
+ "ZS5jb20vVGhhd3RlU0dDQ0EuY3JsMCgGA1UdJQQhMB8GCCsGAQUFBwMBBggrBgEF"
+ "BQcDAgYJYIZIAYb4QgQBMHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0"
+ "cDovL29jc3AudGhhd3RlLmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3"
+ "dGUuY29tL3JlcG9zaXRvcnkvVGhhd3RlX1NHQ19DQS5jcnQwDQYJKoZIhvcNAQEF"
+ "BQADgYEANYARzVI+hCn7wSjhIOUCj19xZVgdYnJXPOZeJWHTy60i+NiBpOf0rnzZ"
+ "wW2qkw1iB5/yZ0eZNDNPPQJ09IHWOAgh6OKh+gVBnJzJ+fPIo+4NpddQVF4vfXm3"
+ "fgp8tuIsqK7+lNfNFjBxBKqeecPStiSnJavwSI4vw6e7UN0Pz7A=";
+
+ CertSvcCertificate cert1, cert2, cert3;
+
+ int result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)google3rd.c_str(),
+ google3rd.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &cert1);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
+
+ result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)google2nd.c_str(),
+ google2nd.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &cert2);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
+
+ result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)googleCA.c_str(),
+ googleCA.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &cert3);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
+
+ CertSvcCertificate collection[3];
+ collection[0] = cert1;
+ collection[1] = cert2;
+ collection[2] = cert3;
+
+ int status;
+ result = certsvc_ocsp_check(collection, 3, collection, 3, NULL, &status);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in ocsp check.");
+
+ RUNNER_ASSERT_MSG(status & CERTSVC_OCSP_GOOD, "Error in ocsp.");
+}
+
+RUNNER_TEST(test13_crl)
+{
+ const int MAXC = 3;
+ std::string cert[MAXC];
+ cert[0] =
+ "MIIDIjCCAougAwIBAgIQK59+5colpiUUIEeCdTqbuTANBgkqhkiG9w0BAQUFADBM"
+ "MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg"
+ "THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x"
+ "MzA5MzAyMzU5NTlaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh"
+ "MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRgw"
+ "FgYDVQQDFA9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ"
+ "AoGBAK85FZho5JL+T0/xu/8NLrD+Jaq9aARnJ+psQ0ynbcvIj36B7ocmJRASVDOe"
+ "qj2bj46Ss0sB4/lKKcMP/ay300yXKT9pVc9wgwSvLgRudNYPFwn+niAkJOPHaJys"
+ "Eb2S5LIbCfICMrtVGy0WXzASI+JMSo3C2j/huL/3OrGGvvDFAgMBAAGjgecwgeQw"
+ "DAYDVR0TAQH/BAIwADA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0"
+ "ZS5jb20vVGhhd3RlU0dDQ0EuY3JsMCgGA1UdJQQhMB8GCCsGAQUFBwMBBggrBgEF"
+ "BQcDAgYJYIZIAYb4QgQBMHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0"
+ "cDovL29jc3AudGhhd3RlLmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3"
+ "dGUuY29tL3JlcG9zaXRvcnkvVGhhd3RlX1NHQ19DQS5jcnQwDQYJKoZIhvcNAQEF"
+ "BQADgYEANYARzVI+hCn7wSjhIOUCj19xZVgdYnJXPOZeJWHTy60i+NiBpOf0rnzZ"
+ "wW2qkw1iB5/yZ0eZNDNPPQJ09IHWOAgh6OKh+gVBnJzJ+fPIo+4NpddQVF4vfXm3"
+ "fgp8tuIsqK7+lNfNFjBxBKqeecPStiSnJavwSI4vw6e7UN0Pz7A=";
+
+ cert[1] =
+ "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV"
+ "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi"
+ "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw"
+ "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh"
+ "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD"
+ "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx"
+ "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g"
+ "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo"
+ "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG"
+ "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX"
+ "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov"
+ "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG"
+ "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF"
+ "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB"
+ "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc"
+ "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR"
+ "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv";
+
+ cert[2] =
+ "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG"
+ "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz"
+ "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2"
+ "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV"
+ "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt"
+ "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN"
+ "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE"
+ "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is"
+ "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G"
+ "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do"
+ "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc"
+ "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k";
+
+
+ CertSvcCertificate certificate[MAXC];
+
+ int result, status;
+
+ for (int i=0; i<MAXC; ++i) {
+ LogDebug("Reading certificate: " << i);
+ int result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)cert[i].c_str(),
+ cert[i].size(),
+ CERTSVC_FORM_DER_BASE64,
+ &certificate[i]);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error reading certificate");
+ }
+
+ certsvc_crl_cache_functions(
+ vinstance,
+ memoryCacheWrite,
+ memoryCacheRead,
+ memoryCacheFree);
+
+ MemoryCache mcache;
+
+ for (int i=0; i<MAXC; ++i) {
+ LogDebug("Check " << i << " certificate.");
+ result = certsvc_crl_check(certificate[i], certificate, MAXC, 0, &status, &mcache);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in crl.");
+ if (i<2) {
+ RUNNER_ASSERT_MSG(CERTSVC_CRL_GOOD & status, "Check of crl status failed.");
+ } else {
+ RUNNER_ASSERT_MSG(CERTSVC_CRL_NO_SUPPORT & status, "Check of crl status failed.");
+ }
+ LogDebug("Status: " << status);
+ }
+}
+
+RUNNER_TEST(test14_certificate_verify)
+{
+ const int MAXC = 3;
+ std::string cert[MAXC];
+ cert[0] =
+ "MIIDIjCCAougAwIBAgIQK59+5colpiUUIEeCdTqbuTANBgkqhkiG9w0BAQUFADBM"
+ "MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg"
+ "THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x"
+ "MzA5MzAyMzU5NTlaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh"
+ "MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRgw"
+ "FgYDVQQDFA9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ"
+ "AoGBAK85FZho5JL+T0/xu/8NLrD+Jaq9aARnJ+psQ0ynbcvIj36B7ocmJRASVDOe"
+ "qj2bj46Ss0sB4/lKKcMP/ay300yXKT9pVc9wgwSvLgRudNYPFwn+niAkJOPHaJys"
+ "Eb2S5LIbCfICMrtVGy0WXzASI+JMSo3C2j/huL/3OrGGvvDFAgMBAAGjgecwgeQw"
+ "DAYDVR0TAQH/BAIwADA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0"
+ "ZS5jb20vVGhhd3RlU0dDQ0EuY3JsMCgGA1UdJQQhMB8GCCsGAQUFBwMBBggrBgEF"
+ "BQcDAgYJYIZIAYb4QgQBMHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0"
+ "cDovL29jc3AudGhhd3RlLmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3"
+ "dGUuY29tL3JlcG9zaXRvcnkvVGhhd3RlX1NHQ19DQS5jcnQwDQYJKoZIhvcNAQEF"
+ "BQADgYEANYARzVI+hCn7wSjhIOUCj19xZVgdYnJXPOZeJWHTy60i+NiBpOf0rnzZ"
+ "wW2qkw1iB5/yZ0eZNDNPPQJ09IHWOAgh6OKh+gVBnJzJ+fPIo+4NpddQVF4vfXm3"
+ "fgp8tuIsqK7+lNfNFjBxBKqeecPStiSnJavwSI4vw6e7UN0Pz7A=";
+
+ cert[1] =
+ "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV"
+ "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi"
+ "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw"
+ "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh"
+ "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD"
+ "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx"
+ "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g"
+ "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo"
+ "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG"
+ "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX"
+ "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov"
+ "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG"
+ "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF"
+ "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB"
+ "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc"
+ "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR"
+ "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv";
+
+ cert[2] =
+ "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG"
+ "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz"
+ "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2"
+ "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV"
+ "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt"
+ "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN"
+ "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE"
+ "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is"
+ "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G"
+ "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do"
+ "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc"
+ "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k";
+
+
+ CertSvcCertificate certificate[MAXC];
+
+ int result, status;
+
+ for (int i=0; i<MAXC; ++i) {
+ LogDebug("Reading certificate: " << i);
+ int result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)cert[i].c_str(),
+ cert[i].size(),
+ CERTSVC_FORM_DER_BASE64,
+ &certificate[i]);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error reading certificate");
+ }
+
+ result = certsvc_certificate_verify(certificate[0], certificate, MAXC, NULL, 0, &status);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function.");
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == status, "Error in certificate verification process.");
+
+ result = certsvc_certificate_verify(certificate[0], certificate, MAXC-1, NULL, 0, &status);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function.");
+ RUNNER_ASSERT_MSG(CERTSVC_FAIL == status, "Error in certificate verification process.");
+
+ result = certsvc_certificate_verify(certificate[0], certificate, 1, certificate, MAXC, &status);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function.");
+ RUNNER_ASSERT_MSG(CERTSVC_FAIL == status, "Error in certificate verification process.");
+
+ result = certsvc_certificate_verify(certificate[0], &certificate[2], 1, certificate, MAXC, &status);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function.");
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == status, "Error in certificate verification process.");
+}
+
+RUNNER_TEST(test15_pkcs12_get_id_list)
+{
+ int result, size;
+ CertSvcStringList stringList;
+
+ result =certsvc_pkcs12_get_id_list(vinstance, &stringList);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certsvc_pkcs12_get_id_list");
+
+ result = certsvc_string_list_get_length(stringList, &size);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certsvc_string_list_get_length");
+ RUNNER_ASSERT_MSG(1 <= size, "List size error");
+}
+
+RUNNER_TEST(test16_pkcs12_load_certificate_list)
+{
+ int result, size;
+ CertSvcString csstring;
+ CertSvcCertificateList certificateList;
+
+ result = certsvc_string_new(vinstance, "test1st", 7, &csstring);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certsvc_string_new");
+
+ result = certsvc_pkcs12_load_certificate_list(vinstance, csstring, &certificateList);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certsvc_pkcs12_load_certificate_list.");
+
+ result = certsvc_certificate_list_get_length(certificateList, &size);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certsvc_certificate_list_get_length.");
+ RUNNER_ASSERT_MSG(2 == size, "Error in certsvc_certificate_list_get_length.");
+}
+
+RUNNER_TEST(test17_pkcs12_private_key_dup)
+{
+ int result, size;
+ CertSvcString csstring;
+ char *buffer;
+
+ result = certsvc_string_new(vinstance, "test1st", 7, &csstring);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certsvc_string_new");
+
+ result = certsvc_pkcs12_private_key_dup(vinstance, csstring, &buffer, &size);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certsvc_pkcs12_private_key_dup.");
+
+ const char * beginCert = "-----BEGIN RSA PRIVATE KEY-----";
+ RUNNER_ASSERT(0 == strncmp(buffer, beginCert, strlen(beginCert)));
+ RUNNER_ASSERT(963 == size);
+ LogDebug("File size: " << size);
+}
+
+RUNNER_TEST(test18_cprimitives)
+{
+ const int MAXB = 1024;
+ const std::string cert =
+ "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG"
+ "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz"
+ "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2"
+ "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV"
+ "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt"
+ "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN"
+ "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE"
+ "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is"
+ "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G"
+ "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do"
+ "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc"
+ "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k";
+
+ CertSvcCertificate certificate;
+
+ int result;
+
+ result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)cert.c_str(),
+ cert.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &certificate);
+
+ X509 *x509 = NULL;
+ result = certsvc_certificate_dup_x509(certificate, &x509);
+
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certsvc_certificate_dup_x509.");
+ RUNNER_ASSERT_MSG(x509 != NULL, "Error in certsvc_certificate_dup_x509.");
+
+ X509_NAME *name = X509_get_subject_name(x509);
+ char buffer[MAXB];
+ X509_NAME_oneline(name, buffer, MAXB);
+ std::string expected = "/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority";
+
+ LogDebug("NAME: " << buffer);
+
+ RUNNER_ASSERT_MSG(expected == buffer, "Content does not match");
+
+ certsvc_certificate_free_x509(x509);
+}
+
--- /dev/null
+.SUFFIX : .c .o
+
+CC = sbs -e gcc
+INC = -I../include/
+LIBS = -lcert-svc
+CFLAGS = -g $(INC)
+
+TARGET = \
+ store_test \
+ delete_test \
+ extract_test \
+ extract_test_pfx \
+ search_test \
+ verify_test \
+ verify_sig \
+ mem_test
+
+all: $(TARGET)
+
+$(TARGET): %: %.c
+ $(CC) -o $@ $< $(CFLAGS) $(LIBS)
+
+clean:
+ rm -rf *.o $(TARGET) *~ *core
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICpzCCAhCgAwIBAgIBADANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJDUjEM
+MAoGA1UECBMDU1RSMQswCQYDVQQKEwJPUjEMMAoGA1UECxMDT1VSMQwwCgYDVQQD
+EwNDTlIxFTATBgkqhkiG9w0BCQEWBkVtYWlsUjAeFw0wNzEyMTkwNTE5MjBaFw0x
+MDEyMTgwNTE5MjBaMFsxCzAJBgNVBAYTAkNSMQwwCgYDVQQIEwNTVFIxCzAJBgNV
+BAoTAk9SMQwwCgYDVQQLEwNPVVIxDDAKBgNVBAMTA0NOUjEVMBMGCSqGSIb3DQEJ
+ARYGRW1haWxSMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG2dhVCOuBD2i4
+mjWLU8vkQpRVylojbSzxvO3uynaOZAnhqLxu2F2ugR1NLJOlrgbjq13xCO4FjKZj
+eb4kln5HJl7GLCNz8ns2+kAtwiVfpZnQ8U6Y/1BLiB7sLH+ONB4g6Rm9cgST1e6H
+e/EJMkzU75+wkj94ORZ4TINDU4kU4QIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUX0cbXBYMGt9k4/HRapEA9XUlKk4wHwYDVR0jBBgwFoAUX0cbXBYMGt9k4/HR
+apEA9XUlKk4wDQYJKoZIhvcNAQEFBQADgYEAXyKHjF6k0yNY/og30g1+SsNxYNqC
+yzGEbCywXELFakhQ1qmx12VY6qkeo+khyuiRfp9cDx8sSQ2asypIYeO9ctRNmp4D
+lC8YNI7BdY/g4Xq7uy4BKeng8Mv8VNAtdBaKreJqSk5RvQmepXRiTJgo2DzGlCU5
+3aU1rQ6vF96wFt4=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICpzCCAhCgAwIBAgIBADANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJDUjEM
+MAoGA1UECBMDU1RSMQswCQYDVQQKEwJPUjEMMAoGA1UECxMDT1VSMQwwCgYDVQQD
+EwNDTlIxFTATBgkqhkiG9w0BCQEWBkVtYWlsUjAeFw0wNzEyMTkwNTE5MjBaFw0x
+MDEyMTgwNTE5MjBaMFsxCzAJBgNVBAYTAkNSMQwwCgYDVQQIEwNTVFIxCzAJBgNV
+BAoTAk9SMQwwCgYDVQQLEwNPVVIxDDAKBgNVBAMTA0NOUjEVMBMGCSqGSIb3DQEJ
+ARYGRW1haWxSMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG2dhVCOuBD2i4
+mjWLU8vkQpRVylojbSzxvO3uynaOZAnhqLxu2F2ugR1NLJOlrgbjq13xCO4FjKZj
+eb4kln5HJl7GLCNz8ns2+kAtwiVfpZnQ8U6Y/1BLiB7sLH+ONB4g6Rm9cgST1e6H
+e/EJMkzU75+wkj94ORZ4TINDU4kU4QIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUX0cbXBYMGt9k4/HRapEA9XUlKk4wHwYDVR0jBBgwFoAUX0cbXBYMGt9k4/HR
+apEA9XUlKk4wDQYJKoZIhvcNAQEFBQADgYEAXyKHjF6k0yNY/og30g1+SsNxYNqC
+yzGEbCywXELFakhQ1qmx12VY6qkeo+khyuiRfp9cDx8sSQ2asypIYeO9ctRNmp4D
+lC8YNI7BdY/g4Xq7uy4BKeng8Mv8VNAtdBaKreJqSk5RvQmepXRiTJgo2DzGlCU5
+3aU1rQ6vF96wFt4=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXwIBAAKBgQDx+bjbdNEi67ys43mIioVWuJpTrKRi4QlVMj7roX1n76DQN4WI
+w/9m6wD0tHsmto INVALID PRIVATE KEY rSUlS7N5+Vc7Rd2yEGDJokMz4pDI
+FHkuTjTctqhnlKkHbkxeERD+nhnXbH/CKfZZmgW9Mhzls13WZaJLDnrLcwIDAQAB
+AoGBAMKFCYIB6o20DDy/sNd+46nPROC3DH8ggKwodERf0bxX+mLn/0TuqsZFbMNK
+wyVf4R4veczDwICzZLkE8AEaNgzoA/gV0REbj38hgqEAG6D/rZaPwNnqN4CISXur
+3kBypPUE05DG8FhdRC1R6hrMlakvXJw3zHunclIMmWlvk/pBAkEA/i8OTj6nBNz+
+oUrWGyYfuLrUsHVhL5DnwyaR9zKuxzmYRv9xHEAPKU/GBF9YKWxQygwY0o4ql00y
+qZKAXWW7iwJBAPO0Vcz00c4gRWJsFyETPadMq8n84NgccxfOYm9BQsdiOAq+xxTh
+k5c/c+bHUCNoAv7x3pWCn+EVqpnbFtH7TLkCQQCW4G2Yaj4Pd/I44UgHo3CO4W9g
+Mrx2VIgNYXahCdeO8BQAiJ2mTCvztKNwcvvM0rt9wwJ08Og9GRiqaQiC5+ETAkEA
+1+8g2zLNt7tGX1fxAoB+737y9E1ZmINUw3I+K+ACYJI5n+O8mFbrpGc3tfNCoaym
+guki1QzhxtmgySSkSrhFGQJBAOj1P+ku8LHK1l2TWe1DjyqE32T5SGDuq/FLoxnj
+1UNwHaU7GPeRjSftGwxFvPL9alo7dFoTQCgCrTSOvnb0H8w=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+0\8a_biÕT^zY\90\9e|æýäINVALID SIGNATURE FILEHäñ\8fH\98Ïú]\98Î<\1e¬ëéû\1a]Sµâ%½\89(h\v
+¾8y*H6,+âJ\8f+Aõ\89Um\81\81\98Ã|Xe+Ëdä\88¿jT÷X\94\81%hS\f@dÖÃ\8fè\94o\8fV\92ìÝ\9eÊ3J\9a
--- /dev/null
+Hello, world!
--- /dev/null
+abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3AFF87E45B7C4AA5
+
+at84LbXLjHmHBbTcdDQ3Idaq9OhStzPN/v/DmYGL4zB6r5BNQQqpqWMHufCGb77k
+BQSaCRKf6J/2BcUmcbhy4hG1hFbca7qkGjbuCPQWS5ivIXmxHTXtLCH1gP6OGVv6
+hKtB8R5JluiSAuzvf9apjOnch+dJMmj/RLSXg5ucjtHlCG7YSI9pRlXl5cm3rPmC
+7fEdoIBXfsdPDcxQ09IVIdOR5WCXQNKOs9JHrrO+z8RhOmczk44dgY2nlXjigfeC
+2ZLZKebhiq1rwqm163HvEcb7wa1tPndubTwR3dwlbUPjZ270amCE8+qoiMspSg3Y
+5uP/J5skC/2xoTzfR6T7Sg2OQPB4MgYbZkcIuHXKuQwnids0+Tp0w76eaa1BkJb+
+GFpe6nz5BqvR5nJSm+3UuRBynQbSq/bHGWgs+bwbGP71uDgmfNzieqfkbQXMD0O/
+KgSqULuuaRl3Ax9C7EwBTbKJVuWeFX8jd7/SnHEi5UszxM3EyzbkHxuJcNY51Y81
+y3xd7z48Nqy97N8N8YzNyW9Uyau8lCqudRuGT19yjswq1fCyrBRoP+vpbi3ZLRPf
+AMgYu7eWK8jb7sQSJiqum+1c5czNgNMI/OlXA+847CPJG9TKSmWWnqrhL0vExvLV
+Ad+ery8fndCIJF9Dt9L5BSwCipjvmyAveNXmj6/JnX19npcBSf6yPHuUNPcPxIWn
+xMkZRkh/kTBnY27BA8ObNFRkZdAK6eNVlaNWoNghw28UZI6ANhn13qe9b/8nc6CQ
+aU3AaNIKhaOHKcHoAICCx3mrxEeqD/bQ2GN2/VAl6iaArHEVzbZrEA==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXwIBAAKBgQDx+bjbdNEi67ys43mIioVWuJpTrKRi4QlVMj7roX1n76DQN4WI
+w/9m6wD0tHsmtoqmzuIvc89GSEqyb7oOtHIYrSUlS7N5+Vc7Rd2yEGDJokMz4pDI
+FHkuTjTctqhnlKkHbkxeERD+nhnXbH/CKfZZmgW9Mhzls13WZaJLDnrLcwIDAQAB
+AoGBAMKFCYIB6o20DDy/sNd+46nPROC3DH8ggKwodERf0bxX+mLn/0TuqsZFbMNK
+wyVf4R4veczDwICzZLkE8AEaNgzoA/gV0REbj38hgqEAG6D/rZaPwNnqN4CISXur
+3kBypPUE05DG8FhdRC1R6hrMlakvXJw3zHunclIMmWlvk/pBAkEA/i8OTj6nBNz+
+oUrWGyYfuLrUsHVhL5DnwyaR9zKuxzmYRv9xHEAPKU/GBF9YKWxQygwY0o4ql00y
+qZKAXWW7iwJBAPO0Vcz00c4gRWJsFyETPadMq8n84NgccxfOYm9BQsdiOAq+xxTh
+k5c/c+bHUCNoAv7x3pWCn+EVqpnbFtH7TLkCQQCW4G2Yaj4Pd/I44UgHo3CO4W9g
+Mrx2VIgNYXahCdeO8BQAiJ2mTCvztKNwcvvM0rt9wwJ08Og9GRiqaQiC5+ETAkEA
+1+8g2zLNt7tGX1fxAoB+737y9E1ZmINUw3I+K+ACYJI5n+O8mFbrpGc3tfNCoaym
+guki1QzhxtmgySSkSrhFGQJBAOj1P+ku8LHK1l2TWe1DjyqE32T5SGDuq/FLoxnj
+1UNwHaU7GPeRjSftGwxFvPL9alo7dFoTQCgCrTSOvnb0H8w=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDx+bjbdNEi67ys43mIioVWuJpT
+rKRi4QlVMj7roX1n76DQN4WIw/9m6wD0tHsmtoqmzuIvc89GSEqyb7oOtHIYrSUl
+S7N5+Vc7Rd2yEGDJokMz4pDIFHkuTjTctqhnlKkHbkxeERD+nhnXbH/CKfZZmgW9
+Mhzls13WZaJLDnrLcwIDAQAB
+-----END PUBLIC KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIID6TCCA1KgAwIBAgIJAMctWiF5xt5tMA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD
+VQQGEwJLUjEVMBMGA1UECBMMUHJvdmluY2VOYW1lMRUwEwYDVQQHEwxMb2NhbGl0
+eU5hbWUxGTAXBgNVBAoTEE9yZ2FuaXphdGlvbk5hbWUxHzAdBgNVBAsTFk9yZ2Fu
+aXphdGlvbmFsVW5pdE5hbWUxEzARBgNVBAMTCkNvbW1vbk5hbWUxHDAaBgkqhkiG
+9w0BCQEWDUVtYWlsQEFkZHJlc3MwHhcNMDgxMjAyMDEyOTU1WhcNMDkxMjAyMDEy
+OTU1WjCBqjELMAkGA1UEBhMCS1IxFTATBgNVBAgTDFByb3ZpbmNlTmFtZTEVMBMG
+A1UEBxMMTG9jYWxpdHlOYW1lMRkwFwYDVQQKExBPcmdhbml6YXRpb25OYW1lMR8w
+HQYDVQQLExZPcmdhbml6YXRpb25hbFVuaXROYW1lMRMwEQYDVQQDEwpDb21tb25O
+YW1lMRwwGgYJKoZIhvcNAQkBFg1FbWFpbEBBZGRyZXNzMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDx+bjbdNEi67ys43mIioVWuJpTrKRi4QlVMj7roX1n76DQ
+N4WIw/9m6wD0tHsmtoqmzuIvc89GSEqyb7oOtHIYrSUlS7N5+Vc7Rd2yEGDJokMz
+4pDIFHkuTjTctqhnlKkHbkxeERD+nhnXbH/CKfZZmgW9Mhzls13WZaJLDnrLcwID
+AQABo4IBEzCCAQ8wHQYDVR0OBBYEFH/W4In2zyXx5vE+SKt4nIXEmpSqMIHfBgNV
+HSMEgdcwgdSAFH/W4In2zyXx5vE+SKt4nIXEmpSqoYGwpIGtMIGqMQswCQYDVQQG
+EwJLUjEVMBMGA1UECBMMUHJvdmluY2VOYW1lMRUwEwYDVQQHEwxMb2NhbGl0eU5h
+bWUxGTAXBgNVBAoTEE9yZ2FuaXphdGlvbk5hbWUxHzAdBgNVBAsTFk9yZ2FuaXph
+dGlvbmFsVW5pdE5hbWUxEzARBgNVBAMTCkNvbW1vbk5hbWUxHDAaBgkqhkiG9w0B
+CQEWDUVtYWlsQEFkZHJlc3OCCQDHLVohecbebTAMBgNVHRMEBTADAQH/MA0GCSqG
+SIb3DQEBBQUAA4GBACeNJG+xzXv+NQwiSfobosEUo3SqH+e0syRFEKIUjW3BcEe+
+YFdUDThTixp3Y5PFX2oFo23DEBHP09/Wwox7GAYGegZOQ1W7j5oykI2a/zFHC6tb
+5As3hdnKn3wHePsj09qHKv/dPd6BdoGWaXgM1uIqSTCm5GZAynNRQGG0AKBX
+-----END CERTIFICATE-----
--- /dev/null
+0\8a_biÕT^zY\90\9e|æýä`\18¤ýúf#3\ 5òÝÙ¯n\1dJ\90£0\18Ã/\99?Häñ\8fH\98Ïú]\98Î<\1e¬ëéû\1a]Sµâ%½\89(h\v
+¾8y*H6,+âJ\8f+Aõ\89Um\81\81\98Ã|Xe+Ëdä\88¿jT÷X\94\81%hS\f@dÖÃ\8fè\94o\8fV\92ìÝ\9eÊ3J\9a
\ No newline at end of file
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDPD8+lCBi/i2wsPFX+AkO3qK9Fo0ooY9HaJnrCDfhYpXPF27j7
+YkfqF3sla9GM4nSW9GvlSTuz5WpjNhn4PNhLnBSdK2pxzDqfudXbYI5EQNcSU1Ll
+cUHIv+wNnFt8jqyZR2VQ5fiVPoo8mdl1R3NR9P02Ru0adxDOHQEMhmsj/wIDAQAB
+AoGARPYsHvfCXlEOFvGFZlLUwN9SeKv4r9kG9FPqgKTseIGqPFSAmGDUOLfXUNBG
++1gUoo4HPVcVpkWbGC3VmmKRWovD4JOM08Wk+ovdkzKVc3BnJLzDVGoOx7/Whef+
+bkV3IiD1kFIX+YE3IvI+t95QFS5nTdZeyhCiWtz1nAKbIIECQQDwAgMnpE2iPn1e
+NbW9vdit7amCwkGeBSpsBgLbNqFpkpZGWsNvALd68iKbbAGDcgB8tQI/dRUiGnND
+w+Rb371BAkEA3NvQOCMuL7kdYwZfaL//+jvcG52QEdR7iJGKXgKL+mef5XiNQfOX
+DNTpkuFaU3JIQdgNNhspE18A1vU/zvpRPwJBAOgvei/agoRH4e7HFQf3Zmx0s/1c
+wjAGHVEdy5uY0TSZ7Ckp21FCpz4YiyRCq4AnRJNgZUlQkl5IqmPPWdcLr0ECQAMI
+cb+TnBrDrAekGsNRf65sDAXFECluhZPGi+PmnQ1/Rs7b7PSu57AhbGO7/IWQ2DUv
+Rl8r2FCPyW8qRwoMnfkCQQCgIuBlYF3k/NUfBxmdQy3iWbZThRhnFkHlidSbW7uC
+pduzqcc8qHINCDatsMYCaE5WgfQnz3UmF49sNr02Bt61
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 15 (0xf)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 13 03:18:18 2009 GMT
+ Not After : Mar 11 03:18:18 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First Test Certificate
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:cf:0f:cf:a5:08:18:bf:8b:6c:2c:3c:55:fe:02:
+ 43:b7:a8:af:45:a3:4a:28:63:d1:da:26:7a:c2:0d:
+ f8:58:a5:73:c5:db:b8:fb:62:47:ea:17:7b:25:6b:
+ d1:8c:e2:74:96:f4:6b:e5:49:3b:b3:e5:6a:63:36:
+ 19:f8:3c:d8:4b:9c:14:9d:2b:6a:71:cc:3a:9f:b9:
+ d5:db:60:8e:44:40:d7:12:53:52:e5:71:41:c8:bf:
+ ec:0d:9c:5b:7c:8e:ac:99:47:65:50:e5:f8:95:3e:
+ 8a:3c:99:d9:75:47:73:51:f4:fd:36:46:ed:1a:77:
+ 10:ce:1d:01:0c:86:6b:23:ff
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 25:0C:EC:1F:D6:1A:A2:95:AF:C1:A3:DA:EF:B1:F3:BE:62:F3:10:6C
+ X509v3 Authority Key Identifier:
+ DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA
+ serial:F2:5B:40:5B:C2:B7:D0:64
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 18:fe:74:f1:af:0a:d9:91:ad:b5:7c:f3:01:f8:98:1a:dc:b3:
+ 66:6b:f4:bc:16:9a:e6:2b:f2:1f:77:23:89:a8:68:e0:8d:e3:
+ 50:f3:f1:e6:38:f1:59:54:9b:44:0f:72:00:1a:61:71:9c:f0:
+ 4f:a3:08:9d:17:36:0c:54:82:be:24:04:cb:b5:04:e9:20:c9:
+ 6e:bc:8f:af:18:d8:2d:ee:cc:a8:8b:e4:1a:35:98:f6:53:72:
+ 89:4f:05:f8:c3:7b:50:13:ee:cf:9f:d3:eb:a7:7c:4a:e6:89:
+ 0f:6b:0e:d6:c7:bc:db:04:03:08:25:59:b4:06:5b:ce:a6:db:
+ 7b:3a:5d:80:e8:ff:66:e1:22:03:54:28:16:0e:89:c8:5b:aa:
+ b2:6e:1a:0f:07:53:60:bc:f4:2a:2d:a7:89:f2:b4:58:55:47:
+ 2e:b1:b2:3c:50:30:6b:0c:12:34:11:5f:54:2a:0a:ab:19:d9:
+ 36:ae:e2:16:5e:b8:8e:0d:17:d0:42:82:96:4d:fb:36:56:69:
+ 7b:ce:32:fb:91:a4:02:73:8c:75:7e:de:87:06:52:20:ed:26:
+ ff:47:72:f2:f6:01:2e:ec:38:da:0b:5b:be:ec:8e:c6:02:28:
+ 92:57:28:04:f5:00:87:90:34:e1:81:c5:cc:21:00:6b:4d:d5:
+ d5:c3:f6:f1:97:e1:5e:8c:ea:56:2e:5e:ce:9e:de:b9:a6:86:
+ 60:33:1d:94:76:39:e1:70:9a:d2:b3:9a:f4:47:f8:bd:83:26:
+ 38:a0:ab:a3:bc:81:df:6b:79:7d:f5:67:8f:5a:e1:a4:67:29:
+ 58:07:66:70:6a:43:dc:f7:4c:82:54:15:a0:2f:ab:c0:9f:24:
+ 91:e0:a7:d1:b1:58:bf:43:bf:25:1f:32:fc:98:26:b1:2f:19:
+ 8f:d8:69:c1:1a:bd:b0:3e:0a:dc:54:c1:27:34:b9:1b:55:93:
+ ff:e6:23:ac:af:33:ed:8d:6e:ee:36:18:70:9e:a2:87:b6:e2:
+ 1d:3a:ee:e8:e2:79:97:15:7c:83:d1:89:71:ab:87:8d:36:a7:
+ 7d:d8:4c:e2:b6:b7:1f:32:34:a8:75:ca:4f:00:3e:49:b0:5c:
+ 40:1a:9c:6e:bd:b5:5f:f4:2e:c5:0a:54:b4:89:4a:63:35:ff:
+ 80:8d:fe:31:e8:2e:92:77:8c:19:1a:2c:b8:95:1e:ef:d5:7d:
+ c6:f9:4d:05:b6:f8:dd:55:0c:10:43:6e:7d:47:c8:b0:83:db:
+ a3:7b:b4:5a:e3:a9:33:b2:ed:23:83:6a:e1:ce:c6:1c:89:27:
+ 39:2c:3d:2f:55:49:c8:c5:9d:23:46:fe:88:71:da:ef:2b:25:
+ e4:79:92:2b:1d:61:a6:dc
+-----BEGIN CERTIFICATE-----
+MIIEfjCCAmagAwIBAgIBDzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMTgxOFoXDTE5
+MDMxMTAzMTgxOFowWzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xHzAdBgNVBAMTFkZpcnN0IFRlc3QgQ2Vy
+dGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8Pz6UIGL+LbCw8
+Vf4CQ7eor0WjSihj0domesIN+Filc8XbuPtiR+oXeyVr0YzidJb0a+VJO7PlamM2
+Gfg82EucFJ0ranHMOp+51dtgjkRA1xJTUuVxQci/7A2cW3yOrJlHZVDl+JU+ijyZ
+2XVHc1H0/TZG7Rp3EM4dAQyGayP/AgMBAAGjgdEwgc4wCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFCUM7B/WGqKVr8Gj2u+x875i8xBsMHQGA1UdIwRtMGuhXqRcMFoxCzAJBgNV
+BAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMREwDwYDVQQHEwhTdXdvbi1TaTEW
+MBQGA1UEChMNU2Ftc3VuZyBFbGVjLjELMAkGA1UEAxMCQ0GCCQDyW0BbwrfQZDAN
+BgkqhkiG9w0BAQUFAAOCAgEAGP508a8K2ZGttXzzAfiYGtyzZmv0vBaa5ivyH3cj
+iaho4I3jUPPx5jjxWVSbRA9yABphcZzwT6MInRc2DFSCviQEy7UE6SDJbryPrxjY
+Le7MqIvkGjWY9lNyiU8F+MN7UBPuz5/T66d8SuaJD2sO1se82wQDCCVZtAZbzqbb
+ezpdgOj/ZuEiA1QoFg6JyFuqsm4aDwdTYLz0Ki2nifK0WFVHLrGyPFAwawwSNBFf
+VCoKqxnZNq7iFl64jg0X0EKClk37NlZpe84y+5GkAnOMdX7ehwZSIO0m/0dy8vYB
+Luw42gtbvuyOxgIoklcoBPUAh5A04YHFzCEAa03V1cP28ZfhXozqVi5ezp7euaaG
+YDMdlHY54XCa0rOa9Ef4vYMmOKCro7yB32t5ffVnj1rhpGcpWAdmcGpD3PdMglQV
+oC+rwJ8kkeCn0bFYv0O/JR8y/JgmsS8Zj9hpwRq9sD4K3FTBJzS5G1WT/+YjrK8z
+7Y1u7jYYcJ6ih7biHTru6OJ5lxV8g9GJcauHjTanfdhM4ra3HzI0qHXKTwA+SbBc
+QBqcbr21X/QuxQpUtIlKYzX/gI3+MegukneMGRosuJUe79V9xvlNBbb43VUMEENu
+fUfIsIPbo3u0WuOpM7LtI4Nq4c7GHIknOSw9L1VJyMWdI0b+iHHa7ysl5HmSKx1h
+ptw=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 16 (0x10)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 13 03:23:56 2009 GMT
+ Not After : Mar 11 03:23:56 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:80/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 75:b9:17:be:1c:06:6f:12:a9:04:1b:63:0b:0d:5c:70:55:e2:
+ 31:c0:88:71:d0:56:8e:e5:16:e8:3b:47:1a:08:03:93:56:b2:
+ 9b:a2:04:3c:a8:81:10:5a:18:7b:d2:70:ae:7c:0b:94:b6:6c:
+ f2:58:e7:69:82:e5:f2:aa:4e:f3:ac:85:6d:5a:ac:11:53:d2:
+ 8d:3d:53:ae:ab:f7:f3:c6:f0:ba:f2:e6:7b:2d:74:74:75:fd:
+ e0:8d:67:c9:12:d5:f2:93:44:48:66:5b:85:26:7d:95:77:48:
+ 4f:a4:72:65:67:38:99:47:4e:cd:47:1c:43:7a:0a:58:a6:99:
+ 1b:1b:01:09:f7:0b:34:8a:3a:8d:10:e2:ca:9c:48:a3:f6:39:
+ 42:3b:43:e6:f6:81:8b:36:5a:ed:33:98:70:24:ca:4f:18:8b:
+ d9:c1:0a:d9:cd:96:33:d0:e8:ac:bd:3f:34:af:86:52:d1:69:
+ 6e:90:8e:d0:86:bf:b1:04:3d:85:99:0f:e3:c3:e6:60:47:34:
+ 37:97:f2:a2:69:c4:4e:dc:62:d0:eb:c2:24:77:2e:a3:ba:c1:
+ 88:a9:b2:b4:fb:79:a6:d4:cf:5e:3f:03:41:25:c4:f3:29:0a:
+ fd:b7:78:55:b1:9a:0c:79:32:2f:2e:fe:69:ba:a0:2c:62:bc:
+ 11:38:c4:47:a8:b0:72:70:d1:50:9f:b9:87:64:f5:12:56:c5:
+ f7:ed:8e:23:08:df:d0:0e:1a:6b:25:8c:b3:6b:7c:cc:55:6d:
+ 90:83:a9:ef:7d:45:04:a6:dc:7c:0d:80:c1:54:22:d1:b8:e2:
+ 43:cc:ad:75:a2:07:eb:d3:26:da:8a:c4:fb:6f:0b:ac:11:f4:
+ 01:7f:b9:37:68:ec:1e:60:a2:ae:d6:b2:0b:37:cb:7e:5d:dc:
+ ec:14:21:69:84:ff:fc:61:85:b6:bf:7f:d2:af:3c:70:12:c6:
+ ba:40:e8:b5:25:56:34:ca:44:f1:ea:15:ad:79:50:ec:44:b7:
+ 6c:d7:4b:cc:2c:4f:45:01:85:15:76:2a:03:c2:14:9c:3e:bf:
+ 87:7b:59:d7:aa:2d:48:20:b6:1a:6e:6e:b0:c2:77:22:3c:ea:
+ 24:d0:f8:62:b0:4b:01:3a:48:be:5f:66:73:0a:46:b3:1f:83:
+ 41:91:f5:fd:e8:08:08:52:18:3a:8c:6a:19:2c:e3:30:d8:53:
+ 13:97:62:83:eb:e3:ed:3a:8e:64:25:b1:8a:01:f4:24:14:6d:
+ d4:61:c1:c3:8d:c3:89:2c:5f:6e:d8:1e:1d:de:b9:77:06:0b:
+ 31:63:e4:ce:d9:76:1b:68:48:ea:ec:64:d5:a6:a5:15:29:1d:
+ 79:af:21:2d:a8:e6:e6:f8
+-----BEGIN CERTIFICATE-----
+MIID7DCCAdSgAwIBAgIBEDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjM1NloXDTE5
+MDMxMTAzMjM1NlowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
+AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgwLzAwMDIwDQYJ
+KoZIhvcNAQEFBQADggIBAHW5F74cBm8SqQQbYwsNXHBV4jHAiHHQVo7lFug7RxoI
+A5NWspuiBDyogRBaGHvScK58C5S2bPJY52mC5fKqTvOshW1arBFT0o09U66r9/PG
+8Lry5nstdHR1/eCNZ8kS1fKTREhmW4UmfZV3SE+kcmVnOJlHTs1HHEN6ClimmRsb
+AQn3CzSKOo0Q4sqcSKP2OUI7Q+b2gYs2Wu0zmHAkyk8Yi9nBCtnNljPQ6Ky9PzSv
+hlLRaW6QjtCGv7EEPYWZD+PD5mBHNDeX8qJpxE7cYtDrwiR3LqO6wYipsrT7eabU
+z14/A0ElxPMpCv23eFWxmgx5Mi8u/mm6oCxivBE4xEeosHJw0VCfuYdk9RJWxfft
+jiMI39AOGmsljLNrfMxVbZCDqe99RQSm3HwNgMFUItG44kPMrXWiB+vTJtqKxPtv
+C6wR9AF/uTdo7B5goq7Wsgs3y35d3OwUIWmE//xhhba/f9KvPHASxrpA6LUlVjTK
+RPHqFa15UOxEt2zXS8wsT0UBhRV2KgPCFJw+v4d7WdeqLUggthpubrDCdyI86iTQ
++GKwSwE6SL5fZnMKRrMfg0GR9f3oCAhSGDqMahks4zDYUxOXYoPr4+06jmQlsYoB
+9CQUbdRhwcONw4ksX27YHh3euXcGCzFj5M7ZdhtoSOrsZNWmpRUpHXmvIS2o5ub4
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDAqVFjGeLM850Z2HWQqxNAoz+d3O9IQg0ANtvqaP25FTSprw9S
+K1cuA3QTQbRZaX724VRCjcP0hSv/B5ekL1vkE75y72XnWb7tFHGCzAkDUJlmCDQa
+QUXm4zeYMmoV1DJj9yZsWu1FvbuqvjNLnMuyAxPjLW9hVyro6EQPWernvwIDAQAB
+AoGADQgm8i4hEj30RXhH04ZO4hNozTPRl7CoEnijfYKmjutpSYUG40b9OaaQJnFO
+UrH5HZf2TB4swBB1/mU0E64EaBX7EciQbBTN0uInTnAJKHVJrFaFqMXYS6rsAKoA
+KjW/2hx0/CFhsulji9s1cqlHKvwKfp3YRbkuQ0ulLsdkmlECQQDqelfLcaVS71pf
+jnxlAP49pQT3t/ee81bnl8o/75vhObxhKu28KSQy3RI13JjecR0RPIpYdPQdPB6h
+fjNbH9D3AkEA0lhjsahWvs2+QBukcN84gJyfa/WBizgVfD/oZVm4fvNZjK3neH0V
+S29bkGfqMroy0U0PAm7Qs36dWnAFMdI1eQJBAMuJgdZ3AzS30vIp5G9k6k0mhuZl
+ykwvHVwR1h2j5+MdVBngwtdXuzVv05Pvtr843yuMKudYNmN+QXSb8QaD2scCQGmi
+7EZfhVkDmKU3fKkW4Zhtj/626B0TyG6C5eJoYaiX7AQjnhi7sMMWpMRr+4kIS9cj
+PQN6xaMvVjUCBwnTSPkCQAP/Iv+ctNcZNuRcDm1g/voruqlMs5bAbhQ50Nut1z3+
+ekOGBxIWXr9mDcBji8OMjww8WBUGuvcJssLPKrTbBGM=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 17 (0x11)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 13 03:24:10 2009 GMT
+ Not After : Mar 11 03:24:10 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:81/0003
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 5a:7d:5f:25:e5:5a:49:3e:e9:06:4c:f1:7f:83:7d:d4:0d:13:
+ 36:35:bf:32:92:69:60:1d:ae:2e:ed:89:b3:d4:1e:78:d2:85:
+ 35:7a:1f:65:30:78:5e:d3:30:60:3d:7d:2c:be:02:6a:f0:22:
+ 5e:82:86:53:01:a4:b6:1c:9f:d4:79:e9:ec:eb:d8:33:85:fb:
+ 21:d2:82:77:b9:6d:20:8e:af:82:ff:25:82:27:3b:d7:d9:38:
+ 31:a3:2b:bc:55:00:28:f6:f9:bf:01:e6:66:0b:b8:a8:ed:30:
+ 09:52:8d:bf:94:7b:96:d1:93:5b:a3:a4:f1:9f:aa:f4:04:54:
+ 0b:69:73:af:36:d7:3e:33:2c:29:38:04:9b:65:32:31:fa:17:
+ 2f:0a:9f:19:05:d8:01:0c:db:13:1e:55:ec:94:38:3f:83:ee:
+ 50:35:d1:6e:4f:32:c3:3d:d3:39:c8:c5:cc:56:b4:33:2e:8b:
+ 75:a0:9c:cd:28:e5:42:a1:89:e1:06:90:bd:f3:8e:b5:48:9e:
+ 1c:dd:56:4d:d9:ec:6e:0b:7b:72:e5:0a:be:7e:33:5a:13:25:
+ 13:87:4c:9a:27:49:02:6d:28:5b:e7:4d:1b:7c:11:22:10:45:
+ b1:57:b7:fc:12:62:69:24:69:ee:67:ce:5b:20:70:6a:22:29:
+ f4:a0:90:59:d3:a2:be:7b:43:3a:59:0b:23:d1:2e:ed:51:98:
+ 87:c5:4d:1c:64:08:f8:ca:af:36:ab:5d:00:ce:15:00:f4:ad:
+ 34:44:27:8b:72:c6:6d:24:4c:1a:e3:f7:4c:bc:25:a2:a8:e2:
+ a8:79:58:57:a7:5d:f0:20:28:d2:ef:84:ff:ee:42:0f:1e:59:
+ 93:4c:05:45:ff:c1:0d:cb:30:1d:bb:26:5a:4d:24:c0:44:52:
+ 77:33:17:dd:d1:00:63:1e:9b:4d:ca:28:8b:bb:fd:0d:0b:e3:
+ 72:26:94:e2:8c:5a:d7:1a:a6:e7:b7:bc:4b:bf:cc:02:2c:d8:
+ 9b:cb:31:7d:09:4c:15:73:5d:1a:a8:46:10:66:68:80:a9:f3:
+ 3d:f8:7c:9d:46:3d:ce:ae:75:6f:92:db:34:d3:d7:be:6c:4e:
+ 76:b6:b6:b7:a2:a8:b9:9e:a9:f1:6f:a6:e5:01:bb:82:13:bd:
+ 7f:24:81:c3:22:54:58:f0:7e:8d:9a:86:82:00:46:66:33:e4:
+ 96:98:8a:33:7b:ed:93:9b:cf:68:b5:eb:42:da:6d:50:49:f0:
+ 14:27:01:f6:57:09:26:7c:61:81:d0:e5:e9:ec:6d:18:eb:97:
+ 1a:55:cf:1f:d9:20:67:8f:71:bb:0c:98:6d:c0:4b:85:32:c9:
+ d3:b7:f3:d0:60:fd:64:01
+-----BEGIN CERTIFICATE-----
+MIID7DCCAdSgAwIBAgIBETANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQxMFoXDTE5
+MDMxMTAzMjQxMFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
+AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgxLzAwMDMwDQYJ
+KoZIhvcNAQEFBQADggIBAFp9XyXlWkk+6QZM8X+DfdQNEzY1vzKSaWAdri7tibPU
+HnjShTV6H2UweF7TMGA9fSy+AmrwIl6ChlMBpLYcn9R56ezr2DOF+yHSgne5bSCO
+r4L/JYInO9fZODGjK7xVACj2+b8B5mYLuKjtMAlSjb+Ue5bRk1ujpPGfqvQEVAtp
+c6821z4zLCk4BJtlMjH6Fy8KnxkF2AEM2xMeVeyUOD+D7lA10W5PMsM90znIxcxW
+tDMui3WgnM0o5UKhieEGkL3zjrVInhzdVk3Z7G4Le3LlCr5+M1oTJROHTJonSQJt
+KFvnTRt8ESIQRbFXt/wSYmkkae5nzlsgcGoiKfSgkFnTor57QzpZCyPRLu1RmIfF
+TRxkCPjKrzarXQDOFQD0rTREJ4tyxm0kTBrj90y8JaKo4qh5WFenXfAgKNLvhP/u
+Qg8eWZNMBUX/wQ3LMB27JlpNJMBEUnczF93RAGMem03KKIu7/Q0L43ImlOKMWtca
+pue3vEu/zAIs2JvLMX0JTBVzXRqoRhBmaICp8z34fJ1GPc6udW+S2zTT175sTna2
+treiqLmeqfFvpuUBu4ITvX8kgcMiVFjwfo2ahoIARmYz5JaYijN77ZObz2i160La
+bVBJ8BQnAfZXCSZ8YYHQ5ensbRjrlxpVzx/ZIGePcbsMmG3AS4UyydO389Bg/WQB
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 18 (0x12)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 13 03:24:20 2009 GMT
+ Not After : Mar 11 03:24:20 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:82/0004
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 1d:80:7c:33:dd:ab:99:c7:06:f5:aa:fd:16:7d:89:d8:a9:a2:
+ 89:38:af:26:b7:b1:0f:69:3d:d6:09:3e:6d:dd:d2:e0:51:b8:
+ 97:fc:8d:96:08:0d:33:2d:75:e7:d2:9e:47:2b:fd:46:5b:c9:
+ f2:68:4f:26:8f:83:3d:fc:aa:d7:6a:20:77:15:3f:78:d9:75:
+ b3:79:10:fd:ab:ab:95:34:69:64:3c:8a:65:6d:66:bb:a9:da:
+ 26:79:51:59:a7:c2:97:ea:6c:7f:31:91:d3:a5:c2:65:ca:d5:
+ 4f:6f:c8:d9:b9:c7:03:7b:c6:2d:16:5f:fe:de:02:28:f3:e9:
+ 64:ad:e9:62:3c:e5:91:31:0f:c9:c9:33:1a:a5:66:d8:5b:80:
+ 18:6f:5f:55:34:51:43:fa:79:50:ba:17:19:2c:b9:25:b8:a3:
+ a0:b2:08:38:49:6d:3c:86:8c:42:2c:d8:07:bd:39:f1:3c:97:
+ 8f:c6:83:cd:85:8f:e9:52:63:77:4f:d6:9e:58:3e:22:f8:29:
+ 8e:44:92:c6:b7:ab:28:35:22:7b:b7:d0:8f:34:70:15:f2:4b:
+ 91:65:42:8d:d5:ce:75:4b:2f:7b:7e:7f:7e:61:09:5b:b2:1a:
+ 64:94:18:c9:8e:c3:ee:a4:89:d6:97:55:76:28:b0:e6:bc:7c:
+ f0:c9:9b:20:e3:a5:10:da:c1:9c:c4:4e:ff:e8:ca:3c:19:82:
+ 06:d6:aa:05:cb:05:e5:bd:36:cf:4c:3a:a7:e6:21:af:e8:5e:
+ 2d:ee:3b:94:24:91:37:92:95:3f:d3:f8:b8:5a:13:56:16:a7:
+ 20:34:f6:fd:cb:59:6d:4c:ff:04:df:ef:61:08:d9:2f:85:a8:
+ b1:7c:07:80:93:31:7b:bb:7f:8d:17:ba:8b:64:41:82:4a:ca:
+ f6:a9:f7:69:b8:cf:ed:17:c1:ca:09:5a:52:c4:ce:a0:9c:e3:
+ 4c:52:ab:ea:b3:4f:3c:93:1d:50:bf:60:e8:6e:d1:bf:90:0c:
+ 3f:1d:6b:2c:a5:c5:bf:eb:e2:da:cb:76:56:08:51:cc:87:49:
+ 21:16:f0:a6:85:ce:0f:c3:32:c2:50:cc:04:f5:d1:bb:de:b8:
+ db:9b:79:e1:d2:73:14:b2:7c:5a:cf:26:7b:24:4a:58:48:58:
+ 2e:b1:a1:2f:01:c2:71:40:85:c8:9b:21:10:15:1a:3e:5e:3d:
+ 79:53:9c:82:b2:4e:ad:91:96:9f:03:c5:f6:44:ea:d6:d6:cf:
+ 3b:1e:74:e6:b1:f2:f4:b3:e0:7d:91:77:ac:50:d9:66:1b:73:
+ 59:3e:e6:18:07:bb:e0:60:4f:1e:8d:40:2b:da:25:ac:c8:85:
+ d6:31:62:f3:5b:05:4a:11
+-----BEGIN CERTIFICATE-----
+MIID7DCCAdSgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQyMFoXDTE5
+MDMxMTAzMjQyMFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
+AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgyLzAwMDQwDQYJ
+KoZIhvcNAQEFBQADggIBAB2AfDPdq5nHBvWq/RZ9idipook4rya3sQ9pPdYJPm3d
+0uBRuJf8jZYIDTMtdefSnkcr/UZbyfJoTyaPgz38qtdqIHcVP3jZdbN5EP2rq5U0
+aWQ8imVtZrup2iZ5UVmnwpfqbH8xkdOlwmXK1U9vyNm5xwN7xi0WX/7eAijz6WSt
+6WI85ZExD8nJMxqlZthbgBhvX1U0UUP6eVC6FxksuSW4o6CyCDhJbTyGjEIs2Ae9
+OfE8l4/Gg82Fj+lSY3dP1p5YPiL4KY5Eksa3qyg1Inu30I80cBXyS5FlQo3VznVL
+L3t+f35hCVuyGmSUGMmOw+6kidaXVXYosOa8fPDJmyDjpRDawZzETv/oyjwZggbW
+qgXLBeW9Ns9MOqfmIa/oXi3uO5QkkTeSlT/T+LhaE1YWpyA09v3LWW1M/wTf72EI
+2S+FqLF8B4CTMXu7f40XuotkQYJKyvap92m4z+0XwcoJWlLEzqCc40xSq+qzTzyT
+HVC/YOhu0b+QDD8dayylxb/r4trLdlYIUcyHSSEW8KaFzg/DMsJQzAT10bveuNub
+eeHScxSyfFrPJnskSlhIWC6xoS8BwnFAhcibIRAVGj5ePXlTnIKyTq2Rlp8DxfZE
+6tbWzzsedOax8vSz4H2Rd6xQ2WYbc1k+5hgHu+BgTx6NQCvaJazIhdYxYvNbBUoR
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 19 (0x13)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 13 03:24:30 2009 GMT
+ Not After : Mar 11 03:24:30 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:83/0005
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 9b:ea:5d:a3:f4:b2:04:44:31:6b:64:e4:7d:25:5d:69:1b:25:
+ 3d:63:d4:3f:2c:0f:c6:60:44:70:18:57:31:be:84:38:e8:53:
+ 29:dd:5e:f2:5c:8e:41:6d:e8:ea:a7:23:91:b9:f4:c1:20:2c:
+ cd:d6:b4:b4:e6:9d:c3:b4:5b:4c:48:dd:3a:cc:cd:9e:0c:93:
+ bb:e0:03:43:1c:ab:01:86:4e:67:44:ad:68:3d:e6:00:4d:9e:
+ 95:5f:86:0f:e4:18:af:3d:76:a4:1b:91:5e:e8:07:2b:aa:62:
+ 4e:d9:af:f8:15:e7:3c:bb:8c:f4:a9:4f:df:72:f6:b0:6a:36:
+ ad:eb:d2:10:02:cb:65:28:a7:4c:4f:98:e1:7b:1e:aa:af:3e:
+ 61:65:91:58:94:99:26:69:29:06:50:02:44:61:a6:3c:ee:8a:
+ 7e:db:56:5a:f5:cc:d6:58:6f:a2:40:51:e1:81:fa:3b:b8:4b:
+ 8d:00:64:b2:99:d3:e7:8a:52:78:b3:67:a1:64:5d:dd:a0:c5:
+ 54:1d:de:07:29:ef:85:01:d4:e9:24:44:8b:df:9b:f5:ae:80:
+ 4d:fa:4d:08:76:7c:97:6b:86:74:22:56:d1:87:6b:41:54:66:
+ fc:3b:d2:3e:2d:95:c1:46:06:b9:db:0e:8b:e1:be:c8:56:82:
+ c3:1d:df:84:b6:50:ee:b8:30:3c:54:07:49:8b:e2:d4:a7:b8:
+ 35:0d:b6:09:7e:04:01:bb:71:86:8c:50:87:a7:3a:2d:b8:7c:
+ 24:cd:b1:a6:87:b8:eb:d5:dc:8f:02:21:f9:71:06:34:c4:e5:
+ 6f:ff:53:4b:dd:33:96:60:8b:6d:bb:03:b1:36:31:2d:02:6c:
+ 7f:ba:70:0a:78:b8:fb:45:92:84:5b:1e:a7:15:39:13:33:fd:
+ 6f:a7:95:76:10:1f:b3:cd:11:e8:ed:ce:2c:63:cd:64:23:62:
+ c4:21:d6:48:bf:f7:10:b8:da:d5:72:14:ad:5a:a0:5d:4a:2b:
+ a0:76:5f:b8:3b:d2:6b:8a:7f:6b:6a:cc:84:eb:6a:be:d9:26:
+ 2c:bb:38:06:b8:f4:d4:fb:78:85:83:c8:ad:6e:56:f9:67:5f:
+ bc:3c:41:b6:f0:6f:d4:45:78:ed:3e:2f:c7:3a:3e:9a:98:68:
+ c4:64:79:29:51:19:cd:a6:70:c4:04:30:50:86:9c:f2:54:57:
+ b1:e1:7d:4a:d5:34:fc:93:31:6d:64:15:79:31:c0:70:d5:db:
+ bc:a0:be:21:22:1e:61:ac:4a:9f:a2:a6:ff:de:52:2e:31:d7:
+ 5e:39:66:c6:47:55:f6:64:f5:bd:ed:c0:60:b8:59:88:a1:8e:
+ 8c:5f:20:1b:be:41:51:f4
+-----BEGIN CERTIFICATE-----
+MIID7DCCAdSgAwIBAgIBEzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQzMFoXDTE5
+MDMxMTAzMjQzMFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
+AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgzLzAwMDUwDQYJ
+KoZIhvcNAQEFBQADggIBAJvqXaP0sgREMWtk5H0lXWkbJT1j1D8sD8ZgRHAYVzG+
+hDjoUyndXvJcjkFt6OqnI5G59MEgLM3WtLTmncO0W0xI3TrMzZ4Mk7vgA0McqwGG
+TmdErWg95gBNnpVfhg/kGK89dqQbkV7oByuqYk7Zr/gV5zy7jPSpT99y9rBqNq3r
+0hACy2Uop0xPmOF7HqqvPmFlkViUmSZpKQZQAkRhpjzuin7bVlr1zNZYb6JAUeGB
++ju4S40AZLKZ0+eKUnizZ6FkXd2gxVQd3gcp74UB1OkkRIvfm/WugE36TQh2fJdr
+hnQiVtGHa0FUZvw70j4tlcFGBrnbDovhvshWgsMd34S2UO64MDxUB0mL4tSnuDUN
+tgl+BAG7cYaMUIenOi24fCTNsaaHuOvV3I8CIflxBjTE5W//U0vdM5Zgi227A7E2
+MS0CbH+6cAp4uPtFkoRbHqcVORMz/W+nlXYQH7PNEejtzixjzWQjYsQh1ki/9xC4
+2tVyFK1aoF1KK6B2X7g70muKf2tqzITrar7ZJiy7OAa49NT7eIWDyK1uVvlnX7w8
+Qbbwb9RFeO0+L8c6PpqYaMRkeSlRGc2mcMQEMFCGnPJUV7HhfUrVNPyTMW1kFXkx
+wHDV27ygviEiHmGsSp+ipv/eUi4x1145ZsZHVfZk9b3twGC4WYihjoxfIBu+QVH0
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 20 (0x14)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 13 03:24:40 2009 GMT
+ Not After : Mar 11 03:24:40 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:84/0006
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 49:da:46:14:f1:5a:4a:09:cb:36:a5:fe:ab:50:f5:ea:e1:b2:
+ 18:79:dc:d7:79:bb:a8:b0:8d:0b:b5:e1:a9:60:db:8a:e9:3a:
+ b8:15:b0:eb:e4:45:bf:90:64:6b:4e:c1:dc:7e:9d:5f:47:0e:
+ be:7b:22:ba:c2:71:3d:5d:8b:8f:14:67:1d:19:51:54:05:5a:
+ 06:11:e1:1f:ca:bb:98:1a:a3:d6:16:b9:5d:8d:03:70:28:40:
+ ca:3a:7d:fe:a7:c3:40:ab:7a:0a:42:3a:95:f6:da:fd:bc:d9:
+ 09:50:70:9a:7a:b4:e9:ae:75:b7:cd:a8:56:f4:2e:7c:ef:40:
+ 63:6d:02:da:50:29:c8:df:2f:40:04:84:9d:60:a2:3c:21:fc:
+ d6:64:02:72:cb:4c:5b:e1:68:d9:0a:16:84:58:47:a5:d1:28:
+ 18:86:eb:07:b9:1f:db:9f:46:de:6b:2d:2e:4e:20:9a:40:3a:
+ 56:86:28:9f:c5:15:97:1a:3f:70:18:5f:44:1d:64:d0:76:ef:
+ 09:c5:23:21:03:32:9c:c4:23:af:c4:1f:85:fd:da:b8:40:33:
+ b6:c2:7d:2b:67:ff:88:a0:9c:a8:2e:9e:4b:40:44:6b:bc:c0:
+ 3b:f2:b3:a3:d5:f0:b4:04:85:cd:b4:cd:49:3d:34:64:1e:1d:
+ 16:a1:8f:05:74:8e:91:ee:98:6c:cc:c8:d8:c3:5e:fd:65:4a:
+ 15:ed:28:cb:0b:c3:b6:29:bc:d6:3d:0d:0e:a8:21:36:27:74:
+ 9d:f2:7c:58:1f:88:25:35:2b:7f:4c:16:38:df:0f:32:8f:db:
+ 22:96:ad:e8:8b:bd:d8:d5:e9:e1:b0:fe:53:03:e6:c7:67:78:
+ bf:a6:50:dc:2a:0a:c9:a2:df:6a:d5:c3:db:eb:20:1c:78:ed:
+ 69:14:d4:f5:26:62:78:f6:33:a0:ac:95:19:5d:a6:d9:30:8d:
+ 21:80:2d:42:dc:a5:a5:a0:42:41:e8:60:f1:4d:81:6d:e6:58:
+ 32:b9:e4:23:09:34:3e:7a:fb:69:4b:f3:c0:8a:00:c3:59:2b:
+ 02:13:fc:4e:9c:3e:8f:34:fe:b0:ca:07:df:6b:1d:97:9c:ca:
+ a9:b1:b6:8f:2d:92:6c:12:4b:64:23:d6:47:c1:f2:6f:79:16:
+ 78:7b:f8:36:b9:83:a3:a4:e7:0f:c0:99:d9:a3:09:45:ac:92:
+ 52:62:26:64:51:04:e9:92:6f:3e:f9:62:93:c5:2a:00:5b:d3:
+ 0b:66:75:ad:bb:5d:12:37:09:3c:b6:95:6d:c2:05:17:8f:d7:
+ 79:aa:0d:6a:6c:00:6e:94:0c:e8:e3:31:9d:8e:63:e9:f9:d2:
+ dc:8e:07:36:9a:e3:08:55
+-----BEGIN CERTIFICATE-----
+MIID7DCCAdSgAwIBAgIBFDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQ0MFoXDTE5
+MDMxMTAzMjQ0MFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
+AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjg0LzAwMDYwDQYJ
+KoZIhvcNAQEFBQADggIBAEnaRhTxWkoJyzal/qtQ9erhshh53Nd5u6iwjQu14alg
+24rpOrgVsOvkRb+QZGtOwdx+nV9HDr57IrrCcT1di48UZx0ZUVQFWgYR4R/Ku5ga
+o9YWuV2NA3AoQMo6ff6nw0CregpCOpX22v282QlQcJp6tOmudbfNqFb0LnzvQGNt
+AtpQKcjfL0AEhJ1gojwh/NZkAnLLTFvhaNkKFoRYR6XRKBiG6we5H9ufRt5rLS5O
+IJpAOlaGKJ/FFZcaP3AYX0QdZNB27wnFIyEDMpzEI6/EH4X92rhAM7bCfStn/4ig
+nKgunktARGu8wDvys6PV8LQEhc20zUk9NGQeHRahjwV0jpHumGzMyNjDXv1lShXt
+KMsLw7YpvNY9DQ6oITYndJ3yfFgfiCU1K39MFjjfDzKP2yKWreiLvdjV6eGw/lMD
+5sdneL+mUNwqCsmi32rVw9vrIBx47WkU1PUmYnj2M6CslRldptkwjSGALULcpaWg
+QkHoYPFNgW3mWDK55CMJND56+2lL88CKAMNZKwIT/E6cPo80/rDKB99rHZecyqmx
+to8tkmwSS2Qj1kfB8m95Fnh7+Da5g6Ok5w/AmdmjCUWsklJiJmRRBOmSbz75YpPF
+KgBb0wtmda27XRI3CTy2lW3CBReP13mqDWpsAG6UDOjjMZ2OY+n50tyOBzaa4whV
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 22 (0x16)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 14 13:48:12 2009 GMT
+ Not After : Mar 14 13:48:12 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:85/0007
+
+ Signature Algorithm: sha1WithRSAEncryption
+ b1:9e:ce:8d:09:9e:f9:21:6f:be:f2:a7:54:6e:24:82:e3:2b:
+ 88:b7:0d:e0:e2:49:33:b4:8b:ad:60:71:cc:20:23:57:cf:17:
+ a8:46:c0:a7:1a:5f:8e:8d:1a:cc:0b:1b:da:a4:34:b1:d7:74:
+ 1b:a7:e4:71:a1:2d:fd:2e:18:51:02:2c:93:ff:a9:f7:98:bd:
+ ed:6b:4c:55:8e:24:f6:97:8e:8a:80:56:52:7a:17:da:94:96:
+ fa:27:78:8c:65:40:a6:b1:d2:2a:13:fe:76:c0:0c:f2:04:3f:
+ d1:88:25:c3:5a:05:ca:33:d7:bb:27:e2:8b:e8:d4:00:fd:fc:
+ b6:a8:9d:27:c2:f9:ea:98:32:79:85:9d:a3:e7:bf:78:65:e8:
+ 15:ef:49:48:87:a9:b2:b4:c4:cb:ec:a7:da:90:36:d6:c5:6f:
+ ff:c3:85:19:13:0b:27:6a:d3:c4:e7:97:62:08:49:a3:e9:22:
+ 9a:3c:d1:91:8f:6e:8e:87:47:0e:38:43:8e:5a:84:f6:9c:24:
+ c1:9f:90:29:dc:38:73:72:7d:3f:d6:7f:dd:b3:d1:1d:cf:7b:
+ bc:31:a6:6b:b4:be:10:06:94:69:a0:16:ef:bd:e9:e7:a2:8b:
+ 18:e1:10:27:7f:9d:8a:f9:60:18:d5:93:54:d6:4e:c2:31:bf:
+ 37:00:db:d5:cf:85:da:e9:7b:e4:bb:48:f3:a5:6e:ba:48:1b:
+ 50:6a:10:99:f8:77:81:95:78:1b:d0:fe:d0:74:47:28:05:34:
+ 32:32:5f:1f:52:42:85:f8:7a:f1:a8:87:ff:2f:6c:ec:83:09:
+ 91:85:0a:43:ce:35:a2:7f:94:b6:ae:70:94:b6:0f:c9:c7:8a:
+ ee:7c:a7:32:8a:ee:c3:e1:ee:01:34:c1:b8:db:98:80:4c:ac:
+ 5f:ac:18:02:fa:f5:c1:36:df:39:57:57:81:b9:26:d0:81:0e:
+ 75:79:18:21:29:a6:cb:eb:97:58:f2:dd:8a:88:c1:a2:c7:54:
+ 9f:97:89:b1:ef:ff:11:5f:18:0a:cd:25:3e:d8:35:07:45:55:
+ 1e:bb:a2:54:fc:66:ac:0f:ac:2a:77:d6:1a:a4:44:cc:5a:49:
+ 37:45:70:5b:c9:3d:2c:6d:c1:7e:af:4d:9c:4f:2a:a2:d9:01:
+ 3d:e2:7f:a4:f2:4b:d7:60:b1:06:a3:b4:46:35:43:1c:be:79:
+ 46:a7:8a:50:ee:22:4f:b8:57:45:c9:83:8a:65:bb:7a:86:b3:
+ 30:3a:7c:62:d3:b7:08:34:a7:05:0a:44:a7:57:5c:2b:b6:34:
+ 03:ea:3a:61:06:c9:f2:65:16:f2:20:c5:32:0a:61:20:c9:f7:
+ 07:2e:e8:d2:f2:67:c4:64
+-----BEGIN CERTIFICATE-----
+MIID7DCCAdSgAwIBAgIBFjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNDEzNDgxMloXDTEw
+MDMxNDEzNDgxMlowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
+AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjg1LzAwMDcwDQYJ
+KoZIhvcNAQEFBQADggIBALGezo0Jnvkhb77yp1RuJILjK4i3DeDiSTO0i61gccwg
+I1fPF6hGwKcaX46NGswLG9qkNLHXdBun5HGhLf0uGFECLJP/qfeYve1rTFWOJPaX
+joqAVlJ6F9qUlvoneIxlQKax0ioT/nbADPIEP9GIJcNaBcoz17sn4ovo1AD9/Lao
+nSfC+eqYMnmFnaPnv3hl6BXvSUiHqbK0xMvsp9qQNtbFb//DhRkTCydq08Tnl2II
+SaPpIpo80ZGPbo6HRw44Q45ahPacJMGfkCncOHNyfT/Wf92z0R3Pe7wxpmu0vhAG
+lGmgFu+96eeiixjhECd/nYr5YBjVk1TWTsIxvzcA29XPhdrpe+S7SPOlbrpIG1Bq
+EJn4d4GVeBvQ/tB0RygFNDIyXx9SQoX4evGoh/8vbOyDCZGFCkPONaJ/lLaucJS2
+D8nHiu58pzKK7sPh7gE0wbjbmIBMrF+sGAL69cE23zlXV4G5JtCBDnV5GCEppsvr
+l1jy3YqIwaLHVJ+XibHv/xFfGArNJT7YNQdFVR67olT8ZqwPrCp31hqkRMxaSTdF
+cFvJPSxtwX6vTZxPKqLZAT3if6TyS9dgsQajtEY1Qxy+eUanilDuIk+4V0XJg4pl
+u3qGszA6fGLTtwg0pwUKRKdXXCu2NAPqOmEGyfJlFvIgxTIKYSDJ9wcu6NLyZ8Rk
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 41 (0x29)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 23:32:11 2009 GMT
+ Not After : Mar 14 23:32:11 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Seventh OCSP Client certificate
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ab:f9:60:ff:9d:55:0f:31:12:2c:f2:df:64:22:
+ fb:c0:97:1d:e4:13:fb:d7:15:37:5d:b9:2d:97:37:
+ c4:e8:34:cb:00:85:22:4d:8a:85:80:a1:ae:90:5e:
+ 71:bf:6d:0d:a3:c3:8d:ce:47:58:60:25:bb:9c:95:
+ 0a:0b:cd:23:01:ae:18:be:d5:65:bd:8b:55:bf:ee:
+ 59:8a:db:20:bd:f9:f3:ac:53:2e:09:99:fb:27:7d:
+ 23:8b:f6:96:d9:41:37:0a:43:16:1f:f9:5d:84:b3:
+ 3b:79:45:ff:dd:b2:35:99:c0:db:85:24:22:a8:7e:
+ ff:e0:8b:f2:d8:ca:3e:ae:e5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:86/0008
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 08:02:c2:09:8a:f6:f1:d7:9e:d3:30:dc:ce:97:fc:84:bd:5b:
+ ae:60:39:82:0a:06:38:43:1e:55:de:83:11:d3:12:e0:81:76:
+ fd:5c:6e:9e:30:73:6d:8f:b2:32:a6:60:24:24:ee:e3:fd:73:
+ 10:12:e6:c7:23:6b:1f:4e:b5:52:e3:12:09:ee:dd:19:d2:b4:
+ a6:34:e6:14:3c:79:58:95:4b:25:e3:f6:97:d2:cc:20:93:48:
+ 1f:d5:2f:37:db:15:bf:f4:71:ad:04:bd:95:80:57:a5:49:bb:
+ aa:ca:f3:ff:af:62:dd:f9:94:75:38:59:6c:74:ef:ac:1e:19:
+ 60:6d:4b:be:f7:62:2f:c6:68:b9:c4:fc:8a:fd:9f:b2:4d:44:
+ 87:12:51:6e:7d:5f:41:2c:ea:e6:9c:3c:bd:cf:dc:aa:14:b2:
+ 34:16:e0:38:b3:8c:f4:d7:68:1f:6c:cc:3c:da:30:32:8e:58:
+ 5b:9a:bf:75:7a:38:a3:cf:60:6f:74:cc:a6:c1:55:f6:96:84:
+ 98:04:db:b1:07:d6:f6:06:11:af:c2:fb:81:a4:77:04:4d:55:
+ 9d:c4:28:d4:3c:d0:97:a0:f8:d4:18:59:cc:23:3a:b3:c0:82:
+ ad:1d:e2:4c:e4:da:24:73:cd:77:ab:db:22:07:94:d1:16:26:
+ 27:82:e2:d5:82:f9:e1:29:fb:8f:9e:88:a2:1b:5c:8b:31:3c:
+ c6:1c:ae:16:31:28:f8:e2:5c:9d:e9:e8:d7:d9:fe:0a:39:3f:
+ fa:65:20:53:5e:20:32:4b:b8:a8:4b:a8:b8:e8:f1:3f:0a:80:
+ 7d:b4:8c:1b:e6:54:d3:02:d6:56:a3:a6:4e:87:9a:51:ed:0d:
+ 52:9b:e1:66:c8:64:c8:95:55:08:aa:f9:c0:9d:5a:89:03:21:
+ 6b:29:96:f8:42:64:6a:3f:d5:92:d5:13:00:6c:89:38:ea:01:
+ 0d:28:3b:a0:12:e1:cf:cf:fd:10:5e:a3:9b:67:0b:3e:a7:17:
+ 7a:de:76:25:26:54:db:0f:a8:f9:e9:50:f0:1e:9a:0d:ad:d6:
+ ad:63:32:be:c0:bb:7a:66:be:c9:d3:f2:1e:48:c3:f5:2b:15:
+ 4d:39:cc:88:32:65:97:99:01:41:12:07:4e:d7:1d:af:fa:46:
+ 29:93:02:70:ed:df:89:a3:d5:50:1c:07:ed:df:f8:5c:d6:11:
+ c6:1a:32:e6:2b:e7:49:d8:82:16:dd:41:5d:13:9c:a0:00:68:
+ 82:54:f8:5e:2a:81:3e:fe:0b:bf:6e:de:e2:b4:4f:09:31:74:
+ 4d:6a:2d:b7:a9:0a:54:f4:a7:1f:63:8a:6e:73:bc:e3:38:9e:
+ b8:26:e5:f6:8a:dd:ad:14
+-----BEGIN CERTIFICATE-----
+MIID7TCCAdWgAwIBAgIBKTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjIzMzIxMVoXDTE5
+MDMxNDIzMzIxMVowZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xKDAmBgNVBAMTH1NldmVudGggT0NTUCBD
+bGllbnQgY2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKv5
+YP+dVQ8xEizy32Qi+8CXHeQT+9cVN125LZc3xOg0ywCFIk2KhYChrpBecb9tDaPD
+jc5HWGAlu5yVCgvNIwGuGL7VZb2LVb/uWYrbIL3586xTLgmZ+yd9I4v2ltlBNwpD
+Fh/5XYSzO3lF/92yNZnA24UkIqh+/+CL8tjKPq7lAgMBAAGjODA2MDQGCCsGAQUF
+BwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovLzEyNy4wLjAuMTo4Ni8wMDA4MA0G
+CSqGSIb3DQEBBQUAA4ICAQAIAsIJivbx157TMNzOl/yEvVuuYDmCCgY4Qx5V3oMR
+0xLggXb9XG6eMHNtj7IypmAkJO7j/XMQEubHI2sfTrVS4xIJ7t0Z0rSmNOYUPHlY
+lUsl4/aX0swgk0gf1S832xW/9HGtBL2VgFelSbuqyvP/r2Ld+ZR1OFlsdO+sHhlg
+bUu+92Ivxmi5xPyK/Z+yTUSHElFufV9BLOrmnDy9z9yqFLI0FuA4s4z012gfbMw8
+2jAyjlhbmr91ejijz2BvdMymwVX2loSYBNuxB9b2BhGvwvuBpHcETVWdxCjUPNCX
+oPjUGFnMIzqzwIKtHeJM5Nokc813q9siB5TRFiYnguLVgvnhKfuPnoiiG1yLMTzG
+HK4WMSj44lyd6ejX2f4KOT/6ZSBTXiAyS7ioS6i46PE/CoB9tIwb5lTTAtZWo6ZO
+h5pR7Q1Sm+FmyGTIlVUIqvnAnVqJAyFrKZb4QmRqP9WS1RMAbIk46gENKDugEuHP
+z/0QXqObZws+pxd63nYlJlTbD6j56VDwHpoNrdatYzK+wLt6Zr7J0/IeSMP1KxVN
+OcyIMmWXmQFBEgdO1x2v+kYpkwJw7d+Jo9VQHAft3/hc1hHGGjLmK+dJ2IIW3UFd
+E5ygAGiCVPheKoE+/gu/bt7itE8JMXRNai23qQpU9KcfY4puc7zjOJ64JuX2it2t
+FA==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCr+WD/nVUPMRIs8t9kIvvAlx3kE/vXFTdduS2XN8ToNMsAhSJN
+ioWAoa6QXnG/bQ2jw43OR1hgJbuclQoLzSMBrhi+1WW9i1W/7lmK2yC9+fOsUy4J
+mfsnfSOL9pbZQTcKQxYf+V2Eszt5Rf/dsjWZwNuFJCKofv/gi/LYyj6u5QIDAQAB
+AoGATwAeWQ5TdskaCl//0yZm9A/3gUDU3fc3GezpTqAl6m3mG3UNTwWlUnPzlwpr
+wn48V9CLogkQRgrPZpzoooc33trobB4AOArUwvmOpvfUTV6QfqgqKetBoWkRbnW2
+bRPSg+6Au8WhS97WYjMJishKsqgJSxzM/O8ZGD0rypiHG8ECQQDVGGBveE6MUIgg
+UisnkmB/bgdLwfM9h5hTWMvorS66QLJeMbYUBzPRsQbzjaplvqwc/MhNNFa+bW4h
+tBpMGkbpAkEAzpl8u/pXWR1IsIrl8nyVRRJQCqElrAds/biF7uKeYeQzDJjRLHdy
+8a2KEXL79fCEagf4BYuMIpSp1lJWcZxinQJBAJxefe1uT91g/vMQuMAaBpubxtjN
+ostk499NSpwb8S0Vao36Vo0N1/WovNwd+Ysdxriiue0FWh30uRscSSvNIHkCQAtT
+nOQNaIaJNXgAVXUC4Ygk5eB/TzpsOcx7NlSPdhF12lqhci5W6iVX1073l9q28fuC
+LlXXfbpTnjAS2Yxm/30CQAPX7Gx0QbM+juuMhZXNUSZdGXgRe59Y0sDRqJ8WPAUR
+6ADfsota0RF80sIFT0NJLe1AIjaC/U5hlFrCtEceov8=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFMDCCAxgCCQDyW0BbwrfQZDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJL
+UjETMBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNV
+BAoTDVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwNjA3MjIxNFoX
+DTE5MDMwNDA3MjIxNFowWjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2kt
+RG8xETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMQsw
+CQYDVQQDEwJDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMXhh68a
+WUeOMDqFnGm1yuqgKJ5gL7aLXkLvaoptZnZchTi+LbzDEIhAyHLVZhzW5TTalY9I
+svqIB+vax6kYSJl1vzIqha7dBsHcftCqJqlDwl35pPOOfDJBcMjd211arVe/7XHI
+sdTmOaGpBVF/7WGMGgla9HIFLnr/EocSdxq/tyU82TPHBpTfjOnkXxuZLkvcTBdm
+2e3Za6iLoXZBUwqAEbbfTQnsBClcBgUyaVR1bxwLjEbjmg8N9RvpHSNDhVBQkjRg
+80znryxojICHB3JplfNBFGJ+PtymRXQEouvzZRiy0tLRHydvULO1hsVO/mGtaKyh
+FILUkn240w1u8aiyM/7a1VEy+hYS4lLOiQnbCsZI6gWdzmroa1tBOOV3mjTb0tjn
+xIGbGu2fnEQMrKhRBN1l04hELBlTUqGgvXqWBgYB03uaHt61Ul4HjAPqLWkmWu/C
+ZlEO6ewoCoJHCPR0Z89gGdrcMzJBaF2dsceurIcYL+rSlALTkpo3SiQiRlqcNSQQ
+UUhFcE+fsQq050gXxk6AMjZi3EZC/Lj2Z/oYcf5hiwt7gnzMux5A0Mxob8g4gRGI
+hOOxDxZg53X9frdTW6xnMTGHq2mqmVtQnquvz6MNcDw7cnJBUQkUWHkq4wvL3y6z
+bhBFUXsX7gBKox0JMY3PHeH+untLNoWdi9F9AgMBAAEwDQYJKoZIhvcNAQEFBQAD
+ggIBAHVU/HAqDC+bX8J0Nt7y0jO1ioUun6qPzjcQ9QRYjZ71JrsRbTgNmYkKtBi1
+8TZ/Dyq27OO612N4qrGe8dZwTK7z8bhVv4+mjgpP/uyO1woLDpYof26z09cfYd3z
+J0OE7Ta0/OlMYCDWl6ORPCNkfv7Bj0cS/XsJczfJAaPdyUozTR6Jl4qARHgS07H4
+ITZGnzPSk34AhJdZFVcnepCSjb4eXTJw1xjAd/OIaD8qtAnrrx/RnWAiii7BIUN/
+O6oOBSumPIrzBbgOJ96KyE5DDaoaECBWEFeyLsXk9PW3PC4CcPrTW1qjkr2cFrPm
+oYhIb2NkYQzpx36wLqG9tiGGiO8BFmyDjffAu8rBvMIFDGjy62fA+n/BMyrfxrQ3
+bKPt/GVHEEhhpNVAF+aRdJk7UtirLIrOYnRJDcbi51ZYiLpogmsH0PZ7JcC2ZkCb
+w753asG0K48OcRNw4c2D0tOXWUE+pkTjbE4HUD4xU+of3x3V98xHghd2G8MOMoRL
+M4tcK/zs76pOY6gfNuZe8nN/9RI+gsiiswWLkSBDEJEAEngZchdmd0I+8ed9qKW8
+Sm+85bfdya+Pbl858kubbkVup8wdl6wfILV+1XZOks1enknQYbls6Gx6mF9Llx1h
+mEHwvjERzOA7ykbVsRj/42Rn4g6JNEzJIZCsaSowk1zt0imn
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD
+VQQDEwxDZXJ0IENoYWluIDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMe1
+y9pN5QxRxXP50eN0G1usaTIVMbxvSvM62+uLYBoF/AcNHKH89yAuZZUYYfLuOH6N
+6Q/7oedTTWr+xLM5u2/5FLGvEyUM87IM6GPfiNtVTdKVYa1H/eUE/Wzvy9rPThrh
+mA/dfgEwFcQV6c269viBSzUVLpEFZNOGxZ4NrV5pAgMBAAGgADANBgkqhkiG9w0B
+AQUFAAOBgQBLCg6kFYFJpEjLdeXsScF/NQ1oBOxzF3GsEfhV1fwErLk9fvW4xep8
+CkzYzXbvZrrW1MLYgj0Bp0A3HJjnLttZXLXB2rmgwvWdcap7QziypjoR2R2GmPhm
+4iVZyKpVW19lV3ofUHLU6TTbP0wC3LGfQoSZv80Tp6mBdtwccQGDHQ==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 50 (0x32)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 24 07:30:26 2009 GMT
+ Not After : Mar 24 07:30:26 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c7:b5:cb:da:4d:e5:0c:51:c5:73:f9:d1:e3:74:
+ 1b:5b:ac:69:32:15:31:bc:6f:4a:f3:3a:db:eb:8b:
+ 60:1a:05:fc:07:0d:1c:a1:fc:f7:20:2e:65:95:18:
+ 61:f2:ee:38:7e:8d:e9:0f:fb:a1:e7:53:4d:6a:fe:
+ c4:b3:39:bb:6f:f9:14:b1:af:13:25:0c:f3:b2:0c:
+ e8:63:df:88:db:55:4d:d2:95:61:ad:47:fd:e5:04:
+ fd:6c:ef:cb:da:cf:4e:1a:e1:98:0f:dd:7e:01:30:
+ 15:c4:15:e9:cd:ba:f6:f8:81:4b:35:15:2e:91:05:
+ 64:d3:86:c5:9e:0d:ad:5e:69
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 0a:20:59:10:b7:68:03:8d:c5:82:bf:b2:4d:4e:a5:0b:54:51:
+ 27:4d:ec:86:a8:f0:5c:e8:8d:20:23:f5:81:c2:61:7a:40:2c:
+ dc:bd:dd:7e:d1:f1:4e:70:4c:77:7b:11:ed:1b:4b:a6:1e:4d:
+ 6d:9b:f4:99:81:39:a3:3d:cd:fc:1f:ce:16:62:05:c4:99:1c:
+ 68:e3:98:d6:47:ea:73:e4:b0:70:d3:fa:23:b9:4d:8a:09:91:
+ 66:ef:57:cb:68:1c:39:c3:5c:c3:92:a3:d0:c5:db:65:af:e2:
+ 18:62:73:e4:aa:be:c7:e6:a5:7b:e7:31:f0:30:3e:2a:0c:1a:
+ 21:f1:1e:19:5f:12:b7:31:58:93:46:12:f0:7e:a8:73:46:a1:
+ df:2b:c3:8c:c1:ea:0f:a3:29:20:e3:ee:ad:6f:d4:a1:db:f9:
+ 76:d1:20:71:78:a1:b9:fb:b2:27:df:61:5a:00:17:38:29:f7:
+ 65:14:98:26:87:83:a2:84:31:1c:a2:22:12:2f:9a:1d:fa:bd:
+ 55:0c:f3:71:10:bb:f5:42:a4:12:01:61:87:2b:3e:46:bd:ad:
+ 4b:6b:07:e3:64:30:3a:1f:57:b8:26:44:27:de:c3:8e:07:c6:
+ 24:06:97:4a:10:4e:7a:b5:60:d9:b2:4d:4d:ad:38:6f:0e:41:
+ db:f4:a8:51:81:42:79:fd:c5:94:67:8f:21:d5:05:bc:7b:b8:
+ f3:94:8b:39:0c:30:7b:42:09:0f:77:0e:7e:93:e8:35:b0:ac:
+ 00:e0:4d:03:a6:3c:f3:96:bf:23:06:95:0d:bb:20:26:9c:7b:
+ 86:6c:f6:ff:84:65:a8:35:de:ad:c8:c6:57:c1:00:ae:61:4e:
+ 2a:0c:67:f0:9a:e3:36:4a:45:5f:3f:1f:20:13:fe:0a:f9:7d:
+ b5:a4:ba:ba:b5:f6:09:9e:40:fb:c6:d6:f5:74:d4:ea:0d:4b:
+ 53:32:89:3d:7b:f5:c3:42:3d:57:69:76:07:28:1a:62:f7:24:
+ c3:a1:cf:6c:77:d6:6e:98:9a:ce:4f:59:e2:94:d7:8d:80:40:
+ f4:eb:84:40:ca:7e:67:0e:58:7c:b8:12:e0:8e:f1:67:05:5e:
+ ff:b4:5e:84:cf:3a:af:d1:26:49:91:8c:60:3c:c6:8a:ed:3f:
+ be:30:0c:f0:1e:62:1d:61:cd:00:d5:7d:97:47:c6:28:94:90:
+ 91:47:a1:18:6e:8a:97:6c:51:f4:52:0b:69:d3:c0:4b:2b:7a:
+ 1b:cf:3a:7d:d4:56:a5:b4:df:95:d9:b7:db:c1:ee:4c:72:27:
+ 21:b4:19:06:de:57:19:e3:7f:22:11:72:9f:01:68:9d:a5:aa:
+ d2:85:85:b8:59:15:c6:24
+-----BEGIN CERTIFICATE-----
+MIID2jCCAcKgAwIBAgIBMjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMyNDA3MzAyNloXDTEw
+MDMyNDA3MzAyNlowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gMTCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAx7XL2k3lDFHFc/nR43QbW6xpMhUx
+vG9K8zrb64tgGgX8Bw0cofz3IC5llRhh8u44fo3pD/uh51NNav7Eszm7b/kUsa8T
+JQzzsgzoY9+I21VN0pVhrUf95QT9bO/L2s9OGuGYD91+ATAVxBXpzbr2+IFLNRUu
+kQVk04bFng2tXmkCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAB
+hhhodHRwOi8vMTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADggIBAAog
+WRC3aAONxYK/sk1OpQtUUSdN7Iao8FzojSAj9YHCYXpALNy93X7R8U5wTHd7Ee0b
+S6YeTW2b9JmBOaM9zfwfzhZiBcSZHGjjmNZH6nPksHDT+iO5TYoJkWbvV8toHDnD
+XMOSo9DF22Wv4hhic+SqvsfmpXvnMfAwPioMGiHxHhlfErcxWJNGEvB+qHNGod8r
+w4zB6g+jKSDj7q1v1KHb+XbRIHF4obn7siffYVoAFzgp92UUmCaHg6KEMRyiIhIv
+mh36vVUM83EQu/VCpBIBYYcrPka9rUtrB+NkMDofV7gmRCfew44HxiQGl0oQTnq1
+YNmyTU2tOG8OQdv0qFGBQnn9xZRnjyHVBbx7uPOUizkMMHtCCQ93Dn6T6DWwrADg
+TQOmPPOWvyMGlQ27ICace4Zs9v+EZag13q3IxlfBAK5hTioMZ/Ca4zZKRV8/HyAT
+/gr5fbWkurq19gmeQPvG1vV01OoNS1MyiT179cNCPVdpdgcoGmL3JMOhz2x31m6Y
+ms5PWeKU142AQPTrhEDKfmcOWHy4EuCO8WcFXv+0XoTPOq/RJkmRjGA8xortP74w
+DPAeYh1hzQDVfZdHxiiUkJFHoRhuipdsUfRSC2nTwEsrehvPOn3UVqW035XZt9vB
+7kxyJyG0GQbeVxnjfyIRcp8BaJ2lqtKFhbhZFcYk
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDHtcvaTeUMUcVz+dHjdBtbrGkyFTG8b0rzOtvri2AaBfwHDRyh
+/PcgLmWVGGHy7jh+jekP+6HnU01q/sSzObtv+RSxrxMlDPOyDOhj34jbVU3SlWGt
+R/3lBP1s78vaz04a4ZgP3X4BMBXEFenNuvb4gUs1FS6RBWTThsWeDa1eaQIDAQAB
+AoGBAITKrA6vRsLnSGyyS057cImHXbdQgm6ybdrHY13+odsL6aXioQxRAR1j3GXD
+/bUjk2sK/1KCVghTyqF/X9lwZOGFOM5XsyptHxF/afgBljGzZwW21GBG4hSfSOjm
++yL2Xhlejol1GbC3D9jLksxrfcKuVFkXbBJVYp1dQ+9wBWvRAkEA8AwIpeMYz4/B
+W83f2FnK81ETeO8DKldFQADlgv4q3F/un2oSCxBglyyq0i7JjdK2/kgxHN62zsxZ
+LeDZUr1z5QJBANT7gO03J8jODO8wqqaS63T/0vxoMHrAF/l/NC0Fpk5AZutDvsn9
+yWLy0PNwJlLzKo8XBCjIY9wVxiwS9/Ic4DUCQFWUpLyns1/Eq7YUNvsGQFHxFNUn
+uWQuCvVfnHPQM+2vkf5prZceNqGO/jPDFH6ooi8UA9Z8HIar2ht+L1zNSHUCQQDI
+Ifk5bv2sfKq8zH9e/WnRzF7nHcSIZB9jLDvMHqXynCPZ6RPL3PWzTDY6uuTYR3Vz
+dg5LgFoNwkwwuDZTRP0NAkAUHcJbjs2ey95utZ/to9Cl+ztaJWoa83dSQCx978l0
+a9O/kVYympJTHCnL8mU9QqePQvJjtgBY4ypcsaJ2luFV
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBpTCCAQ4CAQAwZTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRYwFAYD
+VQQDEw1DZXJ0IENoYWluIDEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa
+eurpTfFGrr35DIHe/fTPE/x0VBv3+9Ow9q4y/hcN35Hid8e3ZItTSLJQxhDTTcLC
+nlPRrzv+0MNkv5VIo16FKffDGUxUCXpCgby58GPrCpA8nfoluO6AUMG5wo0o66Qb
+iLUvDDAEjJeoqZonfFp5A0n87IE5YRxSm5ea8FTbLwIDAQABoAAwDQYJKoZIhvcN
+AQEFBQADgYEAm45LnopOspLWfwwEJxCYyX/DmQ8v7bsm50hvVAn71/Zh9GiD3cnV
+fgsyNQsoPR56gnh9y8QJvZjfUzQue37ueMZyXegCbgn2/bh51HaS3cW6R8Tbq5vq
+PBpU1sXVSRyBK1iqH8DoBH8O5f0a1Tf4vI8k36j/pS3UWZW5T+2Kj9U=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 55 (0x37)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 9
+ Validity
+ Not Before: Mar 24 07:09:56 2009 GMT
+ Not After : Mar 24 07:09:56 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 10
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:da:7a:ea:e9:4d:f1:46:ae:bd:f9:0c:81:de:fd:
+ f4:cf:13:fc:74:54:1b:f7:fb:d3:b0:f6:ae:32:fe:
+ 17:0d:df:91:e2:77:c7:b7:64:8b:53:48:b2:50:c6:
+ 10:d3:4d:c2:c2:9e:53:d1:af:3b:fe:d0:c3:64:bf:
+ 95:48:a3:5e:85:29:f7:c3:19:4c:54:09:7a:42:81:
+ bc:b9:f0:63:eb:0a:90:3c:9d:fa:25:b8:ee:80:50:
+ c1:b9:c2:8d:28:eb:a4:1b:88:b5:2f:0c:30:04:8c:
+ 97:a8:a9:9a:27:7c:5a:79:03:49:fc:ec:81:39:61:
+ 1c:52:9b:97:9a:f0:54:db:2f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 81:7f:37:9d:a6:8f:7d:f1:03:b0:78:a3:44:7e:c1:31:27:f0:
+ 73:51:eb:55:76:3f:1b:a5:59:0f:5b:ab:2f:ff:72:9d:8a:46:
+ af:30:a4:c1:6a:25:1c:04:b9:22:14:b8:39:52:f1:4f:f0:24:
+ eb:f0:5f:62:79:24:c2:ec:84:92:87:5d:9c:05:87:e8:b1:71:
+ a7:30:fc:03:2d:9f:c5:3b:7c:58:7e:7a:86:75:50:ad:14:5e:
+ f9:69:c4:49:1e:58:33:da:5f:eb:bc:c5:ac:10:2a:dd:3c:87:
+ 1c:0f:aa:37:93:c0:68:4c:3d:b4:0c:30:78:63:af:8a:f4:80:
+ e8:8e
+-----BEGIN CERTIFICATE-----
+MIICUTCCAbqgAwIBAgIBNzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
+A1UEAxMMQ2VydCBDaGFpbiA5MB4XDTA5MDMyNDA3MDk1NloXDTEwMDMyNDA3MDk1
+NlowUjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xFjAUBgNVBAMTDUNlcnQgQ2hhaW4gMTAwgZ8wDQYJKoZI
+hvcNAQEBBQADgY0AMIGJAoGBANp66ulN8UauvfkMgd799M8T/HRUG/f707D2rjL+
+Fw3fkeJ3x7dki1NIslDGENNNwsKeU9GvO/7Qw2S/lUijXoUp98MZTFQJekKBvLnw
+Y+sKkDyd+iW47oBQwbnCjSjrpBuItS8MMASMl6ipmid8WnkDSfzsgTlhHFKbl5rw
+VNsvAgMBAAGjODA2MDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDov
+LzEyNy4wLjAuMTo4OS8wMDAyMA0GCSqGSIb3DQEBBQUAA4GBAIF/N52mj33xA7B4
+o0R+wTEn8HNR61V2PxulWQ9bqy//cp2KRq8wpMFqJRwEuSIUuDlS8U/wJOvwX2J5
+JMLshJKHXZwFh+ixcacw/AMtn8U7fFh+eoZ1UK0UXvlpxEkeWDPaX+u8xawQKt08
+hxwPqjeTwGhMPbQMMHhjr4r0gOiO
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDaeurpTfFGrr35DIHe/fTPE/x0VBv3+9Ow9q4y/hcN35Hid8e3
+ZItTSLJQxhDTTcLCnlPRrzv+0MNkv5VIo16FKffDGUxUCXpCgby58GPrCpA8nfol
+uO6AUMG5wo0o66QbiLUvDDAEjJeoqZonfFp5A0n87IE5YRxSm5ea8FTbLwIDAQAB
+AoGBALyImbKeifi+zjzeKCwv5lPUIWSZOFF0xKbPGF/0mBxms1NEndmKMBi8gPPn
+F5ngXpLnYdluaE1qBVMpaD94ixSyDPpma813+TpeuTiyBsTDEWuBmRFkqNLP/G4d
+r6t5QI70416sfeMoDHwLygrFAGhQ+Kd1E7PtuSP+zcEWhK2BAkEA+FPGot/RW5Nv
+geG7v5FlU2Qu/uJHbR4f7yVbHopYh94ulJM3EyLvqbzNguS9RztcdQxt18IBoRLu
+Q1a5bdhrIQJBAOE7DnRG/n5AQpmAMObQaMp9sXafVly3KltLiEkJEImGdgg2H43y
+tf+1mfBoFpGF7tI574bprFT+p/IpG4D+TE8CQFWhVeK+OUxRx+bKt1o0wfMCne4I
+i0bGV464m/YpEKQxanCTXy97IZevYlKbm+VfQ9+c3JfE75jilUSlOCX3teECQQDb
+l1CIXY9SWCSWtDz5TMheZB3ZoY/55TsOt52wV34gF1CMwPgS1UhMfyoPEeyvBP3L
+SWEXEExMsdvcZefC5CxRAkEArkFcrJ8KTJii0neLhFi1UkuKdoGxeVx9TGikV/fr
+wXVLTrG/SyVKjWH+qMyN4B1i23MQsdBtnL6e1+q4tXcwTQ==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD
+VQQDEwxDZXJ0IENoYWluIDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANte
+pqtg84X2DQcXjK5SeBN1IYzTSiDRDYriNJX/0jEp52LprM5ept33oDjzlrIkBrbI
+xgZXuvDwaQh6wb+HywYrevyBJjaBRgSbmR8fDjYFr33yV/smHaWjW69wHW9VK9bf
+O91LUR4XpomUXhacCP3ZXB6tefFbQsI3WXPZ5bVlAgMBAAGgADANBgkqhkiG9w0B
+AQUFAAOBgQBp9/rm/8Gr74HMFqeYZLcW8UuIi3hykrWlQCCLPgTl8eWc7gYRBVQ+
+cbvSj06cpf0oKivPVfHWTj40e+wG4pWD3czl3KlGpRqPNRM6AzwkRWHZEzlyQ82n
+l3URQ1VRDeuXNhJxUM632NDKFmKK7vil2vjOguLYFTuJhKnHahaLYw==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 47 (0x2f)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 1
+ Validity
+ Not Before: Mar 24 07:09:44 2009 GMT
+ Not After : Mar 24 07:09:44 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:db:5e:a6:ab:60:f3:85:f6:0d:07:17:8c:ae:52:
+ 78:13:75:21:8c:d3:4a:20:d1:0d:8a:e2:34:95:ff:
+ d2:31:29:e7:62:e9:ac:ce:5e:a6:dd:f7:a0:38:f3:
+ 96:b2:24:06:b6:c8:c6:06:57:ba:f0:f0:69:08:7a:
+ c1:bf:87:cb:06:2b:7a:fc:81:26:36:81:46:04:9b:
+ 99:1f:1f:0e:36:05:af:7d:f2:57:fb:26:1d:a5:a3:
+ 5b:af:70:1d:6f:55:2b:d6:df:3b:dd:4b:51:1e:17:
+ a6:89:94:5e:16:9c:08:fd:d9:5c:1e:ad:79:f1:5b:
+ 42:c2:37:59:73:d9:e5:b5:65
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ c1:6c:a1:95:34:3e:32:74:35:1a:cb:76:24:cb:1b:e2:a0:ff:
+ 6a:78:ef:8d:7f:dd:40:3f:39:85:aa:19:a9:e5:ce:ca:c4:2d:
+ b8:6c:6d:d4:e9:b1:a2:45:94:16:d7:8b:23:3a:d3:7f:6d:b0:
+ 8a:7c:ed:2e:6c:e3:ba:dc:3c:25:4b:13:f4:28:a4:f9:87:b4:
+ 69:b5:51:4d:da:d4:7e:9e:0f:99:6e:1a:5a:5f:b5:dc:f2:7b:
+ d5:8f:57:39:61:e3:a8:2e:bc:8a:b7:9d:d3:21:58:81:12:b9:
+ e5:bc:b9:fc:bd:39:2d:e8:8b:c0:49:bc:ba:16:ee:43:58:d9:
+ 93:82
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBLzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
+A1UEAxMMQ2VydCBDaGFpbiAxMB4XDTA5MDMyNDA3MDk0NFoXDTEwMDMyNDA3MDk0
+NFowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gMjCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEA216mq2DzhfYNBxeMrlJ4E3UhjNNKINENiuI0lf/S
+MSnnYumszl6m3fegOPOWsiQGtsjGBle68PBpCHrBv4fLBit6/IEmNoFGBJuZHx8O
+NgWvffJX+yYdpaNbr3Adb1Ur1t873UtRHhemiZReFpwI/dlcHq158VtCwjdZc9nl
+tWUCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAwWyhlTQ+MnQ1Gst2
+JMsb4qD/anjvjX/dQD85haoZqeXOysQtuGxt1OmxokWUFteLIzrTf22winztLmzj
+utw8JUsT9Cik+Ye0abVRTdrUfp4PmW4aWl+13PJ71Y9XOWHjqC68ired0yFYgRK5
+5by5/L05LeiLwEm8uhbuQ1jZk4I=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQDbXqarYPOF9g0HF4yuUngTdSGM00og0Q2K4jSV/9IxKedi6azO
+Xqbd96A485ayJAa2yMYGV7rw8GkIesG/h8sGK3r8gSY2gUYEm5kfHw42Ba998lf7
+Jh2lo1uvcB1vVSvW3zvdS1EeF6aJlF4WnAj92VwerXnxW0LCN1lz2eW1ZQIDAQAB
+AoGAfGJmzrXiXwrsyCCqPA222BGKPHdxiLoAm8c3WfX8ELRZ5tPoj/tLUoCd8Kzt
+vYR/6hRddCs6bHNkmtJAGYG9s20fU7o6TrFJd/l4qjYVNl9cxKaWoMXN3xmANrFD
+3ZiXOotSQrNCqJdllg6AvezCNRL1yDGppWXAL7TM2OGxTAECQQDwYJPFSid+CMR3
+fQTvQBsmdsrUSHaDIENMYHAfq2BqWYIkNRL2PHmhfiQ5yepi1MzQ2clq+2Gbvl8K
+zmMkiEcFAkEA6aCMYZkXCM33+lRnBd447qGpj0uYgH+VGmq9WPhugfag/UtdVfsL
+H3pBnMcfLctot4dFgFGKaAOpMDRVVZBC4QJABQwCDkJgUeUdOuUFFYDjEQutdoeO
+9XHX9+KOeBvBCnqWoOv8We8rHpjnac8zfJ+7LSdlczmT8xEsLa3npvy1gQJAXaBR
+oetQJ98jOdcJUni0KC3xXdPV0elPP773Eui8oKjN67SAOyzYUE0WblX+UMPru2Ei
+oUIMTZLqAr92U0v1AQJAchSMGsAOQ113Ck4O5AWOkegz9EZFkCs9g1kmNxBmLVtv
+11Jw1oMbJG+03OnXyf55zRroTCXqqt8GZUSQrVOg9A==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD
+VQQDEwxDZXJ0IENoYWluIDMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMY9
+x+UPx1koqrb8XtANlW3fjIJCbe+prVGsc8HhCqGOgG6sCjVVYT1EMkbZ9wNLMbDi
+orP4kUvjXB1c4EhRUZoGQRriTEVcwCqGRETOAQJW5ptLjV5Jp/lAGwCTkdYuJJ8f
+BFnraFH+dLoSsLh9e8KV/6an/d6KoWn7gIWlpkNPAgMBAAGgADANBgkqhkiG9w0B
+AQUFAAOBgQBj+KktKrbneMSXk1AqRHqT1CyMjwgWmHsEkzsvey/hitowV7vypOGh
+WjBwRJ1SrjZcn54Z+70CcM1Nv4qwSMOK3HhidwAH203CCAgMQoGmH9qYnQ2fbMgr
+DuwIQJbr0Gvm2zvz5Xrvj78OrnhX/X3YjWLtVhh1XeoUCTo8HVrgaA==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 48 (0x30)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 2
+ Validity
+ Not Before: Mar 24 07:09:46 2009 GMT
+ Not After : Mar 24 07:09:46 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 3
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c6:3d:c7:e5:0f:c7:59:28:aa:b6:fc:5e:d0:0d:
+ 95:6d:df:8c:82:42:6d:ef:a9:ad:51:ac:73:c1:e1:
+ 0a:a1:8e:80:6e:ac:0a:35:55:61:3d:44:32:46:d9:
+ f7:03:4b:31:b0:e2:a2:b3:f8:91:4b:e3:5c:1d:5c:
+ e0:48:51:51:9a:06:41:1a:e2:4c:45:5c:c0:2a:86:
+ 44:44:ce:01:02:56:e6:9b:4b:8d:5e:49:a7:f9:40:
+ 1b:00:93:91:d6:2e:24:9f:1f:04:59:eb:68:51:fe:
+ 74:ba:12:b0:b8:7d:7b:c2:95:ff:a6:a7:fd:de:8a:
+ a1:69:fb:80:85:a5:a6:43:4f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 87:26:72:c1:5b:e8:04:3a:3f:c5:65:24:17:7a:e5:40:67:f3:
+ 1e:cd:91:0c:75:bd:aa:14:61:d1:1a:2c:d7:11:21:bb:a3:70:
+ 92:54:e5:3d:30:d1:b5:50:73:72:1b:72:e8:47:b0:af:a9:85:
+ f5:e4:d5:53:d5:db:4d:88:48:00:4c:69:32:ab:f2:a8:d0:57:
+ 90:c6:24:fc:7b:77:de:6c:dd:c5:c9:6e:5b:21:15:73:4d:4d:
+ f7:a3:ca:31:60:84:24:e9:4d:21:fc:88:ce:13:99:35:76:4c:
+ e7:26:47:43:a7:eb:79:bd:7e:aa:80:48:ad:5c:46:ae:ab:74:
+ 9e:29
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBMDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
+A1UEAxMMQ2VydCBDaGFpbiAyMB4XDTA5MDMyNDA3MDk0NloXDTEwMDMyNDA3MDk0
+NlowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gMzCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAxj3H5Q/HWSiqtvxe0A2Vbd+MgkJt76mtUaxzweEK
+oY6AbqwKNVVhPUQyRtn3A0sxsOKis/iRS+NcHVzgSFFRmgZBGuJMRVzAKoZERM4B
+Albmm0uNXkmn+UAbAJOR1i4knx8EWetoUf50uhKwuH17wpX/pqf93oqhafuAhaWm
+Q08CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAhyZywVvoBDo/xWUk
+F3rlQGfzHs2RDHW9qhRh0Ros1xEhu6NwklTlPTDRtVBzchty6Eewr6mF9eTVU9Xb
+TYhIAExpMqvyqNBXkMYk/Ht33mzdxcluWyEVc01N96PKMWCEJOlNIfyIzhOZNXZM
+5yZHQ6freb1+qoBIrVxGrqt0nik=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDGPcflD8dZKKq2/F7QDZVt34yCQm3vqa1RrHPB4QqhjoBurAo1
+VWE9RDJG2fcDSzGw4qKz+JFL41wdXOBIUVGaBkEa4kxFXMAqhkREzgECVuabS41e
+Saf5QBsAk5HWLiSfHwRZ62hR/nS6ErC4fXvClf+mp/3eiqFp+4CFpaZDTwIDAQAB
+AoGBAIJPyj7AiIILQWzXqFuLElcPRAW8NRf9qXiuq8kebSaVzcbyQCOe5DSpx4Lb
+dIwtuZRU5i73jkscQUjr7GKdUc2NHvCDQzjnk7S5uu8NFiHXqVXDJxHwAZI0svzD
+vFilu2E3r9Wj7dZa7l4uSEXLyagdwo0bD2xcrdwnyu5qLTuBAkEA7CUIGOEAK7ly
+Xweti+/fnni6cznMmWi1DDeM39GtbxHI3oPa2d7Ddkn5ZWRtFbIepLWi5+k6Xzpz
+fkCaA3js9wJBANbo4y/L/QKNhASI70DlKwFiJr+4RmQ1739l2BDHW+8crw+sM3VZ
+exVtHHKw6U6wqLMvzaojVZwnEJo05uWQ/mkCQGU7jtgThN45ttUUVoq5/3RRLyT8
+b0CIyax+F+9PVPlbd3AkuGpT/Bk2pyqXPchiPo6/qyGeMz7lsOM70IqSiYsCQGUU
+6u6rSpityT98zNPANmcTLFiWqv0tZTWNyH+z1Sj1W93KR/XVHZBpXq0PSt1JOD/3
+pwt0TSsCMMvnQAcQGKkCQCXU5eHdRmhCp9Eei5+fI+XUhBLkqzyrqlK1NVijgXTE
+kSXhaQWG9iLDDNgSkO6ofCPOTwcfIteXnc1OjGB/0Jk=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD
+VQQDEwxDZXJ0IENoYWluIDQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALoF
+MPZlb8bkVABxHIVsXlpCZ99m4qNpvoXZhMCLG71N8u/fAdNlM/lmmgh54SFuiuY8
+3JbyQ+kyaJ0GBtf8+9LaWBaBGczXQyD0hcEDmzTAbHqhGV1PQYz7dH1Mhshv+fLI
+1DjMwEQLwLANSCssxp+SIS2A3Uu92uJ9rfVdp6V/AgMBAAGgADANBgkqhkiG9w0B
+AQUFAAOBgQCDwFPg48L29Vm880XqQ9ngfj9ylWk3wbW4SFnSNVRoC7g476/dNg7R
+lMyuzHOGYWPQUDUBB9hrlIgOo11jihD3VMVSZRfz4U/+yPq6AU6J5QB8p8ibz5gE
+sjyUHkuc9lwniTtZvqbVuvXM73UlqQJ3Y5OCW1nrAE5eoaH9Zr7ifg==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 49 (0x31)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 3
+ Validity
+ Not Before: Mar 24 07:09:47 2009 GMT
+ Not After : Mar 24 07:09:47 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 4
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ba:05:30:f6:65:6f:c6:e4:54:00:71:1c:85:6c:
+ 5e:5a:42:67:df:66:e2:a3:69:be:85:d9:84:c0:8b:
+ 1b:bd:4d:f2:ef:df:01:d3:65:33:f9:66:9a:08:79:
+ e1:21:6e:8a:e6:3c:dc:96:f2:43:e9:32:68:9d:06:
+ 06:d7:fc:fb:d2:da:58:16:81:19:cc:d7:43:20:f4:
+ 85:c1:03:9b:34:c0:6c:7a:a1:19:5d:4f:41:8c:fb:
+ 74:7d:4c:86:c8:6f:f9:f2:c8:d4:38:cc:c0:44:0b:
+ c0:b0:0d:48:2b:2c:c6:9f:92:21:2d:80:dd:4b:bd:
+ da:e2:7d:ad:f5:5d:a7:a5:7f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ b6:bc:69:88:2c:7a:dd:69:8b:90:cf:a8:ec:33:db:ad:10:06:
+ ad:d2:94:ee:cf:d3:33:97:ac:60:38:e0:5a:a4:7b:d0:ca:a7:
+ 5c:19:be:93:1c:61:85:14:08:f0:35:44:99:d4:7e:b0:fb:be:
+ 4e:5c:18:a9:b9:b5:9a:91:4e:d1:e1:44:8d:ec:ca:4e:eb:6e:
+ 17:27:76:0d:57:ad:cf:32:e4:a5:bc:b6:ad:22:e5:27:6d:11:
+ 81:4d:4c:09:14:ea:11:7c:81:14:5e:fb:95:4d:f3:1d:5d:d0:
+ f9:b6:45:e7:c5:c6:40:21:64:60:2e:71:1f:32:dc:21:fe:5c:
+ 45:da
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBMTANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
+A1UEAxMMQ2VydCBDaGFpbiAzMB4XDTA5MDMyNDA3MDk0N1oXDTEwMDMyNDA3MDk0
+N1owUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNDCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAugUw9mVvxuRUAHEchWxeWkJn32bio2m+hdmEwIsb
+vU3y798B02Uz+WaaCHnhIW6K5jzclvJD6TJonQYG1/z70tpYFoEZzNdDIPSFwQOb
+NMBseqEZXU9BjPt0fUyGyG/58sjUOMzARAvAsA1IKyzGn5IhLYDdS73a4n2t9V2n
+pX8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAtrxpiCx63WmLkM+o
+7DPbrRAGrdKU7s/TM5esYDjgWqR70MqnXBm+kxxhhRQI8DVEmdR+sPu+TlwYqbm1
+mpFO0eFEjezKTutuFyd2DVetzzLkpby2rSLlJ20RgU1MCRTqEXyBFF77lU3zHV3Q
++bZF58XGQCFkYC5xHzLcIf5cRdo=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC6BTD2ZW/G5FQAcRyFbF5aQmffZuKjab6F2YTAixu9TfLv3wHT
+ZTP5ZpoIeeEhbormPNyW8kPpMmidBgbX/PvS2lgWgRnM10Mg9IXBA5s0wGx6oRld
+T0GM+3R9TIbIb/nyyNQ4zMBEC8CwDUgrLMafkiEtgN1Lvdrifa31XaelfwIDAQAB
+AoGAV3w1iMwwA5RCxWptBXrv7PcqLvEOSdhjmEOyoXNK+n78cD+rdiY0iWjtrGrV
+rIl2nc2l2P/bXIMunBrHgTEjpTtQQIr1n8xqCJeyLXaVaCi2rjLYSdvxC+lABoMc
+/+pODEWl1VJdEckXg9w8Jr7VY0toc3zeKbsZJuGr2O559xECQQDiYqx/fFhMb6tN
++/LkhLCCgeHbURSW7UABiOocNE2crznHfZcWSD04GLH/UgwhP3RJ6CHcOtmXSD11
+ZQkNugZ9AkEA0lq+2QxhcFDAeJWfeFFZLw8I67xRY6tlZIiOQyWnRFVh6eHPvduU
+BfYxBU6FA9G0MAWgGxgZqtOLxqnQIuuQqwJBALlnSJCsHICVH/2hLv66MPjhOEDu
+uWcV7MqU/+6TY1DELRTVJWzJQuHzT6uj3W1JU4rHwxtjUxrTvgmr8ms8g90CQCGE
+2kJlyaUHCRRt6yJV/BsWjzpZILL8HcT+SYUDm/q0jEyjceHz+ktU5ozM7T8ljEvW
+qaOHnJdu7Cf06TiXRs8CQGMP4OjEfVMq+JxG5puFaa8e1fbSjiTP4EsUgRcE1Bzj
+UqT7VwOrJZXFTYK7Z9ZyG7z03WpVeucertzdRNNby9A=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD
+VQQDEwxDZXJ0IENoYWluIDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK9m
+4MEu+XXtCyezOskdnzkh+RTuHKTuw/AkpsdD3fkD0EQB5RnpeyZlPD09mrlpKgBG
+DssgmMadN34MkKbXsFQrS/M+mxkzoTTrYuO5u/7MyjrZ/HEKZe8w8/QbVfCLuRLY
+UCUlrF1jn9HFIfJaBLEqNKASYA+KPquih+Vb1ki/AgMBAAGgADANBgkqhkiG9w0B
+AQUFAAOBgQBOhSWuteVBcr9zMnKrrNFAGKZJ4TBgqfPP5zjIoDnk8vE+7B0gUot3
+sp+sUkA03izQ5Ctx8Rdd9D4P752f2XEk+lEftnOokLcZu6EXgVtYh1aHqTFqyzK+
+3Ap/3yYmdC0KBbzIF7fDS/vTGJLlkEu5WpswNxfEvPEs7z9T6hdtXg==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 50 (0x32)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 4
+ Validity
+ Not Before: Mar 24 07:09:48 2009 GMT
+ Not After : Mar 24 07:09:48 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 5
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:af:66:e0:c1:2e:f9:75:ed:0b:27:b3:3a:c9:1d:
+ 9f:39:21:f9:14:ee:1c:a4:ee:c3:f0:24:a6:c7:43:
+ dd:f9:03:d0:44:01:e5:19:e9:7b:26:65:3c:3d:3d:
+ 9a:b9:69:2a:00:46:0e:cb:20:98:c6:9d:37:7e:0c:
+ 90:a6:d7:b0:54:2b:4b:f3:3e:9b:19:33:a1:34:eb:
+ 62:e3:b9:bb:fe:cc:ca:3a:d9:fc:71:0a:65:ef:30:
+ f3:f4:1b:55:f0:8b:b9:12:d8:50:25:25:ac:5d:63:
+ 9f:d1:c5:21:f2:5a:04:b1:2a:34:a0:12:60:0f:8a:
+ 3e:ab:a2:87:e5:5b:d6:48:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 9f:b3:eb:f1:0b:e7:fa:c3:f0:6a:3b:ba:67:c3:ae:48:51:63:
+ 2c:7a:b9:c7:cd:d9:92:46:75:40:a5:a2:d6:ba:8e:a1:cb:c7:
+ fd:5d:98:f7:2a:e5:0a:06:49:42:8a:e0:09:b1:eb:18:9c:c9:
+ 1b:e5:d1:4f:a0:0a:a6:14:68:54:7a:b7:9b:f6:44:c5:d8:a1:
+ 21:99:c9:49:db:64:a5:53:48:5f:b6:d3:ba:fa:73:67:10:10:
+ 5e:12:45:f8:27:a8:e0:fb:7c:16:73:fb:98:e1:3e:35:f3:de:
+ 7c:b7:1c:42:2d:d2:9b:8e:03:f5:5f:c7:2f:51:b1:ff:73:45:
+ d2:70
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBMjANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
+A1UEAxMMQ2VydCBDaGFpbiA0MB4XDTA5MDMyNDA3MDk0OFoXDTEwMDMyNDA3MDk0
+OFowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNTCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAr2bgwS75de0LJ7M6yR2fOSH5FO4cpO7D8CSmx0Pd
++QPQRAHlGel7JmU8PT2auWkqAEYOyyCYxp03fgyQptewVCtL8z6bGTOhNOti47m7
+/szKOtn8cQpl7zDz9BtV8Iu5EthQJSWsXWOf0cUh8loEsSo0oBJgD4o+q6KH5VvW
+SL8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAn7Pr8Qvn+sPwaju6
+Z8OuSFFjLHq5x83ZkkZ1QKWi1rqOocvH/V2Y9yrlCgZJQorgCbHrGJzJG+XRT6AK
+phRoVHq3m/ZExdihIZnJSdtkpVNIX7bTuvpzZxAQXhJF+Ceo4Pt8FnP7mOE+NfPe
+fLccQi3Sm44D9V/HL1Gx/3NF0nA=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCvZuDBLvl17QsnszrJHZ85IfkU7hyk7sPwJKbHQ935A9BEAeUZ
+6XsmZTw9PZq5aSoARg7LIJjGnTd+DJCm17BUK0vzPpsZM6E062Ljubv+zMo62fxx
+CmXvMPP0G1Xwi7kS2FAlJaxdY5/RxSHyWgSxKjSgEmAPij6rooflW9ZIvwIDAQAB
+AoGAUnAV3nYHhSdeANC6JmAnv6B6Ax5OlC4sJSf0wt7g6vKh5fTGCsGzwb3+7AGS
+QOZueSZ0OYAejerCdBnPurrRAlZLifGptbvinAu9lRDpmaF2HUmQa4Dc0c+Y1Roa
+pzWnPzMWlBrhmWqmK/DwZNJ+Vusufv3yO8epjsOGCgUVUiECQQDnRPDf0KyJlzC5
+Xc9Dc3/pdn0D6La3IChyLiPo10rg5dBN/mTCnlPxnvauiTQkyPS7j+2n2oUKwcEE
+jVuwKf/ZAkEAwiiNEsejDkTLHIwDVkNa14+Glh3s0Ct5ajFv1HslQesKElMnjKVy
+ab7YAQBij9Ty24p3K6mdGWY5Nwe02JNGVwJBAK++OfU61AJyu/oBCaHOQWOeQP4Z
+d8/NRi8OVQd5o1MoEJVUPimOu2efTwHvDYruktt9UjH94p/8ALt+2DAUmnECQQCw
+EyhEdKlJYle0DsFj9Hcob2+FKaQ98H8OL8ETt43FJsqebay7HrsQbNLkrZ20hFCt
+ifeisBHZG9wdLK7zjTPHAkEAnGsXnM+YYDlm4OwChrpq0qcuud5uOgx4RuCniEol
+mij1xTDGrJGLEBkFhZ+KwOLoaM8m7javKXQejqTeE6E8Fg==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD
+VQQDEwxDZXJ0IENoYWluIDYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM4S
+INEUYAFHqkxmG0xPhy/sr/wRQb3ZmHq44d1Z0MCeQNK3i8eKZeoNDDbx5kVh3G8I
+J2LQeBsmcdT+C5/qhhtDxwjWxetbEcmLg46nBQ1cbM6rcOB9BeoGOfmMlFZWN2Kz
+GHe94VtToQdNx8zGTC7vqoMZtazjcisNcnoKyoFvAgMBAAGgADANBgkqhkiG9w0B
+AQUFAAOBgQAU4t4likO62t1Pvrg9g4o/bx9Z7ccdQyJSF3dG+gL1dJs71aas8hBV
+Z5tnuuX0VIw8Ze7pSqCltNJb1OKYT6XNrxipTWbqrJURVyLHXOPJiq7O3+Ug/8qP
+a155z1LbEabXHPjDzCZ3TXplWDgfEGfa3iA2DOQsxZlrRdqrcrskeA==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 51 (0x33)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 5
+ Validity
+ Not Before: Mar 24 07:09:51 2009 GMT
+ Not After : Mar 24 07:09:51 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 6
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ce:12:20:d1:14:60:01:47:aa:4c:66:1b:4c:4f:
+ 87:2f:ec:af:fc:11:41:bd:d9:98:7a:b8:e1:dd:59:
+ d0:c0:9e:40:d2:b7:8b:c7:8a:65:ea:0d:0c:36:f1:
+ e6:45:61:dc:6f:08:27:62:d0:78:1b:26:71:d4:fe:
+ 0b:9f:ea:86:1b:43:c7:08:d6:c5:eb:5b:11:c9:8b:
+ 83:8e:a7:05:0d:5c:6c:ce:ab:70:e0:7d:05:ea:06:
+ 39:f9:8c:94:56:56:37:62:b3:18:77:bd:e1:5b:53:
+ a1:07:4d:c7:cc:c6:4c:2e:ef:aa:83:19:b5:ac:e3:
+ 72:2b:0d:72:7a:0a:ca:81:6f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 47:f3:03:ee:f0:fe:31:bb:01:47:ca:0e:69:65:a2:f8:4a:6f:
+ ca:6c:86:80:42:e3:87:49:22:b9:15:f0:da:b6:ca:d9:8b:7f:
+ f9:38:c0:72:d0:d1:b3:44:8d:95:5e:ab:e7:ad:37:34:ba:8b:
+ 2f:11:64:b5:20:09:70:fe:cf:6d:3e:d3:7f:f7:f1:ae:31:74:
+ aa:ae:a7:0b:65:4e:e0:0b:80:87:25:d0:0c:bc:db:f5:ac:0c:
+ 18:8e:4b:c2:42:88:e6:29:4f:2e:6e:df:72:f4:2f:27:39:b8:
+ e4:dc:64:1a:d7:c8:f3:f8:42:53:60:53:24:d7:38:75:50:bc:
+ d1:30
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBMzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
+A1UEAxMMQ2VydCBDaGFpbiA1MB4XDTA5MDMyNDA3MDk1MVoXDTEwMDMyNDA3MDk1
+MVowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNjCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAzhIg0RRgAUeqTGYbTE+HL+yv/BFBvdmYerjh3VnQ
+wJ5A0reLx4pl6g0MNvHmRWHcbwgnYtB4GyZx1P4Ln+qGG0PHCNbF61sRyYuDjqcF
+DVxszqtw4H0F6gY5+YyUVlY3YrMYd73hW1OhB03HzMZMLu+qgxm1rONyKw1yegrK
+gW8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAR/MD7vD+MbsBR8oO
+aWWi+EpvymyGgELjh0kiuRXw2rbK2Yt/+TjActDRs0SNlV6r5603NLqLLxFktSAJ
+cP7PbT7Tf/fxrjF0qq6nC2VO4AuAhyXQDLzb9awMGI5LwkKI5ilPLm7fcvQvJzm4
+5NxkGtfI8/hCU2BTJNc4dVC80TA=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDOEiDRFGABR6pMZhtMT4cv7K/8EUG92Zh6uOHdWdDAnkDSt4vH
+imXqDQw28eZFYdxvCCdi0HgbJnHU/guf6oYbQ8cI1sXrWxHJi4OOpwUNXGzOq3Dg
+fQXqBjn5jJRWVjdisxh3veFbU6EHTcfMxkwu76qDGbWs43IrDXJ6CsqBbwIDAQAB
+AoGAWzE2iI/ltGtMd6av6eM/xfuOHZRdbXB/w79RZK08biEaOqWzG8ipNRw1DZOa
+/ZVDAXewRlBO9mTa9xC9gDU+xsKywipWyRPnv5Yy7qfT+NP/JZCvwlL7qhqtHXzt
+KPpJ5GRxcJ+o05CartwA7fCXdv9T/qF02O2nZxCIYOpFRwECQQDqMoXwT37xvE5/
+/efvGAlBQGCj02YdjBxWRwx5iq1HeU5H4tqTKrfUWyI1m3cZFXUzjz0iH/SoK2jL
+7IwMwl9BAkEA4UFIcDVADwJMuLPqKuIDB49rXY+BO9mno9hfgcZ4Y/fWZcF+lJtR
+Mw8H+PsCkObu603wxiQGWIsyZPorDTZkrwJAU7S7Kqk/NieX5ydZPpvYsvnPkL5+
+QRFTD4NVchue020IDamHdhJOohfwojhu2QhSW5tWvlutlm3thvWFGQpgAQJBAIHz
+uMfLYM6H5B025qSgyWCmNCnA7azKr/VNkiP7jV8XD2CbFdzEEj9jr5TLszpHkJS9
+3WdiRyrz+znYPdgchk8CQQCzC1Z/NbGXu7H/OjsMD6SNgpZDmqctdXjn6jKjZr7c
+vtyoo2WkJtkREWzWPd+pEDxJCsAuxMCtVifJYLkMCa+w
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD
+VQQDEwxDZXJ0IENoYWluIDcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANXC
+GPP8CjxO9yvG/R/XE7s1dG7KXasJZyHQ7afomX55UrgyPStfG3gOqiu25wPs9X60
+VDuH2QIex+YEzyd7NuYvjo6U91vGblEs3hfaBEXqMdCVxFA8Fo4hx/AOtYbIWEim
+DU2ipoyBemeJQ1YcyuNpiggFV7dtA8IEr3th7oQnAgMBAAGgADANBgkqhkiG9w0B
+AQUFAAOBgQCkBxeKgQYEaocFnvlHiM94YS7cJB31E8mnIinvB+HgxdkPxgxwMD70
+iq/EcsRXOLVk07i5C5jJ0kygnBhDnIUooTlRf9dNa8yzqlJrnbsU9bkF7d0KziBu
+iFxR4uNjdPPVYg8Ah4V96DjivKlsLotpOMS7cbhOaCT7YG8hH8YXpw==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 52 (0x34)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 6
+ Validity
+ Not Before: Mar 24 07:09:53 2009 GMT
+ Not After : Mar 24 07:09:53 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 7
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d5:c2:18:f3:fc:0a:3c:4e:f7:2b:c6:fd:1f:d7:
+ 13:bb:35:74:6e:ca:5d:ab:09:67:21:d0:ed:a7:e8:
+ 99:7e:79:52:b8:32:3d:2b:5f:1b:78:0e:aa:2b:b6:
+ e7:03:ec:f5:7e:b4:54:3b:87:d9:02:1e:c7:e6:04:
+ cf:27:7b:36:e6:2f:8e:8e:94:f7:5b:c6:6e:51:2c:
+ de:17:da:04:45:ea:31:d0:95:c4:50:3c:16:8e:21:
+ c7:f0:0e:b5:86:c8:58:48:a6:0d:4d:a2:a6:8c:81:
+ 7a:67:89:43:56:1c:ca:e3:69:8a:08:05:57:b7:6d:
+ 03:c2:04:af:7b:61:ee:84:27
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 49:e7:f8:dc:ad:06:43:cb:d8:67:e6:e7:c0:7e:dd:a8:21:cd:
+ b9:53:a8:d8:7a:24:df:dc:9c:bb:55:1d:d8:ca:44:0b:0f:fb:
+ f8:db:61:2a:97:79:21:e6:96:2a:8c:76:c4:eb:ad:77:45:53:
+ f5:e2:de:29:7d:29:88:3a:d4:a3:a8:5a:dc:37:24:43:d1:57:
+ a5:5b:0b:3e:05:2d:0a:1a:0e:18:37:50:cc:36:54:85:37:28:
+ 50:c8:61:c7:94:48:a0:60:ab:68:b0:b2:a8:61:14:5e:4a:dd:
+ 04:8a:1a:69:01:45:e2:c6:e2:cb:15:e6:01:49:98:3c:5a:5d:
+ 2a:d4
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBNDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
+A1UEAxMMQ2VydCBDaGFpbiA2MB4XDTA5MDMyNDA3MDk1M1oXDTEwMDMyNDA3MDk1
+M1owUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNzCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEA1cIY8/wKPE73K8b9H9cTuzV0bspdqwlnIdDtp+iZ
+fnlSuDI9K18beA6qK7bnA+z1frRUO4fZAh7H5gTPJ3s25i+OjpT3W8ZuUSzeF9oE
+Reox0JXEUDwWjiHH8A61hshYSKYNTaKmjIF6Z4lDVhzK42mKCAVXt20DwgSve2Hu
+hCcCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEASef43K0GQ8vYZ+bn
+wH7dqCHNuVOo2Hok39ycu1Ud2MpECw/7+NthKpd5IeaWKox2xOutd0VT9eLeKX0p
+iDrUo6ha3DckQ9FXpVsLPgUtChoOGDdQzDZUhTcoUMhhx5RIoGCraLCyqGEUXkrd
+BIoaaQFF4sbiyxXmAUmYPFpdKtQ=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDVwhjz/Ao8Tvcrxv0f1xO7NXRuyl2rCWch0O2n6Jl+eVK4Mj0r
+Xxt4DqortucD7PV+tFQ7h9kCHsfmBM8nezbmL46OlPdbxm5RLN4X2gRF6jHQlcRQ
+PBaOIcfwDrWGyFhIpg1NoqaMgXpniUNWHMrjaYoIBVe3bQPCBK97Ye6EJwIDAQAB
+AoGAb2ARplalcqTmTm4BB20F/94rS2qvgWWF0e3NVlZwW6CVRBoRGx8T7eseKWbE
+WZxGkX0eAmKW5G7rUuMgmH6vrC2NjFBNvfMLPK3kVxhQVx3Rwu9nN2/u2olzBcMt
+epGj0Yyu7kRHol/ld1+DmoBUOYb6BlOpDyGWdFFa4eW1IhECQQD8s/SXIMXIHBF8
+tUd7rPXm6e96php4M2jaY1ezB5MO7laNivcCioIHihWgEY+BrzuH8moeJbLL1TtJ
+KhzysxmPAkEA2IwQYLVOCfKegG7yzgkbrrzwdWNi0i6P2LAl96kFWzf6DcUTuHun
+GYGMv1yCMj/jzZ+k0VTMWETgJKRzFZUv6QJBAKlxYQgVCYlsiK0+QHhFOX1kTxfG
+WOlQT3ZgNmXtJkZUueSe0ZH6ncXAaU+zdq5WeWxmt5EPZhwXFnGws0hpnzECQQCL
+QIbHqc+lVf/XV4GMPQ8wLw/ybRb/UjHuhlfkCy0Gm9iRQkqMN/gcztJTvIl9BtjX
+QfIbKwy9No1tAtN+7ZEBAkEA8T3mn9G2pTg/49iBP0TW1fJBsdacWj8ZK1D3egto
+JR7qKqVyQTifeJpeATTX/vvuTu0ikbshLotT/UBGy8dBtw==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD
+VQQDEwxDZXJ0IENoYWluIDgwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOTg
+xNyGAJRpsdWIcsjCUsBWYg72gKLvjmj52tmFAVkEXvf8Ixbc/y1SCoyBlvokHUuJ
+YCwlGutOpiHFH1uH1mWM1+GiVWd+AXwohNcjVvT44ZykH3T+a8AUzP0Fe7r2sOP1
+fkbOcDlck0MB+K04pgxxYJ4LDb9CbNOeIUxV7XRzAgMBAAGgADANBgkqhkiG9w0B
+AQUFAAOBgQC8LTrpUri6N2x1c8Dyrge+RTsYHP4XjtXX3tSx6A0I58t2MvoXBzPA
+pnpu2X3Y14xxoGZc0zs12d32mnHmwHzH4iQpb0VvYWstrtX13sjMQc0M9K4M61Me
+I3iWynn5mZbqAwZDEv57uXLJuzOmcMQ3BHe2bOpiVKUA3z7uDzR8vw==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 53 (0x35)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 7
+ Validity
+ Not Before: Mar 24 07:09:54 2009 GMT
+ Not After : Mar 24 07:09:54 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 8
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e4:e0:c4:dc:86:00:94:69:b1:d5:88:72:c8:c2:
+ 52:c0:56:62:0e:f6:80:a2:ef:8e:68:f9:da:d9:85:
+ 01:59:04:5e:f7:fc:23:16:dc:ff:2d:52:0a:8c:81:
+ 96:fa:24:1d:4b:89:60:2c:25:1a:eb:4e:a6:21:c5:
+ 1f:5b:87:d6:65:8c:d7:e1:a2:55:67:7e:01:7c:28:
+ 84:d7:23:56:f4:f8:e1:9c:a4:1f:74:fe:6b:c0:14:
+ cc:fd:05:7b:ba:f6:b0:e3:f5:7e:46:ce:70:39:5c:
+ 93:43:01:f8:ad:38:a6:0c:71:60:9e:0b:0d:bf:42:
+ 6c:d3:9e:21:4c:55:ed:74:73
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ be:aa:0c:d9:b6:cc:d6:e1:47:ca:cb:6a:36:5e:67:43:f6:8e:
+ ab:d9:2a:5c:9d:e0:74:f5:55:70:80:8e:2f:f8:16:4c:2d:4c:
+ 9c:94:80:6b:6b:c0:7a:e4:0f:f4:60:64:10:ba:93:f5:2a:39:
+ 0f:5f:06:8a:d4:75:5b:b2:c4:92:25:ad:21:fa:98:75:54:48:
+ b5:d6:80:c6:9d:96:af:bf:fd:f4:57:80:cf:03:5c:dc:2b:b3:
+ f6:a2:7a:8e:8d:a5:01:92:53:e4:b7:77:99:1b:71:04:97:66:
+ 57:a1:28:9d:3b:f8:ac:2e:15:18:17:2e:5d:0b:47:49:3b:65:
+ 88:fc
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBNTANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
+A1UEAxMMQ2VydCBDaGFpbiA3MB4XDTA5MDMyNDA3MDk1NFoXDTEwMDMyNDA3MDk1
+NFowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gODCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEA5ODE3IYAlGmx1YhyyMJSwFZiDvaAou+OaPna2YUB
+WQRe9/wjFtz/LVIKjIGW+iQdS4lgLCUa606mIcUfW4fWZYzX4aJVZ34BfCiE1yNW
+9PjhnKQfdP5rwBTM/QV7uvaw4/V+Rs5wOVyTQwH4rTimDHFgngsNv0Js054hTFXt
+dHMCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAvqoM2bbM1uFHystq
+Nl5nQ/aOq9kqXJ3gdPVVcICOL/gWTC1MnJSAa2vAeuQP9GBkELqT9So5D18GitR1
+W7LEkiWtIfqYdVRItdaAxp2Wr7/99FeAzwNc3Cuz9qJ6jo2lAZJT5Ld3mRtxBJdm
+V6EonTv4rC4VGBcuXQtHSTtliPw=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDk4MTchgCUabHViHLIwlLAVmIO9oCi745o+drZhQFZBF73/CMW
+3P8tUgqMgZb6JB1LiWAsJRrrTqYhxR9bh9ZljNfholVnfgF8KITXI1b0+OGcpB90
+/mvAFMz9BXu69rDj9X5GznA5XJNDAfitOKYMcWCeCw2/QmzTniFMVe10cwIDAQAB
+AoGALlxlI/I0zds2/XTdI1NRZcpZpIRD/D0gEJ2DugnaAwkCn6LADNKJEcoLfviE
+93g3QuS5yVdew4kz16VRO74hLCCjm7M++isvLhljozWAotBVfllQ8g9HcCuG551y
+y2vTDbrKUfeNUELBd2DKjYMN4K3gJRzPcjh6eQvZ238fl8ECQQD6cRMUPzdKLwQp
+dlTQ5dBeLJ14cn9zoFkBkgoF1JGXtDxhs+5elZQPS+skPoDy+ergjOMN8ixSaQ6T
+FJ/X73STAkEA6fUtQ2x/Q+YJcoRr5EEKqtyEPIZEeACAzRdxps1PAI++vafjk3x2
+5v/pTcpAEMSRzjZtlQTqC+fkx2vMANDMoQJAMPx7IeO3meAWbVHDB1Vca39Ike27
+dk9v+XmqUjeg/s53XRkH0CJr4o4UAXPkXyJ5SdDk/K5Y8wmvmx9WoLMq1wJBAMKy
+SX/Bq8tKhXQqpUrnocP9DYL8zb/70zRaHTeNxgAWn8pfDDFxs9WbBIG7HUOXAivU
++a64zzknOymGGNhY6uECQE+NCMEicPRY8yNuNX2Ygr0Uxwbb0we55N8GA24Prkrl
+crhKfL6y0MdsHAgnIRaGV2+mpehS9TbVlx31AdFrugE=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD
+VQQDEwxDZXJ0IENoYWluIDkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHI
+MkJfqFOzIqNYmnwe/jMSZFw+RRhbI6x5Q0XXZG985KOVXPnhxLFjQ5x+EIGqf961
+t4WmtWA5JSJIZMVUGm6xIpDzjBeFwr4cgaqmexS0ehOylHJC73fMMKTIXICyRy73
+21PqrmNaGSAwK/HQow4NTMDJfpu1C9tRaucOdGnvAgMBAAGgADANBgkqhkiG9w0B
+AQUFAAOBgQDfGF6773CFR6nLxqZl91TH8JViLLsQgN3JSMh9e71JJrjVN/pg8XHy
+FyR2cFwubPkDwtIrb5EBtPqH7iNHymDwjqD2wpICNKZ+n/4KNjJ4mNP3bYj951/9
+KndQJfEViEKfsMM/aRDcKQMxHyAB17nmu0hsJs2rFhVutgAWfv1HQw==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 54 (0x36)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 8
+ Validity
+ Not Before: Mar 24 07:09:55 2009 GMT
+ Not After : Mar 24 07:09:55 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 9
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e1:c8:32:42:5f:a8:53:b3:22:a3:58:9a:7c:1e:
+ fe:33:12:64:5c:3e:45:18:5b:23:ac:79:43:45:d7:
+ 64:6f:7c:e4:a3:95:5c:f9:e1:c4:b1:63:43:9c:7e:
+ 10:81:aa:7f:de:b5:b7:85:a6:b5:60:39:25:22:48:
+ 64:c5:54:1a:6e:b1:22:90:f3:8c:17:85:c2:be:1c:
+ 81:aa:a6:7b:14:b4:7a:13:b2:94:72:42:ef:77:cc:
+ 30:a4:c8:5c:80:b2:47:2e:f7:db:53:ea:ae:63:5a:
+ 19:20:30:2b:f1:d0:a3:0e:0d:4c:c0:c9:7e:9b:b5:
+ 0b:db:51:6a:e7:0e:74:69:ef
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ d9:93:84:69:52:8d:5a:7e:c4:b7:04:54:a0:47:32:04:c7:be:
+ 7b:94:1b:f9:b6:c5:88:84:a1:b4:22:4f:3b:28:ae:29:90:f1:
+ e4:25:f0:b9:e6:a0:dd:0e:0c:15:a9:6c:e4:8a:fa:a0:42:a7:
+ f9:4e:b7:0b:53:c1:ab:cb:a7:83:4c:0b:03:f0:64:95:75:5f:
+ 09:dc:2c:a2:19:d6:51:e8:e4:86:7f:50:60:69:01:64:a5:fd:
+ 0c:bb:0e:a0:cb:63:9c:b5:2c:22:63:f6:a4:e2:b1:9b:62:a5:
+ 8c:c7:e5:a3:93:d8:18:6a:f2:95:b6:53:6a:8d:be:b0:ce:fa:
+ e9:71
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBNjANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
+A1UEAxMMQ2VydCBDaGFpbiA4MB4XDTA5MDMyNDA3MDk1NVoXDTEwMDMyNDA3MDk1
+NVowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gOTCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEA4cgyQl+oU7Mio1iafB7+MxJkXD5FGFsjrHlDRddk
+b3zko5Vc+eHEsWNDnH4Qgap/3rW3haa1YDklIkhkxVQabrEikPOMF4XCvhyBqqZ7
+FLR6E7KUckLvd8wwpMhcgLJHLvfbU+quY1oZIDAr8dCjDg1MwMl+m7UL21Fq5w50
+ae8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEA2ZOEaVKNWn7EtwRU
+oEcyBMe+e5Qb+bbFiIShtCJPOyiuKZDx5CXwueag3Q4MFals5Ir6oEKn+U63C1PB
+q8ung0wLA/BklXVfCdwsohnWUejkhn9QYGkBZKX9DLsOoMtjnLUsImP2pOKxm2Kl
+jMflo5PYGGrylbZTao2+sM766XE=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDhyDJCX6hTsyKjWJp8Hv4zEmRcPkUYWyOseUNF12RvfOSjlVz5
+4cSxY0OcfhCBqn/etbeFprVgOSUiSGTFVBpusSKQ84wXhcK+HIGqpnsUtHoTspRy
+Qu93zDCkyFyAskcu99tT6q5jWhkgMCvx0KMODUzAyX6btQvbUWrnDnRp7wIDAQAB
+AoGABu56fIcrR8aMHa+urnjVHQRHiH1w6ZqCsdzXL+G496NB8bO4MwO3YirF/Jvy
+LcjqPBAgHj5L+zRF65OFZHl8hjKtKxeRvZcFe2XhUwPCN/HJv6OPUSUSIGMxL+XL
+4G62lt1tFHVZRjy9mLyqOg2SNwun6c3+dOySdvDY6vixxgECQQD32q9mwkHx8NqQ
+2GTGWRNgIDsCR9bnmy1gGKxzKhQLdg0cNwmQrfTCgHXwfeBUr1eSXW6RqTx/WGlA
+LqFdyiTBAkEA6TPOoAW+EaXPxx21MmzbqqgK6GqLh7NHM2Z2rkqR++933jGJqS1F
+nr4jmWLoSQX017IPz/mlDxlL++CvWIXKrwJAHXMbgj80rLWskqdTmgm9dp99w3Cb
+xVs30gI8g1aNmSsGtcKIXWt9+Jpg6RlbzVQkOJznZWFRceQkZV7lB4rcQQJARfTw
+qziNyCWBqy3SSYo2a391pjswGElDtruqJqbgHD++Kb2amlGmbPSFIWJ2ZFGRHZOh
+ArbVOS5RiQHiGCAqqQJBAMIp5kevQOAr/xYC8BLB6SD7XtfLKTJnZSHy7pWy6xeJ
+ffn7QLqwUWMcyrvja+CQgBTKx7u8/MKLSgqohWguWEM=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD
+VQQDExNDZXJ0IENoYWluIE5vIEFJQSAxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDNNrJ+X/+2VFhuPKiMLMA1EN/YFIpD6iI8mddzEatkxkmVWdfEZNmjoPlo
+i93iobvhqujqrkZx+Fw1s6wS59dBPUU0P240jkFfvD4QUjMuR4uI1OjMXXtmldUN
+jB+R6YXfoGhAgZeR8IonaQZDe1Lqcn4boiYu8eKSwq8bJ8FskwIDAQABoAAwDQYJ
+KoZIhvcNAQEFBQADgYEAzALn2w53TUTmfkTbyT5GUpxkB8qi07U9R1WrQf0qRLT4
+0NPdNJaZTS3QoqJAcXXcfpMxdcTO+qgQbESu/StvBlnN6Y5CWIZhy/yL0jg/Fwrb
+dAlIIVfbgcHpjTwMNdPyMfHy96AgOH8QAKXSwojzadpt4dSh9rSWP2GTKSdS+NQ=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 49 (0x31)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 24 07:21:43 2009 GMT
+ Not After : Mar 24 07:21:43 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:cd:36:b2:7e:5f:ff:b6:54:58:6e:3c:a8:8c:2c:
+ c0:35:10:df:d8:14:8a:43:ea:22:3c:99:d7:73:11:
+ ab:64:c6:49:95:59:d7:c4:64:d9:a3:a0:f9:68:8b:
+ dd:e2:a1:bb:e1:aa:e8:ea:ae:46:71:f8:5c:35:b3:
+ ac:12:e7:d7:41:3d:45:34:3f:6e:34:8e:41:5f:bc:
+ 3e:10:52:33:2e:47:8b:88:d4:e8:cc:5d:7b:66:95:
+ d5:0d:8c:1f:91:e9:85:df:a0:68:40:81:97:91:f0:
+ 8a:27:69:06:43:7b:52:ea:72:7e:1b:a2:26:2e:f1:
+ e2:92:c2:af:1b:27:c1:6c:93
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 06:45:50:fc:2e:79:07:60:e0:bb:b7:f5:31:31:b5:86:e5:22:
+ 63:6e:69:ee:81:4e:6e:c1:7c:ae:14:8f:78:74:1a:c6:c2:d7:
+ 23:4f:e4:c7:5c:23:a6:74:0f:49:d3:c5:13:2d:93:b1:80:d9:
+ b3:e7:51:ac:44:37:08:56:e3:9a:a9:aa:45:47:a0:39:de:a4:
+ cf:f0:1f:06:2c:a1:f4:ff:db:74:00:e6:eb:bf:ed:3c:10:69:
+ 8a:f5:96:93:71:08:c2:91:92:f4:8f:f5:f8:3c:41:68:6a:b1:
+ 71:19:a7:45:fc:72:32:6c:49:35:18:ac:fa:9b:f1:47:46:d6:
+ b5:50:83:83:e1:cb:6d:88:73:63:bc:b7:19:29:2f:47:ea:78:
+ a3:28:77:41:c7:7d:36:d9:69:17:b3:b2:60:04:dc:b4:30:a3:
+ 86:a4:99:80:0f:5e:0c:70:54:aa:92:bc:1c:4c:70:9e:0a:63:
+ 73:26:53:8a:31:5f:aa:12:aa:c1:62:88:0a:24:0e:77:44:85:
+ 12:3c:86:47:81:3a:52:dd:21:ca:58:1d:16:08:02:af:c0:58:
+ 39:1e:31:52:ed:d5:16:08:2a:2d:3d:40:01:7c:f1:69:13:a0:
+ 5e:e5:cd:6f:d6:4a:62:68:7d:15:db:a7:c2:fd:b3:ac:34:c9:
+ ed:32:a8:2d:3b:6d:c7:aa:0b:91:a5:11:48:d2:25:4d:74:f6:
+ d0:82:1a:6a:4c:e8:10:73:8e:d4:11:45:18:f8:62:4f:c5:3b:
+ ac:16:0f:ad:6e:21:86:16:f8:49:e7:b9:f9:41:64:5e:dc:0b:
+ 35:0b:d5:b1:46:84:ae:62:99:69:2f:77:db:73:25:18:f9:24:
+ 92:ff:05:23:6d:53:82:16:ec:0e:ae:e5:a9:07:10:95:f5:09:
+ 99:d4:82:8c:e9:2c:bf:88:48:92:3f:74:b6:e6:6d:e1:f5:8c:
+ 37:d7:81:d0:31:e0:85:e0:5a:97:39:bb:29:e7:97:9f:d5:eb:
+ ac:6f:fd:bf:80:24:e5:cc:4e:c8:5f:dc:aa:51:7d:25:6e:7e:
+ 83:d5:d6:cf:1c:8a:3d:fa:db:e6:c1:b6:1c:ef:34:4f:1e:51:
+ 1c:2b:ae:c9:b5:36:93:c4:ec:04:0f:78:19:0f:f2:0b:c0:78:
+ f2:18:3c:2f:b2:f7:07:58:7b:3b:11:fa:4d:50:e2:95:01:63:
+ cb:84:02:95:08:4c:87:38:14:50:23:9e:81:3e:0a:95:a6:ab:
+ d0:26:3e:75:cd:d8:4c:f3:5a:40:71:b9:07:41:3b:2f:4f:f1:
+ 11:fa:e3:dc:07:c9:b5:b1:a9:9c:11:b5:07:cc:40:f0:53:5d:
+ 8f:8e:21:89:1b:ca:f8:60
+-----BEGIN CERTIFICATE-----
+MIID4TCCAcmgAwIBAgIBMTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMyNDA3MjE0M1oXDTEw
+MDMyNDA3MjE0M1owWDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xHDAaBgNVBAMTE0NlcnQgQ2hhaW4gTm8g
+QUlBIDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM02sn5f/7ZUWG48qIws
+wDUQ39gUikPqIjyZ13MRq2TGSZVZ18Rk2aOg+WiL3eKhu+Gq6OquRnH4XDWzrBLn
+10E9RTQ/bjSOQV+8PhBSMy5Hi4jU6Mxde2aV1Q2MH5Hphd+gaECBl5HwiidpBkN7
+UupyfhuiJi7x4pLCrxsnwWyTAgMBAAGjODA2MDQGCCsGAQUFBwEBBCgwJjAkBggr
+BgEFBQcwAYYYaHR0cDovLzEyNy4wLjAuMTo4OS8wMDAyMA0GCSqGSIb3DQEBBQUA
+A4ICAQAGRVD8LnkHYOC7t/UxMbWG5SJjbmnugU5uwXyuFI94dBrGwtcjT+THXCOm
+dA9J08UTLZOxgNmz51GsRDcIVuOaqapFR6A53qTP8B8GLKH0/9t0AObrv+08EGmK
+9ZaTcQjCkZL0j/X4PEFoarFxGadF/HIybEk1GKz6m/FHRta1UIOD4cttiHNjvLcZ
+KS9H6nijKHdBx3022WkXs7JgBNy0MKOGpJmAD14McFSqkrwcTHCeCmNzJlOKMV+q
+EqrBYogKJA53RIUSPIZHgTpS3SHKWB0WCAKvwFg5HjFS7dUWCCotPUABfPFpE6Be
+5c1v1kpiaH0V26fC/bOsNMntMqgtO23HqguRpRFI0iVNdPbQghpqTOgQc47UEUUY
++GJPxTusFg+tbiGGFvhJ57n5QWRe3As1C9WxRoSuYplpL3fbcyUY+SSS/wUjbVOC
+FuwOruWpBxCV9QmZ1IKM6Sy/iEiSP3S25m3h9Yw314HQMeCF4FqXObsp55ef1eus
+b/2/gCTlzE7IX9yqUX0lbn6D1dbPHIo9+tvmwbYc7zRPHlEcK67JtTaTxOwED3gZ
+D/ILwHjyGDwvsvcHWHs7EfpNUOKVAWPLhAKVCEyHOBRQI56BPgqVpqvQJj51zdhM
+81pAcbkHQTsvT/ER+uPcB8m1samcEbUHzEDwU12PjiGJG8r4YA==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDNNrJ+X/+2VFhuPKiMLMA1EN/YFIpD6iI8mddzEatkxkmVWdfE
+ZNmjoPloi93iobvhqujqrkZx+Fw1s6wS59dBPUU0P240jkFfvD4QUjMuR4uI1OjM
+XXtmldUNjB+R6YXfoGhAgZeR8IonaQZDe1Lqcn4boiYu8eKSwq8bJ8FskwIDAQAB
+AoGBAKtzAVm4FspcWa1wHFlQoh0zxfCf6IypNoVu+qP2pT2CtMOE1lIM+BBPU1DX
+WkAYZAI8anB3vf9GQrPTMvZwoFMub7ifTsgBe+gJzbWKpfuDYRmi8figArTopirg
+yphtF+wZd5x0Yas0Ak+mxfojUuWF9Scv2p3yiope5KYkC9/xAkEA/KqYc1ucAzsV
+qIfZDWv/971IcJacWFm+l1M/jZB62Cimtkyw4zvPV6O6QOOMqJMyBJPE7AWBEGBS
+G7kO6yqjhwJBAM/r01/KtZErJL/fZn+bXJxxYgIZ0oBqxEigcMLiRSjyDiVwyR4N
+0BeWrI0IoVQpJeWCq0uL/cKmA/oMcDtriZUCQCB4M9svPJ9VqnTb8FK/PEez9Wky
+kajw74M22YXxuTeqEbJ/rIOnHgAfNEI+e8b2E4lvC/Fgy7M1DZgucfJaqmUCQDb7
+4zr6zUclhKNk/aMTP8tzRHrPv1YMZfnay9cNpUJtuIX4LIdRGc2TH/Bv7tHly8rE
+4m2pCKNX6cdPUMK17n0CQBt2Y0RX3Q7OoJqzbi63JtP4eYwdaI28xnncPMhvwWji
+arwmzoNeD7T7tkOEZOC+rlhXZaeZLI6LYUyC5ouEn3M=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBrDCCARUCAQAwbDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMR0wGwYD
+VQQDExRDZXJ0IENoYWluIE5vIEFJQSAxMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEA3wcv7lR2SVKfFnoKOS9EbRdnymoM10LCRWD5t6Li6i9TFGkCVwZ+RLbH
+a59BuBwqF2s4pYnA7OJMwFmXbI0Xz+WGPTuxaZCA/oR7N065HV6Y/EY4x/EmJH16
+/PrXUVnRul8HhZ5D3/1uXzXIpP4kol6KuwG1XcXLDkD16UwLAEMCAwEAAaAAMA0G
+CSqGSIb3DQEBBQUAA4GBAC3Hy+pM3gfT72/XQizjzulBIwppfiqSKChXX+SmGIIL
+LDVcCXNQYvqvYJqXvNSHzZPy5sOdTPibkNU9nWj0jABa9PdhTmwDeb724HttVBvN
+7/h/hYaowlrxTgqJH/LzXjT2AGYGTixnuCphuom94tRnD2yWaKYAGq8xc/kOIkiZ
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 64 (0x40)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 9
+ Validity
+ Not Before: Mar 24 07:21:53 2009 GMT
+ Not After : Mar 24 07:21:53 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 10
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:df:07:2f:ee:54:76:49:52:9f:16:7a:0a:39:2f:
+ 44:6d:17:67:ca:6a:0c:d7:42:c2:45:60:f9:b7:a2:
+ e2:ea:2f:53:14:69:02:57:06:7e:44:b6:c7:6b:9f:
+ 41:b8:1c:2a:17:6b:38:a5:89:c0:ec:e2:4c:c0:59:
+ 97:6c:8d:17:cf:e5:86:3d:3b:b1:69:90:80:fe:84:
+ 7b:37:4e:b9:1d:5e:98:fc:46:38:c7:f1:26:24:7d:
+ 7a:fc:fa:d7:51:59:d1:ba:5f:07:85:9e:43:df:fd:
+ 6e:5f:35:c8:a4:fe:24:a2:5e:8a:bb:01:b5:5d:c5:
+ cb:0e:40:f5:e9:4c:0b:00:43
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 6f:3d:1c:f3:6a:7d:23:49:43:c3:dd:41:43:81:42:f4:60:bf:
+ 87:d4:5f:83:96:1c:6a:c3:06:28:e5:76:fb:5c:17:fc:60:1c:
+ 04:07:03:99:92:d4:01:ac:97:81:0c:2a:7c:67:18:88:60:88:
+ dc:a9:35:c1:89:75:d8:0b:0a:c3:ff:43:4a:5a:93:3a:d3:67:
+ b2:ce:8d:8a:8c:19:b5:23:b5:ed:b9:df:26:52:70:09:41:4e:
+ 68:1a:54:08:74:c8:ff:bf:03:70:f1:9b:ef:65:2e:e2:23:74:
+ 12:77:c4:25:de:fe:58:a9:a9:fa:d2:fb:4b:40:70:24:31:2b:
+ bc:64
+-----BEGIN CERTIFICATE-----
+MIICXzCCAcigAwIBAgIBQDANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
+A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgOTAeFw0wOTAzMjQwNzIxNTNaFw0xMDAz
+MjQwNzIxNTNaMFkxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
+FAYDVQQKEw1TYW1zdW5nIEVsZWMuMR0wGwYDVQQDExRDZXJ0IENoYWluIE5vIEFJ
+QSAxMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3wcv7lR2SVKfFnoKOS9E
+bRdnymoM10LCRWD5t6Li6i9TFGkCVwZ+RLbHa59BuBwqF2s4pYnA7OJMwFmXbI0X
+z+WGPTuxaZCA/oR7N065HV6Y/EY4x/EmJH16/PrXUVnRul8HhZ5D3/1uXzXIpP4k
+ol6KuwG1XcXLDkD16UwLAEMCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsG
+AQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQAD
+gYEAbz0c82p9I0lDw91BQ4FC9GC/h9Rfg5YcasMGKOV2+1wX/GAcBAcDmZLUAayX
+gQwqfGcYiGCI3Kk1wYl12AsKw/9DSlqTOtNnss6NiowZtSO17bnfJlJwCUFOaBpU
+CHTI/78DcPGb72Uu4iN0EnfEJd7+WKmp+tL7S0BwJDErvGQ=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDfBy/uVHZJUp8Wego5L0RtF2fKagzXQsJFYPm3ouLqL1MUaQJX
+Bn5Etsdrn0G4HCoXazilicDs4kzAWZdsjRfP5YY9O7FpkID+hHs3TrkdXpj8RjjH
+8SYkfXr8+tdRWdG6XweFnkPf/W5fNcik/iSiXoq7AbVdxcsOQPXpTAsAQwIDAQAB
+AoGBALSKYOaRQN/CHj5XtIbuGHonBEH670IiLJl1EzDwjrf8b0iKaPaBrx14yJ36
+YXzkb75dcZGvnZkk5/SdkdKxtJ93Y83Gan34fWXWZFurdBs6B26v4wVAaRYofR53
+/75CnfCDelDH5HgtHj8tw/F4zBIxC3r7CsFn04lKQM+mEd1hAkEA+rYoUSTA9RPB
+1Ki1gRiwph3Zan5Tsgt2qngWU0Ek/wsqKkwSeRgHZ5AkpsunKal7bGKMHA3yPo02
+E2EDEHLmTQJBAOO7ifiUoN88roep9pl0diYfLclTUakPViDlzIO7gulvNR0mq43D
+BH1JAUVMU19A8VbilKnUS2q6bqpqaCih6M8CQHUFnV/ypdY++JRIgx/U5G9FM3xP
+psVOMH91OgZ2O8yH65B+nYjEPICMeW8ZU9dQcnmurfNSVyX3R6xX9dQxrWkCQHLC
+1TqBm7gjmkgfbHfUap23ZJlp9WLeqaaWZ0OTQNtmATwZeqZLun1wRsWnOvRrg7Mn
+J4eVxhOYs6AJU0f2n50CQHfQU3xMJiTFfLvO8FV4fD39w141xYooC2glDWPFns+b
+v3Wkd9M6Nuv+gOB9vdG9I5+X9XSkKonkmcwU9Odjv8k=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD
+VQQDExNDZXJ0IENoYWluIE5vIEFJQSAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDTOaekGWEoNU/wm/C4jVXp2k01nj1swDCxi8BQpAhq1uP68/HLnxQutsvS
+Fz29izGOyJUT8PwDQjACmGzuKunBKp954Ak1p269cGKuCVNUqWI2I7cVmAHGxVJH
+oYzB3nxNhjjQEiRXdpm6HyNiIKV5EqKakLiqUJZZFu0pdJ1nUwIDAQABoAAwDQYJ
+KoZIhvcNAQEFBQADgYEAuEP1aoTsRfFjG8te5yZEEbD7I8uPVin7G0GUCxYE2oof
+p6C0vCW1CDvSJJ1vQJTF3v26PpKLROqpsiNKpr1uq/R12HanmTdBOgCb/2psEt5Q
+sljxJFtog+PwiGdVlUB0QIZDuUeJom/IvoQ3CxfjZsm9b98jtlCw9ccCJhTKtgI=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 56 (0x38)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 1
+ Validity
+ Not Before: Mar 24 07:21:45 2009 GMT
+ Not After : Mar 24 07:21:45 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d3:39:a7:a4:19:61:28:35:4f:f0:9b:f0:b8:8d:
+ 55:e9:da:4d:35:9e:3d:6c:c0:30:b1:8b:c0:50:a4:
+ 08:6a:d6:e3:fa:f3:f1:cb:9f:14:2e:b6:cb:d2:17:
+ 3d:bd:8b:31:8e:c8:95:13:f0:fc:03:42:30:02:98:
+ 6c:ee:2a:e9:c1:2a:9f:79:e0:09:35:a7:6e:bd:70:
+ 62:ae:09:53:54:a9:62:36:23:b7:15:98:01:c6:c5:
+ 52:47:a1:8c:c1:de:7c:4d:86:38:d0:12:24:57:76:
+ 99:ba:1f:23:62:20:a5:79:12:a2:9a:90:b8:aa:50:
+ 96:59:16:ed:29:74:9d:67:53
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 29:8e:68:80:e0:f2:ce:29:e5:70:95:67:0d:51:4a:a8:a0:9c:
+ 9f:4f:2f:3a:83:40:67:6e:01:cb:21:bf:4a:a7:16:3d:df:f8:
+ 2b:ca:6d:86:92:cc:46:99:99:b5:11:09:4d:25:c7:15:5f:64:
+ 66:1a:18:69:ce:37:86:96:ab:e6:2e:3d:63:a3:cf:14:91:3b:
+ 19:fc:79:a7:37:60:eb:51:12:3f:4d:3b:07:6c:0e:ae:69:2c:
+ 07:4d:6a:ca:5d:97:e5:f0:24:96:7e:fa:f3:83:ec:53:7a:b1:
+ 53:cb:42:c5:15:b0:04:9f:36:5c:d0:d5:92:49:38:e5:a5:ef:
+ 91:d2
+-----BEGIN CERTIFICATE-----
+MIICXjCCAcegAwIBAgIBODANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
+A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMTAeFw0wOTAzMjQwNzIxNDVaFw0xMDAz
+MjQwNzIxNDVaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
+FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
+QSAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTOaekGWEoNU/wm/C4jVXp
+2k01nj1swDCxi8BQpAhq1uP68/HLnxQutsvSFz29izGOyJUT8PwDQjACmGzuKunB
+Kp954Ak1p269cGKuCVNUqWI2I7cVmAHGxVJHoYzB3nxNhjjQEiRXdpm6HyNiIKV5
+EqKakLiqUJZZFu0pdJ1nUwIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
+BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
+gQApjmiA4PLOKeVwlWcNUUqooJyfTy86g0BnbgHLIb9KpxY93/grym2GksxGmZm1
+EQlNJccVX2RmGhhpzjeGlqvmLj1jo88UkTsZ/HmnN2DrURI/TTsHbA6uaSwHTWrK
+XZfl8CSWfvrzg+xTerFTy0LFFbAEnzZc0NWSSTjlpe+R0g==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDTOaekGWEoNU/wm/C4jVXp2k01nj1swDCxi8BQpAhq1uP68/HL
+nxQutsvSFz29izGOyJUT8PwDQjACmGzuKunBKp954Ak1p269cGKuCVNUqWI2I7cV
+mAHGxVJHoYzB3nxNhjjQEiRXdpm6HyNiIKV5EqKakLiqUJZZFu0pdJ1nUwIDAQAB
+AoGASSfMwe7wUWa1exXnN2Pr/4RV/V4C1Cl0M+m8/7DwIWCvsPjQI7/C07MHwInA
+HmeZEGS0DSYHgnFoA14bTBmcv2Jh+XJRsjN8Qari8gsfoC3+gTT1CuvrVxP55xM7
+w5c/hUKBIbhyAMHfcS/lqV+o+1ahxSMtbHWkKZYL/i3h/oECQQD/lt6wu0Ne2jwy
+iHchL6l+Sz5bMpW9Qx23WpwiGPOlh3YzwDZHZRNmkJbXI3sIXvC8mjSOhyxI33iB
+NlpoZEIhAkEA05CJc53tiIBqg4YzlxKw5u/oeR0qvGFJFP6D8UnRTSet0R/hnlAX
+VVns28irMOGZ3gRLskRxv0EMRoViO+Ji8wJBAJO3qYrxH/XRIZt/HYLznf0dFbP1
+n29cO+99keFvFFol2V39iCFpPHY5uMQsgG4NGQuYACoj26deaLIdLNFKqKECQD4A
+4ze+NipGMHFBeIczFCNqdkBgmvDAtlFv0i16C9xH37olVNM3986s3yz+n6VgyN53
+ddPWGVwK7VURrFuOmp8CQEEDc0bBtkJgXfObV2PYGJRVuGGP6S1RqL+7VNfmu5/+
+ZJAdwJZOdl3PDL8b9XNSgayuBCK6Wwt3GGzdtvqz76s=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD
+VQQDExNDZXJ0IENoYWluIE5vIEFJQSAzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCjhFcier8v7KbTxvLhFJKOnbFa8m+Zn1MI0fnvANqnLcNkbzHfTEkgBoiS
+18b/DJlJ0MVXu+qHTQasaDVqPiNs3S9OfPyc5tAdZeSHeX7ZwB7Ne/WBv3mK2G6U
+IvF5ptxS6u3m94YxXbc5/M1z7Q0f8sp5uiUe9LlsvCgIqUaqHQIDAQABoAAwDQYJ
+KoZIhvcNAQEFBQADgYEAKD2wV5jk1IjZY09e6qCrmlqDo0ma4FPHXXTkHHrah3qW
+ThqhAGLs6tukFkzqKiPRx9yxL8Pp+TtLtaPmLO+nX8QbEABXArgJIVrIeuPQPwbW
+L8OL2+glnnygdWD2yzNXSddn8k2HpZS1IWhjRg8vUTied9rhwzPq1N4uk79TQAU=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 57 (0x39)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 2
+ Validity
+ Not Before: Mar 24 07:21:47 2009 GMT
+ Not After : Mar 24 07:21:47 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 3
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:a3:84:57:22:7a:bf:2f:ec:a6:d3:c6:f2:e1:14:
+ 92:8e:9d:b1:5a:f2:6f:99:9f:53:08:d1:f9:ef:00:
+ da:a7:2d:c3:64:6f:31:df:4c:49:20:06:88:92:d7:
+ c6:ff:0c:99:49:d0:c5:57:bb:ea:87:4d:06:ac:68:
+ 35:6a:3e:23:6c:dd:2f:4e:7c:fc:9c:e6:d0:1d:65:
+ e4:87:79:7e:d9:c0:1e:cd:7b:f5:81:bf:79:8a:d8:
+ 6e:94:22:f1:79:a6:dc:52:ea:ed:e6:f7:86:31:5d:
+ b7:39:fc:cd:73:ed:0d:1f:f2:ca:79:ba:25:1e:f4:
+ b9:6c:bc:28:08:a9:46:aa:1d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 05:E8:B5:E4:89:7E:CD:72:28:E1:08:B5:B2:9F:8E:A2:13:2B:2C:A7
+ X509v3 Authority Key Identifier:
+ DirName:/C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 1
+ serial:38
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 36:e5:af:2d:c4:bd:c1:16:27:74:f0:0a:a5:12:4c:da:d6:e2:
+ 60:98:ee:3d:7a:d1:55:a0:ed:57:fd:6b:9b:fc:19:4b:f3:b2:
+ 41:19:a7:6c:f7:15:63:68:18:09:6d:db:23:f9:e1:2a:d6:75:
+ e5:18:46:2b:82:57:4e:1a:f8:03:fa:3d:7c:aa:70:8e:17:25:
+ c6:b2:ab:ca:94:90:fd:2a:69:53:f5:11:81:68:06:f8:2d:5d:
+ 92:39:b4:96:f0:d0:b5:03:c2:15:26:f4:e9:c0:9a:28:39:dd:
+ 67:ea:a6:9f:27:44:69:2e:95:e0:a1:03:f6:3c:a1:f7:92:f4:
+ a2:b8
+-----BEGIN CERTIFICATE-----
+MIIC7jCCAlegAwIBAgIBOTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
+A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMjAeFw0wOTAzMjQwNzIxNDdaFw0xMDAz
+MjQwNzIxNDdaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
+FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
+QSAzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjhFcier8v7KbTxvLhFJKO
+nbFa8m+Zn1MI0fnvANqnLcNkbzHfTEkgBoiS18b/DJlJ0MVXu+qHTQasaDVqPiNs
+3S9OfPyc5tAdZeSHeX7ZwB7Ne/WBv3mK2G6UIvF5ptxS6u3m94YxXbc5/M1z7Q0f
+8sp5uiUe9LlsvCgIqUaqHQIDAQABo4HHMIHEMAkGA1UdEwQCMAAwLAYJYIZIAYb4
+QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQF
+6LXkiX7NcijhCLWyn46iEysspzBqBgNVHSMEYzBhoVykWjBYMQswCQYDVQQGEwJL
+UjETMBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEc
+MBoGA1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMYIBODANBgkqhkiG9w0BAQUFAAOB
+gQA25a8txL3BFid08AqlEkza1uJgmO49etFVoO1X/Wub/BlL87JBGads9xVjaBgJ
+bdsj+eEq1nXlGEYrgldOGvgD+j18qnCOFyXGsqvKlJD9KmlT9RGBaAb4LV2SObSW
+8NC1A8IVJvTpwJooOd1n6qafJ0RpLpXgoQP2PKH3kvSiuA==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCjhFcier8v7KbTxvLhFJKOnbFa8m+Zn1MI0fnvANqnLcNkbzHf
+TEkgBoiS18b/DJlJ0MVXu+qHTQasaDVqPiNs3S9OfPyc5tAdZeSHeX7ZwB7Ne/WB
+v3mK2G6UIvF5ptxS6u3m94YxXbc5/M1z7Q0f8sp5uiUe9LlsvCgIqUaqHQIDAQAB
+AoGAbD/eV2sfSqDGSIj6nVs7MsLeeLDqhK7fD4XCiiDsn6RCKCkcwREFj/gDTgMf
+MBWtHRriqhQzTOMHOfe69NyyIf7eXihRjkX7Ist+gi1wiKqdr0ECECC3sGdWR/pu
+wLBDtC2ynqiezbxog+/3C3YWs0+DTsnn87aOeKbIIfoMSFkCQQDNBAqw/BKw4dDd
+msMGJqbI3UIobZVOEXLwTi3ZWwDMIM+HMJPyT62U67cCg35M4L/EMxYBYMhqdS3f
+tixN9+bLAkEAzC5ZxDEG4S3j44m1Ff58qBStbV4SBlM18jZgjEVqeYlqStWq8U7J
+lJLpa3F8C26bUNWXTwl7i5BIykpGjZ0ttwJAAdIVXjj+2X9H4Y/sR3O0a3g7jCxc
+9RKGmMe49IMwYJ+x+BtgVPiMLBRjzavpRTmBunZRrbV0Ui20OJZfklmvPQJBAIiX
+EVIgAhwtmOAkxVGbV0UR4Brj7Wbxz4rjOZ9c6Ke5d7PsUFjxfgS4axKHbpYvPhPL
+b1deXpm0wh0hpyUhWu0CQQCX+HNWjZ/3oGTxWHVWhj7Q1J18CyxDj7SISA87mv84
+QZuso4AGYpbuZUdWr2cJcBvbP+ZX7DCjsr+5Ns/3Foqq
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD
+VQQDExNDZXJ0IENoYWluIE5vIEFJQSA0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDLjdBvdPcqlkda+ePVcjqBlMcP4qKbEU6SFWHcP7j9n7iuGFQlyuAaj0n3
+4YFkdkdatLydEQltx3EDzTirhV9pWu1rqjKnhbR1mqrc7O6dTgNR446miYLjJhNC
+mYcEX1lYQ4ky7do06bLKM68p6yAL50oQDD8AlHU2xfhNS6SIlQIDAQABoAAwDQYJ
+KoZIhvcNAQEFBQADgYEAgVwPigLP9cqlHrcmhsgMxqsmem1hsw2tmMBK3kccxat+
+c/sHgX5E5MHrUPta5NTlhsiA+A4PABY7Jr/WpGww3/iXJr5UUq+lLpTRg2wYL57c
+FzieD8na8Pve5KLhgdPwAwuQjLjV8ZlADIGUSoqEMBbT4oSxXoPXKHZJHbQyUrI=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 58 (0x3a)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 3
+ Validity
+ Not Before: Mar 24 07:21:48 2009 GMT
+ Not After : Mar 24 07:21:48 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 4
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:cb:8d:d0:6f:74:f7:2a:96:47:5a:f9:e3:d5:72:
+ 3a:81:94:c7:0f:e2:a2:9b:11:4e:92:15:61:dc:3f:
+ b8:fd:9f:b8:ae:18:54:25:ca:e0:1a:8f:49:f7:e1:
+ 81:64:76:47:5a:b4:bc:9d:11:09:6d:c7:71:03:cd:
+ 38:ab:85:5f:69:5a:ed:6b:aa:32:a7:85:b4:75:9a:
+ aa:dc:ec:ee:9d:4e:03:51:e3:8e:a6:89:82:e3:26:
+ 13:42:99:87:04:5f:59:58:43:89:32:ed:da:34:e9:
+ b2:ca:33:af:29:eb:20:0b:e7:4a:10:0c:3f:00:94:
+ 75:36:c5:f8:4d:4b:a4:88:95
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 6f:51:b6:28:15:d9:aa:56:70:0d:2a:f0:52:8b:c4:53:47:68:
+ 78:fe:fe:89:c2:3b:87:23:40:87:04:02:67:74:4d:3c:cc:39:
+ 48:30:f6:9c:12:74:be:48:26:5a:7c:a1:bf:d0:fa:19:89:63:
+ 66:fe:44:2d:f5:e5:e8:9f:57:c5:20:fe:f0:10:2f:f0:6d:16:
+ ef:a0:2b:db:95:05:72:cb:63:e4:2b:28:38:8f:aa:b9:51:f2:
+ 88:19:0e:c1:c8:e7:0d:66:b8:13:f2:13:2d:ee:f0:dd:98:56:
+ 04:af:c6:c8:81:07:ce:44:f5:23:7b:a4:72:32:4d:43:a9:61:
+ 72:d6
+-----BEGIN CERTIFICATE-----
+MIICXjCCAcegAwIBAgIBOjANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
+A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMzAeFw0wOTAzMjQwNzIxNDhaFw0xMDAz
+MjQwNzIxNDhaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
+FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
+QSA0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLjdBvdPcqlkda+ePVcjqB
+lMcP4qKbEU6SFWHcP7j9n7iuGFQlyuAaj0n34YFkdkdatLydEQltx3EDzTirhV9p
+Wu1rqjKnhbR1mqrc7O6dTgNR446miYLjJhNCmYcEX1lYQ4ky7do06bLKM68p6yAL
+50oQDD8AlHU2xfhNS6SIlQIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
+BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
+gQBvUbYoFdmqVnANKvBSi8RTR2h4/v6JwjuHI0CHBAJndE08zDlIMPacEnS+SCZa
+fKG/0PoZiWNm/kQt9eXon1fFIP7wEC/wbRbvoCvblQVyy2PkKyg4j6q5UfKIGQ7B
+yOcNZrgT8hMt7vDdmFYEr8bIgQfORPUje6RyMk1DqWFy1g==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDLjdBvdPcqlkda+ePVcjqBlMcP4qKbEU6SFWHcP7j9n7iuGFQl
+yuAaj0n34YFkdkdatLydEQltx3EDzTirhV9pWu1rqjKnhbR1mqrc7O6dTgNR446m
+iYLjJhNCmYcEX1lYQ4ky7do06bLKM68p6yAL50oQDD8AlHU2xfhNS6SIlQIDAQAB
+AoGBAJMGntwypujq3SV4Q7mDpYC9Xr85muvYp2Da8vFsUYlYGcQeLIGTtSVaBDp4
+dsaCrG13CJmGmcHigd4WGG3DizK7HnlOU6GuKdJfISJAT0Di/oSnH1gpIxGzxsA0
+IAjrncQT0yPcXtS/YXv4VMhOHdWTmaZvsuP0aJjd04hg/yyhAkEA623ruT6oKxk6
+5QeO8OFhUxi9ahgzQYHfHU9bXshRoCVA9OE9EzxyYvQRJa4s2WcJoRmFpwTPQoUW
+iZnhKBBr2QJBAN1W56AFsqtNY33joZA1GIjZEhgbeZF1w+VUUcYWQ8wvOFYYq71S
+lmw2QpZdAhgFtQ5Sy31xVbbp7USrAoXNOR0CQCyyD6B5jr+v6Ih2qOJ+R1XZSoyL
+z59OIqeT20rhSO3YZL6YzFmMjkLPBzpaGNWlRCS7ja4psZd1YNP6zM4oX/ECQB0u
+F9tA5Q0wZq1yFRqt5U4lT/1doelLXUgelalHxihlEUhIeFu9R5d8j8rC+EOyfOwm
+fi1Lg8FZla433V1GcQECQQCDC1toUTOs6zQMR8Qjbg806oEeNCrXCuRSvER9F216
+W/gfkyu3O7ZMyTLDzssExEBemXqIwP7cPvi4AudCR+rF
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD
+VQQDExNDZXJ0IENoYWluIE5vIEFJQSA1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDbDHCjS40S+kdfXzpBkRh6m+OvmVZwlnF90Hzu2dI6kMtCyOsGpYEko9Ce
+0DMEiFCk4jI3GrikP3dWtD+pzCd+ycmJHspktk7m/PoXzjuUf7IUb0CteHXzCb5i
+Db6vQGHcFkuUTIsWznlfl1lWGYoj6iF8PQJTCTIXtifubjEeTQIDAQABoAAwDQYJ
+KoZIhvcNAQEFBQADgYEArvxoIPSE97c62AF3OvMdckVtQeJLJqqBfNYXoLwlzoEo
+h56Sn+WtrrLEcqp1wt196Wn0BOFjZIzVSMEyNSX5WZ7m5CQskdHHeXjQ9lOkKU7e
+Z58GLZL8g+8Z7hJitgAUFdVeDDt4yxRI5KTWeSNziKL2Nt9qnqf/KNZa7E6qbPU=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 59 (0x3b)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 4
+ Validity
+ Not Before: Mar 24 07:21:49 2009 GMT
+ Not After : Mar 24 07:21:49 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 5
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:db:0c:70:a3:4b:8d:12:fa:47:5f:5f:3a:41:91:
+ 18:7a:9b:e3:af:99:56:70:96:71:7d:d0:7c:ee:d9:
+ d2:3a:90:cb:42:c8:eb:06:a5:81:24:a3:d0:9e:d0:
+ 33:04:88:50:a4:e2:32:37:1a:b8:a4:3f:77:56:b4:
+ 3f:a9:cc:27:7e:c9:c9:89:1e:ca:64:b6:4e:e6:fc:
+ fa:17:ce:3b:94:7f:b2:14:6f:40:ad:78:75:f3:09:
+ be:62:0d:be:af:40:61:dc:16:4b:94:4c:8b:16:ce:
+ 79:5f:97:59:56:19:8a:23:ea:21:7c:3d:02:53:09:
+ 32:17:b6:27:ee:6e:31:1e:4d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 86:d9:2f:aa:12:1f:31:35:60:68:49:8c:4e:75:b3:5e:8f:f2:
+ 81:69:79:7f:92:ca:32:ca:cf:a3:45:d0:8a:2c:d6:8b:9a:e6:
+ a8:3d:19:66:ee:3b:03:25:4b:ed:56:c2:49:09:99:98:b3:9f:
+ 13:11:ee:b5:ad:00:b8:36:31:6e:91:f6:fd:f3:95:7e:90:b9:
+ 0b:26:ab:06:72:cf:57:33:3c:88:4e:aa:c4:bb:89:a5:60:95:
+ 11:b5:e6:eb:1f:8f:fb:b0:f0:c5:78:be:6a:7f:39:29:e4:5b:
+ 7b:28:16:d2:b6:bf:38:af:25:de:7b:22:23:d3:23:ca:03:0d:
+ c6:08
+-----BEGIN CERTIFICATE-----
+MIICXjCCAcegAwIBAgIBOzANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
+A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNDAeFw0wOTAzMjQwNzIxNDlaFw0xMDAz
+MjQwNzIxNDlaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
+FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
+QSA1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbDHCjS40S+kdfXzpBkRh6
+m+OvmVZwlnF90Hzu2dI6kMtCyOsGpYEko9Ce0DMEiFCk4jI3GrikP3dWtD+pzCd+
+ycmJHspktk7m/PoXzjuUf7IUb0CteHXzCb5iDb6vQGHcFkuUTIsWznlfl1lWGYoj
+6iF8PQJTCTIXtifubjEeTQIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
+BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
+gQCG2S+qEh8xNWBoSYxOdbNej/KBaXl/ksoyys+jRdCKLNaLmuaoPRlm7jsDJUvt
+VsJJCZmYs58TEe61rQC4NjFukfb985V+kLkLJqsGcs9XMzyITqrEu4mlYJURtebr
+H4/7sPDFeL5qfzkp5Ft7KBbStr84ryXeeyIj0yPKAw3GCA==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDbDHCjS40S+kdfXzpBkRh6m+OvmVZwlnF90Hzu2dI6kMtCyOsG
+pYEko9Ce0DMEiFCk4jI3GrikP3dWtD+pzCd+ycmJHspktk7m/PoXzjuUf7IUb0Ct
+eHXzCb5iDb6vQGHcFkuUTIsWznlfl1lWGYoj6iF8PQJTCTIXtifubjEeTQIDAQAB
+AoGBANOC9ZiYMUar6RMMbsI1CsAJmxdKJw9cFYZ5NMmmBruKaNq6C0dFtKfejmlr
+fHfZ8JTl3bsb0EK5DdDpB7g7a73WT1338htfrH+3e0LRsj0hU7SidXOgb0Cw922d
+nRW53198ARkPc3b20uuFI71+4x8Vs5KDHiYNs644IpKD+2o5AkEA8WdqEkLaY3Wm
+muV5l9SZ5bKFDv+lWV7AQTjUGslJOxlq3AwB4hBK5CJiiybYyTcV3e4jWJZfnN/t
+J5NSeXVY9wJBAOhK/yp/UqblY96LgrlrfX7qQ+u6/drPHwp6JvlAGFyPzjN5WAO5
+i/9FZdKmjIvQOBu1OjvKjS5B/CpM4cTcVdsCQQDvEZJLaWesDgyj49RKV+LdRrFd
+TDHtUtek/+mWaXcbjy1zpHSM88OnMKJU2nDgvKvsMHVSuwEPc/gCNHT+Ege7AkAv
+/B4Nx1NpioVA2YzdhKjd6MKzFWOPKa392hHm9yiRJluwImbeDhwvVUSdaS4rS43r
+m1o2M7dKUPMoQc15fxJ1AkEAq8F4Ij94qy+eGc25H4ZkGOZTdr6iyn9ffncEqf42
+xvLu/L+RSuPu4VozAqzlXUWSi5Msnmxx0GaRtKJXZ/7AuQ==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD
+VQQDExNDZXJ0IENoYWluIE5vIEFJQSA2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCWTobpyriDSEdy+q0BqCbAxgkQ7zfgYuZr4ZedFcLliPruUIH/6/tIgG/b
+QbdRWGTrjbcvAxoLNttTHRl8Sfl2DDk280/p9seQXwLd3OdRwkTMn4dME9TlkRxK
+7TOigHbIVn78yXMreNl+o7IjzWnKoaeM44yXPnGsyARWvZfN0QIDAQABoAAwDQYJ
+KoZIhvcNAQEFBQADgYEAQ9NTrKzNXwwH6oENb9jaNK6RKMaTzjpw+wLwVYEwy6zy
+cdewGroTrbWeDxUtHDPdxITo54b8HVJcPGytQtlSgpJHK9JxLlm1EBWMzAaRPMsK
+HUcL9JP716Saga0FddWLTrn5WWCQuqfZF31nBappGmXY0L+gl7vRpIMu6toCdAI=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 60 (0x3c)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 5
+ Validity
+ Not Before: Mar 24 07:21:50 2009 GMT
+ Not After : Mar 24 07:21:50 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 6
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:96:4e:86:e9:ca:b8:83:48:47:72:fa:ad:01:a8:
+ 26:c0:c6:09:10:ef:37:e0:62:e6:6b:e1:97:9d:15:
+ c2:e5:88:fa:ee:50:81:ff:eb:fb:48:80:6f:db:41:
+ b7:51:58:64:eb:8d:b7:2f:03:1a:0b:36:db:53:1d:
+ 19:7c:49:f9:76:0c:39:36:f3:4f:e9:f6:c7:90:5f:
+ 02:dd:dc:e7:51:c2:44:cc:9f:87:4c:13:d4:e5:91:
+ 1c:4a:ed:33:a2:80:76:c8:56:7e:fc:c9:73:2b:78:
+ d9:7e:a3:b2:23:cd:69:ca:a1:a7:8c:e3:8c:97:3e:
+ 71:ac:c8:04:56:bd:97:cd:d1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 6f:e5:2b:c2:3c:65:22:24:f1:1c:a4:c4:c1:35:73:40:a0:8a:
+ f0:13:06:c7:46:19:83:51:e0:c6:9f:d8:49:93:59:41:3f:71:
+ 2d:31:67:55:98:49:42:aa:07:42:81:b5:4f:29:11:36:3f:23:
+ 47:75:75:89:18:95:a4:ea:af:9f:4f:b2:0e:0b:21:4e:74:4f:
+ 2c:18:74:c9:05:21:55:e7:e7:b2:85:9a:4f:70:ce:d1:89:1d:
+ 9e:f8:02:30:d0:60:c5:2a:78:87:67:9e:04:3e:8a:7b:f9:df:
+ 0b:4e:41:3a:81:fa:35:fa:d7:77:5f:7c:1f:cc:59:da:94:9b:
+ 94:55
+-----BEGIN CERTIFICATE-----
+MIICXjCCAcegAwIBAgIBPDANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
+A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNTAeFw0wOTAzMjQwNzIxNTBaFw0xMDAz
+MjQwNzIxNTBaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
+FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
+QSA2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWTobpyriDSEdy+q0BqCbA
+xgkQ7zfgYuZr4ZedFcLliPruUIH/6/tIgG/bQbdRWGTrjbcvAxoLNttTHRl8Sfl2
+DDk280/p9seQXwLd3OdRwkTMn4dME9TlkRxK7TOigHbIVn78yXMreNl+o7IjzWnK
+oaeM44yXPnGsyARWvZfN0QIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
+BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
+gQBv5SvCPGUiJPEcpMTBNXNAoIrwEwbHRhmDUeDGn9hJk1lBP3EtMWdVmElCqgdC
+gbVPKRE2PyNHdXWJGJWk6q+fT7IOCyFOdE8sGHTJBSFV5+eyhZpPcM7RiR2e+AIw
+0GDFKniHZ54EPop7+d8LTkE6gfo1+td3X3wfzFnalJuUVQ==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCWTobpyriDSEdy+q0BqCbAxgkQ7zfgYuZr4ZedFcLliPruUIH/
+6/tIgG/bQbdRWGTrjbcvAxoLNttTHRl8Sfl2DDk280/p9seQXwLd3OdRwkTMn4dM
+E9TlkRxK7TOigHbIVn78yXMreNl+o7IjzWnKoaeM44yXPnGsyARWvZfN0QIDAQAB
+AoGAXqPJPRIAxeDP5CzEnGN1KzJGaRxG0YlUTp836JfYJNDwNvgIMs0yZn9Abwzc
+0WJYAR01N2u7jU4YISgUcPbfFCcoH0f7p5xknHee9CYXt+YkNT52YNdungP60I4m
+1EQID3Xn4/h0+vsb6ZnlUMWUFfxhfBtixvwQZuZrtixbLfECQQDGym+ysZvvxyA5
+SfiH8Ixs93hixX5csyFyDieNFntI/otZt3R+RKSHSODGAXbPgOzIWrfD91/YA6R2
+LotEJFJtAkEAwZAdZ2xvV2uVuOxre5CZtXw1dMLZolC2thAmrqoAdMek1UcSK8wI
+ZdmE9XneAKcQx3esR0AvTIbKx24/6DFqdQJAOiN0fX+CSqMjIn4myKMqfqf1tnVq
+GnRtQK0xFgtQLS381VVZJaCvub0vt9kvxUpAdexKOG79wfB2xfWg12IEFQJBAKnV
+qGcZtqvuwuUJ09kMbEHYJRM48DpCNb6Td01j7piIn7Fe9aumD2xGKio07ryF2ewa
+rfeqcpXj40KPEtXJng0CQEPJULeB6FKRqzGWsyIe4u7ow2MjMIou7m66HyjvjkHP
+6Rg5DA0dSEjwJeMFQ8AklKPtLyuIyrkFunjctYXx0Cg=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD
+VQQDExNDZXJ0IENoYWluIE5vIEFJQSA3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQC0W/5IECvrWK/GDlcqpVzMV4VE8tnRQ4TTQIv3euDosZ3o9LFFxmcUm6Wo
+4o/LMabbYZANqgqeJtxLCzOifAdyke5q7Hc09H6lDjkTqNWGhhJbpIs4kVckjak7
++PGmSIkgqVuz/spW8MrR7JmcV2rfjiOhfr5ffM+p2z+43KGaOQIDAQABoAAwDQYJ
+KoZIhvcNAQEFBQADgYEAA0W3BM0qKXbW57gq2ZOo6/ZRYMqv0snG1Nc7mjlQrXRO
+fojBgWh3k1olzNv1XVmLI/jo9fs9E7Xcuvipiv9KMb5ba7oBzWXx8fKvyjbVX8qL
+G/tlyNiuX4pRbYHdh3C+zkkgItktl/DmxF344t/8Jdm/m28opW7cH0e2Zpp14ts=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 61 (0x3d)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 6
+ Validity
+ Not Before: Mar 24 07:21:51 2009 GMT
+ Not After : Mar 24 07:21:51 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 7
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b4:5b:fe:48:10:2b:eb:58:af:c6:0e:57:2a:a5:
+ 5c:cc:57:85:44:f2:d9:d1:43:84:d3:40:8b:f7:7a:
+ e0:e8:b1:9d:e8:f4:b1:45:c6:67:14:9b:a5:a8:e2:
+ 8f:cb:31:a6:db:61:90:0d:aa:0a:9e:26:dc:4b:0b:
+ 33:a2:7c:07:72:91:ee:6a:ec:77:34:f4:7e:a5:0e:
+ 39:13:a8:d5:86:86:12:5b:a4:8b:38:91:57:24:8d:
+ a9:3b:f8:f1:a6:48:89:20:a9:5b:b3:fe:ca:56:f0:
+ ca:d1:ec:99:9c:57:6a:df:8e:23:a1:7e:be:5f:7c:
+ cf:a9:db:3f:b8:dc:a1:9a:39
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 1d:2e:83:cb:9e:92:3e:d2:0a:fb:74:87:66:3d:57:84:09:11:
+ 4a:2a:68:0e:da:9e:4d:7b:25:af:56:fa:3c:d5:4c:02:fe:43:
+ dd:c3:66:c9:5d:55:50:40:15:8f:06:74:13:83:27:c5:19:7e:
+ 55:f3:fa:26:ec:3e:c0:1a:5d:20:ee:09:af:38:83:f8:0e:da:
+ bf:07:87:07:a5:70:79:21:2c:38:5b:e0:f8:d1:57:0f:9b:d1:
+ ee:a3:86:02:b5:e0:5b:64:08:5f:64:8b:43:65:ac:60:8a:c9:
+ 6f:47:37:66:61:c1:74:b0:74:0a:24:12:36:c1:28:58:b6:04:
+ 9b:4c
+-----BEGIN CERTIFICATE-----
+MIICXjCCAcegAwIBAgIBPTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
+A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNjAeFw0wOTAzMjQwNzIxNTFaFw0xMDAz
+MjQwNzIxNTFaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
+FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
+QSA3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0W/5IECvrWK/GDlcqpVzM
+V4VE8tnRQ4TTQIv3euDosZ3o9LFFxmcUm6Wo4o/LMabbYZANqgqeJtxLCzOifAdy
+ke5q7Hc09H6lDjkTqNWGhhJbpIs4kVckjak7+PGmSIkgqVuz/spW8MrR7JmcV2rf
+jiOhfr5ffM+p2z+43KGaOQIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
+BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
+gQAdLoPLnpI+0gr7dIdmPVeECRFKKmgO2p5NeyWvVvo81UwC/kPdw2bJXVVQQBWP
+BnQTgyfFGX5V8/om7D7AGl0g7gmvOIP4Dtq/B4cHpXB5ISw4W+D40VcPm9Huo4YC
+teBbZAhfZItDZaxgislvRzdmYcF0sHQKJBI2wShYtgSbTA==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC0W/5IECvrWK/GDlcqpVzMV4VE8tnRQ4TTQIv3euDosZ3o9LFF
+xmcUm6Wo4o/LMabbYZANqgqeJtxLCzOifAdyke5q7Hc09H6lDjkTqNWGhhJbpIs4
+kVckjak7+PGmSIkgqVuz/spW8MrR7JmcV2rfjiOhfr5ffM+p2z+43KGaOQIDAQAB
+AoGAKiqfxoVRX1J6tdlAc835ZiTIGZiVaCFa+nDKyG9ICd8Mxhv/HgsGqoDBODzP
+1XekRQIIRcmNdfAr7LePuNs6eh/qm98UulUr6zpEMXu8/DIqI6Lf4F8GMwMaD2lx
+qmnQK+fziDrhrw10Y1ijy/ttEg6wDwCeQJJs/Iz3ncOEIMkCQQDo93B/RhJas6Gd
+bIC5IIe5pwvyOzmkn6dOWCIZDU5WXJ3A2gtNDdhO6MunaFCA2i+R4RSu8dDQjUXC
+dtthEfVfAkEAxjEGfrEg1NW7ug6CB2yvJiKzoHn6mVWUapKWfbstaodOrU1+WWtU
+CpWn0cm6ytGOeSI1Ylc2vnp667QikWq/ZwJBAKvV97CpKtikLs1DPx9OE06pHHKr
+pLT83hc3gs8ftWyWG/Yn3rYTRD3QEIeGtfqU9QmREASKcQ+jZJUvvlk3OdkCQArY
+9hULFtPvWtYFI0LKxQ9eSNyYsImh8Hygx1HcY9D31OuRWUAFqtTlegj2dJ3TOGwS
+3j8irOFiDMZH1riE0jMCQDtk5fJZd61phQ25I4mkBf4+8qCOiiWneuapdJlX1r+C
+5GmsM9fDr/m+pBNAbQP2vR+38wSHEuEt0U9MC7NEAHU=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD
+VQQDExNDZXJ0IENoYWluIE5vIEFJQSA4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQC8dmzRZbvDmPpNGTSmQ4rBHf8ETPnJv8XZTAiUokxVMQloOjVhxi59anqH
+iLohTF5eKNnT/QG8TuJVqNfVoHLRtftv+Mp69+aJsD7Jg+X9jan8Cv2g3aIzF06g
+Djcisu8n5GfVWICLFqGiVsNzaX3uR9mvTRl+nysIrUtRB0CZ8QIDAQABoAAwDQYJ
+KoZIhvcNAQEFBQADgYEACgjxLIxQBVD3sgcHFUzN1o7ibcA1Y82FC3HIowZfs/n9
+VPj7EhZ1J+PVZzszjjsTLHp3hjVn9g+gYVpen0MYVTbIn4733qaA7vImfv3DCN4B
+Wk75YhVBRuvJSbIKplQeJPyDGXdMfrtLQ6dYiHImkVHwkp1kueq9H5jU6TUrDd8=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 62 (0x3e)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 7
+ Validity
+ Not Before: Mar 24 07:21:52 2009 GMT
+ Not After : Mar 24 07:21:52 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 8
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:bc:76:6c:d1:65:bb:c3:98:fa:4d:19:34:a6:43:
+ 8a:c1:1d:ff:04:4c:f9:c9:bf:c5:d9:4c:08:94:a2:
+ 4c:55:31:09:68:3a:35:61:c6:2e:7d:6a:7a:87:88:
+ ba:21:4c:5e:5e:28:d9:d3:fd:01:bc:4e:e2:55:a8:
+ d7:d5:a0:72:d1:b5:fb:6f:f8:ca:7a:f7:e6:89:b0:
+ 3e:c9:83:e5:fd:8d:a9:fc:0a:fd:a0:dd:a2:33:17:
+ 4e:a0:0e:37:22:b2:ef:27:e4:67:d5:58:80:8b:16:
+ a1:a2:56:c3:73:69:7d:ee:47:d9:af:4d:19:7e:9f:
+ 2b:08:ad:4b:51:07:40:99:f1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 40:8d:52:73:c3:85:6b:6c:4f:54:51:06:eb:d8:cd:40:5d:3d:
+ 89:c2:06:4d:c6:70:5e:cc:64:40:3f:bb:3e:d4:52:b0:8d:57:
+ 77:f3:1f:63:89:b3:21:b0:72:c6:ef:97:77:06:90:6f:fd:e8:
+ c3:d4:d6:13:f7:18:a8:eb:1e:87:b8:98:20:4a:0b:58:74:81:
+ 59:eb:6e:50:f3:68:b2:e2:8c:a2:4b:92:c5:fa:e1:4f:43:ae:
+ 51:ca:a6:c7:2c:40:16:2f:24:d3:a2:91:d5:45:7d:a7:3c:6e:
+ 65:74:a7:b0:a6:a0:07:d7:1d:3a:2e:51:6e:de:7f:e6:5b:73:
+ e2:7d
+-----BEGIN CERTIFICATE-----
+MIICXjCCAcegAwIBAgIBPjANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
+A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNzAeFw0wOTAzMjQwNzIxNTJaFw0xMDAz
+MjQwNzIxNTJaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
+FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
+QSA4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8dmzRZbvDmPpNGTSmQ4rB
+Hf8ETPnJv8XZTAiUokxVMQloOjVhxi59anqHiLohTF5eKNnT/QG8TuJVqNfVoHLR
+tftv+Mp69+aJsD7Jg+X9jan8Cv2g3aIzF06gDjcisu8n5GfVWICLFqGiVsNzaX3u
+R9mvTRl+nysIrUtRB0CZ8QIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
+BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
+gQBAjVJzw4VrbE9UUQbr2M1AXT2JwgZNxnBezGRAP7s+1FKwjVd38x9jibMhsHLG
+75d3BpBv/ejD1NYT9xio6x6HuJggSgtYdIFZ625Q82iy4oyiS5LF+uFPQ65RyqbH
+LEAWLyTTopHVRX2nPG5ldKewpqAH1x06LlFu3n/mW3PifQ==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC8dmzRZbvDmPpNGTSmQ4rBHf8ETPnJv8XZTAiUokxVMQloOjVh
+xi59anqHiLohTF5eKNnT/QG8TuJVqNfVoHLRtftv+Mp69+aJsD7Jg+X9jan8Cv2g
+3aIzF06gDjcisu8n5GfVWICLFqGiVsNzaX3uR9mvTRl+nysIrUtRB0CZ8QIDAQAB
+AoGAeD+3vwQCghMh4f+rMEr4RbA1/zB+UNQkEToKX4wO2Gypa+94ECK7lxpRhBkh
+ag2oSLwYAML2UIiksbNBw/TUTRJUIvVFGNj01ZAY/ToySwZyB+iGVvYLs14CWCh+
+lIG8Yv6jeioXW6lUYuKGX/8MgKxsYqdjTuNDBUTU/wYHZgECQQDezuG53RnhW+cv
+612+metzu3+9tnz1YME9d+xJSHehNG+44ZojxIujYaZpwq4riPfPp61JKJmJ9A1p
+QUDQfLeZAkEA2Im5unIRak409a6uNlZ4ga6ISROewyoGe+pzch7trOGgcmcTy3mA
+ZqmmRcolcpQ8Zvk/8pEbgSWwh1GxOuOMGQJBALwEyOcXdad+7nC5pboaGV7ocrud
+K4XFyEwezv5ocMtQfJb/iht02IFe/hdxeZizVKufS9PYtvh7QnX34sIM/MECQGHy
+Cjy3lAEN1w66MLsLaf7ev26unUWSINS0O/wG2WM1u6mDzoRfNSE646b1xPKK8rdx
+Tuedk19bePn8jbohayECQQDWDO5OcgeD/3Yyy5ybll7UC+8O1RWHx/aYV6xI1Nbm
+G4UsxB6jeEoHUD68YQ/LCaphFsrcYDK9KCaFn9qqcGeJ
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD
+VQQDExNDZXJ0IENoYWluIE5vIEFJQSA5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCocGkc8UikcaUr0NjxAB/KKhfQP08fQ6AEUj4oczsgA5ZHmRnclTVBrwNO
+CAHB1QhlTHWfKXPTq7P1nOfgc6hOvv2GZ/f0IEJ2OYWUkbhsdADIyIvRJDiS3XR2
+6Mpp9paqKRsyTtdlTdyHTP9g3ESlBmAqL0jmoJyT6yT/dKXQEwIDAQABoAAwDQYJ
+KoZIhvcNAQEFBQADgYEAbWNnnytyqTafHeNCAQVVBsNuHKJhmNfYVfmrghQCPNzd
+TAJ1uAbbwN8kLFYbQ8qS0Va+yeSbgzqXRfn8WIpPbgYVMU+KPkVtJd9fjRJpFJbg
+Blr6TnXY+2PiGvzptLcPzE5u4un7cNyl+rc1rVzmCS26Gj6e7C7ysAHzedapDvI=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 63 (0x3f)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 8
+ Validity
+ Not Before: Mar 24 07:21:52 2009 GMT
+ Not After : Mar 24 07:21:52 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 9
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:a8:70:69:1c:f1:48:a4:71:a5:2b:d0:d8:f1:00:
+ 1f:ca:2a:17:d0:3f:4f:1f:43:a0:04:52:3e:28:73:
+ 3b:20:03:96:47:99:19:dc:95:35:41:af:03:4e:08:
+ 01:c1:d5:08:65:4c:75:9f:29:73:d3:ab:b3:f5:9c:
+ e7:e0:73:a8:4e:be:fd:86:67:f7:f4:20:42:76:39:
+ 85:94:91:b8:6c:74:00:c8:c8:8b:d1:24:38:92:dd:
+ 74:76:e8:ca:69:f6:96:aa:29:1b:32:4e:d7:65:4d:
+ dc:87:4c:ff:60:dc:44:a5:06:60:2a:2f:48:e6:a0:
+ 9c:93:eb:24:ff:74:a5:d0:13
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 8f:6f:4d:2a:68:f1:d5:08:43:43:3f:5a:53:d8:fe:71:93:e8:
+ 08:e5:a3:4f:dc:b2:9b:20:89:7c:dd:b0:57:7f:f7:1f:45:09:
+ 78:c0:ba:99:0e:ab:fe:a5:1c:de:37:f6:dd:9a:b2:f1:9f:f0:
+ 15:19:4b:6c:32:dc:5f:8e:af:4f:3f:fe:a3:67:ae:78:ba:af:
+ cd:41:fd:c9:31:ca:ce:7e:82:2e:c6:40:4d:94:b9:cd:fa:d5:
+ a1:b3:b6:10:47:2d:75:f1:37:3f:e9:62:81:a3:ff:7f:72:04:
+ f7:26:6d:d4:c0:22:38:a1:6c:64:10:66:fe:0d:95:e7:2e:64:
+ c8:d5
+-----BEGIN CERTIFICATE-----
+MIICXjCCAcegAwIBAgIBPzANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
+A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgODAeFw0wOTAzMjQwNzIxNTJaFw0xMDAz
+MjQwNzIxNTJaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
+FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
+QSA5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCocGkc8UikcaUr0NjxAB/K
+KhfQP08fQ6AEUj4oczsgA5ZHmRnclTVBrwNOCAHB1QhlTHWfKXPTq7P1nOfgc6hO
+vv2GZ/f0IEJ2OYWUkbhsdADIyIvRJDiS3XR26Mpp9paqKRsyTtdlTdyHTP9g3ESl
+BmAqL0jmoJyT6yT/dKXQEwIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
+BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
+gQCPb00qaPHVCENDP1pT2P5xk+gI5aNP3LKbIIl83bBXf/cfRQl4wLqZDqv+pRze
+N/bdmrLxn/AVGUtsMtxfjq9PP/6jZ654uq/NQf3JMcrOfoIuxkBNlLnN+tWhs7YQ
+Ry118Tc/6WKBo/9/cgT3Jm3UwCI4oWxkEGb+DZXnLmTI1Q==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCocGkc8UikcaUr0NjxAB/KKhfQP08fQ6AEUj4oczsgA5ZHmRnc
+lTVBrwNOCAHB1QhlTHWfKXPTq7P1nOfgc6hOvv2GZ/f0IEJ2OYWUkbhsdADIyIvR
+JDiS3XR26Mpp9paqKRsyTtdlTdyHTP9g3ESlBmAqL0jmoJyT6yT/dKXQEwIDAQAB
+AoGBAJigAx7uo1wefgQN4gW+jw+oxJs2QoOZy00fGKOehlyj43BNEloF+ZPi+aOj
+LbRtTIY9mfb2oLWUSCSuYI3JPx9jIsNMeCgn+/Eo96mjOPvifKgz0D4tNPsGTmf5
+PSEDPdN6NdpIuPoCyn8dTEseL99FDe4JNu1Hotm6xzyl0m+BAkEA0s2LJKsQZKFw
+APuwpvLXiLE2n3jxZzxNTJY4X3TGkcDPkkh7LJLo/39KkGZ6jke73IY5UCYXKrSU
+t1UlPMTx2wJBAMyNnx2o4c0P3KRyOICS45q+9CMbASIN7aSxNg3Y/bb9R0sVQbXc
+C8HpfUN2erpMy2oCjcIt/aU47tTCrkJvfCkCQC+KY2L1oVDQh63xFTnRcoJFVQhK
+AkdB9jzbdAMzFsUwMp/O8NhwmVNlpa9DLUiBLQDi1HIa5Qagixl9flRiJhkCQGB6
+n8T+hdoRlDEgCpRiM+YmEMKKFyO3zBG039jyMuDfX4QDd6XOLuF8Pm/WbxZ16C+N
+Gs2uoYcPbl59oHGHYdkCQFYRupnzOGMA6qLlP/moi0j7OzOK0JpMLCvkGg5GcNVl
+MD2Jgl3O/7JVWQQ/21rS6BLbQHr4Uty6T79bHu6ZeYY=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./cert_chain # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cert_chain9.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cert_chain9.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./cert_chain # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cert_chain1.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cert_chain1.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./cert_chain # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cert_chain2.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cert_chain2.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./cert_chain # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cert_chain3.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cert_chain3.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./cert_chain # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cert_chain4.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cert_chain4.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./cert_chain # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cert_chain5.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cert_chain5.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./cert_chain # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cert_chain6.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cert_chain6.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./cert_chain # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cert_chain7.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cert_chain7.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./cert_chain # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cert_chain8.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cert_chain8.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem# The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./cert_chain # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cert_chain_no_aia9.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cert_chain_no_aia9.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./cert_chain # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cert_chain_no_aia1.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cert_chain_no_aia1.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./cert_chain # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cert_chain_no_aia2.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cert_chain_no_aia2.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./cert_chain # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cert_chain_no_aia3.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cert_chain_no_aia3.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./cert_chain # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cert_chain_no_aia4.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cert_chain_no_aia4.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./cert_chain # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cert_chain_no_aia5.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cert_chain_no_aia5.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./cert_chain # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cert_chain_no_aia6.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cert_chain_no_aia6.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./cert_chain # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cert_chain_no_aia7.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cert_chain_no_aia7.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./cert_chain # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cert_chain_no_aia8.crt # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cert_chain_no_aia8.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- /dev/null
+V 100306080002Z 01 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100309031315Z 02 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Certificate for OCSP Client test - IP address as AIA
+V 100309060955Z 03 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100309061108Z 04 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100309061223Z 05 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100310001031Z 06 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100310001451Z 07 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100310080409Z 08 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100311104952Z 09 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100313011918Z 0A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100313022703Z 0B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100313023759Z 0C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100313023935Z 0D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311031642Z 0E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate
+V 190311031818Z 0F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First Test Certificate
+V 190311032356Z 10 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311032410Z 11 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311032420Z 12 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311032430Z 13 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311032440Z 14 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100314113542Z 15 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100314134812Z 16 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100316053643Z 17 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100316053834Z 18 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100316061833Z 19 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate
+V 100316114226Z 1A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316115653Z 1B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316121050Z 1C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316121256Z 1D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316121311Z 1E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316121809Z 1F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316122916Z 20 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316123325Z 21 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316125036Z 22 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316125902Z 23 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316125924Z 24 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316125941Z 25 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316140429Z 26 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field
+V 190314230611Z 27 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field
+V 190314230854Z 28 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder's certificate with delegation
+V 190314233211Z 29 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Seventh OCSP Client certificate
+V 100324064920Z 2A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
+V 100324070428Z 2B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
+V 100324070457Z 2C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
+V 100324070709Z 2D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
+V 100324070746Z 2E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
+V 100324070944Z 2F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 2
+V 100324070946Z 30 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 3
+V 100324070947Z 31 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 4
+V 100324070948Z 32 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 5
+V 100324070951Z 33 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 6
+V 100324070953Z 34 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 7
+V 100324070954Z 35 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 8
+V 100324070955Z 36 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 9
+V 100324070956Z 37 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 10
+V 100324072145Z 38 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 2
+V 100324072147Z 39 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 3
+V 100324072148Z 3A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 4
+V 100324072149Z 3B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 5
+V 100324072150Z 3C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 6
+V 100324072151Z 3D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 7
+V 100324072152Z 3E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 8
+V 100324072152Z 3F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 9
+V 100324072153Z 40 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 10
--- /dev/null
+unique_subject = no
--- /dev/null
+unique_subject = no
--- /dev/null
+V 100306080002Z 01 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100309031315Z 02 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Certificate for OCSP Client test - IP address as AIA
+V 100309060955Z 03 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100309061108Z 04 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100309061223Z 05 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100310001031Z 06 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100310001451Z 07 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100310080409Z 08 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100311104952Z 09 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100313011918Z 0A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100313022703Z 0B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100313023759Z 0C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100313023935Z 0D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311031642Z 0E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate
+V 190311031818Z 0F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First Test Certificate
+V 190311032356Z 10 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311032410Z 11 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311032420Z 12 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311032430Z 13 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311032440Z 14 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100314113542Z 15 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100314134812Z 16 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100316053643Z 17 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100316053834Z 18 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100316061833Z 19 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate
+V 100316114226Z 1A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316115653Z 1B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316121050Z 1C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316121256Z 1D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316121311Z 1E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316121809Z 1F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316122916Z 20 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316123325Z 21 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316125036Z 22 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316125902Z 23 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316125924Z 24 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316125941Z 25 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316140429Z 26 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field
+V 190314230611Z 27 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field
+V 190314230854Z 28 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder's certificate with delegation
+V 190314233211Z 29 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Seventh OCSP Client certificate
+V 100324064920Z 2A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
+V 100324070428Z 2B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
+V 100324070457Z 2C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
+V 100324070709Z 2D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
+V 100324070746Z 2E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
+V 100324070944Z 2F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 2
+V 100324070946Z 30 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 3
+V 100324070947Z 31 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 4
+V 100324070948Z 32 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 5
+V 100324070951Z 33 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 6
+V 100324070953Z 34 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 7
+V 100324070954Z 35 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 8
+V 100324070955Z 36 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 9
+V 100324070956Z 37 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 10
+V 100324072145Z 38 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 2
+V 100324072147Z 39 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 3
+V 100324072148Z 3A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 4
+V 100324072149Z 3B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 5
+V 100324072150Z 3C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 6
+V 100324072151Z 3D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 7
+V 100324072152Z 3E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 8
+V 100324072152Z 3F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 9
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 47 (0x2f)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 1
+ Validity
+ Not Before: Mar 24 07:09:44 2009 GMT
+ Not After : Mar 24 07:09:44 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:db:5e:a6:ab:60:f3:85:f6:0d:07:17:8c:ae:52:
+ 78:13:75:21:8c:d3:4a:20:d1:0d:8a:e2:34:95:ff:
+ d2:31:29:e7:62:e9:ac:ce:5e:a6:dd:f7:a0:38:f3:
+ 96:b2:24:06:b6:c8:c6:06:57:ba:f0:f0:69:08:7a:
+ c1:bf:87:cb:06:2b:7a:fc:81:26:36:81:46:04:9b:
+ 99:1f:1f:0e:36:05:af:7d:f2:57:fb:26:1d:a5:a3:
+ 5b:af:70:1d:6f:55:2b:d6:df:3b:dd:4b:51:1e:17:
+ a6:89:94:5e:16:9c:08:fd:d9:5c:1e:ad:79:f1:5b:
+ 42:c2:37:59:73:d9:e5:b5:65
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ c1:6c:a1:95:34:3e:32:74:35:1a:cb:76:24:cb:1b:e2:a0:ff:
+ 6a:78:ef:8d:7f:dd:40:3f:39:85:aa:19:a9:e5:ce:ca:c4:2d:
+ b8:6c:6d:d4:e9:b1:a2:45:94:16:d7:8b:23:3a:d3:7f:6d:b0:
+ 8a:7c:ed:2e:6c:e3:ba:dc:3c:25:4b:13:f4:28:a4:f9:87:b4:
+ 69:b5:51:4d:da:d4:7e:9e:0f:99:6e:1a:5a:5f:b5:dc:f2:7b:
+ d5:8f:57:39:61:e3:a8:2e:bc:8a:b7:9d:d3:21:58:81:12:b9:
+ e5:bc:b9:fc:bd:39:2d:e8:8b:c0:49:bc:ba:16:ee:43:58:d9:
+ 93:82
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBLzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
+A1UEAxMMQ2VydCBDaGFpbiAxMB4XDTA5MDMyNDA3MDk0NFoXDTEwMDMyNDA3MDk0
+NFowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gMjCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEA216mq2DzhfYNBxeMrlJ4E3UhjNNKINENiuI0lf/S
+MSnnYumszl6m3fegOPOWsiQGtsjGBle68PBpCHrBv4fLBit6/IEmNoFGBJuZHx8O
+NgWvffJX+yYdpaNbr3Adb1Ur1t873UtRHhemiZReFpwI/dlcHq158VtCwjdZc9nl
+tWUCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAwWyhlTQ+MnQ1Gst2
+JMsb4qD/anjvjX/dQD85haoZqeXOysQtuGxt1OmxokWUFteLIzrTf22winztLmzj
+utw8JUsT9Cik+Ye0abVRTdrUfp4PmW4aWl+13PJ71Y9XOWHjqC68ired0yFYgRK5
+5by5/L05LeiLwEm8uhbuQ1jZk4I=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 48 (0x30)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 2
+ Validity
+ Not Before: Mar 24 07:09:46 2009 GMT
+ Not After : Mar 24 07:09:46 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 3
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c6:3d:c7:e5:0f:c7:59:28:aa:b6:fc:5e:d0:0d:
+ 95:6d:df:8c:82:42:6d:ef:a9:ad:51:ac:73:c1:e1:
+ 0a:a1:8e:80:6e:ac:0a:35:55:61:3d:44:32:46:d9:
+ f7:03:4b:31:b0:e2:a2:b3:f8:91:4b:e3:5c:1d:5c:
+ e0:48:51:51:9a:06:41:1a:e2:4c:45:5c:c0:2a:86:
+ 44:44:ce:01:02:56:e6:9b:4b:8d:5e:49:a7:f9:40:
+ 1b:00:93:91:d6:2e:24:9f:1f:04:59:eb:68:51:fe:
+ 74:ba:12:b0:b8:7d:7b:c2:95:ff:a6:a7:fd:de:8a:
+ a1:69:fb:80:85:a5:a6:43:4f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 87:26:72:c1:5b:e8:04:3a:3f:c5:65:24:17:7a:e5:40:67:f3:
+ 1e:cd:91:0c:75:bd:aa:14:61:d1:1a:2c:d7:11:21:bb:a3:70:
+ 92:54:e5:3d:30:d1:b5:50:73:72:1b:72:e8:47:b0:af:a9:85:
+ f5:e4:d5:53:d5:db:4d:88:48:00:4c:69:32:ab:f2:a8:d0:57:
+ 90:c6:24:fc:7b:77:de:6c:dd:c5:c9:6e:5b:21:15:73:4d:4d:
+ f7:a3:ca:31:60:84:24:e9:4d:21:fc:88:ce:13:99:35:76:4c:
+ e7:26:47:43:a7:eb:79:bd:7e:aa:80:48:ad:5c:46:ae:ab:74:
+ 9e:29
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBMDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
+A1UEAxMMQ2VydCBDaGFpbiAyMB4XDTA5MDMyNDA3MDk0NloXDTEwMDMyNDA3MDk0
+NlowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gMzCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAxj3H5Q/HWSiqtvxe0A2Vbd+MgkJt76mtUaxzweEK
+oY6AbqwKNVVhPUQyRtn3A0sxsOKis/iRS+NcHVzgSFFRmgZBGuJMRVzAKoZERM4B
+Albmm0uNXkmn+UAbAJOR1i4knx8EWetoUf50uhKwuH17wpX/pqf93oqhafuAhaWm
+Q08CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAhyZywVvoBDo/xWUk
+F3rlQGfzHs2RDHW9qhRh0Ros1xEhu6NwklTlPTDRtVBzchty6Eewr6mF9eTVU9Xb
+TYhIAExpMqvyqNBXkMYk/Ht33mzdxcluWyEVc01N96PKMWCEJOlNIfyIzhOZNXZM
+5yZHQ6freb1+qoBIrVxGrqt0nik=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 49 (0x31)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 3
+ Validity
+ Not Before: Mar 24 07:09:47 2009 GMT
+ Not After : Mar 24 07:09:47 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 4
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ba:05:30:f6:65:6f:c6:e4:54:00:71:1c:85:6c:
+ 5e:5a:42:67:df:66:e2:a3:69:be:85:d9:84:c0:8b:
+ 1b:bd:4d:f2:ef:df:01:d3:65:33:f9:66:9a:08:79:
+ e1:21:6e:8a:e6:3c:dc:96:f2:43:e9:32:68:9d:06:
+ 06:d7:fc:fb:d2:da:58:16:81:19:cc:d7:43:20:f4:
+ 85:c1:03:9b:34:c0:6c:7a:a1:19:5d:4f:41:8c:fb:
+ 74:7d:4c:86:c8:6f:f9:f2:c8:d4:38:cc:c0:44:0b:
+ c0:b0:0d:48:2b:2c:c6:9f:92:21:2d:80:dd:4b:bd:
+ da:e2:7d:ad:f5:5d:a7:a5:7f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ b6:bc:69:88:2c:7a:dd:69:8b:90:cf:a8:ec:33:db:ad:10:06:
+ ad:d2:94:ee:cf:d3:33:97:ac:60:38:e0:5a:a4:7b:d0:ca:a7:
+ 5c:19:be:93:1c:61:85:14:08:f0:35:44:99:d4:7e:b0:fb:be:
+ 4e:5c:18:a9:b9:b5:9a:91:4e:d1:e1:44:8d:ec:ca:4e:eb:6e:
+ 17:27:76:0d:57:ad:cf:32:e4:a5:bc:b6:ad:22:e5:27:6d:11:
+ 81:4d:4c:09:14:ea:11:7c:81:14:5e:fb:95:4d:f3:1d:5d:d0:
+ f9:b6:45:e7:c5:c6:40:21:64:60:2e:71:1f:32:dc:21:fe:5c:
+ 45:da
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBMTANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
+A1UEAxMMQ2VydCBDaGFpbiAzMB4XDTA5MDMyNDA3MDk0N1oXDTEwMDMyNDA3MDk0
+N1owUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNDCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAugUw9mVvxuRUAHEchWxeWkJn32bio2m+hdmEwIsb
+vU3y798B02Uz+WaaCHnhIW6K5jzclvJD6TJonQYG1/z70tpYFoEZzNdDIPSFwQOb
+NMBseqEZXU9BjPt0fUyGyG/58sjUOMzARAvAsA1IKyzGn5IhLYDdS73a4n2t9V2n
+pX8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAtrxpiCx63WmLkM+o
+7DPbrRAGrdKU7s/TM5esYDjgWqR70MqnXBm+kxxhhRQI8DVEmdR+sPu+TlwYqbm1
+mpFO0eFEjezKTutuFyd2DVetzzLkpby2rSLlJ20RgU1MCRTqEXyBFF77lU3zHV3Q
++bZF58XGQCFkYC5xHzLcIf5cRdo=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 50 (0x32)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 4
+ Validity
+ Not Before: Mar 24 07:09:48 2009 GMT
+ Not After : Mar 24 07:09:48 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 5
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:af:66:e0:c1:2e:f9:75:ed:0b:27:b3:3a:c9:1d:
+ 9f:39:21:f9:14:ee:1c:a4:ee:c3:f0:24:a6:c7:43:
+ dd:f9:03:d0:44:01:e5:19:e9:7b:26:65:3c:3d:3d:
+ 9a:b9:69:2a:00:46:0e:cb:20:98:c6:9d:37:7e:0c:
+ 90:a6:d7:b0:54:2b:4b:f3:3e:9b:19:33:a1:34:eb:
+ 62:e3:b9:bb:fe:cc:ca:3a:d9:fc:71:0a:65:ef:30:
+ f3:f4:1b:55:f0:8b:b9:12:d8:50:25:25:ac:5d:63:
+ 9f:d1:c5:21:f2:5a:04:b1:2a:34:a0:12:60:0f:8a:
+ 3e:ab:a2:87:e5:5b:d6:48:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 9f:b3:eb:f1:0b:e7:fa:c3:f0:6a:3b:ba:67:c3:ae:48:51:63:
+ 2c:7a:b9:c7:cd:d9:92:46:75:40:a5:a2:d6:ba:8e:a1:cb:c7:
+ fd:5d:98:f7:2a:e5:0a:06:49:42:8a:e0:09:b1:eb:18:9c:c9:
+ 1b:e5:d1:4f:a0:0a:a6:14:68:54:7a:b7:9b:f6:44:c5:d8:a1:
+ 21:99:c9:49:db:64:a5:53:48:5f:b6:d3:ba:fa:73:67:10:10:
+ 5e:12:45:f8:27:a8:e0:fb:7c:16:73:fb:98:e1:3e:35:f3:de:
+ 7c:b7:1c:42:2d:d2:9b:8e:03:f5:5f:c7:2f:51:b1:ff:73:45:
+ d2:70
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBMjANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
+A1UEAxMMQ2VydCBDaGFpbiA0MB4XDTA5MDMyNDA3MDk0OFoXDTEwMDMyNDA3MDk0
+OFowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNTCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAr2bgwS75de0LJ7M6yR2fOSH5FO4cpO7D8CSmx0Pd
++QPQRAHlGel7JmU8PT2auWkqAEYOyyCYxp03fgyQptewVCtL8z6bGTOhNOti47m7
+/szKOtn8cQpl7zDz9BtV8Iu5EthQJSWsXWOf0cUh8loEsSo0oBJgD4o+q6KH5VvW
+SL8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAn7Pr8Qvn+sPwaju6
+Z8OuSFFjLHq5x83ZkkZ1QKWi1rqOocvH/V2Y9yrlCgZJQorgCbHrGJzJG+XRT6AK
+phRoVHq3m/ZExdihIZnJSdtkpVNIX7bTuvpzZxAQXhJF+Ceo4Pt8FnP7mOE+NfPe
+fLccQi3Sm44D9V/HL1Gx/3NF0nA=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 51 (0x33)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 5
+ Validity
+ Not Before: Mar 24 07:09:51 2009 GMT
+ Not After : Mar 24 07:09:51 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 6
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ce:12:20:d1:14:60:01:47:aa:4c:66:1b:4c:4f:
+ 87:2f:ec:af:fc:11:41:bd:d9:98:7a:b8:e1:dd:59:
+ d0:c0:9e:40:d2:b7:8b:c7:8a:65:ea:0d:0c:36:f1:
+ e6:45:61:dc:6f:08:27:62:d0:78:1b:26:71:d4:fe:
+ 0b:9f:ea:86:1b:43:c7:08:d6:c5:eb:5b:11:c9:8b:
+ 83:8e:a7:05:0d:5c:6c:ce:ab:70:e0:7d:05:ea:06:
+ 39:f9:8c:94:56:56:37:62:b3:18:77:bd:e1:5b:53:
+ a1:07:4d:c7:cc:c6:4c:2e:ef:aa:83:19:b5:ac:e3:
+ 72:2b:0d:72:7a:0a:ca:81:6f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 47:f3:03:ee:f0:fe:31:bb:01:47:ca:0e:69:65:a2:f8:4a:6f:
+ ca:6c:86:80:42:e3:87:49:22:b9:15:f0:da:b6:ca:d9:8b:7f:
+ f9:38:c0:72:d0:d1:b3:44:8d:95:5e:ab:e7:ad:37:34:ba:8b:
+ 2f:11:64:b5:20:09:70:fe:cf:6d:3e:d3:7f:f7:f1:ae:31:74:
+ aa:ae:a7:0b:65:4e:e0:0b:80:87:25:d0:0c:bc:db:f5:ac:0c:
+ 18:8e:4b:c2:42:88:e6:29:4f:2e:6e:df:72:f4:2f:27:39:b8:
+ e4:dc:64:1a:d7:c8:f3:f8:42:53:60:53:24:d7:38:75:50:bc:
+ d1:30
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBMzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
+A1UEAxMMQ2VydCBDaGFpbiA1MB4XDTA5MDMyNDA3MDk1MVoXDTEwMDMyNDA3MDk1
+MVowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNjCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAzhIg0RRgAUeqTGYbTE+HL+yv/BFBvdmYerjh3VnQ
+wJ5A0reLx4pl6g0MNvHmRWHcbwgnYtB4GyZx1P4Ln+qGG0PHCNbF61sRyYuDjqcF
+DVxszqtw4H0F6gY5+YyUVlY3YrMYd73hW1OhB03HzMZMLu+qgxm1rONyKw1yegrK
+gW8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAR/MD7vD+MbsBR8oO
+aWWi+EpvymyGgELjh0kiuRXw2rbK2Yt/+TjActDRs0SNlV6r5603NLqLLxFktSAJ
+cP7PbT7Tf/fxrjF0qq6nC2VO4AuAhyXQDLzb9awMGI5LwkKI5ilPLm7fcvQvJzm4
+5NxkGtfI8/hCU2BTJNc4dVC80TA=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 52 (0x34)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 6
+ Validity
+ Not Before: Mar 24 07:09:53 2009 GMT
+ Not After : Mar 24 07:09:53 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 7
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d5:c2:18:f3:fc:0a:3c:4e:f7:2b:c6:fd:1f:d7:
+ 13:bb:35:74:6e:ca:5d:ab:09:67:21:d0:ed:a7:e8:
+ 99:7e:79:52:b8:32:3d:2b:5f:1b:78:0e:aa:2b:b6:
+ e7:03:ec:f5:7e:b4:54:3b:87:d9:02:1e:c7:e6:04:
+ cf:27:7b:36:e6:2f:8e:8e:94:f7:5b:c6:6e:51:2c:
+ de:17:da:04:45:ea:31:d0:95:c4:50:3c:16:8e:21:
+ c7:f0:0e:b5:86:c8:58:48:a6:0d:4d:a2:a6:8c:81:
+ 7a:67:89:43:56:1c:ca:e3:69:8a:08:05:57:b7:6d:
+ 03:c2:04:af:7b:61:ee:84:27
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 49:e7:f8:dc:ad:06:43:cb:d8:67:e6:e7:c0:7e:dd:a8:21:cd:
+ b9:53:a8:d8:7a:24:df:dc:9c:bb:55:1d:d8:ca:44:0b:0f:fb:
+ f8:db:61:2a:97:79:21:e6:96:2a:8c:76:c4:eb:ad:77:45:53:
+ f5:e2:de:29:7d:29:88:3a:d4:a3:a8:5a:dc:37:24:43:d1:57:
+ a5:5b:0b:3e:05:2d:0a:1a:0e:18:37:50:cc:36:54:85:37:28:
+ 50:c8:61:c7:94:48:a0:60:ab:68:b0:b2:a8:61:14:5e:4a:dd:
+ 04:8a:1a:69:01:45:e2:c6:e2:cb:15:e6:01:49:98:3c:5a:5d:
+ 2a:d4
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBNDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
+A1UEAxMMQ2VydCBDaGFpbiA2MB4XDTA5MDMyNDA3MDk1M1oXDTEwMDMyNDA3MDk1
+M1owUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNzCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEA1cIY8/wKPE73K8b9H9cTuzV0bspdqwlnIdDtp+iZ
+fnlSuDI9K18beA6qK7bnA+z1frRUO4fZAh7H5gTPJ3s25i+OjpT3W8ZuUSzeF9oE
+Reox0JXEUDwWjiHH8A61hshYSKYNTaKmjIF6Z4lDVhzK42mKCAVXt20DwgSve2Hu
+hCcCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEASef43K0GQ8vYZ+bn
+wH7dqCHNuVOo2Hok39ycu1Ud2MpECw/7+NthKpd5IeaWKox2xOutd0VT9eLeKX0p
+iDrUo6ha3DckQ9FXpVsLPgUtChoOGDdQzDZUhTcoUMhhx5RIoGCraLCyqGEUXkrd
+BIoaaQFF4sbiyxXmAUmYPFpdKtQ=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 53 (0x35)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 7
+ Validity
+ Not Before: Mar 24 07:09:54 2009 GMT
+ Not After : Mar 24 07:09:54 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 8
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e4:e0:c4:dc:86:00:94:69:b1:d5:88:72:c8:c2:
+ 52:c0:56:62:0e:f6:80:a2:ef:8e:68:f9:da:d9:85:
+ 01:59:04:5e:f7:fc:23:16:dc:ff:2d:52:0a:8c:81:
+ 96:fa:24:1d:4b:89:60:2c:25:1a:eb:4e:a6:21:c5:
+ 1f:5b:87:d6:65:8c:d7:e1:a2:55:67:7e:01:7c:28:
+ 84:d7:23:56:f4:f8:e1:9c:a4:1f:74:fe:6b:c0:14:
+ cc:fd:05:7b:ba:f6:b0:e3:f5:7e:46:ce:70:39:5c:
+ 93:43:01:f8:ad:38:a6:0c:71:60:9e:0b:0d:bf:42:
+ 6c:d3:9e:21:4c:55:ed:74:73
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ be:aa:0c:d9:b6:cc:d6:e1:47:ca:cb:6a:36:5e:67:43:f6:8e:
+ ab:d9:2a:5c:9d:e0:74:f5:55:70:80:8e:2f:f8:16:4c:2d:4c:
+ 9c:94:80:6b:6b:c0:7a:e4:0f:f4:60:64:10:ba:93:f5:2a:39:
+ 0f:5f:06:8a:d4:75:5b:b2:c4:92:25:ad:21:fa:98:75:54:48:
+ b5:d6:80:c6:9d:96:af:bf:fd:f4:57:80:cf:03:5c:dc:2b:b3:
+ f6:a2:7a:8e:8d:a5:01:92:53:e4:b7:77:99:1b:71:04:97:66:
+ 57:a1:28:9d:3b:f8:ac:2e:15:18:17:2e:5d:0b:47:49:3b:65:
+ 88:fc
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBNTANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
+A1UEAxMMQ2VydCBDaGFpbiA3MB4XDTA5MDMyNDA3MDk1NFoXDTEwMDMyNDA3MDk1
+NFowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gODCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEA5ODE3IYAlGmx1YhyyMJSwFZiDvaAou+OaPna2YUB
+WQRe9/wjFtz/LVIKjIGW+iQdS4lgLCUa606mIcUfW4fWZYzX4aJVZ34BfCiE1yNW
+9PjhnKQfdP5rwBTM/QV7uvaw4/V+Rs5wOVyTQwH4rTimDHFgngsNv0Js054hTFXt
+dHMCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAvqoM2bbM1uFHystq
+Nl5nQ/aOq9kqXJ3gdPVVcICOL/gWTC1MnJSAa2vAeuQP9GBkELqT9So5D18GitR1
+W7LEkiWtIfqYdVRItdaAxp2Wr7/99FeAzwNc3Cuz9qJ6jo2lAZJT5Ld3mRtxBJdm
+V6EonTv4rC4VGBcuXQtHSTtliPw=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 54 (0x36)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 8
+ Validity
+ Not Before: Mar 24 07:09:55 2009 GMT
+ Not After : Mar 24 07:09:55 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 9
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e1:c8:32:42:5f:a8:53:b3:22:a3:58:9a:7c:1e:
+ fe:33:12:64:5c:3e:45:18:5b:23:ac:79:43:45:d7:
+ 64:6f:7c:e4:a3:95:5c:f9:e1:c4:b1:63:43:9c:7e:
+ 10:81:aa:7f:de:b5:b7:85:a6:b5:60:39:25:22:48:
+ 64:c5:54:1a:6e:b1:22:90:f3:8c:17:85:c2:be:1c:
+ 81:aa:a6:7b:14:b4:7a:13:b2:94:72:42:ef:77:cc:
+ 30:a4:c8:5c:80:b2:47:2e:f7:db:53:ea:ae:63:5a:
+ 19:20:30:2b:f1:d0:a3:0e:0d:4c:c0:c9:7e:9b:b5:
+ 0b:db:51:6a:e7:0e:74:69:ef
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ d9:93:84:69:52:8d:5a:7e:c4:b7:04:54:a0:47:32:04:c7:be:
+ 7b:94:1b:f9:b6:c5:88:84:a1:b4:22:4f:3b:28:ae:29:90:f1:
+ e4:25:f0:b9:e6:a0:dd:0e:0c:15:a9:6c:e4:8a:fa:a0:42:a7:
+ f9:4e:b7:0b:53:c1:ab:cb:a7:83:4c:0b:03:f0:64:95:75:5f:
+ 09:dc:2c:a2:19:d6:51:e8:e4:86:7f:50:60:69:01:64:a5:fd:
+ 0c:bb:0e:a0:cb:63:9c:b5:2c:22:63:f6:a4:e2:b1:9b:62:a5:
+ 8c:c7:e5:a3:93:d8:18:6a:f2:95:b6:53:6a:8d:be:b0:ce:fa:
+ e9:71
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBNjANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
+A1UEAxMMQ2VydCBDaGFpbiA4MB4XDTA5MDMyNDA3MDk1NVoXDTEwMDMyNDA3MDk1
+NVowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gOTCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEA4cgyQl+oU7Mio1iafB7+MxJkXD5FGFsjrHlDRddk
+b3zko5Vc+eHEsWNDnH4Qgap/3rW3haa1YDklIkhkxVQabrEikPOMF4XCvhyBqqZ7
+FLR6E7KUckLvd8wwpMhcgLJHLvfbU+quY1oZIDAr8dCjDg1MwMl+m7UL21Fq5w50
+ae8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEA2ZOEaVKNWn7EtwRU
+oEcyBMe+e5Qb+bbFiIShtCJPOyiuKZDx5CXwueag3Q4MFals5Ir6oEKn+U63C1PB
+q8ung0wLA/BklXVfCdwsohnWUejkhn9QYGkBZKX9DLsOoMtjnLUsImP2pOKxm2Kl
+jMflo5PYGGrylbZTao2+sM766XE=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 55 (0x37)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 9
+ Validity
+ Not Before: Mar 24 07:09:56 2009 GMT
+ Not After : Mar 24 07:09:56 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 10
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:da:7a:ea:e9:4d:f1:46:ae:bd:f9:0c:81:de:fd:
+ f4:cf:13:fc:74:54:1b:f7:fb:d3:b0:f6:ae:32:fe:
+ 17:0d:df:91:e2:77:c7:b7:64:8b:53:48:b2:50:c6:
+ 10:d3:4d:c2:c2:9e:53:d1:af:3b:fe:d0:c3:64:bf:
+ 95:48:a3:5e:85:29:f7:c3:19:4c:54:09:7a:42:81:
+ bc:b9:f0:63:eb:0a:90:3c:9d:fa:25:b8:ee:80:50:
+ c1:b9:c2:8d:28:eb:a4:1b:88:b5:2f:0c:30:04:8c:
+ 97:a8:a9:9a:27:7c:5a:79:03:49:fc:ec:81:39:61:
+ 1c:52:9b:97:9a:f0:54:db:2f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 81:7f:37:9d:a6:8f:7d:f1:03:b0:78:a3:44:7e:c1:31:27:f0:
+ 73:51:eb:55:76:3f:1b:a5:59:0f:5b:ab:2f:ff:72:9d:8a:46:
+ af:30:a4:c1:6a:25:1c:04:b9:22:14:b8:39:52:f1:4f:f0:24:
+ eb:f0:5f:62:79:24:c2:ec:84:92:87:5d:9c:05:87:e8:b1:71:
+ a7:30:fc:03:2d:9f:c5:3b:7c:58:7e:7a:86:75:50:ad:14:5e:
+ f9:69:c4:49:1e:58:33:da:5f:eb:bc:c5:ac:10:2a:dd:3c:87:
+ 1c:0f:aa:37:93:c0:68:4c:3d:b4:0c:30:78:63:af:8a:f4:80:
+ e8:8e
+-----BEGIN CERTIFICATE-----
+MIICUTCCAbqgAwIBAgIBNzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
+A1UEAxMMQ2VydCBDaGFpbiA5MB4XDTA5MDMyNDA3MDk1NloXDTEwMDMyNDA3MDk1
+NlowUjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xFjAUBgNVBAMTDUNlcnQgQ2hhaW4gMTAwgZ8wDQYJKoZI
+hvcNAQEBBQADgY0AMIGJAoGBANp66ulN8UauvfkMgd799M8T/HRUG/f707D2rjL+
+Fw3fkeJ3x7dki1NIslDGENNNwsKeU9GvO/7Qw2S/lUijXoUp98MZTFQJekKBvLnw
+Y+sKkDyd+iW47oBQwbnCjSjrpBuItS8MMASMl6ipmid8WnkDSfzsgTlhHFKbl5rw
+VNsvAgMBAAGjODA2MDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDov
+LzEyNy4wLjAuMTo4OS8wMDAyMA0GCSqGSIb3DQEBBQUAA4GBAIF/N52mj33xA7B4
+o0R+wTEn8HNR61V2PxulWQ9bqy//cp2KRq8wpMFqJRwEuSIUuDlS8U/wJOvwX2J5
+JMLshJKHXZwFh+ixcacw/AMtn8U7fFh+eoZ1UK0UXvlpxEkeWDPaX+u8xawQKt08
+hxwPqjeTwGhMPbQMMHhjr4r0gOiO
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 56 (0x38)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 1
+ Validity
+ Not Before: Mar 24 07:21:45 2009 GMT
+ Not After : Mar 24 07:21:45 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d3:39:a7:a4:19:61:28:35:4f:f0:9b:f0:b8:8d:
+ 55:e9:da:4d:35:9e:3d:6c:c0:30:b1:8b:c0:50:a4:
+ 08:6a:d6:e3:fa:f3:f1:cb:9f:14:2e:b6:cb:d2:17:
+ 3d:bd:8b:31:8e:c8:95:13:f0:fc:03:42:30:02:98:
+ 6c:ee:2a:e9:c1:2a:9f:79:e0:09:35:a7:6e:bd:70:
+ 62:ae:09:53:54:a9:62:36:23:b7:15:98:01:c6:c5:
+ 52:47:a1:8c:c1:de:7c:4d:86:38:d0:12:24:57:76:
+ 99:ba:1f:23:62:20:a5:79:12:a2:9a:90:b8:aa:50:
+ 96:59:16:ed:29:74:9d:67:53
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 29:8e:68:80:e0:f2:ce:29:e5:70:95:67:0d:51:4a:a8:a0:9c:
+ 9f:4f:2f:3a:83:40:67:6e:01:cb:21:bf:4a:a7:16:3d:df:f8:
+ 2b:ca:6d:86:92:cc:46:99:99:b5:11:09:4d:25:c7:15:5f:64:
+ 66:1a:18:69:ce:37:86:96:ab:e6:2e:3d:63:a3:cf:14:91:3b:
+ 19:fc:79:a7:37:60:eb:51:12:3f:4d:3b:07:6c:0e:ae:69:2c:
+ 07:4d:6a:ca:5d:97:e5:f0:24:96:7e:fa:f3:83:ec:53:7a:b1:
+ 53:cb:42:c5:15:b0:04:9f:36:5c:d0:d5:92:49:38:e5:a5:ef:
+ 91:d2
+-----BEGIN CERTIFICATE-----
+MIICXjCCAcegAwIBAgIBODANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
+A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMTAeFw0wOTAzMjQwNzIxNDVaFw0xMDAz
+MjQwNzIxNDVaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
+FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
+QSAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTOaekGWEoNU/wm/C4jVXp
+2k01nj1swDCxi8BQpAhq1uP68/HLnxQutsvSFz29izGOyJUT8PwDQjACmGzuKunB
+Kp954Ak1p269cGKuCVNUqWI2I7cVmAHGxVJHoYzB3nxNhjjQEiRXdpm6HyNiIKV5
+EqKakLiqUJZZFu0pdJ1nUwIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
+BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
+gQApjmiA4PLOKeVwlWcNUUqooJyfTy86g0BnbgHLIb9KpxY93/grym2GksxGmZm1
+EQlNJccVX2RmGhhpzjeGlqvmLj1jo88UkTsZ/HmnN2DrURI/TTsHbA6uaSwHTWrK
+XZfl8CSWfvrzg+xTerFTy0LFFbAEnzZc0NWSSTjlpe+R0g==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 57 (0x39)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 2
+ Validity
+ Not Before: Mar 24 07:21:47 2009 GMT
+ Not After : Mar 24 07:21:47 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 3
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:a3:84:57:22:7a:bf:2f:ec:a6:d3:c6:f2:e1:14:
+ 92:8e:9d:b1:5a:f2:6f:99:9f:53:08:d1:f9:ef:00:
+ da:a7:2d:c3:64:6f:31:df:4c:49:20:06:88:92:d7:
+ c6:ff:0c:99:49:d0:c5:57:bb:ea:87:4d:06:ac:68:
+ 35:6a:3e:23:6c:dd:2f:4e:7c:fc:9c:e6:d0:1d:65:
+ e4:87:79:7e:d9:c0:1e:cd:7b:f5:81:bf:79:8a:d8:
+ 6e:94:22:f1:79:a6:dc:52:ea:ed:e6:f7:86:31:5d:
+ b7:39:fc:cd:73:ed:0d:1f:f2:ca:79:ba:25:1e:f4:
+ b9:6c:bc:28:08:a9:46:aa:1d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 05:E8:B5:E4:89:7E:CD:72:28:E1:08:B5:B2:9F:8E:A2:13:2B:2C:A7
+ X509v3 Authority Key Identifier:
+ DirName:/C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 1
+ serial:38
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 36:e5:af:2d:c4:bd:c1:16:27:74:f0:0a:a5:12:4c:da:d6:e2:
+ 60:98:ee:3d:7a:d1:55:a0:ed:57:fd:6b:9b:fc:19:4b:f3:b2:
+ 41:19:a7:6c:f7:15:63:68:18:09:6d:db:23:f9:e1:2a:d6:75:
+ e5:18:46:2b:82:57:4e:1a:f8:03:fa:3d:7c:aa:70:8e:17:25:
+ c6:b2:ab:ca:94:90:fd:2a:69:53:f5:11:81:68:06:f8:2d:5d:
+ 92:39:b4:96:f0:d0:b5:03:c2:15:26:f4:e9:c0:9a:28:39:dd:
+ 67:ea:a6:9f:27:44:69:2e:95:e0:a1:03:f6:3c:a1:f7:92:f4:
+ a2:b8
+-----BEGIN CERTIFICATE-----
+MIIC7jCCAlegAwIBAgIBOTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
+A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMjAeFw0wOTAzMjQwNzIxNDdaFw0xMDAz
+MjQwNzIxNDdaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
+FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
+QSAzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjhFcier8v7KbTxvLhFJKO
+nbFa8m+Zn1MI0fnvANqnLcNkbzHfTEkgBoiS18b/DJlJ0MVXu+qHTQasaDVqPiNs
+3S9OfPyc5tAdZeSHeX7ZwB7Ne/WBv3mK2G6UIvF5ptxS6u3m94YxXbc5/M1z7Q0f
+8sp5uiUe9LlsvCgIqUaqHQIDAQABo4HHMIHEMAkGA1UdEwQCMAAwLAYJYIZIAYb4
+QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQF
+6LXkiX7NcijhCLWyn46iEysspzBqBgNVHSMEYzBhoVykWjBYMQswCQYDVQQGEwJL
+UjETMBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEc
+MBoGA1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMYIBODANBgkqhkiG9w0BAQUFAAOB
+gQA25a8txL3BFid08AqlEkza1uJgmO49etFVoO1X/Wub/BlL87JBGads9xVjaBgJ
+bdsj+eEq1nXlGEYrgldOGvgD+j18qnCOFyXGsqvKlJD9KmlT9RGBaAb4LV2SObSW
+8NC1A8IVJvTpwJooOd1n6qafJ0RpLpXgoQP2PKH3kvSiuA==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 58 (0x3a)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 3
+ Validity
+ Not Before: Mar 24 07:21:48 2009 GMT
+ Not After : Mar 24 07:21:48 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 4
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:cb:8d:d0:6f:74:f7:2a:96:47:5a:f9:e3:d5:72:
+ 3a:81:94:c7:0f:e2:a2:9b:11:4e:92:15:61:dc:3f:
+ b8:fd:9f:b8:ae:18:54:25:ca:e0:1a:8f:49:f7:e1:
+ 81:64:76:47:5a:b4:bc:9d:11:09:6d:c7:71:03:cd:
+ 38:ab:85:5f:69:5a:ed:6b:aa:32:a7:85:b4:75:9a:
+ aa:dc:ec:ee:9d:4e:03:51:e3:8e:a6:89:82:e3:26:
+ 13:42:99:87:04:5f:59:58:43:89:32:ed:da:34:e9:
+ b2:ca:33:af:29:eb:20:0b:e7:4a:10:0c:3f:00:94:
+ 75:36:c5:f8:4d:4b:a4:88:95
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 6f:51:b6:28:15:d9:aa:56:70:0d:2a:f0:52:8b:c4:53:47:68:
+ 78:fe:fe:89:c2:3b:87:23:40:87:04:02:67:74:4d:3c:cc:39:
+ 48:30:f6:9c:12:74:be:48:26:5a:7c:a1:bf:d0:fa:19:89:63:
+ 66:fe:44:2d:f5:e5:e8:9f:57:c5:20:fe:f0:10:2f:f0:6d:16:
+ ef:a0:2b:db:95:05:72:cb:63:e4:2b:28:38:8f:aa:b9:51:f2:
+ 88:19:0e:c1:c8:e7:0d:66:b8:13:f2:13:2d:ee:f0:dd:98:56:
+ 04:af:c6:c8:81:07:ce:44:f5:23:7b:a4:72:32:4d:43:a9:61:
+ 72:d6
+-----BEGIN CERTIFICATE-----
+MIICXjCCAcegAwIBAgIBOjANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
+A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMzAeFw0wOTAzMjQwNzIxNDhaFw0xMDAz
+MjQwNzIxNDhaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
+FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
+QSA0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLjdBvdPcqlkda+ePVcjqB
+lMcP4qKbEU6SFWHcP7j9n7iuGFQlyuAaj0n34YFkdkdatLydEQltx3EDzTirhV9p
+Wu1rqjKnhbR1mqrc7O6dTgNR446miYLjJhNCmYcEX1lYQ4ky7do06bLKM68p6yAL
+50oQDD8AlHU2xfhNS6SIlQIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
+BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
+gQBvUbYoFdmqVnANKvBSi8RTR2h4/v6JwjuHI0CHBAJndE08zDlIMPacEnS+SCZa
+fKG/0PoZiWNm/kQt9eXon1fFIP7wEC/wbRbvoCvblQVyy2PkKyg4j6q5UfKIGQ7B
+yOcNZrgT8hMt7vDdmFYEr8bIgQfORPUje6RyMk1DqWFy1g==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 59 (0x3b)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 4
+ Validity
+ Not Before: Mar 24 07:21:49 2009 GMT
+ Not After : Mar 24 07:21:49 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 5
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:db:0c:70:a3:4b:8d:12:fa:47:5f:5f:3a:41:91:
+ 18:7a:9b:e3:af:99:56:70:96:71:7d:d0:7c:ee:d9:
+ d2:3a:90:cb:42:c8:eb:06:a5:81:24:a3:d0:9e:d0:
+ 33:04:88:50:a4:e2:32:37:1a:b8:a4:3f:77:56:b4:
+ 3f:a9:cc:27:7e:c9:c9:89:1e:ca:64:b6:4e:e6:fc:
+ fa:17:ce:3b:94:7f:b2:14:6f:40:ad:78:75:f3:09:
+ be:62:0d:be:af:40:61:dc:16:4b:94:4c:8b:16:ce:
+ 79:5f:97:59:56:19:8a:23:ea:21:7c:3d:02:53:09:
+ 32:17:b6:27:ee:6e:31:1e:4d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 86:d9:2f:aa:12:1f:31:35:60:68:49:8c:4e:75:b3:5e:8f:f2:
+ 81:69:79:7f:92:ca:32:ca:cf:a3:45:d0:8a:2c:d6:8b:9a:e6:
+ a8:3d:19:66:ee:3b:03:25:4b:ed:56:c2:49:09:99:98:b3:9f:
+ 13:11:ee:b5:ad:00:b8:36:31:6e:91:f6:fd:f3:95:7e:90:b9:
+ 0b:26:ab:06:72:cf:57:33:3c:88:4e:aa:c4:bb:89:a5:60:95:
+ 11:b5:e6:eb:1f:8f:fb:b0:f0:c5:78:be:6a:7f:39:29:e4:5b:
+ 7b:28:16:d2:b6:bf:38:af:25:de:7b:22:23:d3:23:ca:03:0d:
+ c6:08
+-----BEGIN CERTIFICATE-----
+MIICXjCCAcegAwIBAgIBOzANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
+A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNDAeFw0wOTAzMjQwNzIxNDlaFw0xMDAz
+MjQwNzIxNDlaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
+FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
+QSA1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbDHCjS40S+kdfXzpBkRh6
+m+OvmVZwlnF90Hzu2dI6kMtCyOsGpYEko9Ce0DMEiFCk4jI3GrikP3dWtD+pzCd+
+ycmJHspktk7m/PoXzjuUf7IUb0CteHXzCb5iDb6vQGHcFkuUTIsWznlfl1lWGYoj
+6iF8PQJTCTIXtifubjEeTQIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
+BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
+gQCG2S+qEh8xNWBoSYxOdbNej/KBaXl/ksoyys+jRdCKLNaLmuaoPRlm7jsDJUvt
+VsJJCZmYs58TEe61rQC4NjFukfb985V+kLkLJqsGcs9XMzyITqrEu4mlYJURtebr
+H4/7sPDFeL5qfzkp5Ft7KBbStr84ryXeeyIj0yPKAw3GCA==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 60 (0x3c)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 5
+ Validity
+ Not Before: Mar 24 07:21:50 2009 GMT
+ Not After : Mar 24 07:21:50 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 6
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:96:4e:86:e9:ca:b8:83:48:47:72:fa:ad:01:a8:
+ 26:c0:c6:09:10:ef:37:e0:62:e6:6b:e1:97:9d:15:
+ c2:e5:88:fa:ee:50:81:ff:eb:fb:48:80:6f:db:41:
+ b7:51:58:64:eb:8d:b7:2f:03:1a:0b:36:db:53:1d:
+ 19:7c:49:f9:76:0c:39:36:f3:4f:e9:f6:c7:90:5f:
+ 02:dd:dc:e7:51:c2:44:cc:9f:87:4c:13:d4:e5:91:
+ 1c:4a:ed:33:a2:80:76:c8:56:7e:fc:c9:73:2b:78:
+ d9:7e:a3:b2:23:cd:69:ca:a1:a7:8c:e3:8c:97:3e:
+ 71:ac:c8:04:56:bd:97:cd:d1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 6f:e5:2b:c2:3c:65:22:24:f1:1c:a4:c4:c1:35:73:40:a0:8a:
+ f0:13:06:c7:46:19:83:51:e0:c6:9f:d8:49:93:59:41:3f:71:
+ 2d:31:67:55:98:49:42:aa:07:42:81:b5:4f:29:11:36:3f:23:
+ 47:75:75:89:18:95:a4:ea:af:9f:4f:b2:0e:0b:21:4e:74:4f:
+ 2c:18:74:c9:05:21:55:e7:e7:b2:85:9a:4f:70:ce:d1:89:1d:
+ 9e:f8:02:30:d0:60:c5:2a:78:87:67:9e:04:3e:8a:7b:f9:df:
+ 0b:4e:41:3a:81:fa:35:fa:d7:77:5f:7c:1f:cc:59:da:94:9b:
+ 94:55
+-----BEGIN CERTIFICATE-----
+MIICXjCCAcegAwIBAgIBPDANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
+A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNTAeFw0wOTAzMjQwNzIxNTBaFw0xMDAz
+MjQwNzIxNTBaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
+FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
+QSA2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWTobpyriDSEdy+q0BqCbA
+xgkQ7zfgYuZr4ZedFcLliPruUIH/6/tIgG/bQbdRWGTrjbcvAxoLNttTHRl8Sfl2
+DDk280/p9seQXwLd3OdRwkTMn4dME9TlkRxK7TOigHbIVn78yXMreNl+o7IjzWnK
+oaeM44yXPnGsyARWvZfN0QIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
+BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
+gQBv5SvCPGUiJPEcpMTBNXNAoIrwEwbHRhmDUeDGn9hJk1lBP3EtMWdVmElCqgdC
+gbVPKRE2PyNHdXWJGJWk6q+fT7IOCyFOdE8sGHTJBSFV5+eyhZpPcM7RiR2e+AIw
+0GDFKniHZ54EPop7+d8LTkE6gfo1+td3X3wfzFnalJuUVQ==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 61 (0x3d)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 6
+ Validity
+ Not Before: Mar 24 07:21:51 2009 GMT
+ Not After : Mar 24 07:21:51 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 7
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b4:5b:fe:48:10:2b:eb:58:af:c6:0e:57:2a:a5:
+ 5c:cc:57:85:44:f2:d9:d1:43:84:d3:40:8b:f7:7a:
+ e0:e8:b1:9d:e8:f4:b1:45:c6:67:14:9b:a5:a8:e2:
+ 8f:cb:31:a6:db:61:90:0d:aa:0a:9e:26:dc:4b:0b:
+ 33:a2:7c:07:72:91:ee:6a:ec:77:34:f4:7e:a5:0e:
+ 39:13:a8:d5:86:86:12:5b:a4:8b:38:91:57:24:8d:
+ a9:3b:f8:f1:a6:48:89:20:a9:5b:b3:fe:ca:56:f0:
+ ca:d1:ec:99:9c:57:6a:df:8e:23:a1:7e:be:5f:7c:
+ cf:a9:db:3f:b8:dc:a1:9a:39
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 1d:2e:83:cb:9e:92:3e:d2:0a:fb:74:87:66:3d:57:84:09:11:
+ 4a:2a:68:0e:da:9e:4d:7b:25:af:56:fa:3c:d5:4c:02:fe:43:
+ dd:c3:66:c9:5d:55:50:40:15:8f:06:74:13:83:27:c5:19:7e:
+ 55:f3:fa:26:ec:3e:c0:1a:5d:20:ee:09:af:38:83:f8:0e:da:
+ bf:07:87:07:a5:70:79:21:2c:38:5b:e0:f8:d1:57:0f:9b:d1:
+ ee:a3:86:02:b5:e0:5b:64:08:5f:64:8b:43:65:ac:60:8a:c9:
+ 6f:47:37:66:61:c1:74:b0:74:0a:24:12:36:c1:28:58:b6:04:
+ 9b:4c
+-----BEGIN CERTIFICATE-----
+MIICXjCCAcegAwIBAgIBPTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
+A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNjAeFw0wOTAzMjQwNzIxNTFaFw0xMDAz
+MjQwNzIxNTFaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
+FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
+QSA3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0W/5IECvrWK/GDlcqpVzM
+V4VE8tnRQ4TTQIv3euDosZ3o9LFFxmcUm6Wo4o/LMabbYZANqgqeJtxLCzOifAdy
+ke5q7Hc09H6lDjkTqNWGhhJbpIs4kVckjak7+PGmSIkgqVuz/spW8MrR7JmcV2rf
+jiOhfr5ffM+p2z+43KGaOQIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
+BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
+gQAdLoPLnpI+0gr7dIdmPVeECRFKKmgO2p5NeyWvVvo81UwC/kPdw2bJXVVQQBWP
+BnQTgyfFGX5V8/om7D7AGl0g7gmvOIP4Dtq/B4cHpXB5ISw4W+D40VcPm9Huo4YC
+teBbZAhfZItDZaxgislvRzdmYcF0sHQKJBI2wShYtgSbTA==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 62 (0x3e)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 7
+ Validity
+ Not Before: Mar 24 07:21:52 2009 GMT
+ Not After : Mar 24 07:21:52 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 8
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:bc:76:6c:d1:65:bb:c3:98:fa:4d:19:34:a6:43:
+ 8a:c1:1d:ff:04:4c:f9:c9:bf:c5:d9:4c:08:94:a2:
+ 4c:55:31:09:68:3a:35:61:c6:2e:7d:6a:7a:87:88:
+ ba:21:4c:5e:5e:28:d9:d3:fd:01:bc:4e:e2:55:a8:
+ d7:d5:a0:72:d1:b5:fb:6f:f8:ca:7a:f7:e6:89:b0:
+ 3e:c9:83:e5:fd:8d:a9:fc:0a:fd:a0:dd:a2:33:17:
+ 4e:a0:0e:37:22:b2:ef:27:e4:67:d5:58:80:8b:16:
+ a1:a2:56:c3:73:69:7d:ee:47:d9:af:4d:19:7e:9f:
+ 2b:08:ad:4b:51:07:40:99:f1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 40:8d:52:73:c3:85:6b:6c:4f:54:51:06:eb:d8:cd:40:5d:3d:
+ 89:c2:06:4d:c6:70:5e:cc:64:40:3f:bb:3e:d4:52:b0:8d:57:
+ 77:f3:1f:63:89:b3:21:b0:72:c6:ef:97:77:06:90:6f:fd:e8:
+ c3:d4:d6:13:f7:18:a8:eb:1e:87:b8:98:20:4a:0b:58:74:81:
+ 59:eb:6e:50:f3:68:b2:e2:8c:a2:4b:92:c5:fa:e1:4f:43:ae:
+ 51:ca:a6:c7:2c:40:16:2f:24:d3:a2:91:d5:45:7d:a7:3c:6e:
+ 65:74:a7:b0:a6:a0:07:d7:1d:3a:2e:51:6e:de:7f:e6:5b:73:
+ e2:7d
+-----BEGIN CERTIFICATE-----
+MIICXjCCAcegAwIBAgIBPjANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
+A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNzAeFw0wOTAzMjQwNzIxNTJaFw0xMDAz
+MjQwNzIxNTJaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
+FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
+QSA4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8dmzRZbvDmPpNGTSmQ4rB
+Hf8ETPnJv8XZTAiUokxVMQloOjVhxi59anqHiLohTF5eKNnT/QG8TuJVqNfVoHLR
+tftv+Mp69+aJsD7Jg+X9jan8Cv2g3aIzF06gDjcisu8n5GfVWICLFqGiVsNzaX3u
+R9mvTRl+nysIrUtRB0CZ8QIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
+BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
+gQBAjVJzw4VrbE9UUQbr2M1AXT2JwgZNxnBezGRAP7s+1FKwjVd38x9jibMhsHLG
+75d3BpBv/ejD1NYT9xio6x6HuJggSgtYdIFZ625Q82iy4oyiS5LF+uFPQ65RyqbH
+LEAWLyTTopHVRX2nPG5ldKewpqAH1x06LlFu3n/mW3PifQ==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 63 (0x3f)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 8
+ Validity
+ Not Before: Mar 24 07:21:52 2009 GMT
+ Not After : Mar 24 07:21:52 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 9
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:a8:70:69:1c:f1:48:a4:71:a5:2b:d0:d8:f1:00:
+ 1f:ca:2a:17:d0:3f:4f:1f:43:a0:04:52:3e:28:73:
+ 3b:20:03:96:47:99:19:dc:95:35:41:af:03:4e:08:
+ 01:c1:d5:08:65:4c:75:9f:29:73:d3:ab:b3:f5:9c:
+ e7:e0:73:a8:4e:be:fd:86:67:f7:f4:20:42:76:39:
+ 85:94:91:b8:6c:74:00:c8:c8:8b:d1:24:38:92:dd:
+ 74:76:e8:ca:69:f6:96:aa:29:1b:32:4e:d7:65:4d:
+ dc:87:4c:ff:60:dc:44:a5:06:60:2a:2f:48:e6:a0:
+ 9c:93:eb:24:ff:74:a5:d0:13
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 8f:6f:4d:2a:68:f1:d5:08:43:43:3f:5a:53:d8:fe:71:93:e8:
+ 08:e5:a3:4f:dc:b2:9b:20:89:7c:dd:b0:57:7f:f7:1f:45:09:
+ 78:c0:ba:99:0e:ab:fe:a5:1c:de:37:f6:dd:9a:b2:f1:9f:f0:
+ 15:19:4b:6c:32:dc:5f:8e:af:4f:3f:fe:a3:67:ae:78:ba:af:
+ cd:41:fd:c9:31:ca:ce:7e:82:2e:c6:40:4d:94:b9:cd:fa:d5:
+ a1:b3:b6:10:47:2d:75:f1:37:3f:e9:62:81:a3:ff:7f:72:04:
+ f7:26:6d:d4:c0:22:38:a1:6c:64:10:66:fe:0d:95:e7:2e:64:
+ c8:d5
+-----BEGIN CERTIFICATE-----
+MIICXjCCAcegAwIBAgIBPzANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
+A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgODAeFw0wOTAzMjQwNzIxNTJaFw0xMDAz
+MjQwNzIxNTJaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
+FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
+QSA5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCocGkc8UikcaUr0NjxAB/K
+KhfQP08fQ6AEUj4oczsgA5ZHmRnclTVBrwNOCAHB1QhlTHWfKXPTq7P1nOfgc6hO
+vv2GZ/f0IEJ2OYWUkbhsdADIyIvRJDiS3XR26Mpp9paqKRsyTtdlTdyHTP9g3ESl
+BmAqL0jmoJyT6yT/dKXQEwIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
+BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
+gQCPb00qaPHVCENDP1pT2P5xk+gI5aNP3LKbIIl83bBXf/cfRQl4wLqZDqv+pRze
+N/bdmrLxn/AVGUtsMtxfjq9PP/6jZ654uq/NQf3JMcrOfoIuxkBNlLnN+tWhs7YQ
+Ry118Tc/6WKBo/9/cgT3Jm3UwCI4oWxkEGb+DZXnLmTI1Q==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 64 (0x40)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 9
+ Validity
+ Not Before: Mar 24 07:21:53 2009 GMT
+ Not After : Mar 24 07:21:53 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 10
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:df:07:2f:ee:54:76:49:52:9f:16:7a:0a:39:2f:
+ 44:6d:17:67:ca:6a:0c:d7:42:c2:45:60:f9:b7:a2:
+ e2:ea:2f:53:14:69:02:57:06:7e:44:b6:c7:6b:9f:
+ 41:b8:1c:2a:17:6b:38:a5:89:c0:ec:e2:4c:c0:59:
+ 97:6c:8d:17:cf:e5:86:3d:3b:b1:69:90:80:fe:84:
+ 7b:37:4e:b9:1d:5e:98:fc:46:38:c7:f1:26:24:7d:
+ 7a:fc:fa:d7:51:59:d1:ba:5f:07:85:9e:43:df:fd:
+ 6e:5f:35:c8:a4:fe:24:a2:5e:8a:bb:01:b5:5d:c5:
+ cb:0e:40:f5:e9:4c:0b:00:43
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:89/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 6f:3d:1c:f3:6a:7d:23:49:43:c3:dd:41:43:81:42:f4:60:bf:
+ 87:d4:5f:83:96:1c:6a:c3:06:28:e5:76:fb:5c:17:fc:60:1c:
+ 04:07:03:99:92:d4:01:ac:97:81:0c:2a:7c:67:18:88:60:88:
+ dc:a9:35:c1:89:75:d8:0b:0a:c3:ff:43:4a:5a:93:3a:d3:67:
+ b2:ce:8d:8a:8c:19:b5:23:b5:ed:b9:df:26:52:70:09:41:4e:
+ 68:1a:54:08:74:c8:ff:bf:03:70:f1:9b:ef:65:2e:e2:23:74:
+ 12:77:c4:25:de:fe:58:a9:a9:fa:d2:fb:4b:40:70:24:31:2b:
+ bc:64
+-----BEGIN CERTIFICATE-----
+MIICXzCCAcigAwIBAgIBQDANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
+A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgOTAeFw0wOTAzMjQwNzIxNTNaFw0xMDAz
+MjQwNzIxNTNaMFkxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
+FAYDVQQKEw1TYW1zdW5nIEVsZWMuMR0wGwYDVQQDExRDZXJ0IENoYWluIE5vIEFJ
+QSAxMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3wcv7lR2SVKfFnoKOS9E
+bRdnymoM10LCRWD5t6Li6i9TFGkCVwZ+RLbHa59BuBwqF2s4pYnA7OJMwFmXbI0X
+z+WGPTuxaZCA/oR7N065HV6Y/EY4x/EmJH16/PrXUVnRul8HhZ5D3/1uXzXIpP4k
+ol6KuwG1XcXLDkD16UwLAEMCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsG
+AQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQAD
+gYEAbz0c82p9I0lDw91BQ4FC9GC/h9Rfg5YcasMGKOV2+1wX/GAcBAcDmZLUAayX
+gQwqfGcYiGCI3Kk1wYl12AsKw/9DSlqTOtNnss6NiowZtSO17bnfJlJwCUFOaBpU
+CHTI/78DcPGb72Uu4iN0EnfEJd7+WKmp+tL7S0BwJDErvGQ=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDHtcvaTeUMUcVz+dHjdBtbrGkyFTG8b0rzOtvri2AaBfwHDRyh
+/PcgLmWVGGHy7jh+jekP+6HnU01q/sSzObtv+RSxrxMlDPOyDOhj34jbVU3SlWGt
+R/3lBP1s78vaz04a4ZgP3X4BMBXEFenNuvb4gUs1FS6RBWTThsWeDa1eaQIDAQAB
+AoGBAITKrA6vRsLnSGyyS057cImHXbdQgm6ybdrHY13+odsL6aXioQxRAR1j3GXD
+/bUjk2sK/1KCVghTyqF/X9lwZOGFOM5XsyptHxF/afgBljGzZwW21GBG4hSfSOjm
++yL2Xhlejol1GbC3D9jLksxrfcKuVFkXbBJVYp1dQ+9wBWvRAkEA8AwIpeMYz4/B
+W83f2FnK81ETeO8DKldFQADlgv4q3F/un2oSCxBglyyq0i7JjdK2/kgxHN62zsxZ
+LeDZUr1z5QJBANT7gO03J8jODO8wqqaS63T/0vxoMHrAF/l/NC0Fpk5AZutDvsn9
+yWLy0PNwJlLzKo8XBCjIY9wVxiwS9/Ic4DUCQFWUpLyns1/Eq7YUNvsGQFHxFNUn
+uWQuCvVfnHPQM+2vkf5prZceNqGO/jPDFH6ooi8UA9Z8HIar2ht+L1zNSHUCQQDI
+Ifk5bv2sfKq8zH9e/WnRzF7nHcSIZB9jLDvMHqXynCPZ6RPL3PWzTDY6uuTYR3Vz
+dg5LgFoNwkwwuDZTRP0NAkAUHcJbjs2ey95utZ/to9Cl+ztaJWoa83dSQCx978l0
+a9O/kVYympJTHCnL8mU9QqePQvJjtgBY4ypcsaJ2luFV
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDaeurpTfFGrr35DIHe/fTPE/x0VBv3+9Ow9q4y/hcN35Hid8e3
+ZItTSLJQxhDTTcLCnlPRrzv+0MNkv5VIo16FKffDGUxUCXpCgby58GPrCpA8nfol
+uO6AUMG5wo0o66QbiLUvDDAEjJeoqZonfFp5A0n87IE5YRxSm5ea8FTbLwIDAQAB
+AoGBALyImbKeifi+zjzeKCwv5lPUIWSZOFF0xKbPGF/0mBxms1NEndmKMBi8gPPn
+F5ngXpLnYdluaE1qBVMpaD94ixSyDPpma813+TpeuTiyBsTDEWuBmRFkqNLP/G4d
+r6t5QI70416sfeMoDHwLygrFAGhQ+Kd1E7PtuSP+zcEWhK2BAkEA+FPGot/RW5Nv
+geG7v5FlU2Qu/uJHbR4f7yVbHopYh94ulJM3EyLvqbzNguS9RztcdQxt18IBoRLu
+Q1a5bdhrIQJBAOE7DnRG/n5AQpmAMObQaMp9sXafVly3KltLiEkJEImGdgg2H43y
+tf+1mfBoFpGF7tI574bprFT+p/IpG4D+TE8CQFWhVeK+OUxRx+bKt1o0wfMCne4I
+i0bGV464m/YpEKQxanCTXy97IZevYlKbm+VfQ9+c3JfE75jilUSlOCX3teECQQDb
+l1CIXY9SWCSWtDz5TMheZB3ZoY/55TsOt52wV34gF1CMwPgS1UhMfyoPEeyvBP3L
+SWEXEExMsdvcZefC5CxRAkEArkFcrJ8KTJii0neLhFi1UkuKdoGxeVx9TGikV/fr
+wXVLTrG/SyVKjWH+qMyN4B1i23MQsdBtnL6e1+q4tXcwTQ==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQDbXqarYPOF9g0HF4yuUngTdSGM00og0Q2K4jSV/9IxKedi6azO
+Xqbd96A485ayJAa2yMYGV7rw8GkIesG/h8sGK3r8gSY2gUYEm5kfHw42Ba998lf7
+Jh2lo1uvcB1vVSvW3zvdS1EeF6aJlF4WnAj92VwerXnxW0LCN1lz2eW1ZQIDAQAB
+AoGAfGJmzrXiXwrsyCCqPA222BGKPHdxiLoAm8c3WfX8ELRZ5tPoj/tLUoCd8Kzt
+vYR/6hRddCs6bHNkmtJAGYG9s20fU7o6TrFJd/l4qjYVNl9cxKaWoMXN3xmANrFD
+3ZiXOotSQrNCqJdllg6AvezCNRL1yDGppWXAL7TM2OGxTAECQQDwYJPFSid+CMR3
+fQTvQBsmdsrUSHaDIENMYHAfq2BqWYIkNRL2PHmhfiQ5yepi1MzQ2clq+2Gbvl8K
+zmMkiEcFAkEA6aCMYZkXCM33+lRnBd447qGpj0uYgH+VGmq9WPhugfag/UtdVfsL
+H3pBnMcfLctot4dFgFGKaAOpMDRVVZBC4QJABQwCDkJgUeUdOuUFFYDjEQutdoeO
+9XHX9+KOeBvBCnqWoOv8We8rHpjnac8zfJ+7LSdlczmT8xEsLa3npvy1gQJAXaBR
+oetQJ98jOdcJUni0KC3xXdPV0elPP773Eui8oKjN67SAOyzYUE0WblX+UMPru2Ei
+oUIMTZLqAr92U0v1AQJAchSMGsAOQ113Ck4O5AWOkegz9EZFkCs9g1kmNxBmLVtv
+11Jw1oMbJG+03OnXyf55zRroTCXqqt8GZUSQrVOg9A==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDGPcflD8dZKKq2/F7QDZVt34yCQm3vqa1RrHPB4QqhjoBurAo1
+VWE9RDJG2fcDSzGw4qKz+JFL41wdXOBIUVGaBkEa4kxFXMAqhkREzgECVuabS41e
+Saf5QBsAk5HWLiSfHwRZ62hR/nS6ErC4fXvClf+mp/3eiqFp+4CFpaZDTwIDAQAB
+AoGBAIJPyj7AiIILQWzXqFuLElcPRAW8NRf9qXiuq8kebSaVzcbyQCOe5DSpx4Lb
+dIwtuZRU5i73jkscQUjr7GKdUc2NHvCDQzjnk7S5uu8NFiHXqVXDJxHwAZI0svzD
+vFilu2E3r9Wj7dZa7l4uSEXLyagdwo0bD2xcrdwnyu5qLTuBAkEA7CUIGOEAK7ly
+Xweti+/fnni6cznMmWi1DDeM39GtbxHI3oPa2d7Ddkn5ZWRtFbIepLWi5+k6Xzpz
+fkCaA3js9wJBANbo4y/L/QKNhASI70DlKwFiJr+4RmQ1739l2BDHW+8crw+sM3VZ
+exVtHHKw6U6wqLMvzaojVZwnEJo05uWQ/mkCQGU7jtgThN45ttUUVoq5/3RRLyT8
+b0CIyax+F+9PVPlbd3AkuGpT/Bk2pyqXPchiPo6/qyGeMz7lsOM70IqSiYsCQGUU
+6u6rSpityT98zNPANmcTLFiWqv0tZTWNyH+z1Sj1W93KR/XVHZBpXq0PSt1JOD/3
+pwt0TSsCMMvnQAcQGKkCQCXU5eHdRmhCp9Eei5+fI+XUhBLkqzyrqlK1NVijgXTE
+kSXhaQWG9iLDDNgSkO6ofCPOTwcfIteXnc1OjGB/0Jk=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC6BTD2ZW/G5FQAcRyFbF5aQmffZuKjab6F2YTAixu9TfLv3wHT
+ZTP5ZpoIeeEhbormPNyW8kPpMmidBgbX/PvS2lgWgRnM10Mg9IXBA5s0wGx6oRld
+T0GM+3R9TIbIb/nyyNQ4zMBEC8CwDUgrLMafkiEtgN1Lvdrifa31XaelfwIDAQAB
+AoGAV3w1iMwwA5RCxWptBXrv7PcqLvEOSdhjmEOyoXNK+n78cD+rdiY0iWjtrGrV
+rIl2nc2l2P/bXIMunBrHgTEjpTtQQIr1n8xqCJeyLXaVaCi2rjLYSdvxC+lABoMc
+/+pODEWl1VJdEckXg9w8Jr7VY0toc3zeKbsZJuGr2O559xECQQDiYqx/fFhMb6tN
++/LkhLCCgeHbURSW7UABiOocNE2crznHfZcWSD04GLH/UgwhP3RJ6CHcOtmXSD11
+ZQkNugZ9AkEA0lq+2QxhcFDAeJWfeFFZLw8I67xRY6tlZIiOQyWnRFVh6eHPvduU
+BfYxBU6FA9G0MAWgGxgZqtOLxqnQIuuQqwJBALlnSJCsHICVH/2hLv66MPjhOEDu
+uWcV7MqU/+6TY1DELRTVJWzJQuHzT6uj3W1JU4rHwxtjUxrTvgmr8ms8g90CQCGE
+2kJlyaUHCRRt6yJV/BsWjzpZILL8HcT+SYUDm/q0jEyjceHz+ktU5ozM7T8ljEvW
+qaOHnJdu7Cf06TiXRs8CQGMP4OjEfVMq+JxG5puFaa8e1fbSjiTP4EsUgRcE1Bzj
+UqT7VwOrJZXFTYK7Z9ZyG7z03WpVeucertzdRNNby9A=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCvZuDBLvl17QsnszrJHZ85IfkU7hyk7sPwJKbHQ935A9BEAeUZ
+6XsmZTw9PZq5aSoARg7LIJjGnTd+DJCm17BUK0vzPpsZM6E062Ljubv+zMo62fxx
+CmXvMPP0G1Xwi7kS2FAlJaxdY5/RxSHyWgSxKjSgEmAPij6rooflW9ZIvwIDAQAB
+AoGAUnAV3nYHhSdeANC6JmAnv6B6Ax5OlC4sJSf0wt7g6vKh5fTGCsGzwb3+7AGS
+QOZueSZ0OYAejerCdBnPurrRAlZLifGptbvinAu9lRDpmaF2HUmQa4Dc0c+Y1Roa
+pzWnPzMWlBrhmWqmK/DwZNJ+Vusufv3yO8epjsOGCgUVUiECQQDnRPDf0KyJlzC5
+Xc9Dc3/pdn0D6La3IChyLiPo10rg5dBN/mTCnlPxnvauiTQkyPS7j+2n2oUKwcEE
+jVuwKf/ZAkEAwiiNEsejDkTLHIwDVkNa14+Glh3s0Ct5ajFv1HslQesKElMnjKVy
+ab7YAQBij9Ty24p3K6mdGWY5Nwe02JNGVwJBAK++OfU61AJyu/oBCaHOQWOeQP4Z
+d8/NRi8OVQd5o1MoEJVUPimOu2efTwHvDYruktt9UjH94p/8ALt+2DAUmnECQQCw
+EyhEdKlJYle0DsFj9Hcob2+FKaQ98H8OL8ETt43FJsqebay7HrsQbNLkrZ20hFCt
+ifeisBHZG9wdLK7zjTPHAkEAnGsXnM+YYDlm4OwChrpq0qcuud5uOgx4RuCniEol
+mij1xTDGrJGLEBkFhZ+KwOLoaM8m7javKXQejqTeE6E8Fg==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDOEiDRFGABR6pMZhtMT4cv7K/8EUG92Zh6uOHdWdDAnkDSt4vH
+imXqDQw28eZFYdxvCCdi0HgbJnHU/guf6oYbQ8cI1sXrWxHJi4OOpwUNXGzOq3Dg
+fQXqBjn5jJRWVjdisxh3veFbU6EHTcfMxkwu76qDGbWs43IrDXJ6CsqBbwIDAQAB
+AoGAWzE2iI/ltGtMd6av6eM/xfuOHZRdbXB/w79RZK08biEaOqWzG8ipNRw1DZOa
+/ZVDAXewRlBO9mTa9xC9gDU+xsKywipWyRPnv5Yy7qfT+NP/JZCvwlL7qhqtHXzt
+KPpJ5GRxcJ+o05CartwA7fCXdv9T/qF02O2nZxCIYOpFRwECQQDqMoXwT37xvE5/
+/efvGAlBQGCj02YdjBxWRwx5iq1HeU5H4tqTKrfUWyI1m3cZFXUzjz0iH/SoK2jL
+7IwMwl9BAkEA4UFIcDVADwJMuLPqKuIDB49rXY+BO9mno9hfgcZ4Y/fWZcF+lJtR
+Mw8H+PsCkObu603wxiQGWIsyZPorDTZkrwJAU7S7Kqk/NieX5ydZPpvYsvnPkL5+
+QRFTD4NVchue020IDamHdhJOohfwojhu2QhSW5tWvlutlm3thvWFGQpgAQJBAIHz
+uMfLYM6H5B025qSgyWCmNCnA7azKr/VNkiP7jV8XD2CbFdzEEj9jr5TLszpHkJS9
+3WdiRyrz+znYPdgchk8CQQCzC1Z/NbGXu7H/OjsMD6SNgpZDmqctdXjn6jKjZr7c
+vtyoo2WkJtkREWzWPd+pEDxJCsAuxMCtVifJYLkMCa+w
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDVwhjz/Ao8Tvcrxv0f1xO7NXRuyl2rCWch0O2n6Jl+eVK4Mj0r
+Xxt4DqortucD7PV+tFQ7h9kCHsfmBM8nezbmL46OlPdbxm5RLN4X2gRF6jHQlcRQ
+PBaOIcfwDrWGyFhIpg1NoqaMgXpniUNWHMrjaYoIBVe3bQPCBK97Ye6EJwIDAQAB
+AoGAb2ARplalcqTmTm4BB20F/94rS2qvgWWF0e3NVlZwW6CVRBoRGx8T7eseKWbE
+WZxGkX0eAmKW5G7rUuMgmH6vrC2NjFBNvfMLPK3kVxhQVx3Rwu9nN2/u2olzBcMt
+epGj0Yyu7kRHol/ld1+DmoBUOYb6BlOpDyGWdFFa4eW1IhECQQD8s/SXIMXIHBF8
+tUd7rPXm6e96php4M2jaY1ezB5MO7laNivcCioIHihWgEY+BrzuH8moeJbLL1TtJ
+KhzysxmPAkEA2IwQYLVOCfKegG7yzgkbrrzwdWNi0i6P2LAl96kFWzf6DcUTuHun
+GYGMv1yCMj/jzZ+k0VTMWETgJKRzFZUv6QJBAKlxYQgVCYlsiK0+QHhFOX1kTxfG
+WOlQT3ZgNmXtJkZUueSe0ZH6ncXAaU+zdq5WeWxmt5EPZhwXFnGws0hpnzECQQCL
+QIbHqc+lVf/XV4GMPQ8wLw/ybRb/UjHuhlfkCy0Gm9iRQkqMN/gcztJTvIl9BtjX
+QfIbKwy9No1tAtN+7ZEBAkEA8T3mn9G2pTg/49iBP0TW1fJBsdacWj8ZK1D3egto
+JR7qKqVyQTifeJpeATTX/vvuTu0ikbshLotT/UBGy8dBtw==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDk4MTchgCUabHViHLIwlLAVmIO9oCi745o+drZhQFZBF73/CMW
+3P8tUgqMgZb6JB1LiWAsJRrrTqYhxR9bh9ZljNfholVnfgF8KITXI1b0+OGcpB90
+/mvAFMz9BXu69rDj9X5GznA5XJNDAfitOKYMcWCeCw2/QmzTniFMVe10cwIDAQAB
+AoGALlxlI/I0zds2/XTdI1NRZcpZpIRD/D0gEJ2DugnaAwkCn6LADNKJEcoLfviE
+93g3QuS5yVdew4kz16VRO74hLCCjm7M++isvLhljozWAotBVfllQ8g9HcCuG551y
+y2vTDbrKUfeNUELBd2DKjYMN4K3gJRzPcjh6eQvZ238fl8ECQQD6cRMUPzdKLwQp
+dlTQ5dBeLJ14cn9zoFkBkgoF1JGXtDxhs+5elZQPS+skPoDy+ergjOMN8ixSaQ6T
+FJ/X73STAkEA6fUtQ2x/Q+YJcoRr5EEKqtyEPIZEeACAzRdxps1PAI++vafjk3x2
+5v/pTcpAEMSRzjZtlQTqC+fkx2vMANDMoQJAMPx7IeO3meAWbVHDB1Vca39Ike27
+dk9v+XmqUjeg/s53XRkH0CJr4o4UAXPkXyJ5SdDk/K5Y8wmvmx9WoLMq1wJBAMKy
+SX/Bq8tKhXQqpUrnocP9DYL8zb/70zRaHTeNxgAWn8pfDDFxs9WbBIG7HUOXAivU
++a64zzknOymGGNhY6uECQE+NCMEicPRY8yNuNX2Ygr0Uxwbb0we55N8GA24Prkrl
+crhKfL6y0MdsHAgnIRaGV2+mpehS9TbVlx31AdFrugE=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDhyDJCX6hTsyKjWJp8Hv4zEmRcPkUYWyOseUNF12RvfOSjlVz5
+4cSxY0OcfhCBqn/etbeFprVgOSUiSGTFVBpusSKQ84wXhcK+HIGqpnsUtHoTspRy
+Qu93zDCkyFyAskcu99tT6q5jWhkgMCvx0KMODUzAyX6btQvbUWrnDnRp7wIDAQAB
+AoGABu56fIcrR8aMHa+urnjVHQRHiH1w6ZqCsdzXL+G496NB8bO4MwO3YirF/Jvy
+LcjqPBAgHj5L+zRF65OFZHl8hjKtKxeRvZcFe2XhUwPCN/HJv6OPUSUSIGMxL+XL
+4G62lt1tFHVZRjy9mLyqOg2SNwun6c3+dOySdvDY6vixxgECQQD32q9mwkHx8NqQ
+2GTGWRNgIDsCR9bnmy1gGKxzKhQLdg0cNwmQrfTCgHXwfeBUr1eSXW6RqTx/WGlA
+LqFdyiTBAkEA6TPOoAW+EaXPxx21MmzbqqgK6GqLh7NHM2Z2rkqR++933jGJqS1F
+nr4jmWLoSQX017IPz/mlDxlL++CvWIXKrwJAHXMbgj80rLWskqdTmgm9dp99w3Cb
+xVs30gI8g1aNmSsGtcKIXWt9+Jpg6RlbzVQkOJznZWFRceQkZV7lB4rcQQJARfTw
+qziNyCWBqy3SSYo2a391pjswGElDtruqJqbgHD++Kb2amlGmbPSFIWJ2ZFGRHZOh
+ArbVOS5RiQHiGCAqqQJBAMIp5kevQOAr/xYC8BLB6SD7XtfLKTJnZSHy7pWy6xeJ
+ffn7QLqwUWMcyrvja+CQgBTKx7u8/MKLSgqohWguWEM=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDNNrJ+X/+2VFhuPKiMLMA1EN/YFIpD6iI8mddzEatkxkmVWdfE
+ZNmjoPloi93iobvhqujqrkZx+Fw1s6wS59dBPUU0P240jkFfvD4QUjMuR4uI1OjM
+XXtmldUNjB+R6YXfoGhAgZeR8IonaQZDe1Lqcn4boiYu8eKSwq8bJ8FskwIDAQAB
+AoGBAKtzAVm4FspcWa1wHFlQoh0zxfCf6IypNoVu+qP2pT2CtMOE1lIM+BBPU1DX
+WkAYZAI8anB3vf9GQrPTMvZwoFMub7ifTsgBe+gJzbWKpfuDYRmi8figArTopirg
+yphtF+wZd5x0Yas0Ak+mxfojUuWF9Scv2p3yiope5KYkC9/xAkEA/KqYc1ucAzsV
+qIfZDWv/971IcJacWFm+l1M/jZB62Cimtkyw4zvPV6O6QOOMqJMyBJPE7AWBEGBS
+G7kO6yqjhwJBAM/r01/KtZErJL/fZn+bXJxxYgIZ0oBqxEigcMLiRSjyDiVwyR4N
+0BeWrI0IoVQpJeWCq0uL/cKmA/oMcDtriZUCQCB4M9svPJ9VqnTb8FK/PEez9Wky
+kajw74M22YXxuTeqEbJ/rIOnHgAfNEI+e8b2E4lvC/Fgy7M1DZgucfJaqmUCQDb7
+4zr6zUclhKNk/aMTP8tzRHrPv1YMZfnay9cNpUJtuIX4LIdRGc2TH/Bv7tHly8rE
+4m2pCKNX6cdPUMK17n0CQBt2Y0RX3Q7OoJqzbi63JtP4eYwdaI28xnncPMhvwWji
+arwmzoNeD7T7tkOEZOC+rlhXZaeZLI6LYUyC5ouEn3M=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDfBy/uVHZJUp8Wego5L0RtF2fKagzXQsJFYPm3ouLqL1MUaQJX
+Bn5Etsdrn0G4HCoXazilicDs4kzAWZdsjRfP5YY9O7FpkID+hHs3TrkdXpj8RjjH
+8SYkfXr8+tdRWdG6XweFnkPf/W5fNcik/iSiXoq7AbVdxcsOQPXpTAsAQwIDAQAB
+AoGBALSKYOaRQN/CHj5XtIbuGHonBEH670IiLJl1EzDwjrf8b0iKaPaBrx14yJ36
+YXzkb75dcZGvnZkk5/SdkdKxtJ93Y83Gan34fWXWZFurdBs6B26v4wVAaRYofR53
+/75CnfCDelDH5HgtHj8tw/F4zBIxC3r7CsFn04lKQM+mEd1hAkEA+rYoUSTA9RPB
+1Ki1gRiwph3Zan5Tsgt2qngWU0Ek/wsqKkwSeRgHZ5AkpsunKal7bGKMHA3yPo02
+E2EDEHLmTQJBAOO7ifiUoN88roep9pl0diYfLclTUakPViDlzIO7gulvNR0mq43D
+BH1JAUVMU19A8VbilKnUS2q6bqpqaCih6M8CQHUFnV/ypdY++JRIgx/U5G9FM3xP
+psVOMH91OgZ2O8yH65B+nYjEPICMeW8ZU9dQcnmurfNSVyX3R6xX9dQxrWkCQHLC
+1TqBm7gjmkgfbHfUap23ZJlp9WLeqaaWZ0OTQNtmATwZeqZLun1wRsWnOvRrg7Mn
+J4eVxhOYs6AJU0f2n50CQHfQU3xMJiTFfLvO8FV4fD39w141xYooC2glDWPFns+b
+v3Wkd9M6Nuv+gOB9vdG9I5+X9XSkKonkmcwU9Odjv8k=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDTOaekGWEoNU/wm/C4jVXp2k01nj1swDCxi8BQpAhq1uP68/HL
+nxQutsvSFz29izGOyJUT8PwDQjACmGzuKunBKp954Ak1p269cGKuCVNUqWI2I7cV
+mAHGxVJHoYzB3nxNhjjQEiRXdpm6HyNiIKV5EqKakLiqUJZZFu0pdJ1nUwIDAQAB
+AoGASSfMwe7wUWa1exXnN2Pr/4RV/V4C1Cl0M+m8/7DwIWCvsPjQI7/C07MHwInA
+HmeZEGS0DSYHgnFoA14bTBmcv2Jh+XJRsjN8Qari8gsfoC3+gTT1CuvrVxP55xM7
+w5c/hUKBIbhyAMHfcS/lqV+o+1ahxSMtbHWkKZYL/i3h/oECQQD/lt6wu0Ne2jwy
+iHchL6l+Sz5bMpW9Qx23WpwiGPOlh3YzwDZHZRNmkJbXI3sIXvC8mjSOhyxI33iB
+NlpoZEIhAkEA05CJc53tiIBqg4YzlxKw5u/oeR0qvGFJFP6D8UnRTSet0R/hnlAX
+VVns28irMOGZ3gRLskRxv0EMRoViO+Ji8wJBAJO3qYrxH/XRIZt/HYLznf0dFbP1
+n29cO+99keFvFFol2V39iCFpPHY5uMQsgG4NGQuYACoj26deaLIdLNFKqKECQD4A
+4ze+NipGMHFBeIczFCNqdkBgmvDAtlFv0i16C9xH37olVNM3986s3yz+n6VgyN53
+ddPWGVwK7VURrFuOmp8CQEEDc0bBtkJgXfObV2PYGJRVuGGP6S1RqL+7VNfmu5/+
+ZJAdwJZOdl3PDL8b9XNSgayuBCK6Wwt3GGzdtvqz76s=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCjhFcier8v7KbTxvLhFJKOnbFa8m+Zn1MI0fnvANqnLcNkbzHf
+TEkgBoiS18b/DJlJ0MVXu+qHTQasaDVqPiNs3S9OfPyc5tAdZeSHeX7ZwB7Ne/WB
+v3mK2G6UIvF5ptxS6u3m94YxXbc5/M1z7Q0f8sp5uiUe9LlsvCgIqUaqHQIDAQAB
+AoGAbD/eV2sfSqDGSIj6nVs7MsLeeLDqhK7fD4XCiiDsn6RCKCkcwREFj/gDTgMf
+MBWtHRriqhQzTOMHOfe69NyyIf7eXihRjkX7Ist+gi1wiKqdr0ECECC3sGdWR/pu
+wLBDtC2ynqiezbxog+/3C3YWs0+DTsnn87aOeKbIIfoMSFkCQQDNBAqw/BKw4dDd
+msMGJqbI3UIobZVOEXLwTi3ZWwDMIM+HMJPyT62U67cCg35M4L/EMxYBYMhqdS3f
+tixN9+bLAkEAzC5ZxDEG4S3j44m1Ff58qBStbV4SBlM18jZgjEVqeYlqStWq8U7J
+lJLpa3F8C26bUNWXTwl7i5BIykpGjZ0ttwJAAdIVXjj+2X9H4Y/sR3O0a3g7jCxc
+9RKGmMe49IMwYJ+x+BtgVPiMLBRjzavpRTmBunZRrbV0Ui20OJZfklmvPQJBAIiX
+EVIgAhwtmOAkxVGbV0UR4Brj7Wbxz4rjOZ9c6Ke5d7PsUFjxfgS4axKHbpYvPhPL
+b1deXpm0wh0hpyUhWu0CQQCX+HNWjZ/3oGTxWHVWhj7Q1J18CyxDj7SISA87mv84
+QZuso4AGYpbuZUdWr2cJcBvbP+ZX7DCjsr+5Ns/3Foqq
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDLjdBvdPcqlkda+ePVcjqBlMcP4qKbEU6SFWHcP7j9n7iuGFQl
+yuAaj0n34YFkdkdatLydEQltx3EDzTirhV9pWu1rqjKnhbR1mqrc7O6dTgNR446m
+iYLjJhNCmYcEX1lYQ4ky7do06bLKM68p6yAL50oQDD8AlHU2xfhNS6SIlQIDAQAB
+AoGBAJMGntwypujq3SV4Q7mDpYC9Xr85muvYp2Da8vFsUYlYGcQeLIGTtSVaBDp4
+dsaCrG13CJmGmcHigd4WGG3DizK7HnlOU6GuKdJfISJAT0Di/oSnH1gpIxGzxsA0
+IAjrncQT0yPcXtS/YXv4VMhOHdWTmaZvsuP0aJjd04hg/yyhAkEA623ruT6oKxk6
+5QeO8OFhUxi9ahgzQYHfHU9bXshRoCVA9OE9EzxyYvQRJa4s2WcJoRmFpwTPQoUW
+iZnhKBBr2QJBAN1W56AFsqtNY33joZA1GIjZEhgbeZF1w+VUUcYWQ8wvOFYYq71S
+lmw2QpZdAhgFtQ5Sy31xVbbp7USrAoXNOR0CQCyyD6B5jr+v6Ih2qOJ+R1XZSoyL
+z59OIqeT20rhSO3YZL6YzFmMjkLPBzpaGNWlRCS7ja4psZd1YNP6zM4oX/ECQB0u
+F9tA5Q0wZq1yFRqt5U4lT/1doelLXUgelalHxihlEUhIeFu9R5d8j8rC+EOyfOwm
+fi1Lg8FZla433V1GcQECQQCDC1toUTOs6zQMR8Qjbg806oEeNCrXCuRSvER9F216
+W/gfkyu3O7ZMyTLDzssExEBemXqIwP7cPvi4AudCR+rF
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDbDHCjS40S+kdfXzpBkRh6m+OvmVZwlnF90Hzu2dI6kMtCyOsG
+pYEko9Ce0DMEiFCk4jI3GrikP3dWtD+pzCd+ycmJHspktk7m/PoXzjuUf7IUb0Ct
+eHXzCb5iDb6vQGHcFkuUTIsWznlfl1lWGYoj6iF8PQJTCTIXtifubjEeTQIDAQAB
+AoGBANOC9ZiYMUar6RMMbsI1CsAJmxdKJw9cFYZ5NMmmBruKaNq6C0dFtKfejmlr
+fHfZ8JTl3bsb0EK5DdDpB7g7a73WT1338htfrH+3e0LRsj0hU7SidXOgb0Cw922d
+nRW53198ARkPc3b20uuFI71+4x8Vs5KDHiYNs644IpKD+2o5AkEA8WdqEkLaY3Wm
+muV5l9SZ5bKFDv+lWV7AQTjUGslJOxlq3AwB4hBK5CJiiybYyTcV3e4jWJZfnN/t
+J5NSeXVY9wJBAOhK/yp/UqblY96LgrlrfX7qQ+u6/drPHwp6JvlAGFyPzjN5WAO5
+i/9FZdKmjIvQOBu1OjvKjS5B/CpM4cTcVdsCQQDvEZJLaWesDgyj49RKV+LdRrFd
+TDHtUtek/+mWaXcbjy1zpHSM88OnMKJU2nDgvKvsMHVSuwEPc/gCNHT+Ege7AkAv
+/B4Nx1NpioVA2YzdhKjd6MKzFWOPKa392hHm9yiRJluwImbeDhwvVUSdaS4rS43r
+m1o2M7dKUPMoQc15fxJ1AkEAq8F4Ij94qy+eGc25H4ZkGOZTdr6iyn9ffncEqf42
+xvLu/L+RSuPu4VozAqzlXUWSi5Msnmxx0GaRtKJXZ/7AuQ==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCWTobpyriDSEdy+q0BqCbAxgkQ7zfgYuZr4ZedFcLliPruUIH/
+6/tIgG/bQbdRWGTrjbcvAxoLNttTHRl8Sfl2DDk280/p9seQXwLd3OdRwkTMn4dM
+E9TlkRxK7TOigHbIVn78yXMreNl+o7IjzWnKoaeM44yXPnGsyARWvZfN0QIDAQAB
+AoGAXqPJPRIAxeDP5CzEnGN1KzJGaRxG0YlUTp836JfYJNDwNvgIMs0yZn9Abwzc
+0WJYAR01N2u7jU4YISgUcPbfFCcoH0f7p5xknHee9CYXt+YkNT52YNdungP60I4m
+1EQID3Xn4/h0+vsb6ZnlUMWUFfxhfBtixvwQZuZrtixbLfECQQDGym+ysZvvxyA5
+SfiH8Ixs93hixX5csyFyDieNFntI/otZt3R+RKSHSODGAXbPgOzIWrfD91/YA6R2
+LotEJFJtAkEAwZAdZ2xvV2uVuOxre5CZtXw1dMLZolC2thAmrqoAdMek1UcSK8wI
+ZdmE9XneAKcQx3esR0AvTIbKx24/6DFqdQJAOiN0fX+CSqMjIn4myKMqfqf1tnVq
+GnRtQK0xFgtQLS381VVZJaCvub0vt9kvxUpAdexKOG79wfB2xfWg12IEFQJBAKnV
+qGcZtqvuwuUJ09kMbEHYJRM48DpCNb6Td01j7piIn7Fe9aumD2xGKio07ryF2ewa
+rfeqcpXj40KPEtXJng0CQEPJULeB6FKRqzGWsyIe4u7ow2MjMIou7m66HyjvjkHP
+6Rg5DA0dSEjwJeMFQ8AklKPtLyuIyrkFunjctYXx0Cg=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC0W/5IECvrWK/GDlcqpVzMV4VE8tnRQ4TTQIv3euDosZ3o9LFF
+xmcUm6Wo4o/LMabbYZANqgqeJtxLCzOifAdyke5q7Hc09H6lDjkTqNWGhhJbpIs4
+kVckjak7+PGmSIkgqVuz/spW8MrR7JmcV2rfjiOhfr5ffM+p2z+43KGaOQIDAQAB
+AoGAKiqfxoVRX1J6tdlAc835ZiTIGZiVaCFa+nDKyG9ICd8Mxhv/HgsGqoDBODzP
+1XekRQIIRcmNdfAr7LePuNs6eh/qm98UulUr6zpEMXu8/DIqI6Lf4F8GMwMaD2lx
+qmnQK+fziDrhrw10Y1ijy/ttEg6wDwCeQJJs/Iz3ncOEIMkCQQDo93B/RhJas6Gd
+bIC5IIe5pwvyOzmkn6dOWCIZDU5WXJ3A2gtNDdhO6MunaFCA2i+R4RSu8dDQjUXC
+dtthEfVfAkEAxjEGfrEg1NW7ug6CB2yvJiKzoHn6mVWUapKWfbstaodOrU1+WWtU
+CpWn0cm6ytGOeSI1Ylc2vnp667QikWq/ZwJBAKvV97CpKtikLs1DPx9OE06pHHKr
+pLT83hc3gs8ftWyWG/Yn3rYTRD3QEIeGtfqU9QmREASKcQ+jZJUvvlk3OdkCQArY
+9hULFtPvWtYFI0LKxQ9eSNyYsImh8Hygx1HcY9D31OuRWUAFqtTlegj2dJ3TOGwS
+3j8irOFiDMZH1riE0jMCQDtk5fJZd61phQ25I4mkBf4+8qCOiiWneuapdJlX1r+C
+5GmsM9fDr/m+pBNAbQP2vR+38wSHEuEt0U9MC7NEAHU=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC8dmzRZbvDmPpNGTSmQ4rBHf8ETPnJv8XZTAiUokxVMQloOjVh
+xi59anqHiLohTF5eKNnT/QG8TuJVqNfVoHLRtftv+Mp69+aJsD7Jg+X9jan8Cv2g
+3aIzF06gDjcisu8n5GfVWICLFqGiVsNzaX3uR9mvTRl+nysIrUtRB0CZ8QIDAQAB
+AoGAeD+3vwQCghMh4f+rMEr4RbA1/zB+UNQkEToKX4wO2Gypa+94ECK7lxpRhBkh
+ag2oSLwYAML2UIiksbNBw/TUTRJUIvVFGNj01ZAY/ToySwZyB+iGVvYLs14CWCh+
+lIG8Yv6jeioXW6lUYuKGX/8MgKxsYqdjTuNDBUTU/wYHZgECQQDezuG53RnhW+cv
+612+metzu3+9tnz1YME9d+xJSHehNG+44ZojxIujYaZpwq4riPfPp61JKJmJ9A1p
+QUDQfLeZAkEA2Im5unIRak409a6uNlZ4ga6ISROewyoGe+pzch7trOGgcmcTy3mA
+ZqmmRcolcpQ8Zvk/8pEbgSWwh1GxOuOMGQJBALwEyOcXdad+7nC5pboaGV7ocrud
+K4XFyEwezv5ocMtQfJb/iht02IFe/hdxeZizVKufS9PYtvh7QnX34sIM/MECQGHy
+Cjy3lAEN1w66MLsLaf7ev26unUWSINS0O/wG2WM1u6mDzoRfNSE646b1xPKK8rdx
+Tuedk19bePn8jbohayECQQDWDO5OcgeD/3Yyy5ybll7UC+8O1RWHx/aYV6xI1Nbm
+G4UsxB6jeEoHUD68YQ/LCaphFsrcYDK9KCaFn9qqcGeJ
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCocGkc8UikcaUr0NjxAB/KKhfQP08fQ6AEUj4oczsgA5ZHmRnc
+lTVBrwNOCAHB1QhlTHWfKXPTq7P1nOfgc6hOvv2GZ/f0IEJ2OYWUkbhsdADIyIvR
+JDiS3XR26Mpp9paqKRsyTtdlTdyHTP9g3ESlBmAqL0jmoJyT6yT/dKXQEwIDAQAB
+AoGBAJigAx7uo1wefgQN4gW+jw+oxJs2QoOZy00fGKOehlyj43BNEloF+ZPi+aOj
+LbRtTIY9mfb2oLWUSCSuYI3JPx9jIsNMeCgn+/Eo96mjOPvifKgz0D4tNPsGTmf5
+PSEDPdN6NdpIuPoCyn8dTEseL99FDe4JNu1Hotm6xzyl0m+BAkEA0s2LJKsQZKFw
+APuwpvLXiLE2n3jxZzxNTJY4X3TGkcDPkkh7LJLo/39KkGZ6jke73IY5UCYXKrSU
+t1UlPMTx2wJBAMyNnx2o4c0P3KRyOICS45q+9CMbASIN7aSxNg3Y/bb9R0sVQbXc
+C8HpfUN2erpMy2oCjcIt/aU47tTCrkJvfCkCQC+KY2L1oVDQh63xFTnRcoJFVQhK
+AkdB9jzbdAMzFsUwMp/O8NhwmVNlpa9DLUiBLQDi1HIa5Qagixl9flRiJhkCQGB6
+n8T+hdoRlDEgCpRiM+YmEMKKFyO3zBG039jyMuDfX4QDd6XOLuF8Pm/WbxZ16C+N
+Gs2uoYcPbl59oHGHYdkCQFYRupnzOGMA6qLlP/moi0j7OzOK0JpMLCvkGg5GcNVl
+MD2Jgl3O/7JVWQQ/21rS6BLbQHr4Uty6T79bHu6ZeYY=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEnzCCAocCAQAwWjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMQswCQYD
+VQQDEwJDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMXhh68aWUeO
+MDqFnGm1yuqgKJ5gL7aLXkLvaoptZnZchTi+LbzDEIhAyHLVZhzW5TTalY9IsvqI
+B+vax6kYSJl1vzIqha7dBsHcftCqJqlDwl35pPOOfDJBcMjd211arVe/7XHIsdTm
+OaGpBVF/7WGMGgla9HIFLnr/EocSdxq/tyU82TPHBpTfjOnkXxuZLkvcTBdm2e3Z
+a6iLoXZBUwqAEbbfTQnsBClcBgUyaVR1bxwLjEbjmg8N9RvpHSNDhVBQkjRg80zn
+ryxojICHB3JplfNBFGJ+PtymRXQEouvzZRiy0tLRHydvULO1hsVO/mGtaKyhFILU
+kn240w1u8aiyM/7a1VEy+hYS4lLOiQnbCsZI6gWdzmroa1tBOOV3mjTb0tjnxIGb
+Gu2fnEQMrKhRBN1l04hELBlTUqGgvXqWBgYB03uaHt61Ul4HjAPqLWkmWu/CZlEO
+6ewoCoJHCPR0Z89gGdrcMzJBaF2dsceurIcYL+rSlALTkpo3SiQiRlqcNSQQUUhF
+cE+fsQq050gXxk6AMjZi3EZC/Lj2Z/oYcf5hiwt7gnzMux5A0Mxob8g4gRGIhOOx
+DxZg53X9frdTW6xnMTGHq2mqmVtQnquvz6MNcDw7cnJBUQkUWHkq4wvL3y6zbhBF
+UXsX7gBKox0JMY3PHeH+untLNoWdi9F9AgMBAAGgADANBgkqhkiG9w0BAQUFAAOC
+AgEARyunUCI3xAmw7kJY0NbLJA/+SvULDT+x0DMsHp/GHB25GFqPh8LXd7+nYCxR
+b4XKMUPwVhOuZgLIgv2yGcSvztXtm9OVtonVmrWfHCDPPrKVABrYOZ6odhKiIi6s
+hzW0MKEwcl774cqO8YYZwrJF4tHCc0sDKK3iCcw0JvRN/x64XlmeidiHyhgrJwPd
+REzMZaBTGiL69EKLs6JwUndI2cY8vOOmISSW098RRy0kJSLZXKvgx/vLlfCMEDdn
+vZm/5bCuOIiCMcu2JFGG4DsVV32kfUSDgkmUbVK9Cb2c/irldxh277Dt2vBzpG3T
+j8R7TOJcUfjjt61LCO1KVZMx/STGUqbyNJq1Zk8hWbK+x4ed+Abo4CHZS5kN7DWo
+IieX5xESyFqoHMyyoZVQ1n0DGk7SbQDTOrN4Iq1okMscRdZuZVwv34yadmZbQRWB
+V+HvEqOSYFOqeZLi7kEGiuPwEtQD189VbXLNpD4blWMcV7Uji9LeRJ00enFPcEHR
+MOZ7axCJKpEHyoRcJwYEceUhx8j8WOuVnptySbR+o20NNMcdCZ3Iaht5SfFaB/HO
+GOdL0kne1nrWcyPUWPQZmCYVrNvAraeJ657T9dnsIf6UWUk1Q7fbyXl7vAvtY3mt
+5V52iP/BiImA+Xy+7XwY/ByrPJrqdWpQxueI+GcO7v77i6k=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFMDCCAxgCCQDyW0BbwrfQZDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJL
+UjETMBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNV
+BAoTDVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwNjA3MjIxNFoX
+DTE5MDMwNDA3MjIxNFowWjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2kt
+RG8xETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMQsw
+CQYDVQQDEwJDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMXhh68a
+WUeOMDqFnGm1yuqgKJ5gL7aLXkLvaoptZnZchTi+LbzDEIhAyHLVZhzW5TTalY9I
+svqIB+vax6kYSJl1vzIqha7dBsHcftCqJqlDwl35pPOOfDJBcMjd211arVe/7XHI
+sdTmOaGpBVF/7WGMGgla9HIFLnr/EocSdxq/tyU82TPHBpTfjOnkXxuZLkvcTBdm
+2e3Za6iLoXZBUwqAEbbfTQnsBClcBgUyaVR1bxwLjEbjmg8N9RvpHSNDhVBQkjRg
+80znryxojICHB3JplfNBFGJ+PtymRXQEouvzZRiy0tLRHydvULO1hsVO/mGtaKyh
+FILUkn240w1u8aiyM/7a1VEy+hYS4lLOiQnbCsZI6gWdzmroa1tBOOV3mjTb0tjn
+xIGbGu2fnEQMrKhRBN1l04hELBlTUqGgvXqWBgYB03uaHt61Ul4HjAPqLWkmWu/C
+ZlEO6ewoCoJHCPR0Z89gGdrcMzJBaF2dsceurIcYL+rSlALTkpo3SiQiRlqcNSQQ
+UUhFcE+fsQq050gXxk6AMjZi3EZC/Lj2Z/oYcf5hiwt7gnzMux5A0Mxob8g4gRGI
+hOOxDxZg53X9frdTW6xnMTGHq2mqmVtQnquvz6MNcDw7cnJBUQkUWHkq4wvL3y6z
+bhBFUXsX7gBKox0JMY3PHeH+untLNoWdi9F9AgMBAAEwDQYJKoZIhvcNAQEFBQAD
+ggIBAHVU/HAqDC+bX8J0Nt7y0jO1ioUun6qPzjcQ9QRYjZ71JrsRbTgNmYkKtBi1
+8TZ/Dyq27OO612N4qrGe8dZwTK7z8bhVv4+mjgpP/uyO1woLDpYof26z09cfYd3z
+J0OE7Ta0/OlMYCDWl6ORPCNkfv7Bj0cS/XsJczfJAaPdyUozTR6Jl4qARHgS07H4
+ITZGnzPSk34AhJdZFVcnepCSjb4eXTJw1xjAd/OIaD8qtAnrrx/RnWAiii7BIUN/
+O6oOBSumPIrzBbgOJ96KyE5DDaoaECBWEFeyLsXk9PW3PC4CcPrTW1qjkr2cFrPm
+oYhIb2NkYQzpx36wLqG9tiGGiO8BFmyDjffAu8rBvMIFDGjy62fA+n/BMyrfxrQ3
+bKPt/GVHEEhhpNVAF+aRdJk7UtirLIrOYnRJDcbi51ZYiLpogmsH0PZ7JcC2ZkCb
+w753asG0K48OcRNw4c2D0tOXWUE+pkTjbE4HUD4xU+of3x3V98xHghd2G8MOMoRL
+M4tcK/zs76pOY6gfNuZe8nN/9RI+gsiiswWLkSBDEJEAEngZchdmd0I+8ed9qKW8
+Sm+85bfdya+Pbl858kubbkVup8wdl6wfILV+1XZOks1enknQYbls6Gx6mF9Llx1h
+mEHwvjERzOA7ykbVsRj/42Rn4g6JNEzJIZCsaSowk1zt0imn
+-----END CERTIFICATE-----
--- /dev/null
+V 100306080002Z 01 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100309031315Z 02 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Certificate for OCSP Client test - IP address as AIA
+V 100309060955Z 03 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100309061108Z 04 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100309061223Z 05 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100310001031Z 06 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100310001451Z 07 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100310080409Z 08 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100311104952Z 09 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100313011918Z 0A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100313022703Z 0B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100313023759Z 0C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100313023935Z 0D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311031642Z 0E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate
+V 190311031818Z 0F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First Test Certificate
+V 190311032356Z 10 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311032410Z 11 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311032420Z 12 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311032430Z 13 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311032440Z 14 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100314113542Z 15 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100314134812Z 16 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100316053643Z 17 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100316053834Z 18 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100316061833Z 19 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate
+V 100316114226Z 1A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316115653Z 1B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316121050Z 1C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316121256Z 1D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316121311Z 1E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316121809Z 1F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316122916Z 20 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316123325Z 21 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316125036Z 22 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316125902Z 23 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316125924Z 24 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316125941Z 25 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316140429Z 26 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field
+V 190314230611Z 27 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field
+V 190314230854Z 28 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder's certificate with delegation
+V 190314233211Z 29 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Seventh OCSP Client certificate
+V 190618082147Z 2A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First Test Certificate
--- /dev/null
+unique_subject = no
--- /dev/null
+unique_subject = no
--- /dev/null
+V 100306080002Z 01 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100309031315Z 02 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Certificate for OCSP Client test - IP address as AIA
+V 100309060955Z 03 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100309061108Z 04 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100309061223Z 05 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100310001031Z 06 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100310001451Z 07 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100310080409Z 08 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100311104952Z 09 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100313011918Z 0A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100313022703Z 0B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100313023759Z 0C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100313023935Z 0D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311031642Z 0E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate
+V 190311031818Z 0F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First Test Certificate
+V 190311032356Z 10 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311032410Z 11 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311032420Z 12 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311032430Z 13 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 190311032440Z 14 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100314113542Z 15 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100314134812Z 16 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100316053643Z 17 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100316053834Z 18 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
+V 100316061833Z 19 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate
+V 100316114226Z 1A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316115653Z 1B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316121050Z 1C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316121256Z 1D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316121311Z 1E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316121809Z 1F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316122916Z 20 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316123325Z 21 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316125036Z 22 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316125902Z 23 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316125924Z 24 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316125941Z 25 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
+V 100316140429Z 26 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field
+V 190314230611Z 27 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field
+V 190314230854Z 28 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder's certificate with delegation
+V 190314233211Z 29 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Seventh OCSP Client certificate
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 6 08:00:02 2009 GMT
+ Not After : Mar 6 08:00:02 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d4:41:90:ba:e8:97:0c:89:05:f0:95:75:44:ff:
+ f3:c9:b1:68:90:0a:83:a2:30:6d:f4:8d:2d:e1:ec:
+ c7:bd:ba:24:39:bf:ae:29:fa:65:2b:c6:98:ee:13:
+ 74:7c:5d:68:36:5b:b4:0c:ae:6b:99:40:b8:39:a2:
+ df:fa:97:e3:62:37:ff:3c:ae:39:6a:1c:77:39:81:
+ 2e:9d:c9:a4:30:e0:4c:e6:18:e9:57:04:a1:09:0b:
+ ab:ac:00:9c:ca:65:96:59:1f:e9:21:86:9b:d8:ef:
+ 86:db:99:70:1c:39:31:9f:48:f9:02:0d:4d:53:aa:
+ ac:ad:f1:58:ca:84:98:44:95
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Extended Key Usage:
+ OCSP Signing
+ Signature Algorithm: sha1WithRSAEncryption
+ 0e:0d:eb:90:52:0b:d8:81:b9:b1:87:da:b4:c2:18:5b:fc:01:
+ bc:de:1b:16:5e:09:e1:a4:76:68:7a:05:e0:77:58:f0:bf:ce:
+ 8e:52:f1:fb:ab:35:9b:1d:e7:40:14:88:b5:36:0a:1d:b6:70:
+ cc:83:bd:2c:2f:7b:9e:fa:33:29:4f:c8:5e:ec:fb:56:90:1b:
+ 7c:9c:c0:e8:0e:bb:92:dc:20:5f:22:10:d6:c3:68:3d:26:6e:
+ f1:3f:df:42:45:f1:82:04:76:ef:3c:a9:d5:be:8e:dd:3b:a8:
+ d4:c3:08:51:f9:2e:60:8e:93:4c:c3:e2:93:ea:ef:6c:d0:47:
+ f1:f3:15:8e:6e:66:0b:22:36:32:8a:f7:7f:c9:41:d8:d1:69:
+ 0d:32:62:ea:3c:fe:72:8a:c8:77:ff:5f:a1:4a:59:1b:5a:12:
+ 7b:a0:52:17:ae:6e:d4:d6:b3:c1:3b:50:26:3e:55:46:37:39:
+ 50:ea:2b:fd:97:15:ca:ca:fc:a3:dd:9b:72:c9:d8:a9:39:aa:
+ e2:77:b1:d1:bd:2c:62:0c:90:72:75:32:e0:18:3d:4b:01:9c:
+ e7:69:77:c8:05:1e:49:44:0f:fa:e2:71:0e:6b:b2:99:f6:a8:
+ ae:fe:4b:02:73:fa:00:7b:f4:2b:50:44:b2:50:12:2a:82:ee:
+ be:da:ff:47:51:b6:95:f7:fb:39:c7:7f:1f:01:b7:5c:19:01:
+ 87:d8:c0:3d:bf:d5:ca:1d:67:6e:1b:6b:e6:98:8a:81:ab:91:
+ 53:ef:03:e0:62:17:c2:5f:f5:ed:4b:24:12:10:64:aa:09:bf:
+ 8b:fa:bb:54:a1:45:6a:7e:0a:f8:85:d2:ae:cc:b5:65:1a:db:
+ 9b:17:1f:e5:64:f3:1b:8a:be:40:10:28:d9:a5:ac:30:ed:7e:
+ fb:40:39:8b:f3:8d:10:1a:db:85:fd:83:a6:89:eb:09:b3:c1:
+ a2:3f:b4:a9:35:62:58:24:6a:37:76:a8:e9:80:12:b9:bc:b0:
+ db:e3:ba:e4:a2:dc:b9:8f:ac:99:6d:95:44:7b:b1:7e:1b:05:
+ c3:79:25:bc:ae:15:4f:7c:f7:b6:70:0d:fb:d7:fc:91:d9:d4:
+ 52:a3:bb:50:83:a2:2e:c9:ec:26:73:e3:a5:e2:b3:24:87:1e:
+ 48:28:f5:7c:49:51:51:c4:1f:8e:06:53:cb:3c:49:8d:b9:ae:
+ ce:51:a9:85:a8:25:57:02:22:70:17:16:78:29:31:c9:ad:63:
+ 3f:39:75:1d:c2:ce:7a:0d:85:96:95:3b:01:02:0a:15:8b:ef:
+ 93:74:65:44:c3:87:19:01:04:0a:87:82:da:66:f6:bd:34:00:
+ ab:09:25:e3:20:4d:87:6e
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAaOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwNjA4MDAwMloXDTEw
+MDMwNjA4MDAwMlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUQZC66JcMiQXwlXVE//PJsWiQ
+CoOiMG30jS3h7Me9uiQ5v64p+mUrxpjuE3R8XWg2W7QMrmuZQLg5ot/6l+NiN/88
+rjlqHHc5gS6dyaQw4EzmGOlXBKEJC6usAJzKZZZZH+khhpvY74bbmXAcOTGfSPkC
+DU1Tqqyt8VjKhJhElQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkq
+hkiG9w0BAQUFAAOCAgEADg3rkFIL2IG5sYfatMIYW/wBvN4bFl4J4aR2aHoF4HdY
+8L/OjlLx+6s1mx3nQBSItTYKHbZwzIO9LC97nvozKU/IXuz7VpAbfJzA6A67ktwg
+XyIQ1sNoPSZu8T/fQkXxggR27zyp1b6O3Tuo1MMIUfkuYI6TTMPik+rvbNBH8fMV
+jm5mCyI2Mor3f8lB2NFpDTJi6jz+corId/9foUpZG1oSe6BSF65u1NazwTtQJj5V
+Rjc5UOor/ZcVysr8o92bcsnYqTmq4nex0b0sYgyQcnUy4Bg9SwGc52l3yAUeSUQP
++uJxDmuymfaorv5LAnP6AHv0K1BEslASKoLuvtr/R1G2lff7Ocd/HwG3XBkBh9jA
+Pb/Vyh1nbhtr5piKgauRU+8D4GIXwl/17UskEhBkqgm/i/q7VKFFan4K+IXSrsy1
+ZRrbmxcf5WTzG4q+QBAo2aWsMO1++0A5i/ONEBrbhf2DponrCbPBoj+0qTViWCRq
+N3ao6YASubyw2+O65KLcuY+smW2VRHuxfhsFw3klvK4VT3z3tnAN+9f8kdnUUqO7
+UIOiLsnsJnPjpeKzJIceSCj1fElRUcQfjgZTyzxJjbmuzlGphaglVwIicBcWeCkx
+ya1jPzl1HcLOeg2FlpU7AQIKFYvvk3RlRMOHGQEECoeC2mb2vTQAqwkl4yBNh24=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 2 (0x2)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 9 03:13:15 2009 GMT
+ Not After : Mar 9 03:13:15 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Certificate for OCSP Client test - IP address as AIA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e1:a1:0b:40:23:f4:c2:29:2a:e6:9a:f8:55:86:
+ 03:94:76:99:15:00:61:d5:97:00:ca:aa:7e:f6:d1:
+ 7b:70:12:40:99:00:01:94:8c:69:7f:c0:fa:d7:72:
+ 7d:fc:61:54:3d:ad:02:53:a3:c4:49:24:8b:42:59:
+ 61:01:b5:4f:52:83:df:09:de:19:5a:a6:ce:78:7b:
+ 1e:fd:03:2a:4e:24:37:89:d8:12:61:c2:f5:49:74:
+ c5:f8:75:7b:02:b2:5a:a8:2d:a3:b3:18:3f:f0:0a:
+ 18:e9:f9:e0:92:fa:37:b8:f2:15:99:23:26:07:a1:
+ cb:2e:e3:c6:1f:d8:88:65:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - IP Address:127.0.0.1
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 3c:50:d3:19:27:36:33:e5:1d:a9:e0:30:c1:bf:8b:90:6c:ef:
+ e6:40:e7:2a:5e:f6:1c:f4:e1:17:f2:2d:50:42:30:e7:68:30:
+ d8:ea:a1:bc:92:77:b8:06:cb:f2:d8:b9:bc:26:c1:ff:6f:8c:
+ cf:3b:22:a1:2f:07:c4:41:a8:91:4c:fd:1b:c8:85:5c:21:cf:
+ 03:1b:1a:15:c4:f4:3e:bc:10:8a:27:82:fa:2c:a9:1b:e9:07:
+ 72:bc:a2:79:91:3d:99:45:8c:cc:08:5d:c9:b9:4f:94:19:d0:
+ 5e:9c:08:7c:8b:6c:11:c5:a7:7e:f3:5c:95:35:23:55:d2:cd:
+ 06:34:98:00:a3:64:54:5e:ad:b4:d1:4d:e0:cd:4d:cf:11:53:
+ d4:12:88:9a:42:12:77:61:73:2d:ae:9a:ba:2a:73:f5:59:96:
+ e5:0b:85:3c:01:3f:16:0e:df:fc:c6:e5:a9:68:21:e9:09:7a:
+ 7e:a9:fb:32:f0:69:d2:6d:30:e2:ed:34:6f:3d:fa:75:86:88:
+ 08:5f:fa:ee:72:b6:51:e3:77:00:cb:25:27:42:cd:86:46:f0:
+ 1a:08:6c:e4:a4:b0:97:2b:69:12:e6:3d:81:9b:d5:aa:31:c2:
+ ac:93:43:04:3a:c1:e9:cf:53:f7:0a:ff:ed:6b:ef:ef:d0:43:
+ 43:54:de:10:de:c7:77:f3:e7:d1:14:66:c2:02:25:e2:5b:c6:
+ c9:09:3c:a5:c0:b5:6e:e9:b0:6c:03:87:3f:b6:9c:3c:f8:9e:
+ 21:7c:dd:2d:99:09:62:ee:7f:44:d6:4c:dc:ff:33:97:77:86:
+ 03:1b:e0:16:c8:c6:83:79:9f:20:a4:a5:e0:f6:0d:d5:d2:c2:
+ ab:80:2b:f0:f4:09:e8:9d:38:9e:d3:2e:5b:3c:72:7b:1f:56:
+ d7:96:d7:e3:49:de:b1:99:e6:1f:44:0c:9a:11:ac:18:8b:64:
+ a5:4f:48:eb:93:b5:73:1e:1e:ee:62:39:f0:65:2f:6f:ff:76:
+ 28:ac:d3:15:6a:39:04:b1:2b:1b:46:07:1a:b3:71:ea:e6:2c:
+ 55:3d:f6:a5:c9:a1:5e:aa:bc:a5:35:61:8f:ec:69:ca:78:76:
+ cd:b5:47:04:66:d3:96:84:62:0f:c0:8e:17:df:24:6c:81:b1:
+ 85:9a:83:94:88:c1:37:e5:fa:bc:6d:f6:b3:b3:93:67:58:20:
+ 63:73:81:9e:51:f9:5d:dd:ba:c9:a9:7c:ee:cd:5f:8b:df:d0:
+ 2e:33:e4:aa:4e:35:17:6b:79:47:17:d0:89:68:53:37:0e:87:
+ b7:9f:56:91:c9:a8:5d:12:5c:95:be:24:ff:8b:79:73:12:2e:
+ 25:66:01:33:ac:08:e4:3a
+-----BEGIN CERTIFICATE-----
+MIID7jCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwOTAzMTMxNVoXDTEw
+MDMwOTAzMTMxNVoweTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xPTA7BgNVBAMTNENlcnRpZmljYXRlIGZv
+ciBPQ1NQIENsaWVudCB0ZXN0IC0gSVAgYWRkcmVzcyBhcyBBSUEwgZ8wDQYJKoZI
+hvcNAQEBBQADgY0AMIGJAoGBAOGhC0Aj9MIpKuaa+FWGA5R2mRUAYdWXAMqqfvbR
+e3ASQJkAAZSMaX/A+tdyffxhVD2tAlOjxEkki0JZYQG1T1KD3wneGVqmznh7Hv0D
+Kk4kN4nYEmHC9Ul0xfh1ewKyWqgto7MYP/AKGOn54JL6N7jyFZkjJgehyy7jxh/Y
+iGXNAgMBAAGjJDAiMCAGCCsGAQUFBwEBBBQwEjAQBggrBgEFBQcwAYcEfwAAATAN
+BgkqhkiG9w0BAQUFAAOCAgEAPFDTGSc2M+UdqeAwwb+LkGzv5kDnKl72HPThF/It
+UEIw52gw2OqhvJJ3uAbL8ti5vCbB/2+MzzsioS8HxEGokUz9G8iFXCHPAxsaFcT0
+PrwQiieC+iypG+kHcryieZE9mUWMzAhdyblPlBnQXpwIfItsEcWnfvNclTUjVdLN
+BjSYAKNkVF6ttNFN4M1NzxFT1BKImkISd2FzLa6auipz9VmW5QuFPAE/Fg7f/Mbl
+qWgh6Ql6fqn7MvBp0m0w4u00bz36dYaICF/67nK2UeN3AMslJ0LNhkbwGghs5KSw
+lytpEuY9gZvVqjHCrJNDBDrB6c9T9wr/7Wvv79BDQ1TeEN7Hd/Pn0RRmwgIl4lvG
+yQk8pcC1bumwbAOHP7acPPieIXzdLZkJYu5/RNZM3P8zl3eGAxvgFsjGg3mfIKSl
+4PYN1dLCq4Ar8PQJ6J04ntMuWzxyex9W15bX40nesZnmH0QMmhGsGItkpU9I65O1
+cx4e7mI58GUvb/92KKzTFWo5BLErG0YHGrNx6uYsVT32pcmhXqq8pTVhj+xpynh2
+zbVHBGbTloRiD8COF98kbIGxhZqDlIjBN+X6vG32s7OTZ1ggY3OBnlH5Xd26yal8
+7s1fi9/QLjPkqk41F2t5RxfQiWhTNw6Ht59WkcmoXRJclb4k/4t5cxIuJWYBM6wI
+5Do=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 3 (0x3)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 9 06:09:55 2009 GMT
+ Not After : Mar 9 06:09:55 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:80
+
+ Signature Algorithm: sha1WithRSAEncryption
+ a2:38:fe:fc:ab:b7:a1:d0:6d:52:b9:bd:7d:ab:24:94:01:bf:
+ 2c:26:a9:6d:90:33:ac:3a:84:f3:35:7d:2e:26:5b:27:30:c7:
+ 98:ba:a2:a8:a8:21:1c:32:a4:e9:3c:0a:91:9e:f9:e7:f1:6a:
+ 9a:c4:58:e6:24:1c:78:8e:2e:94:9c:c1:d8:87:bf:ba:0b:84:
+ b8:96:5f:47:fc:b1:da:5d:d6:ae:a1:d7:37:36:4a:bf:41:5e:
+ cc:6f:ef:4f:2f:a1:a4:25:ba:b9:a3:01:6d:3e:e9:19:e4:a7:
+ 05:51:f9:a4:8b:09:e3:3c:1f:0d:e2:98:9d:5a:66:c2:e2:80:
+ ef:7d:4c:34:00:fe:08:10:4a:8f:6d:3d:46:95:cb:5a:19:95:
+ 65:98:b0:b7:9f:ec:14:65:56:04:c7:a5:e3:95:5e:5a:11:30:
+ 92:4f:40:e2:bc:b9:01:cb:ff:a9:34:b3:c0:7e:ab:3d:8d:f9:
+ 68:aa:46:33:2c:52:fd:ab:5a:b0:32:27:f0:43:8e:79:cd:aa:
+ c9:c8:1b:1e:45:58:8c:36:b3:39:c4:25:a6:9c:81:01:5f:a3:
+ 19:d8:4d:e1:a3:a0:14:92:45:0c:ba:38:57:ce:aa:c6:98:b7:
+ b0:53:74:fb:d6:52:ba:3b:0a:95:29:d6:99:57:d5:4f:19:48:
+ e1:87:ac:ed:14:2c:34:0c:65:e7:d3:df:c0:92:5f:4b:2b:9c:
+ 3c:48:a0:bb:21:af:fe:37:b5:84:36:00:e5:97:00:ef:46:75:
+ 9f:e8:b4:24:91:76:ae:49:ed:a6:63:3d:22:2b:26:39:f6:77:
+ 76:f0:d1:93:bd:68:6e:66:50:50:4f:26:d1:4b:8f:d3:b1:b8:
+ 07:8b:5f:f8:ca:79:b6:40:1d:ab:09:14:e0:96:32:69:4a:bd:
+ 81:c2:5f:1e:5f:d8:84:9c:df:3a:3e:0c:14:10:46:b6:9d:b4:
+ 2d:71:f5:57:37:8e:b4:b5:9b:26:d5:69:89:7c:12:d8:0c:29:
+ 42:96:5b:e8:57:07:da:60:3e:c8:4e:52:83:b1:46:4b:91:ad:
+ 1e:89:97:b0:26:a6:b9:d5:b2:67:9b:e5:8c:02:56:aa:44:78:
+ 7b:15:a7:ad:ed:7b:d4:75:ac:5f:3e:fd:f3:52:89:7d:a5:25:
+ 5f:2d:b2:cb:99:25:8a:64:48:39:23:c0:82:34:4f:06:41:c3:
+ 07:d9:38:cc:99:59:c2:f0:88:65:91:7e:fb:59:3a:02:34:02:
+ 5a:90:4a:78:11:c0:fe:ab:09:04:c9:66:80:1e:fa:24:fc:c8:
+ cd:d8:bf:b4:fe:23:5d:22:0c:92:09:90:2d:76:a6:99:c1:7e:
+ d4:68:b4:36:ae:11:c8:b2
+-----BEGIN CERTIFICATE-----
+MIID5zCCAc+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwOTA2MDk1NVoXDTEw
+MDMwOTA2MDk1NVowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaMzMDEwLwYIKwYBBQUH
+AQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vMTI3LjAuMC4xOjgwMA0GCSqGSIb3
+DQEBBQUAA4ICAQCiOP78q7eh0G1Sub19qySUAb8sJqltkDOsOoTzNX0uJlsnMMeY
+uqKoqCEcMqTpPAqRnvnn8WqaxFjmJBx4ji6UnMHYh7+6C4S4ll9H/LHaXdauodc3
+Nkq/QV7Mb+9PL6GkJbq5owFtPukZ5KcFUfmkiwnjPB8N4pidWmbC4oDvfUw0AP4I
+EEqPbT1GlctaGZVlmLC3n+wUZVYEx6XjlV5aETCST0DivLkBy/+pNLPAfqs9jflo
+qkYzLFL9q1qwMifwQ455zarJyBseRViMNrM5xCWmnIEBX6MZ2E3ho6AUkkUMujhX
+zqrGmLewU3T71lK6OwqVKdaZV9VPGUjhh6ztFCw0DGXn09/Akl9LK5w8SKC7Ia/+
+N7WENgDllwDvRnWf6LQkkXauSe2mYz0iKyY59nd28NGTvWhuZlBQTybRS4/TsbgH
+i1/4ynm2QB2rCRTgljJpSr2Bwl8eX9iEnN86PgwUEEa2nbQtcfVXN460tZsm1WmJ
+fBLYDClCllvoVwfaYD7ITlKDsUZLka0eiZewJqa51bJnm+WMAlaqRHh7Faet7XvU
+daxfPv3zUol9pSVfLbLLmSWKZEg5I8CCNE8GQcMH2TjMmVnC8IhlkX77WToCNAJa
+kEp4EcD+qwkEyWaAHvok/MjN2L+0/iNdIgySCZAtdqaZwX7UaLQ2rhHIsg==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4 (0x4)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 9 06:11:08 2009 GMT
+ Not After : Mar 9 06:11:08 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:80
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 6c:b3:f9:8e:f2:e6:c1:5e:a5:61:96:b3:77:9a:e7:bb:ba:6c:
+ ff:0c:cc:47:b7:4f:f4:98:08:57:0f:40:cb:4a:3b:dc:52:64:
+ 04:33:e3:c3:94:65:1d:a7:2b:d8:59:3b:74:37:cc:0e:06:fa:
+ db:8c:b5:45:08:b1:f6:0b:3f:c8:f6:d6:36:4a:9b:df:41:58:
+ 7c:9d:85:e4:d7:a3:87:64:68:1c:0d:33:bc:f3:b0:c7:01:72:
+ ee:e8:e0:9b:e4:bf:b1:71:ec:eb:ca:6c:c5:4f:b8:66:06:42:
+ fd:24:a4:d3:cb:35:d1:e8:0a:88:dd:ff:4e:43:59:87:96:9a:
+ 13:08:8b:e4:c6:3f:3d:b8:5f:5f:91:a1:2f:39:bf:a7:33:4c:
+ 7d:3d:38:3d:b9:f7:15:f6:eb:f6:c3:5a:ed:1d:54:d2:7b:98:
+ aa:32:06:7e:b1:9c:fe:29:02:be:7e:f2:d6:75:0a:a8:21:e6:
+ 38:6e:8d:29:60:65:64:5c:7a:1d:75:fd:48:ca:25:76:79:95:
+ 19:0b:98:d5:76:14:c0:27:92:aa:f7:c6:1f:bc:82:65:d0:7c:
+ ea:bb:a0:1c:e6:7b:0f:5d:87:8f:31:75:5a:79:49:cd:eb:1d:
+ ee:02:e1:4c:ae:d0:89:78:d1:43:fb:ca:08:11:26:4c:46:43:
+ a4:43:3f:55:a0:5c:d3:48:ee:e7:6c:c0:d1:1e:1c:7d:af:45:
+ 0c:6f:31:33:df:28:dd:94:71:09:e5:1c:12:86:58:2a:78:0c:
+ e3:05:5e:92:ae:fb:0b:2e:16:bb:9a:d0:b9:d8:77:8b:17:fb:
+ fe:9a:0c:99:bb:1e:9a:ac:b4:dc:08:fa:6b:f8:48:fc:71:c7:
+ 06:16:20:5c:38:19:66:f7:4d:86:e8:6e:f9:f9:4c:94:d7:df:
+ 57:d4:2a:08:37:a7:71:17:51:37:3e:b3:8e:0a:5a:4c:1f:6c:
+ 24:5a:df:4b:39:ec:a1:12:8a:c1:95:43:e8:6f:5a:63:b2:20:
+ 1b:b0:c4:67:17:a9:be:c3:1d:04:99:26:37:f9:df:04:3d:e9:
+ 26:54:d2:26:20:30:df:f8:1d:0e:1a:21:12:a5:b4:cf:ae:5f:
+ 4b:87:6d:3c:a3:9f:5f:e9:ad:34:ed:38:59:8c:be:2b:c7:1a:
+ 51:a3:b9:8a:1c:ae:47:b0:93:78:5a:21:fc:c1:91:6d:87:3c:
+ 74:2a:a7:6f:fc:73:fe:6c:c8:17:19:2c:1f:2e:17:b9:62:38:
+ bd:0e:81:fb:6e:39:94:25:55:21:d3:6a:6a:c4:3e:00:61:99:
+ 00:33:d5:6b:36:2e:f6:d4:bf:bc:d0:a5:c6:51:95:aa:d4:67:
+ aa:b7:a2:92:10:7a:96:51
+-----BEGIN CERTIFICATE-----
+MIID5zCCAc+gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwOTA2MTEwOFoXDTEw
+MDMwOTA2MTEwOFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaMzMDEwLwYIKwYBBQUH
+AQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vMTI3LjAuMC4xOjgwMA0GCSqGSIb3
+DQEBBQUAA4ICAQBss/mO8ubBXqVhlrN3mue7umz/DMxHt0/0mAhXD0DLSjvcUmQE
+M+PDlGUdpyvYWTt0N8wOBvrbjLVFCLH2Cz/I9tY2SpvfQVh8nYXk16OHZGgcDTO8
+87DHAXLu6OCb5L+xcezrymzFT7hmBkL9JKTTyzXR6AqI3f9OQ1mHlpoTCIvkxj89
+uF9fkaEvOb+nM0x9PTg9ufcV9uv2w1rtHVTSe5iqMgZ+sZz+KQK+fvLWdQqoIeY4
+bo0pYGVkXHoddf1IyiV2eZUZC5jVdhTAJ5Kq98YfvIJl0Hzqu6Ac5nsPXYePMXVa
+eUnN6x3uAuFMrtCJeNFD+8oIESZMRkOkQz9VoFzTSO7nbMDRHhx9r0UMbzEz3yjd
+lHEJ5RwShlgqeAzjBV6SrvsLLha7mtC52HeLF/v+mgyZux6arLTcCPpr+Ej8cccG
+FiBcOBlm902G6G75+UyU199X1CoIN6dxF1E3PrOOClpMH2wkWt9LOeyhEorBlUPo
+b1pjsiAbsMRnF6m+wx0EmSY3+d8EPekmVNImIDDf+B0OGiESpbTPrl9Lh208o59f
+6a007ThZjL4rxxpRo7mKHK5HsJN4WiH8wZFthzx0Kqdv/HP+bMgXGSwfLhe5Yji9
+DoH7bjmUJVUh02pqxD4AYZkAM9VrNi721L+80KXGUZWq1Geqt6KSEHqWUQ==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 5 (0x5)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 9 06:12:23 2009 GMT
+ Not After : Mar 9 06:12:23 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:80
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 4d:c8:99:4f:87:bc:aa:fa:03:99:57:b0:9b:56:a4:6a:7f:fc:
+ 34:5d:ef:c5:9e:f1:d2:65:95:8c:f0:d6:47:9e:50:3b:1b:1f:
+ 54:a7:75:6c:67:19:11:c4:c0:23:2f:a2:80:2c:08:84:10:63:
+ 17:f5:4f:e7:24:53:cf:f6:52:64:b4:e6:5a:44:73:c9:f2:c0:
+ 91:5f:23:2a:a4:4e:14:57:19:9e:82:82:d5:e1:cd:2e:1a:8d:
+ 6c:45:e9:46:41:ec:25:e1:84:c9:f7:97:61:0c:2d:28:86:03:
+ 1f:bf:8f:61:f2:b4:37:eb:e9:e7:9e:1a:55:1c:95:2d:50:f8:
+ 1e:01:b8:3a:22:cb:18:00:43:ec:6c:6c:51:0c:ee:28:a1:85:
+ 1c:b5:15:69:8b:0d:45:26:d9:48:19:d3:42:6a:e9:29:81:60:
+ db:49:df:f0:1a:4b:82:68:f0:40:af:8b:22:1f:60:08:8a:40:
+ e3:c1:cc:89:8f:28:12:ea:70:eb:a7:98:af:c8:2e:36:0d:5f:
+ b9:eb:79:dc:64:f4:a6:70:91:00:f6:0e:81:bc:f6:35:d2:0a:
+ ed:52:ff:2e:69:68:72:d1:19:32:39:47:80:82:c3:3d:36:98:
+ 2f:9a:fe:6d:dc:7c:45:7a:fe:01:d6:36:de:53:92:4e:2c:0c:
+ b1:a2:39:d1:5f:50:c4:6a:a1:2b:15:17:df:20:8f:dd:79:cf:
+ f1:ce:76:df:fa:b1:f6:6b:67:e7:c7:3a:7d:2e:53:fe:f7:c2:
+ 1f:b7:fa:71:09:b7:9f:83:91:0a:ce:eb:00:55:47:35:0b:ef:
+ fc:ac:b2:03:e0:78:89:2d:56:a8:52:a1:93:6c:44:25:58:bd:
+ 4a:ba:f9:85:23:fc:c0:db:4c:8b:95:54:be:ed:18:90:46:27:
+ f1:3f:37:26:00:08:9f:fc:ce:5b:7e:64:26:46:51:42:c1:de:
+ c4:2f:a8:73:74:0b:e6:48:aa:f3:01:df:63:36:d9:4b:6a:08:
+ 02:ac:51:44:e9:ce:99:02:62:f5:87:d9:b2:a6:0b:77:bf:93:
+ bd:ea:47:4c:6c:83:b5:0f:ca:ba:9b:55:8c:da:4f:87:63:d6:
+ 32:87:b0:8a:74:3e:02:f5:47:96:dd:85:26:2e:43:63:96:45:
+ 48:ca:45:b9:7c:4e:ae:93:69:0c:72:b2:c1:fe:81:ae:ab:be:
+ e9:14:eb:ea:d6:e8:a4:a3:4f:dc:90:d5:10:b7:53:b7:85:81:
+ aa:46:bc:c6:f6:97:1f:a7:55:0b:e2:45:e8:f9:ef:f4:62:88:
+ bd:46:85:39:55:3c:32:92:1c:41:0c:cc:92:3b:17:9a:cc:ef:
+ 2f:3b:c5:e0:39:cc:23:47
+-----BEGIN CERTIFICATE-----
+MIID5zCCAc+gAwIBAgIBBTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwOTA2MTIyM1oXDTEw
+MDMwOTA2MTIyM1owYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaMzMDEwLwYIKwYBBQUH
+AQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vMTI3LjAuMC4xOjgwMA0GCSqGSIb3
+DQEBBQUAA4ICAQBNyJlPh7yq+gOZV7CbVqRqf/w0Xe/FnvHSZZWM8NZHnlA7Gx9U
+p3VsZxkRxMAjL6KALAiEEGMX9U/nJFPP9lJktOZaRHPJ8sCRXyMqpE4UVxmegoLV
+4c0uGo1sRelGQewl4YTJ95dhDC0ohgMfv49h8rQ36+nnnhpVHJUtUPgeAbg6IssY
+AEPsbGxRDO4ooYUctRVpiw1FJtlIGdNCaukpgWDbSd/wGkuCaPBAr4siH2AIikDj
+wcyJjygS6nDrp5ivyC42DV+563ncZPSmcJEA9g6BvPY10grtUv8uaWhy0RkyOUeA
+gsM9Npgvmv5t3HxFev4B1jbeU5JOLAyxojnRX1DEaqErFRffII/dec/xznbf+rH2
+a2fnxzp9LlP+98Ift/pxCbefg5EKzusAVUc1C+/8rLID4HiJLVaoUqGTbEQlWL1K
+uvmFI/zA20yLlVS+7RiQRifxPzcmAAif/M5bfmQmRlFCwd7EL6hzdAvmSKrzAd9j
+NtlLaggCrFFE6c6ZAmL1h9mypgt3v5O96kdMbIO1D8q6m1WM2k+HY9Yyh7CKdD4C
+9UeW3YUmLkNjlkVIykW5fE6uk2kMcrLB/oGuq77pFOvq1uiko0/ckNUQt1O3hYGq
+RrzG9pcfp1UL4kXo+e/0Yoi9RoU5VTwykhxBDMySOxeazO8vO8XgOcwjRw==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 6 (0x6)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 10 00:10:31 2009 GMT
+ Not After : Mar 10 00:10:31 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d4:41:90:ba:e8:97:0c:89:05:f0:95:75:44:ff:
+ f3:c9:b1:68:90:0a:83:a2:30:6d:f4:8d:2d:e1:ec:
+ c7:bd:ba:24:39:bf:ae:29:fa:65:2b:c6:98:ee:13:
+ 74:7c:5d:68:36:5b:b4:0c:ae:6b:99:40:b8:39:a2:
+ df:fa:97:e3:62:37:ff:3c:ae:39:6a:1c:77:39:81:
+ 2e:9d:c9:a4:30:e0:4c:e6:18:e9:57:04:a1:09:0b:
+ ab:ac:00:9c:ca:65:96:59:1f:e9:21:86:9b:d8:ef:
+ 86:db:99:70:1c:39:31:9f:48:f9:02:0d:4d:53:aa:
+ ac:ad:f1:58:ca:84:98:44:95
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Extended Key Usage:
+ OCSP Signing
+ Signature Algorithm: sha1WithRSAEncryption
+ a5:f6:ed:d3:38:76:cd:45:47:1f:0d:cf:67:ee:7d:e7:c5:dc:
+ fe:a6:8d:88:3e:f8:29:dd:54:1c:a4:b7:3b:7b:a3:59:5d:64:
+ 16:a9:2a:66:3b:3e:08:2d:32:88:0e:cd:8c:05:84:39:a0:19:
+ 1f:91:24:ee:e9:a8:a7:b6:21:40:ca:12:d7:e5:98:4a:0f:d7:
+ 31:e4:86:b0:1b:56:c1:38:d7:26:c2:fb:3d:2b:71:68:4c:a4:
+ 80:16:2e:13:1a:d6:5e:92:b9:cf:ff:19:ea:65:49:b1:db:17:
+ b8:d3:46:99:2c:12:20:51:6c:7d:a3:41:b3:88:f6:88:e2:07:
+ 6e:49:6f:32:8d:dc:a0:e3:01:e6:5e:15:07:06:55:48:ae:f5:
+ 77:8c:92:92:31:fa:06:29:5e:fc:16:1c:69:25:62:7e:6c:e4:
+ 9b:60:c1:c9:28:6b:62:d3:72:bb:e6:a1:41:89:5d:56:5b:3f:
+ 38:98:c0:c0:08:41:84:01:c1:cf:23:44:92:98:f7:47:40:a0:
+ 8c:a7:29:a3:2d:15:f8:cd:7b:40:dc:84:8f:46:0f:d4:fe:78:
+ 96:3a:53:01:31:64:47:3b:d8:50:92:7f:87:6c:94:ce:9e:07:
+ 96:53:0a:c5:a8:2b:07:b4:8c:55:0d:e3:96:1b:fd:62:e8:19:
+ c7:bc:ab:79:65:aa:83:5d:a3:94:db:84:23:e2:4c:ef:74:8f:
+ 36:15:71:fd:a1:78:f0:c4:23:2e:ec:8b:de:df:23:58:6e:f6:
+ c0:4a:ff:d0:b4:1b:f5:dd:e4:ab:bf:65:13:ee:ac:e4:86:31:
+ 35:60:8d:04:bd:a3:90:35:11:b6:55:86:65:22:ec:ae:ef:65:
+ 06:27:91:b7:a3:a0:84:83:c3:ae:fb:39:0b:74:c2:aa:da:2e:
+ 52:27:5a:07:10:ba:10:a8:2c:54:c1:87:4d:cb:d5:fa:6f:6a:
+ fe:1b:61:74:79:96:c4:b1:26:61:2d:26:6a:59:07:cd:20:11:
+ 15:13:78:9b:77:5b:65:43:17:e0:0a:6e:6e:e5:72:37:58:3a:
+ 96:e4:28:08:56:c5:78:2a:e8:ac:cb:44:66:25:a4:19:8a:bb:
+ c8:10:8f:25:0d:93:a2:e8:d0:58:85:69:b0:fd:fa:38:83:90:
+ 29:84:57:1c:39:6c:52:87:f5:4b:de:cf:c6:b8:4a:e2:a2:c8:
+ c9:4e:7a:a3:51:13:d7:62:3a:31:7c:b9:ad:df:1e:a2:2f:c6:
+ 5f:3f:f9:e3:e7:e2:8d:6c:1d:49:93:b7:ea:84:80:01:41:6e:
+ 8d:a4:00:4e:9c:8b:5a:6f:84:6e:04:a2:7c:9c:e7:6b:30:50:
+ a5:1d:2d:2e:00:24:6c:6b
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAaOgAwIBAgIBBjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMDAwMTAzMVoXDTEw
+MDMxMDAwMTAzMVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUQZC66JcMiQXwlXVE//PJsWiQ
+CoOiMG30jS3h7Me9uiQ5v64p+mUrxpjuE3R8XWg2W7QMrmuZQLg5ot/6l+NiN/88
+rjlqHHc5gS6dyaQw4EzmGOlXBKEJC6usAJzKZZZZH+khhpvY74bbmXAcOTGfSPkC
+DU1Tqqyt8VjKhJhElQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkq
+hkiG9w0BAQUFAAOCAgEApfbt0zh2zUVHHw3PZ+5958Xc/qaNiD74Kd1UHKS3O3uj
+WV1kFqkqZjs+CC0yiA7NjAWEOaAZH5Ek7umop7YhQMoS1+WYSg/XMeSGsBtWwTjX
+JsL7PStxaEykgBYuExrWXpK5z/8Z6mVJsdsXuNNGmSwSIFFsfaNBs4j2iOIHbklv
+Mo3coOMB5l4VBwZVSK71d4ySkjH6Bile/BYcaSVifmzkm2DByShrYtNyu+ahQYld
+Vls/OJjAwAhBhAHBzyNEkpj3R0CgjKcpoy0V+M17QNyEj0YP1P54ljpTATFkRzvY
+UJJ/h2yUzp4HllMKxagrB7SMVQ3jlhv9YugZx7yreWWqg12jlNuEI+JM73SPNhVx
+/aF48MQjLuyL3t8jWG72wEr/0LQb9d3kq79lE+6s5IYxNWCNBL2jkDURtlWGZSLs
+ru9lBieRt6OghIPDrvs5C3TCqtouUidaBxC6EKgsVMGHTcvV+m9q/hthdHmWxLEm
+YS0malkHzSARFRN4m3dbZUMX4ApubuVyN1g6luQoCFbFeCrorMtEZiWkGYq7yBCP
+JQ2ToujQWIVpsP36OIOQKYRXHDlsUof1S97PxrhK4qLIyU56o1ET12I6MXy5rd8e
+oi/GXz/54+fijWwdSZO36oSAAUFujaQATpyLWm+EbgSifJznazBQpR0tLgAkbGs=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7 (0x7)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 10 00:14:51 2009 GMT
+ Not After : Mar 10 00:14:51 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
+ 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
+ cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
+ ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
+ 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
+ b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
+ ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
+ 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
+ c7:92:f2:b3:ba:6c:90:3d:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Extended Key Usage:
+ OCSP Signing
+ Signature Algorithm: sha1WithRSAEncryption
+ 2d:28:82:cc:79:30:2e:b5:8e:4f:d9:3b:f4:8b:c8:a3:e6:3b:
+ cb:2c:0f:97:1c:8b:7f:06:e1:5d:3b:ec:af:c5:de:ef:c4:fa:
+ 0b:63:ee:cb:ad:60:7f:42:6f:82:6d:f2:fb:bb:9a:36:f7:1a:
+ 6c:9c:82:e8:17:18:41:35:47:72:e8:36:b4:1a:c1:ae:59:7c:
+ 92:07:62:8f:00:9a:2e:c8:5e:62:20:5f:14:82:0d:fe:de:04:
+ c8:b0:b6:03:d4:aa:41:70:4f:f9:05:ba:b5:c7:3c:36:a0:68:
+ 81:c5:82:91:56:fc:65:fe:73:c4:b3:91:d2:c4:51:16:cb:48:
+ 32:e3:b1:ea:a4:dc:e0:de:9b:f2:75:22:cd:04:2d:2d:c9:76:
+ aa:3b:b8:c6:1a:86:86:1f:a7:11:e0:6d:16:f4:5b:b3:09:1d:
+ 34:c1:0e:1a:c8:21:82:91:73:bc:e5:c5:cb:d3:ed:46:d5:f5:
+ a6:f8:65:a6:91:7b:cd:a9:0d:a6:37:3e:d9:3f:6f:c4:c7:aa:
+ d9:95:75:dc:6d:38:9e:54:3d:0f:a1:26:16:28:71:6b:14:9e:
+ be:66:8b:f4:71:c1:3e:34:a0:a1:5d:da:31:1c:63:9f:9d:01:
+ 7f:62:13:9d:3b:74:a2:b3:0a:d5:24:c0:35:07:c0:6d:20:c1:
+ 2a:21:fb:82:a5:9c:eb:3e:ce:25:57:02:d6:38:77:5e:a0:2a:
+ 52:0c:f7:3f:f3:d3:aa:0c:53:a9:1c:e9:39:d7:0d:96:28:b8:
+ e2:e9:1c:e3:92:12:1e:e1:3e:44:5a:fb:25:1e:2c:74:a9:93:
+ 24:a0:f0:02:63:bf:e2:45:a0:c5:6f:40:e4:3b:b2:b1:f1:0a:
+ 19:89:b9:54:d6:61:21:3d:7b:4b:91:fe:d9:f0:e1:48:20:d9:
+ 0b:e2:be:dd:f7:5b:6f:c8:76:ca:74:9f:a5:4a:9a:9c:1d:f0:
+ ec:40:72:82:67:fc:2a:9f:4e:f1:7f:e4:b5:7e:c0:3f:22:36:
+ 18:c3:48:88:7f:0c:2d:26:cc:40:c5:82:bd:23:e5:6c:ce:3c:
+ 27:19:27:fe:7b:1b:fa:cb:38:0a:9f:a6:44:4b:c2:22:63:68:
+ 3c:fa:86:11:af:5d:05:7c:5b:fd:26:9a:78:18:c7:f6:1e:1f:
+ 69:b9:ba:71:3b:dc:95:c1:3f:59:17:42:f1:48:2b:10:5f:67:
+ 46:32:37:4a:1a:85:d0:00:81:92:50:6c:29:80:e1:b5:bf:52:
+ a8:79:c0:5d:b9:36:e3:f7:d5:69:dc:de:54:13:c0:d3:6e:7a:
+ 9c:a8:e9:e4:f6:57:ed:aa:bd:6e:c1:c5:35:ed:72:17:65:e3:
+ cd:f0:a3:a0:10:95:b8:70
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAaOgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMDAwMTQ1MVoXDTEw
+MDMxMDAwMTQ1MVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
+rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
+sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
+j9ppRseS8rO6bJA9cQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkq
+hkiG9w0BAQUFAAOCAgEALSiCzHkwLrWOT9k79IvIo+Y7yywPlxyLfwbhXTvsr8Xe
+78T6C2Puy61gf0Jvgm3y+7uaNvcabJyC6BcYQTVHcug2tBrBrll8kgdijwCaLshe
+YiBfFIIN/t4EyLC2A9SqQXBP+QW6tcc8NqBogcWCkVb8Zf5zxLOR0sRRFstIMuOx
+6qTc4N6b8nUizQQtLcl2qju4xhqGhh+nEeBtFvRbswkdNMEOGsghgpFzvOXFy9Pt
+RtX1pvhlppF7zakNpjc+2T9vxMeq2ZV13G04nlQ9D6EmFihxaxSevmaL9HHBPjSg
+oV3aMRxjn50Bf2ITnTt0orMK1STANQfAbSDBKiH7gqWc6z7OJVcC1jh3XqAqUgz3
+P/PTqgxTqRzpOdcNlii44ukc45ISHuE+RFr7JR4sdKmTJKDwAmO/4kWgxW9A5Duy
+sfEKGYm5VNZhIT17S5H+2fDhSCDZC+K+3fdbb8h2ynSfpUqanB3w7EBygmf8Kp9O
+8X/ktX7APyI2GMNIiH8MLSbMQMWCvSPlbM48Jxkn/nsb+ss4Cp+mREvCImNoPPqG
+Ea9dBXxb/SaaeBjH9h4fabm6cTvclcE/WRdC8UgrEF9nRjI3ShqF0ACBklBsKYDh
+tb9SqHnAXbk24/fVadzeVBPA0256nKjp5PZX7aq9bsHFNe1yF2XjzfCjoBCVuHA=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 8 (0x8)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 10 08:04:09 2009 GMT
+ Not After : Mar 10 08:04:09 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:80/0001
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 71:65:df:93:41:79:18:74:88:43:3b:dd:0f:b4:ac:96:16:f3:
+ 0c:39:28:03:3e:3a:ee:0f:ce:d8:8c:14:3d:ae:e7:f8:a5:ff:
+ 2f:f3:a9:17:0e:a3:6f:d0:a0:97:bb:b9:96:ba:ec:fc:3f:ef:
+ 86:5c:d0:1c:66:2a:ac:7a:ca:a4:c2:4b:a3:6d:5f:3e:eb:e3:
+ df:c7:74:d8:b8:04:ab:de:91:96:26:1b:83:78:6e:4c:37:ad:
+ b1:90:e8:35:b2:da:fb:ee:8b:75:02:21:a0:11:b7:52:4f:90:
+ 86:6c:5a:be:74:b8:cf:3b:0c:ff:08:27:f5:d9:13:62:fc:8e:
+ 61:35:bb:48:fa:28:d0:5d:1b:73:4b:c3:29:d0:e0:b4:9b:9f:
+ 59:9e:6a:5d:7a:55:4f:91:94:28:0c:76:e5:9e:83:db:f9:1e:
+ 44:98:5d:6c:a6:2e:a0:b2:bf:f3:f0:d8:45:46:77:26:32:32:
+ 2f:a2:8a:80:37:81:78:74:5f:91:e8:25:a7:bd:d2:34:cb:57:
+ 80:d3:cf:1d:b1:2d:fb:d1:fd:0b:84:a5:86:f1:c9:25:06:3a:
+ 65:06:8b:e8:b0:6b:57:35:73:30:18:a9:fe:c6:6f:8c:63:45:
+ 62:c3:8b:f6:d8:70:38:8a:e7:c2:63:0e:4a:4b:a7:d8:45:42:
+ 59:96:af:05:4c:ac:fe:d5:cc:45:7e:b6:30:39:52:f2:e8:26:
+ 0d:22:be:b6:bf:e9:d4:ff:f7:5a:55:b3:5c:86:95:72:01:06:
+ d8:58:26:21:9b:b9:02:f0:03:84:16:d3:f0:20:cb:7d:28:c8:
+ f5:6d:d8:8e:57:29:f8:ba:c2:f4:e5:ea:d2:f1:6e:8b:44:f1:
+ a0:1a:5b:e8:e1:e2:a1:6c:18:a5:06:df:d0:94:6c:20:34:c1:
+ 0c:5e:e5:fc:d8:74:e6:a1:6a:a5:00:ca:30:a3:6b:71:8b:3c:
+ 27:8b:c0:b5:2a:e0:78:10:8a:8b:ae:0b:ff:8a:f2:ef:e1:1e:
+ dd:2a:d5:2f:8f:98:b1:4d:db:66:6b:b1:bd:85:d6:36:bd:19:
+ 29:bd:40:1d:1a:b5:7f:77:a5:08:3f:98:07:38:82:e5:e3:53:
+ b7:cc:54:66:e0:f2:b7:4c:0c:da:3c:5b:5f:d9:9b:f6:86:e2:
+ e6:c8:d4:9a:81:e2:5b:e3:a7:0d:d9:4c:ac:98:b2:b7:de:56:
+ 2c:82:3a:a2:64:55:36:2b:d5:95:1c:ff:bd:25:1c:9e:a1:55:
+ d6:00:c2:ae:d3:54:63:33:ac:30:dd:52:90:78:53:9f:7c:b4:
+ 72:4c:1a:3e:b1:90:5e:ce:af:a0:d7:5f:3e:dd:c5:28:42:03:
+ ea:a7:5e:5b:ff:fa:b0:89
+-----BEGIN CERTIFICATE-----
+MIID7DCCAdSgAwIBAgIBCDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMDA4MDQwOVoXDTEw
+MDMxMDA4MDQwOVowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
+AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgwLzAwMDEwDQYJ
+KoZIhvcNAQEFBQADggIBAHFl35NBeRh0iEM73Q+0rJYW8ww5KAM+Ou4PztiMFD2u
+5/il/y/zqRcOo2/QoJe7uZa67Pw/74Zc0BxmKqx6yqTCS6NtXz7r49/HdNi4BKve
+kZYmG4N4bkw3rbGQ6DWy2vvui3UCIaARt1JPkIZsWr50uM87DP8IJ/XZE2L8jmE1
+u0j6KNBdG3NLwynQ4LSbn1meal16VU+RlCgMduWeg9v5HkSYXWymLqCyv/Pw2EVG
+dyYyMi+iioA3gXh0X5HoJae90jTLV4DTzx2xLfvR/QuEpYbxySUGOmUGi+iwa1c1
+czAYqf7Gb4xjRWLDi/bYcDiK58JjDkpLp9hFQlmWrwVMrP7VzEV+tjA5UvLoJg0i
+vra/6dT/91pVs1yGlXIBBthYJiGbuQLwA4QW0/Agy30oyPVt2I5XKfi6wvTl6tLx
+botE8aAaW+jh4qFsGKUG39CUbCA0wQxe5fzYdOahaqUAyjCja3GLPCeLwLUq4HgQ
+iouuC/+K8u/hHt0q1S+PmLFN22Zrsb2F1ja9GSm9QB0atX93pQg/mAc4guXjU7fM
+VGbg8rdMDNo8W1/Zm/aG4ubI1JqB4lvjpw3ZTKyYsrfeViyCOqJkVTYr1ZUc/70l
+HJ6hVdYAwq7TVGMzrDDdUpB4U598tHJMGj6xkF7Or6DXXz7dxShCA+qnXlv/+rCJ
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 9 (0x9)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 11 10:49:52 2009 GMT
+ Not After : Mar 11 10:49:52 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
+ 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
+ cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
+ ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
+ 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
+ b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
+ ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
+ 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
+ c7:92:f2:b3:ba:6c:90:3d:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ CB:F2:C4:A9:D8:FB:EB:6D:99:08:AB:41:10:5D:9F:90:77:73:E5:AA
+ X509v3 Authority Key Identifier:
+ DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA
+ serial:F2:5B:40:5B:C2:B7:D0:64
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 38:fc:55:d5:e9:ae:c2:64:71:3d:ec:7d:b3:b3:a2:3c:cc:81:
+ 97:19:5d:88:b1:a9:64:44:0a:74:80:80:5d:b8:c2:1f:8b:e6:
+ 8f:ae:03:e1:61:ba:68:ff:16:2e:8e:c4:81:44:ce:ac:06:db:
+ c1:57:d3:e5:a3:f6:e2:02:78:b5:a3:ef:04:57:3a:59:f4:df:
+ 46:d2:18:61:8b:06:fc:57:15:39:0f:22:c7:81:3c:df:51:9e:
+ c1:ac:b4:21:81:4b:1f:90:36:9a:dc:6b:4d:5d:7d:2a:e5:ab:
+ d9:fe:5c:58:17:c3:58:01:a2:3d:d5:f9:e4:d8:e8:fe:be:e1:
+ da:8d:30:e2:22:ef:59:48:8f:0f:ba:09:66:64:96:85:d5:b1:
+ 90:b6:51:cc:99:35:5b:d9:e6:c4:57:07:98:c7:f5:68:7d:e2:
+ 59:40:82:ae:9f:64:02:47:43:69:27:4a:9c:e4:70:b4:a9:20:
+ c1:4f:10:9a:50:eb:c1:52:75:a6:72:84:cc:92:b4:cd:e1:36:
+ e8:1a:ad:19:dc:0e:a2:49:e8:c8:0d:cd:ea:97:53:fc:a4:ea:
+ 0d:16:81:af:41:38:90:b2:c8:69:f4:1c:55:1c:18:84:1b:b4:
+ 82:c9:c0:c7:45:d8:6c:3a:b6:0e:9b:89:f1:20:c0:a9:0d:cf:
+ b9:ae:84:19:7f:4c:2b:be:46:4d:61:b3:bc:56:ed:a2:01:4d:
+ 46:a9:2d:bb:3b:73:5b:18:fc:eb:7f:60:d5:ac:60:92:f4:c0:
+ 73:14:54:f1:be:c5:90:e9:f0:37:69:20:cb:a7:e9:74:52:e4:
+ 30:38:b9:20:44:5e:9d:eb:86:ae:ed:38:8d:7d:32:59:d7:d7:
+ 0b:8e:78:28:a3:3b:5e:f5:a4:35:f7:fe:e9:19:4c:7a:82:c0:
+ 19:0f:99:bb:49:ba:38:8e:78:5c:5f:a5:7c:f7:58:aa:53:6c:
+ d0:bd:6a:4a:87:e7:27:f8:7a:75:cf:0d:d0:98:93:5d:8f:e2:
+ 85:cf:4c:93:18:34:bf:40:4c:b9:16:00:1d:ec:ce:bd:93:78:
+ 46:80:d9:89:a5:52:41:db:f0:8b:13:f0:07:7c:35:dc:69:69:
+ 16:67:31:60:ea:27:34:cb:8a:9b:d9:98:48:f6:fa:77:74:9d:
+ 07:a8:60:df:74:e9:e1:25:5f:83:78:0d:69:37:b4:a5:78:7d:
+ 0d:0f:e0:17:b9:42:7f:9e:41:33:5a:f3:b0:80:3e:f2:ed:5e:
+ 93:60:8a:4e:88:a2:5e:40:ae:f9:ec:11:cb:76:0d:b6:ee:54:
+ 31:f0:a3:37:9e:0f:22:c4:b8:c5:63:24:8c:c5:a9:24:c9:1b:
+ 27:c6:1b:69:21:08:8c:33
+-----BEGIN CERTIFICATE-----
+MIIEdjCCAl6gAwIBAgIBCTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMTEwNDk1MloXDTEw
+MDMxMTEwNDk1MlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
+rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
+sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
+j9ppRseS8rO6bJA9cQIDAQABo4HRMIHOMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgEN
+BB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTL8sSp
+2PvrbZkIq0EQXZ+Qd3PlqjB0BgNVHSMEbTBroV6kXDBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBggkA8ltAW8K30GQwDQYJKoZIhvcN
+AQEFBQADggIBADj8VdXprsJkcT3sfbOzojzMgZcZXYixqWRECnSAgF24wh+L5o+u
+A+Fhumj/Fi6OxIFEzqwG28FX0+Wj9uICeLWj7wRXOln030bSGGGLBvxXFTkPIseB
+PN9RnsGstCGBSx+QNprca01dfSrlq9n+XFgXw1gBoj3V+eTY6P6+4dqNMOIi71lI
+jw+6CWZkloXVsZC2UcyZNVvZ5sRXB5jH9Wh94llAgq6fZAJHQ2knSpzkcLSpIMFP
+EJpQ68FSdaZyhMyStM3hNugarRncDqJJ6MgNzeqXU/yk6g0Wga9BOJCyyGn0HFUc
+GIQbtILJwMdF2Gw6tg6bifEgwKkNz7muhBl/TCu+Rk1hs7xW7aIBTUapLbs7c1sY
+/Ot/YNWsYJL0wHMUVPG+xZDp8DdpIMun6XRS5DA4uSBEXp3rhq7tOI19MlnX1wuO
+eCijO171pDX3/ukZTHqCwBkPmbtJujiOeFxfpXz3WKpTbNC9akqH5yf4enXPDdCY
+k12P4oXPTJMYNL9ATLkWAB3szr2TeEaA2YmlUkHb8IsT8Ad8NdxpaRZnMWDqJzTL
+ipvZmEj2+nd0nQeoYN906eElX4N4DWk3tKV4fQ0P4Be5Qn+eQTNa87CAPvLtXpNg
+ik6Iol5ArvnsEct2DbbuVDHwozeeDyLEuMVjJIzFqSTJGyfGG2khCIwz
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 10 (0xa)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 13 01:19:18 2009 GMT
+ Not After : Mar 13 01:19:18 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:81/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ c2:1a:cb:28:cf:52:fa:67:16:85:c5:cb:7b:b8:4c:75:20:06:
+ 62:ab:43:9f:95:f6:d8:98:ab:26:ec:89:32:d6:14:15:cb:5d:
+ 5c:17:a4:4f:b5:c7:0e:9c:3e:f3:f0:11:ea:db:9d:5b:29:e8:
+ 8d:14:1e:bb:46:1e:10:68:01:4f:3a:1b:40:4a:4c:a2:47:b4:
+ b5:e6:c4:97:ce:df:56:a5:29:60:f5:e2:6e:d6:29:01:b8:23:
+ 2a:58:89:d3:5f:6a:06:28:b6:b6:5b:0f:c7:ae:62:d2:9b:32:
+ 06:ac:82:c4:f0:a1:fe:89:af:99:23:e4:7c:98:76:b0:e4:64:
+ 6b:17:24:67:fa:f4:41:65:4e:c6:1d:cc:89:52:8c:4a:52:26:
+ 8a:42:5b:7f:1a:93:d0:53:93:57:65:3f:6f:23:17:1c:68:13:
+ 58:13:50:f7:9f:a5:32:2e:5f:20:23:9e:b4:a2:75:fb:a7:d8:
+ 3a:c8:6c:86:18:b8:e0:09:08:c9:ec:b2:a6:6b:43:c2:c7:af:
+ b6:c2:a4:97:cc:35:d5:06:38:1d:73:7f:4b:ca:54:9f:b6:94:
+ 2d:82:81:62:37:b8:74:8a:33:1c:ed:52:4f:8f:5b:88:fd:b4:
+ 61:97:2e:b9:2b:99:0b:5a:f6:2a:03:bc:e2:6f:d1:16:cc:da:
+ be:97:26:06:e8:50:1f:e7:01:ec:5f:d8:d7:ca:74:84:70:48:
+ 55:3c:6f:c8:31:ed:0c:39:7a:7f:ed:81:7a:ed:f4:3b:e1:06:
+ 07:1d:f1:3b:81:ae:7d:1c:c7:6a:74:d9:a0:de:3f:ce:f4:d1:
+ 9b:ea:43:f7:e0:46:7e:ae:a2:42:2b:58:3d:a3:c3:1c:37:2d:
+ b7:6b:5d:3a:64:9f:97:e1:a4:1b:7e:63:06:1c:7b:3b:fa:73:
+ a3:41:a9:65:bd:3f:42:38:ab:27:cc:07:b4:d2:0f:f8:04:26:
+ 47:17:55:a6:30:83:81:87:28:55:7f:c1:53:ba:f1:09:5a:78:
+ cb:05:1a:08:45:42:89:78:0e:2d:a3:ed:a3:d0:70:5c:bc:0f:
+ f5:ee:52:dd:04:37:25:d2:20:e9:d9:e7:08:ef:39:83:e3:71:
+ 4f:87:1d:1b:20:57:e1:7e:18:c8:30:1d:16:c5:5a:8b:8b:b3:
+ f7:28:c8:7a:7f:e1:9a:60:25:49:bc:60:c0:95:3f:8d:8a:67:
+ af:2d:ca:d5:e0:70:f1:07:2c:77:ea:61:72:64:cb:b5:56:fc:
+ 9d:42:d4:99:19:ae:75:4d:61:0b:49:42:fb:fa:25:44:de:fa:
+ d7:98:39:7c:32:3e:9c:57:a9:51:82:63:f5:93:dd:fd:da:a8:
+ 04:96:67:8e:c6:2b:5f:59
+-----BEGIN CERTIFICATE-----
+MIID7DCCAdSgAwIBAgIBCjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAxMTkxOFoXDTEw
+MDMxMzAxMTkxOFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
+AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgxLzAwMDIwDQYJ
+KoZIhvcNAQEFBQADggIBAMIayyjPUvpnFoXFy3u4THUgBmKrQ5+V9tiYqybsiTLW
+FBXLXVwXpE+1xw6cPvPwEerbnVsp6I0UHrtGHhBoAU86G0BKTKJHtLXmxJfO31al
+KWD14m7WKQG4IypYidNfagYotrZbD8euYtKbMgasgsTwof6Jr5kj5HyYdrDkZGsX
+JGf69EFlTsYdzIlSjEpSJopCW38ak9BTk1dlP28jFxxoE1gTUPefpTIuXyAjnrSi
+dfun2DrIbIYYuOAJCMnssqZrQ8LHr7bCpJfMNdUGOB1zf0vKVJ+2lC2CgWI3uHSK
+MxztUk+PW4j9tGGXLrkrmQta9ioDvOJv0RbM2r6XJgboUB/nAexf2NfKdIRwSFU8
+b8gx7Qw5en/tgXrt9DvhBgcd8TuBrn0cx2p02aDeP8700ZvqQ/fgRn6uokIrWD2j
+wxw3LbdrXTpkn5fhpBt+YwYcezv6c6NBqWW9P0I4qyfMB7TSD/gEJkcXVaYwg4GH
+KFV/wVO68QlaeMsFGghFQol4Di2j7aPQcFy8D/XuUt0ENyXSIOnZ5wjvOYPjcU+H
+HRsgV+F+GMgwHRbFWouLs/coyHp/4ZpgJUm8YMCVP42KZ68tytXgcPEHLHfqYXJk
+y7VW/J1C1JkZrnVNYQtJQvv6JUTe+teYOXwyPpxXqVGCY/WT3f3aqASWZ47GK19Z
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 11 (0xb)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 13 02:27:03 2009 GMT
+ Not After : Mar 13 02:27:03 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:82/0003
+
+ Signature Algorithm: sha1WithRSAEncryption
+ ae:34:5f:7e:66:8f:b1:5c:eb:da:31:33:60:29:43:c6:be:d7:
+ 1b:4e:22:97:41:9e:7a:0f:7f:e0:3b:d0:6e:6a:50:ba:a1:1f:
+ f0:78:e6:b0:a6:a2:08:c1:6f:5b:db:9f:42:a0:ba:8e:6b:99:
+ c3:91:a1:81:16:79:65:6c:bc:ca:76:b7:06:d9:89:ba:ad:12:
+ 32:32:b7:c3:c3:18:e2:7d:d5:88:4c:19:ab:33:03:70:c1:b3:
+ 14:1e:f4:b3:93:c9:73:94:f5:38:0a:52:da:b9:ef:76:32:fd:
+ 6d:d3:a2:ff:13:52:da:e1:d5:d6:8e:db:35:5b:df:dd:60:aa:
+ 99:2d:4e:bb:d4:08:43:8e:86:3c:28:51:bc:5e:d0:bd:08:7a:
+ 62:c7:ae:73:f3:92:60:b6:59:19:f3:ca:8a:fe:70:1a:67:c7:
+ 7e:95:79:f1:79:2c:56:2c:17:28:03:86:49:86:54:e0:3b:f2:
+ c1:ef:0f:12:cb:f9:4c:0d:fe:b9:7a:23:13:bc:67:ce:6b:d9:
+ 9a:68:68:71:00:ab:aa:f7:43:1a:1c:be:35:dd:69:cc:88:50:
+ 41:db:5a:41:e5:a5:9a:bc:2d:2b:fd:0d:52:e8:c5:ac:13:9e:
+ d4:99:12:2d:6d:01:10:e6:44:87:07:b2:b9:b6:54:84:69:c9:
+ 76:1b:c6:a5:cc:58:7b:82:14:78:9b:f1:79:19:25:44:86:56:
+ e1:ce:0c:bf:7a:4e:23:d7:12:f4:b6:60:d6:1d:44:db:d6:97:
+ 89:a9:54:36:75:91:d6:ef:88:01:94:cd:52:d4:6d:b3:7e:6d:
+ 61:75:fc:e0:c8:ad:ee:0a:b2:f9:e2:33:42:08:c3:f9:d1:46:
+ 6f:50:47:2d:51:e3:25:c3:cc:c5:1f:a9:04:8b:90:29:8f:1f:
+ 94:c9:de:c2:16:1a:60:e7:a0:03:65:17:3e:45:c5:5a:66:f2:
+ ff:9d:1d:1f:4d:ed:f3:92:76:70:a2:7d:43:ef:6d:e8:23:b8:
+ 9d:ad:dd:24:0b:59:22:1a:5a:0b:25:2e:55:a1:57:5b:c9:40:
+ cc:60:3e:a9:73:29:94:8e:83:dc:4e:25:54:6a:79:dc:f2:71:
+ 28:4d:c9:ec:b4:96:ad:36:8c:cb:e0:cb:54:0e:1f:e9:86:0b:
+ c0:32:c2:66:3b:35:e5:45:54:a0:1d:2c:3e:c2:fb:a0:b0:b2:
+ d1:7a:cc:fc:1f:37:81:8a:89:af:fd:60:e8:50:95:33:4a:12:
+ 98:7f:f6:51:c4:de:06:d9:8c:d0:11:b7:fb:a8:07:b4:8a:70:
+ a2:3b:dc:5f:1b:d3:46:f9:e4:c7:46:b3:e9:38:bd:20:6f:7c:
+ 6b:d6:07:4d:90:c7:67:0a
+-----BEGIN CERTIFICATE-----
+MIID7DCCAdSgAwIBAgIBCzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAyMjcwM1oXDTEw
+MDMxMzAyMjcwM1owYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
+AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgyLzAwMDMwDQYJ
+KoZIhvcNAQEFBQADggIBAK40X35mj7Fc69oxM2ApQ8a+1xtOIpdBnnoPf+A70G5q
+ULqhH/B45rCmogjBb1vbn0Kguo5rmcORoYEWeWVsvMp2twbZibqtEjIyt8PDGOJ9
+1YhMGaszA3DBsxQe9LOTyXOU9TgKUtq573Yy/W3Tov8TUtrh1daO2zVb391gqpkt
+TrvUCEOOhjwoUbxe0L0IemLHrnPzkmC2WRnzyor+cBpnx36VefF5LFYsFygDhkmG
+VOA78sHvDxLL+UwN/rl6IxO8Z85r2ZpoaHEAq6r3QxocvjXdacyIUEHbWkHlpZq8
+LSv9DVLoxawTntSZEi1tARDmRIcHsrm2VIRpyXYbxqXMWHuCFHib8XkZJUSGVuHO
+DL96TiPXEvS2YNYdRNvWl4mpVDZ1kdbviAGUzVLUbbN+bWF1/ODIre4KsvniM0II
+w/nRRm9QRy1R4yXDzMUfqQSLkCmPH5TJ3sIWGmDnoANlFz5FxVpm8v+dHR9N7fOS
+dnCifUPvbegjuJ2t3SQLWSIaWgslLlWhV1vJQMxgPqlzKZSOg9xOJVRqedzycShN
+yey0lq02jMvgy1QOH+mGC8AywmY7NeVFVKAdLD7C+6CwstF6zPwfN4GKia/9YOhQ
+lTNKEph/9lHE3gbZjNARt/uoB7SKcKI73F8b00b55MdGs+k4vSBvfGvWB02Qx2cK
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12 (0xc)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 13 02:37:59 2009 GMT
+ Not After : Mar 13 02:37:59 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
+ 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
+ cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
+ ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
+ 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
+ b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
+ ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
+ 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
+ c7:92:f2:b3:ba:6c:90:3d:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Extended Key Usage:
+ OCSP Signing
+ Signature Algorithm: sha1WithRSAEncryption
+ 83:b5:a0:1e:ef:2c:c8:07:9b:9b:e3:cc:d4:af:39:f0:cb:88:
+ bd:8e:8b:e2:66:95:43:4a:a7:4d:19:9b:44:1b:99:4a:57:2d:
+ 1e:38:d6:06:9b:49:99:17:57:37:74:bd:fd:3f:63:2e:8f:5e:
+ 87:00:66:bc:29:04:0f:34:a5:85:5b:e4:85:17:6f:3e:a4:3e:
+ e6:97:dd:90:64:1b:00:6a:37:e0:29:7a:3d:76:d7:9b:ff:e5:
+ 08:8f:d1:8d:77:f8:de:44:f7:00:b8:d3:d8:e8:07:7a:28:2a:
+ 26:ca:63:b1:47:69:3b:c4:8c:ce:af:1e:15:53:ec:31:92:ba:
+ 02:f4:e5:51:d9:dd:c7:37:44:9f:d3:28:fd:fb:05:ab:db:06:
+ 51:2b:84:bb:7a:b7:99:1c:f6:8f:d1:37:ac:aa:38:16:f1:08:
+ e1:ee:a1:43:b3:d9:fb:ea:83:9a:cc:e7:75:3e:98:79:86:2c:
+ 60:32:08:43:a7:01:f9:75:cc:2e:77:8a:de:85:04:5a:4c:90:
+ 5b:64:29:33:38:14:bd:7e:e4:1e:0b:7c:47:14:23:57:94:e5:
+ ca:53:dd:c4:30:83:77:b7:42:e6:5f:1a:02:d4:6c:08:8a:55:
+ 78:1d:3f:50:0b:0e:bf:03:af:4c:f7:a6:7a:da:33:f3:a6:62:
+ 5e:25:89:e9:a8:f4:7c:06:16:6e:28:c5:f9:82:4b:b3:39:b0:
+ bb:72:d0:15:5e:dd:ba:d5:bd:b1:7d:50:22:1d:92:10:65:bf:
+ 99:45:01:0b:d0:a5:e0:5f:37:c3:d3:92:58:28:9b:97:c5:96:
+ a5:2e:27:fc:86:04:11:9a:1c:84:0a:f2:37:51:27:1d:df:e8:
+ 1a:c4:94:d1:53:39:7f:27:eb:16:ca:27:77:d1:f8:46:fe:d7:
+ e8:ab:06:94:87:66:dc:03:c4:cb:a9:9d:21:0c:f4:93:d0:d3:
+ d5:45:a5:56:28:37:d6:81:be:9c:18:98:b3:b1:f2:b9:1a:ad:
+ 98:e8:92:39:a2:eb:c5:f4:d0:2f:82:09:ce:7e:dd:0e:94:cc:
+ 80:8e:e5:af:04:06:67:04:c1:23:ee:4a:06:c0:5c:ac:75:b1:
+ ed:e2:d0:8f:8d:8b:23:3a:94:3b:41:78:48:7c:c8:f7:dc:53:
+ 1d:0b:fa:14:70:0c:ed:d3:8b:84:4c:81:d5:f0:d7:b2:3a:27:
+ e6:82:ad:12:18:4d:19:b3:65:e6:de:fa:14:11:10:c8:66:cc:
+ f7:b2:08:af:90:02:62:51:d1:31:aa:7e:f9:1c:b4:99:83:b8:
+ e3:26:18:78:f3:7f:3a:c7:b5:59:eb:cb:32:8b:39:a4:86:14:
+ 0a:55:3e:1d:24:56:2f:97
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAaOgAwIBAgIBDDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAyMzc1OVoXDTEw
+MDMxMzAyMzc1OVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
+rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
+sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
+j9ppRseS8rO6bJA9cQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkq
+hkiG9w0BAQUFAAOCAgEAg7WgHu8syAebm+PM1K858MuIvY6L4maVQ0qnTRmbRBuZ
+SlctHjjWBptJmRdXN3S9/T9jLo9ehwBmvCkEDzSlhVvkhRdvPqQ+5pfdkGQbAGo3
+4Cl6PXbXm//lCI/RjXf43kT3ALjT2OgHeigqJspjsUdpO8SMzq8eFVPsMZK6AvTl
+UdndxzdEn9Mo/fsFq9sGUSuEu3q3mRz2j9E3rKo4FvEI4e6hQ7PZ++qDmszndT6Y
+eYYsYDIIQ6cB+XXMLneK3oUEWkyQW2QpMzgUvX7kHgt8RxQjV5TlylPdxDCDd7dC
+5l8aAtRsCIpVeB0/UAsOvwOvTPemetoz86ZiXiWJ6aj0fAYWbijF+YJLszmwu3LQ
+FV7dutW9sX1QIh2SEGW/mUUBC9Cl4F83w9OSWCibl8WWpS4n/IYEEZochAryN1En
+Hd/oGsSU0VM5fyfrFsond9H4Rv7X6KsGlIdm3APEy6mdIQz0k9DT1UWlVig31oG+
+nBiYs7HyuRqtmOiSOaLrxfTQL4IJzn7dDpTMgI7lrwQGZwTBI+5KBsBcrHWx7eLQ
+j42LIzqUO0F4SHzI99xTHQv6FHAM7dOLhEyB1fDXsjon5oKtEhhNGbNl5t76FBEQ
+yGbM97IIr5ACYlHRMap++Ry0mYO44yYYePN/Ose1WevLMos5pIYUClU+HSRWL5c=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 13 (0xd)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 13 02:39:35 2009 GMT
+ Not After : Mar 13 02:39:35 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:83/0004
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 24:50:3d:65:cc:60:62:13:c0:3b:e1:01:0d:17:35:e8:7a:a8:
+ 05:1e:b3:70:dc:fe:d3:84:7e:71:14:c3:86:73:23:76:d9:bb:
+ de:41:b4:02:3b:d7:db:03:6d:1f:44:1e:65:a6:b5:79:80:7f:
+ 2a:8b:11:f4:71:b1:de:13:17:1c:d3:b2:51:f7:b5:ee:29:27:
+ ff:06:96:4f:18:f6:7a:0f:bd:ed:39:d2:ab:ff:1c:b4:21:87:
+ f3:fd:ed:2b:fe:19:29:bb:4b:41:d1:48:37:f7:34:fe:f1:92:
+ 80:85:33:d6:df:bf:d4:40:f4:5f:42:de:22:88:86:11:78:c8:
+ ac:9c:f2:87:95:b0:c6:d6:54:40:e3:c1:64:30:5c:46:f6:a1:
+ 16:64:80:50:20:f8:9c:fe:da:8e:b5:ea:c3:83:18:c8:f3:13:
+ 95:01:cc:fe:85:bc:be:56:bc:f2:fe:70:c1:fa:86:43:9a:e0:
+ 7e:cd:8d:f1:d8:d2:35:51:df:9c:46:36:3b:c0:97:75:ac:9c:
+ a7:90:ee:92:b9:9f:5d:cc:54:95:5f:69:38:23:cc:cf:c6:0a:
+ c8:55:b7:80:b8:93:98:fc:a9:4c:71:e0:dd:f9:27:d1:db:9c:
+ 0d:54:9a:d0:05:40:97:cc:45:d5:60:a8:c9:bb:4e:c0:c5:b4:
+ 01:f5:82:d5:5a:8c:28:01:b9:b3:be:bc:25:32:f1:e6:70:e7:
+ e4:42:45:4a:d8:06:cb:42:ed:3a:ec:97:42:97:b1:5c:cd:a0:
+ 99:94:24:a5:94:c6:b3:5e:c9:06:6b:c5:b8:af:26:48:52:bd:
+ bb:93:36:1d:01:6c:33:34:3b:a4:ba:76:0b:bc:44:20:8a:d2:
+ ee:1d:70:81:94:01:35:69:a5:5b:30:f1:1e:50:9a:a3:20:b0:
+ ae:70:f0:28:bc:48:e3:62:f2:1d:84:53:a4:e0:4f:56:6e:5f:
+ ba:d1:f0:38:46:5d:c8:06:ab:94:f5:f1:d6:80:55:8f:73:cb:
+ 64:17:70:6f:38:26:06:9f:9e:68:d4:3c:43:c0:10:fe:a9:99:
+ 67:8d:d4:0d:c9:d7:04:41:0e:e8:fe:09:41:29:f3:b3:ba:e0:
+ 3b:b1:09:67:68:82:93:24:23:a2:da:bb:d1:01:2b:28:5f:56:
+ 27:2b:a4:8f:fd:f3:46:e9:62:67:3b:d6:26:80:f5:06:b8:0f:
+ 08:dc:22:49:f3:f2:26:ef:b5:db:89:9a:b5:15:3b:45:b2:89:
+ 35:8b:6d:49:dd:79:d0:49:6c:c4:78:1c:46:f7:4f:34:6f:37:
+ 17:da:6f:7f:c2:54:5f:70:29:1b:36:c3:44:16:0d:1b:d9:f4:
+ ab:bb:2d:87:65:99:6a:d1
+-----BEGIN CERTIFICATE-----
+MIID7DCCAdSgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAyMzkzNVoXDTEw
+MDMxMzAyMzkzNVowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
+AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgzLzAwMDQwDQYJ
+KoZIhvcNAQEFBQADggIBACRQPWXMYGITwDvhAQ0XNeh6qAUes3Dc/tOEfnEUw4Zz
+I3bZu95BtAI719sDbR9EHmWmtXmAfyqLEfRxsd4TFxzTslH3te4pJ/8Glk8Y9noP
+ve050qv/HLQhh/P97Sv+GSm7S0HRSDf3NP7xkoCFM9bfv9RA9F9C3iKIhhF4yKyc
+8oeVsMbWVEDjwWQwXEb2oRZkgFAg+Jz+2o616sODGMjzE5UBzP6FvL5WvPL+cMH6
+hkOa4H7NjfHY0jVR35xGNjvAl3WsnKeQ7pK5n13MVJVfaTgjzM/GCshVt4C4k5j8
+qUxx4N35J9HbnA1UmtAFQJfMRdVgqMm7TsDFtAH1gtVajCgBubO+vCUy8eZw5+RC
+RUrYBstC7Trsl0KXsVzNoJmUJKWUxrNeyQZrxbivJkhSvbuTNh0BbDM0O6S6dgu8
+RCCK0u4dcIGUATVppVsw8R5QmqMgsK5w8Ci8SONi8h2EU6TgT1ZuX7rR8DhGXcgG
+q5T18daAVY9zy2QXcG84JgafnmjUPEPAEP6pmWeN1A3J1wRBDuj+CUEp87O64Dux
+CWdogpMkI6Lau9EBKyhfVicrpI/980bpYmc71iaA9Qa4DwjcIknz8ibvtduJmrUV
+O0WyiTWLbUndedBJbMR4HEb3TzRvNxfab3/CVF9wKRs2w0QWDRvZ9Ku7LYdlmWrR
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 14 (0xe)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 13 03:16:42 2009 GMT
+ Not After : Mar 11 03:16:42 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Second Responder Certificate
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:aa:01:31:49:34:0e:6c:b5:25:a0:da:35:71:cf:
+ 9d:a7:c4:ad:27:31:ee:c2:46:fe:03:8f:4f:ed:f7:
+ 75:d5:b9:01:c6:a9:8f:8d:17:ca:8c:82:82:63:ed:
+ 08:d4:05:9e:31:3c:c9:66:59:41:72:63:8e:01:3e:
+ a2:39:d1:9c:51:9c:c5:9a:ad:72:0d:e6:2b:19:ba:
+ 45:a6:18:f6:e2:79:72:4b:5e:79:74:38:b5:86:9c:
+ 57:bb:2c:e8:f5:57:9b:32:34:86:2a:2f:40:2f:5d:
+ dd:9c:f5:63:d4:2e:ad:b1:d3:25:22:7c:86:89:84:
+ c9:26:70:3c:c8:11:64:ed:47
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Extended Key Usage:
+ OCSP Signing
+ Signature Algorithm: sha1WithRSAEncryption
+ b8:56:6b:f9:21:8a:79:e8:53:38:c7:84:e0:c3:96:6c:f3:71:
+ 95:dc:31:9a:ef:fc:fb:b5:18:c6:35:26:3d:ee:4d:00:9c:e4:
+ 10:25:a9:2e:a0:41:8a:37:a9:91:02:9c:52:ec:0d:7a:bf:e9:
+ bb:54:6d:4a:92:5c:9d:c8:01:17:a3:8f:25:fd:32:a7:11:e4:
+ 77:fd:ce:7c:4b:c9:ae:32:e6:d5:25:cc:a4:97:bb:07:f3:1d:
+ f0:11:8a:d8:f1:37:e6:4f:3c:99:30:44:20:04:3d:82:fc:87:
+ 60:24:21:a9:46:e7:d8:41:2c:76:d8:a5:58:44:ca:85:71:31:
+ 24:f2:45:7d:fb:70:db:1b:93:42:21:85:69:5d:19:13:85:7c:
+ 85:6c:83:8f:bf:c1:a7:3d:49:b9:68:4e:a2:12:2e:9d:89:c3:
+ a7:1b:86:71:e4:cc:29:79:0e:b1:19:07:ca:2d:b8:95:87:f4:
+ 8d:4a:be:06:0d:d0:e1:1a:ed:ea:a2:52:f3:f2:7b:1f:3c:10:
+ c6:67:be:00:3a:36:ca:ad:93:d4:ee:b3:9d:e8:47:6e:bb:6f:
+ 12:6b:cf:3d:73:22:a3:15:e0:e1:51:88:86:e6:2a:23:ee:e1:
+ 32:55:0c:b8:73:35:f7:42:9e:4c:c4:ea:f5:3c:d5:20:ef:32:
+ 27:c2:b5:9b:ad:f0:a8:bf:72:5c:5b:fc:41:e4:a0:6d:b2:4d:
+ c0:69:a5:b2:dc:70:d6:90:ae:2e:81:41:f4:ec:33:c5:43:4e:
+ 70:eb:1c:17:4c:d9:ed:8f:97:2e:20:17:9d:40:bc:d1:ae:74:
+ 21:8b:ab:cc:b0:86:5a:cd:42:9c:df:13:16:59:56:27:be:26:
+ bb:92:5f:7a:86:9e:f5:19:45:1f:36:8a:e3:55:5d:89:3b:2f:
+ ed:13:9c:e7:ae:bd:eb:34:31:a2:02:70:0c:a7:32:d3:d1:be:
+ c0:2f:0e:10:b7:43:2d:ab:68:70:b4:a1:e1:25:c1:ae:1c:43:
+ 32:c0:90:81:c1:39:0b:27:e7:14:c9:28:db:40:0f:1f:9c:ce:
+ 1b:8b:26:ca:b8:41:01:e7:cb:92:b0:8a:14:00:f3:e0:3c:84:
+ d3:2c:45:19:15:01:02:ab:bd:e8:19:6b:d7:7e:c6:5a:a9:3a:
+ d5:00:23:15:2a:e9:93:7d:11:75:cc:c6:c3:8e:5f:3f:d3:3f:
+ 05:9f:40:12:a9:a8:bc:50:dc:42:02:62:7d:00:6a:ef:08:e1:
+ 69:87:4d:2a:9b:54:49:35:80:58:12:92:a1:33:65:20:5f:29:
+ cf:ab:03:8e:0b:91:08:9e:52:d6:b2:d7:ec:bb:38:9b:d5:5d:
+ f6:b2:89:f5:00:bb:0f:f2
+-----BEGIN CERTIFICATE-----
+MIIDyTCCAbGgAwIBAgIBDjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMTY0MloXDTE5
+MDMxMTAzMTY0MlowYTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJTAjBgNVBAMTHFNlY29uZCBSZXNwb25k
+ZXIgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKoBMUk0
+Dmy1JaDaNXHPnafErScx7sJG/gOPT+33ddW5Acapj40XyoyCgmPtCNQFnjE8yWZZ
+QXJjjgE+ojnRnFGcxZqtcg3mKxm6RaYY9uJ5ckteeXQ4tYacV7ss6PVXmzI0hiov
+QC9d3Zz1Y9QurbHTJSJ8homEySZwPMgRZO1HAgMBAAGjFzAVMBMGA1UdJQQMMAoG
+CCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA4ICAQC4Vmv5IYp56FM4x4Tgw5Zs83GV
+3DGa7/z7tRjGNSY97k0AnOQQJakuoEGKN6mRApxS7A16v+m7VG1KklydyAEXo48l
+/TKnEeR3/c58S8muMubVJcykl7sH8x3wEYrY8TfmTzyZMEQgBD2C/IdgJCGpRufY
+QSx22KVYRMqFcTEk8kV9+3DbG5NCIYVpXRkThXyFbIOPv8GnPUm5aE6iEi6dicOn
+G4Zx5MwpeQ6xGQfKLbiVh/SNSr4GDdDhGu3qolLz8nsfPBDGZ74AOjbKrZPU7rOd
+6Eduu28Sa889cyKjFeDhUYiG5ioj7uEyVQy4czX3Qp5MxOr1PNUg7zInwrWbrfCo
+v3JcW/xB5KBtsk3AaaWy3HDWkK4ugUH07DPFQ05w6xwXTNntj5cuIBedQLzRrnQh
+i6vMsIZazUKc3xMWWVYnvia7kl96hp71GUUfNorjVV2JOy/tE5znrr3rNDGiAnAM
+pzLT0b7ALw4Qt0Mtq2hwtKHhJcGuHEMywJCBwTkLJ+cUySjbQA8fnM4biybKuEEB
+58uSsIoUAPPgPITTLEUZFQECq73oGWvXfsZaqTrVACMVKumTfRF1zMbDjl8/0z8F
+n0ASqai8UNxCAmJ9AGrvCOFph00qm1RJNYBYEpKhM2UgXynPqwOOC5EInlLWstfs
+uzib1V32son1ALsP8g==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 15 (0xf)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 13 03:18:18 2009 GMT
+ Not After : Mar 11 03:18:18 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First Test Certificate
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:cf:0f:cf:a5:08:18:bf:8b:6c:2c:3c:55:fe:02:
+ 43:b7:a8:af:45:a3:4a:28:63:d1:da:26:7a:c2:0d:
+ f8:58:a5:73:c5:db:b8:fb:62:47:ea:17:7b:25:6b:
+ d1:8c:e2:74:96:f4:6b:e5:49:3b:b3:e5:6a:63:36:
+ 19:f8:3c:d8:4b:9c:14:9d:2b:6a:71:cc:3a:9f:b9:
+ d5:db:60:8e:44:40:d7:12:53:52:e5:71:41:c8:bf:
+ ec:0d:9c:5b:7c:8e:ac:99:47:65:50:e5:f8:95:3e:
+ 8a:3c:99:d9:75:47:73:51:f4:fd:36:46:ed:1a:77:
+ 10:ce:1d:01:0c:86:6b:23:ff
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 25:0C:EC:1F:D6:1A:A2:95:AF:C1:A3:DA:EF:B1:F3:BE:62:F3:10:6C
+ X509v3 Authority Key Identifier:
+ DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA
+ serial:F2:5B:40:5B:C2:B7:D0:64
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 18:fe:74:f1:af:0a:d9:91:ad:b5:7c:f3:01:f8:98:1a:dc:b3:
+ 66:6b:f4:bc:16:9a:e6:2b:f2:1f:77:23:89:a8:68:e0:8d:e3:
+ 50:f3:f1:e6:38:f1:59:54:9b:44:0f:72:00:1a:61:71:9c:f0:
+ 4f:a3:08:9d:17:36:0c:54:82:be:24:04:cb:b5:04:e9:20:c9:
+ 6e:bc:8f:af:18:d8:2d:ee:cc:a8:8b:e4:1a:35:98:f6:53:72:
+ 89:4f:05:f8:c3:7b:50:13:ee:cf:9f:d3:eb:a7:7c:4a:e6:89:
+ 0f:6b:0e:d6:c7:bc:db:04:03:08:25:59:b4:06:5b:ce:a6:db:
+ 7b:3a:5d:80:e8:ff:66:e1:22:03:54:28:16:0e:89:c8:5b:aa:
+ b2:6e:1a:0f:07:53:60:bc:f4:2a:2d:a7:89:f2:b4:58:55:47:
+ 2e:b1:b2:3c:50:30:6b:0c:12:34:11:5f:54:2a:0a:ab:19:d9:
+ 36:ae:e2:16:5e:b8:8e:0d:17:d0:42:82:96:4d:fb:36:56:69:
+ 7b:ce:32:fb:91:a4:02:73:8c:75:7e:de:87:06:52:20:ed:26:
+ ff:47:72:f2:f6:01:2e:ec:38:da:0b:5b:be:ec:8e:c6:02:28:
+ 92:57:28:04:f5:00:87:90:34:e1:81:c5:cc:21:00:6b:4d:d5:
+ d5:c3:f6:f1:97:e1:5e:8c:ea:56:2e:5e:ce:9e:de:b9:a6:86:
+ 60:33:1d:94:76:39:e1:70:9a:d2:b3:9a:f4:47:f8:bd:83:26:
+ 38:a0:ab:a3:bc:81:df:6b:79:7d:f5:67:8f:5a:e1:a4:67:29:
+ 58:07:66:70:6a:43:dc:f7:4c:82:54:15:a0:2f:ab:c0:9f:24:
+ 91:e0:a7:d1:b1:58:bf:43:bf:25:1f:32:fc:98:26:b1:2f:19:
+ 8f:d8:69:c1:1a:bd:b0:3e:0a:dc:54:c1:27:34:b9:1b:55:93:
+ ff:e6:23:ac:af:33:ed:8d:6e:ee:36:18:70:9e:a2:87:b6:e2:
+ 1d:3a:ee:e8:e2:79:97:15:7c:83:d1:89:71:ab:87:8d:36:a7:
+ 7d:d8:4c:e2:b6:b7:1f:32:34:a8:75:ca:4f:00:3e:49:b0:5c:
+ 40:1a:9c:6e:bd:b5:5f:f4:2e:c5:0a:54:b4:89:4a:63:35:ff:
+ 80:8d:fe:31:e8:2e:92:77:8c:19:1a:2c:b8:95:1e:ef:d5:7d:
+ c6:f9:4d:05:b6:f8:dd:55:0c:10:43:6e:7d:47:c8:b0:83:db:
+ a3:7b:b4:5a:e3:a9:33:b2:ed:23:83:6a:e1:ce:c6:1c:89:27:
+ 39:2c:3d:2f:55:49:c8:c5:9d:23:46:fe:88:71:da:ef:2b:25:
+ e4:79:92:2b:1d:61:a6:dc
+-----BEGIN CERTIFICATE-----
+MIIEfjCCAmagAwIBAgIBDzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMTgxOFoXDTE5
+MDMxMTAzMTgxOFowWzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xHzAdBgNVBAMTFkZpcnN0IFRlc3QgQ2Vy
+dGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8Pz6UIGL+LbCw8
+Vf4CQ7eor0WjSihj0domesIN+Filc8XbuPtiR+oXeyVr0YzidJb0a+VJO7PlamM2
+Gfg82EucFJ0ranHMOp+51dtgjkRA1xJTUuVxQci/7A2cW3yOrJlHZVDl+JU+ijyZ
+2XVHc1H0/TZG7Rp3EM4dAQyGayP/AgMBAAGjgdEwgc4wCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFCUM7B/WGqKVr8Gj2u+x875i8xBsMHQGA1UdIwRtMGuhXqRcMFoxCzAJBgNV
+BAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMREwDwYDVQQHEwhTdXdvbi1TaTEW
+MBQGA1UEChMNU2Ftc3VuZyBFbGVjLjELMAkGA1UEAxMCQ0GCCQDyW0BbwrfQZDAN
+BgkqhkiG9w0BAQUFAAOCAgEAGP508a8K2ZGttXzzAfiYGtyzZmv0vBaa5ivyH3cj
+iaho4I3jUPPx5jjxWVSbRA9yABphcZzwT6MInRc2DFSCviQEy7UE6SDJbryPrxjY
+Le7MqIvkGjWY9lNyiU8F+MN7UBPuz5/T66d8SuaJD2sO1se82wQDCCVZtAZbzqbb
+ezpdgOj/ZuEiA1QoFg6JyFuqsm4aDwdTYLz0Ki2nifK0WFVHLrGyPFAwawwSNBFf
+VCoKqxnZNq7iFl64jg0X0EKClk37NlZpe84y+5GkAnOMdX7ehwZSIO0m/0dy8vYB
+Luw42gtbvuyOxgIoklcoBPUAh5A04YHFzCEAa03V1cP28ZfhXozqVi5ezp7euaaG
+YDMdlHY54XCa0rOa9Ef4vYMmOKCro7yB32t5ffVnj1rhpGcpWAdmcGpD3PdMglQV
+oC+rwJ8kkeCn0bFYv0O/JR8y/JgmsS8Zj9hpwRq9sD4K3FTBJzS5G1WT/+YjrK8z
+7Y1u7jYYcJ6ih7biHTru6OJ5lxV8g9GJcauHjTanfdhM4ra3HzI0qHXKTwA+SbBc
+QBqcbr21X/QuxQpUtIlKYzX/gI3+MegukneMGRosuJUe79V9xvlNBbb43VUMEENu
+fUfIsIPbo3u0WuOpM7LtI4Nq4c7GHIknOSw9L1VJyMWdI0b+iHHa7ysl5HmSKx1h
+ptw=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 16 (0x10)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 13 03:23:56 2009 GMT
+ Not After : Mar 11 03:23:56 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:80/0002
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 75:b9:17:be:1c:06:6f:12:a9:04:1b:63:0b:0d:5c:70:55:e2:
+ 31:c0:88:71:d0:56:8e:e5:16:e8:3b:47:1a:08:03:93:56:b2:
+ 9b:a2:04:3c:a8:81:10:5a:18:7b:d2:70:ae:7c:0b:94:b6:6c:
+ f2:58:e7:69:82:e5:f2:aa:4e:f3:ac:85:6d:5a:ac:11:53:d2:
+ 8d:3d:53:ae:ab:f7:f3:c6:f0:ba:f2:e6:7b:2d:74:74:75:fd:
+ e0:8d:67:c9:12:d5:f2:93:44:48:66:5b:85:26:7d:95:77:48:
+ 4f:a4:72:65:67:38:99:47:4e:cd:47:1c:43:7a:0a:58:a6:99:
+ 1b:1b:01:09:f7:0b:34:8a:3a:8d:10:e2:ca:9c:48:a3:f6:39:
+ 42:3b:43:e6:f6:81:8b:36:5a:ed:33:98:70:24:ca:4f:18:8b:
+ d9:c1:0a:d9:cd:96:33:d0:e8:ac:bd:3f:34:af:86:52:d1:69:
+ 6e:90:8e:d0:86:bf:b1:04:3d:85:99:0f:e3:c3:e6:60:47:34:
+ 37:97:f2:a2:69:c4:4e:dc:62:d0:eb:c2:24:77:2e:a3:ba:c1:
+ 88:a9:b2:b4:fb:79:a6:d4:cf:5e:3f:03:41:25:c4:f3:29:0a:
+ fd:b7:78:55:b1:9a:0c:79:32:2f:2e:fe:69:ba:a0:2c:62:bc:
+ 11:38:c4:47:a8:b0:72:70:d1:50:9f:b9:87:64:f5:12:56:c5:
+ f7:ed:8e:23:08:df:d0:0e:1a:6b:25:8c:b3:6b:7c:cc:55:6d:
+ 90:83:a9:ef:7d:45:04:a6:dc:7c:0d:80:c1:54:22:d1:b8:e2:
+ 43:cc:ad:75:a2:07:eb:d3:26:da:8a:c4:fb:6f:0b:ac:11:f4:
+ 01:7f:b9:37:68:ec:1e:60:a2:ae:d6:b2:0b:37:cb:7e:5d:dc:
+ ec:14:21:69:84:ff:fc:61:85:b6:bf:7f:d2:af:3c:70:12:c6:
+ ba:40:e8:b5:25:56:34:ca:44:f1:ea:15:ad:79:50:ec:44:b7:
+ 6c:d7:4b:cc:2c:4f:45:01:85:15:76:2a:03:c2:14:9c:3e:bf:
+ 87:7b:59:d7:aa:2d:48:20:b6:1a:6e:6e:b0:c2:77:22:3c:ea:
+ 24:d0:f8:62:b0:4b:01:3a:48:be:5f:66:73:0a:46:b3:1f:83:
+ 41:91:f5:fd:e8:08:08:52:18:3a:8c:6a:19:2c:e3:30:d8:53:
+ 13:97:62:83:eb:e3:ed:3a:8e:64:25:b1:8a:01:f4:24:14:6d:
+ d4:61:c1:c3:8d:c3:89:2c:5f:6e:d8:1e:1d:de:b9:77:06:0b:
+ 31:63:e4:ce:d9:76:1b:68:48:ea:ec:64:d5:a6:a5:15:29:1d:
+ 79:af:21:2d:a8:e6:e6:f8
+-----BEGIN CERTIFICATE-----
+MIID7DCCAdSgAwIBAgIBEDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjM1NloXDTE5
+MDMxMTAzMjM1NlowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
+AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgwLzAwMDIwDQYJ
+KoZIhvcNAQEFBQADggIBAHW5F74cBm8SqQQbYwsNXHBV4jHAiHHQVo7lFug7RxoI
+A5NWspuiBDyogRBaGHvScK58C5S2bPJY52mC5fKqTvOshW1arBFT0o09U66r9/PG
+8Lry5nstdHR1/eCNZ8kS1fKTREhmW4UmfZV3SE+kcmVnOJlHTs1HHEN6ClimmRsb
+AQn3CzSKOo0Q4sqcSKP2OUI7Q+b2gYs2Wu0zmHAkyk8Yi9nBCtnNljPQ6Ky9PzSv
+hlLRaW6QjtCGv7EEPYWZD+PD5mBHNDeX8qJpxE7cYtDrwiR3LqO6wYipsrT7eabU
+z14/A0ElxPMpCv23eFWxmgx5Mi8u/mm6oCxivBE4xEeosHJw0VCfuYdk9RJWxfft
+jiMI39AOGmsljLNrfMxVbZCDqe99RQSm3HwNgMFUItG44kPMrXWiB+vTJtqKxPtv
+C6wR9AF/uTdo7B5goq7Wsgs3y35d3OwUIWmE//xhhba/f9KvPHASxrpA6LUlVjTK
+RPHqFa15UOxEt2zXS8wsT0UBhRV2KgPCFJw+v4d7WdeqLUggthpubrDCdyI86iTQ
++GKwSwE6SL5fZnMKRrMfg0GR9f3oCAhSGDqMahks4zDYUxOXYoPr4+06jmQlsYoB
+9CQUbdRhwcONw4ksX27YHh3euXcGCzFj5M7ZdhtoSOrsZNWmpRUpHXmvIS2o5ub4
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 17 (0x11)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 13 03:24:10 2009 GMT
+ Not After : Mar 11 03:24:10 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:81/0003
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 5a:7d:5f:25:e5:5a:49:3e:e9:06:4c:f1:7f:83:7d:d4:0d:13:
+ 36:35:bf:32:92:69:60:1d:ae:2e:ed:89:b3:d4:1e:78:d2:85:
+ 35:7a:1f:65:30:78:5e:d3:30:60:3d:7d:2c:be:02:6a:f0:22:
+ 5e:82:86:53:01:a4:b6:1c:9f:d4:79:e9:ec:eb:d8:33:85:fb:
+ 21:d2:82:77:b9:6d:20:8e:af:82:ff:25:82:27:3b:d7:d9:38:
+ 31:a3:2b:bc:55:00:28:f6:f9:bf:01:e6:66:0b:b8:a8:ed:30:
+ 09:52:8d:bf:94:7b:96:d1:93:5b:a3:a4:f1:9f:aa:f4:04:54:
+ 0b:69:73:af:36:d7:3e:33:2c:29:38:04:9b:65:32:31:fa:17:
+ 2f:0a:9f:19:05:d8:01:0c:db:13:1e:55:ec:94:38:3f:83:ee:
+ 50:35:d1:6e:4f:32:c3:3d:d3:39:c8:c5:cc:56:b4:33:2e:8b:
+ 75:a0:9c:cd:28:e5:42:a1:89:e1:06:90:bd:f3:8e:b5:48:9e:
+ 1c:dd:56:4d:d9:ec:6e:0b:7b:72:e5:0a:be:7e:33:5a:13:25:
+ 13:87:4c:9a:27:49:02:6d:28:5b:e7:4d:1b:7c:11:22:10:45:
+ b1:57:b7:fc:12:62:69:24:69:ee:67:ce:5b:20:70:6a:22:29:
+ f4:a0:90:59:d3:a2:be:7b:43:3a:59:0b:23:d1:2e:ed:51:98:
+ 87:c5:4d:1c:64:08:f8:ca:af:36:ab:5d:00:ce:15:00:f4:ad:
+ 34:44:27:8b:72:c6:6d:24:4c:1a:e3:f7:4c:bc:25:a2:a8:e2:
+ a8:79:58:57:a7:5d:f0:20:28:d2:ef:84:ff:ee:42:0f:1e:59:
+ 93:4c:05:45:ff:c1:0d:cb:30:1d:bb:26:5a:4d:24:c0:44:52:
+ 77:33:17:dd:d1:00:63:1e:9b:4d:ca:28:8b:bb:fd:0d:0b:e3:
+ 72:26:94:e2:8c:5a:d7:1a:a6:e7:b7:bc:4b:bf:cc:02:2c:d8:
+ 9b:cb:31:7d:09:4c:15:73:5d:1a:a8:46:10:66:68:80:a9:f3:
+ 3d:f8:7c:9d:46:3d:ce:ae:75:6f:92:db:34:d3:d7:be:6c:4e:
+ 76:b6:b6:b7:a2:a8:b9:9e:a9:f1:6f:a6:e5:01:bb:82:13:bd:
+ 7f:24:81:c3:22:54:58:f0:7e:8d:9a:86:82:00:46:66:33:e4:
+ 96:98:8a:33:7b:ed:93:9b:cf:68:b5:eb:42:da:6d:50:49:f0:
+ 14:27:01:f6:57:09:26:7c:61:81:d0:e5:e9:ec:6d:18:eb:97:
+ 1a:55:cf:1f:d9:20:67:8f:71:bb:0c:98:6d:c0:4b:85:32:c9:
+ d3:b7:f3:d0:60:fd:64:01
+-----BEGIN CERTIFICATE-----
+MIID7DCCAdSgAwIBAgIBETANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQxMFoXDTE5
+MDMxMTAzMjQxMFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
+AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgxLzAwMDMwDQYJ
+KoZIhvcNAQEFBQADggIBAFp9XyXlWkk+6QZM8X+DfdQNEzY1vzKSaWAdri7tibPU
+HnjShTV6H2UweF7TMGA9fSy+AmrwIl6ChlMBpLYcn9R56ezr2DOF+yHSgne5bSCO
+r4L/JYInO9fZODGjK7xVACj2+b8B5mYLuKjtMAlSjb+Ue5bRk1ujpPGfqvQEVAtp
+c6821z4zLCk4BJtlMjH6Fy8KnxkF2AEM2xMeVeyUOD+D7lA10W5PMsM90znIxcxW
+tDMui3WgnM0o5UKhieEGkL3zjrVInhzdVk3Z7G4Le3LlCr5+M1oTJROHTJonSQJt
+KFvnTRt8ESIQRbFXt/wSYmkkae5nzlsgcGoiKfSgkFnTor57QzpZCyPRLu1RmIfF
+TRxkCPjKrzarXQDOFQD0rTREJ4tyxm0kTBrj90y8JaKo4qh5WFenXfAgKNLvhP/u
+Qg8eWZNMBUX/wQ3LMB27JlpNJMBEUnczF93RAGMem03KKIu7/Q0L43ImlOKMWtca
+pue3vEu/zAIs2JvLMX0JTBVzXRqoRhBmaICp8z34fJ1GPc6udW+S2zTT175sTna2
+treiqLmeqfFvpuUBu4ITvX8kgcMiVFjwfo2ahoIARmYz5JaYijN77ZObz2i160La
+bVBJ8BQnAfZXCSZ8YYHQ5ensbRjrlxpVzx/ZIGePcbsMmG3AS4UyydO389Bg/WQB
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 18 (0x12)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 13 03:24:20 2009 GMT
+ Not After : Mar 11 03:24:20 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:82/0004
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 1d:80:7c:33:dd:ab:99:c7:06:f5:aa:fd:16:7d:89:d8:a9:a2:
+ 89:38:af:26:b7:b1:0f:69:3d:d6:09:3e:6d:dd:d2:e0:51:b8:
+ 97:fc:8d:96:08:0d:33:2d:75:e7:d2:9e:47:2b:fd:46:5b:c9:
+ f2:68:4f:26:8f:83:3d:fc:aa:d7:6a:20:77:15:3f:78:d9:75:
+ b3:79:10:fd:ab:ab:95:34:69:64:3c:8a:65:6d:66:bb:a9:da:
+ 26:79:51:59:a7:c2:97:ea:6c:7f:31:91:d3:a5:c2:65:ca:d5:
+ 4f:6f:c8:d9:b9:c7:03:7b:c6:2d:16:5f:fe:de:02:28:f3:e9:
+ 64:ad:e9:62:3c:e5:91:31:0f:c9:c9:33:1a:a5:66:d8:5b:80:
+ 18:6f:5f:55:34:51:43:fa:79:50:ba:17:19:2c:b9:25:b8:a3:
+ a0:b2:08:38:49:6d:3c:86:8c:42:2c:d8:07:bd:39:f1:3c:97:
+ 8f:c6:83:cd:85:8f:e9:52:63:77:4f:d6:9e:58:3e:22:f8:29:
+ 8e:44:92:c6:b7:ab:28:35:22:7b:b7:d0:8f:34:70:15:f2:4b:
+ 91:65:42:8d:d5:ce:75:4b:2f:7b:7e:7f:7e:61:09:5b:b2:1a:
+ 64:94:18:c9:8e:c3:ee:a4:89:d6:97:55:76:28:b0:e6:bc:7c:
+ f0:c9:9b:20:e3:a5:10:da:c1:9c:c4:4e:ff:e8:ca:3c:19:82:
+ 06:d6:aa:05:cb:05:e5:bd:36:cf:4c:3a:a7:e6:21:af:e8:5e:
+ 2d:ee:3b:94:24:91:37:92:95:3f:d3:f8:b8:5a:13:56:16:a7:
+ 20:34:f6:fd:cb:59:6d:4c:ff:04:df:ef:61:08:d9:2f:85:a8:
+ b1:7c:07:80:93:31:7b:bb:7f:8d:17:ba:8b:64:41:82:4a:ca:
+ f6:a9:f7:69:b8:cf:ed:17:c1:ca:09:5a:52:c4:ce:a0:9c:e3:
+ 4c:52:ab:ea:b3:4f:3c:93:1d:50:bf:60:e8:6e:d1:bf:90:0c:
+ 3f:1d:6b:2c:a5:c5:bf:eb:e2:da:cb:76:56:08:51:cc:87:49:
+ 21:16:f0:a6:85:ce:0f:c3:32:c2:50:cc:04:f5:d1:bb:de:b8:
+ db:9b:79:e1:d2:73:14:b2:7c:5a:cf:26:7b:24:4a:58:48:58:
+ 2e:b1:a1:2f:01:c2:71:40:85:c8:9b:21:10:15:1a:3e:5e:3d:
+ 79:53:9c:82:b2:4e:ad:91:96:9f:03:c5:f6:44:ea:d6:d6:cf:
+ 3b:1e:74:e6:b1:f2:f4:b3:e0:7d:91:77:ac:50:d9:66:1b:73:
+ 59:3e:e6:18:07:bb:e0:60:4f:1e:8d:40:2b:da:25:ac:c8:85:
+ d6:31:62:f3:5b:05:4a:11
+-----BEGIN CERTIFICATE-----
+MIID7DCCAdSgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQyMFoXDTE5
+MDMxMTAzMjQyMFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
+AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgyLzAwMDQwDQYJ
+KoZIhvcNAQEFBQADggIBAB2AfDPdq5nHBvWq/RZ9idipook4rya3sQ9pPdYJPm3d
+0uBRuJf8jZYIDTMtdefSnkcr/UZbyfJoTyaPgz38qtdqIHcVP3jZdbN5EP2rq5U0
+aWQ8imVtZrup2iZ5UVmnwpfqbH8xkdOlwmXK1U9vyNm5xwN7xi0WX/7eAijz6WSt
+6WI85ZExD8nJMxqlZthbgBhvX1U0UUP6eVC6FxksuSW4o6CyCDhJbTyGjEIs2Ae9
+OfE8l4/Gg82Fj+lSY3dP1p5YPiL4KY5Eksa3qyg1Inu30I80cBXyS5FlQo3VznVL
+L3t+f35hCVuyGmSUGMmOw+6kidaXVXYosOa8fPDJmyDjpRDawZzETv/oyjwZggbW
+qgXLBeW9Ns9MOqfmIa/oXi3uO5QkkTeSlT/T+LhaE1YWpyA09v3LWW1M/wTf72EI
+2S+FqLF8B4CTMXu7f40XuotkQYJKyvap92m4z+0XwcoJWlLEzqCc40xSq+qzTzyT
+HVC/YOhu0b+QDD8dayylxb/r4trLdlYIUcyHSSEW8KaFzg/DMsJQzAT10bveuNub
+eeHScxSyfFrPJnskSlhIWC6xoS8BwnFAhcibIRAVGj5ePXlTnIKyTq2Rlp8DxfZE
+6tbWzzsedOax8vSz4H2Rd6xQ2WYbc1k+5hgHu+BgTx6NQCvaJazIhdYxYvNbBUoR
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 19 (0x13)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 13 03:24:30 2009 GMT
+ Not After : Mar 11 03:24:30 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:83/0005
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 9b:ea:5d:a3:f4:b2:04:44:31:6b:64:e4:7d:25:5d:69:1b:25:
+ 3d:63:d4:3f:2c:0f:c6:60:44:70:18:57:31:be:84:38:e8:53:
+ 29:dd:5e:f2:5c:8e:41:6d:e8:ea:a7:23:91:b9:f4:c1:20:2c:
+ cd:d6:b4:b4:e6:9d:c3:b4:5b:4c:48:dd:3a:cc:cd:9e:0c:93:
+ bb:e0:03:43:1c:ab:01:86:4e:67:44:ad:68:3d:e6:00:4d:9e:
+ 95:5f:86:0f:e4:18:af:3d:76:a4:1b:91:5e:e8:07:2b:aa:62:
+ 4e:d9:af:f8:15:e7:3c:bb:8c:f4:a9:4f:df:72:f6:b0:6a:36:
+ ad:eb:d2:10:02:cb:65:28:a7:4c:4f:98:e1:7b:1e:aa:af:3e:
+ 61:65:91:58:94:99:26:69:29:06:50:02:44:61:a6:3c:ee:8a:
+ 7e:db:56:5a:f5:cc:d6:58:6f:a2:40:51:e1:81:fa:3b:b8:4b:
+ 8d:00:64:b2:99:d3:e7:8a:52:78:b3:67:a1:64:5d:dd:a0:c5:
+ 54:1d:de:07:29:ef:85:01:d4:e9:24:44:8b:df:9b:f5:ae:80:
+ 4d:fa:4d:08:76:7c:97:6b:86:74:22:56:d1:87:6b:41:54:66:
+ fc:3b:d2:3e:2d:95:c1:46:06:b9:db:0e:8b:e1:be:c8:56:82:
+ c3:1d:df:84:b6:50:ee:b8:30:3c:54:07:49:8b:e2:d4:a7:b8:
+ 35:0d:b6:09:7e:04:01:bb:71:86:8c:50:87:a7:3a:2d:b8:7c:
+ 24:cd:b1:a6:87:b8:eb:d5:dc:8f:02:21:f9:71:06:34:c4:e5:
+ 6f:ff:53:4b:dd:33:96:60:8b:6d:bb:03:b1:36:31:2d:02:6c:
+ 7f:ba:70:0a:78:b8:fb:45:92:84:5b:1e:a7:15:39:13:33:fd:
+ 6f:a7:95:76:10:1f:b3:cd:11:e8:ed:ce:2c:63:cd:64:23:62:
+ c4:21:d6:48:bf:f7:10:b8:da:d5:72:14:ad:5a:a0:5d:4a:2b:
+ a0:76:5f:b8:3b:d2:6b:8a:7f:6b:6a:cc:84:eb:6a:be:d9:26:
+ 2c:bb:38:06:b8:f4:d4:fb:78:85:83:c8:ad:6e:56:f9:67:5f:
+ bc:3c:41:b6:f0:6f:d4:45:78:ed:3e:2f:c7:3a:3e:9a:98:68:
+ c4:64:79:29:51:19:cd:a6:70:c4:04:30:50:86:9c:f2:54:57:
+ b1:e1:7d:4a:d5:34:fc:93:31:6d:64:15:79:31:c0:70:d5:db:
+ bc:a0:be:21:22:1e:61:ac:4a:9f:a2:a6:ff:de:52:2e:31:d7:
+ 5e:39:66:c6:47:55:f6:64:f5:bd:ed:c0:60:b8:59:88:a1:8e:
+ 8c:5f:20:1b:be:41:51:f4
+-----BEGIN CERTIFICATE-----
+MIID7DCCAdSgAwIBAgIBEzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQzMFoXDTE5
+MDMxMTAzMjQzMFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
+AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgzLzAwMDUwDQYJ
+KoZIhvcNAQEFBQADggIBAJvqXaP0sgREMWtk5H0lXWkbJT1j1D8sD8ZgRHAYVzG+
+hDjoUyndXvJcjkFt6OqnI5G59MEgLM3WtLTmncO0W0xI3TrMzZ4Mk7vgA0McqwGG
+TmdErWg95gBNnpVfhg/kGK89dqQbkV7oByuqYk7Zr/gV5zy7jPSpT99y9rBqNq3r
+0hACy2Uop0xPmOF7HqqvPmFlkViUmSZpKQZQAkRhpjzuin7bVlr1zNZYb6JAUeGB
++ju4S40AZLKZ0+eKUnizZ6FkXd2gxVQd3gcp74UB1OkkRIvfm/WugE36TQh2fJdr
+hnQiVtGHa0FUZvw70j4tlcFGBrnbDovhvshWgsMd34S2UO64MDxUB0mL4tSnuDUN
+tgl+BAG7cYaMUIenOi24fCTNsaaHuOvV3I8CIflxBjTE5W//U0vdM5Zgi227A7E2
+MS0CbH+6cAp4uPtFkoRbHqcVORMz/W+nlXYQH7PNEejtzixjzWQjYsQh1ki/9xC4
+2tVyFK1aoF1KK6B2X7g70muKf2tqzITrar7ZJiy7OAa49NT7eIWDyK1uVvlnX7w8
+Qbbwb9RFeO0+L8c6PpqYaMRkeSlRGc2mcMQEMFCGnPJUV7HhfUrVNPyTMW1kFXkx
+wHDV27ygviEiHmGsSp+ipv/eUi4x1145ZsZHVfZk9b3twGC4WYihjoxfIBu+QVH0
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 20 (0x14)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 13 03:24:40 2009 GMT
+ Not After : Mar 11 03:24:40 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:84/0006
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 49:da:46:14:f1:5a:4a:09:cb:36:a5:fe:ab:50:f5:ea:e1:b2:
+ 18:79:dc:d7:79:bb:a8:b0:8d:0b:b5:e1:a9:60:db:8a:e9:3a:
+ b8:15:b0:eb:e4:45:bf:90:64:6b:4e:c1:dc:7e:9d:5f:47:0e:
+ be:7b:22:ba:c2:71:3d:5d:8b:8f:14:67:1d:19:51:54:05:5a:
+ 06:11:e1:1f:ca:bb:98:1a:a3:d6:16:b9:5d:8d:03:70:28:40:
+ ca:3a:7d:fe:a7:c3:40:ab:7a:0a:42:3a:95:f6:da:fd:bc:d9:
+ 09:50:70:9a:7a:b4:e9:ae:75:b7:cd:a8:56:f4:2e:7c:ef:40:
+ 63:6d:02:da:50:29:c8:df:2f:40:04:84:9d:60:a2:3c:21:fc:
+ d6:64:02:72:cb:4c:5b:e1:68:d9:0a:16:84:58:47:a5:d1:28:
+ 18:86:eb:07:b9:1f:db:9f:46:de:6b:2d:2e:4e:20:9a:40:3a:
+ 56:86:28:9f:c5:15:97:1a:3f:70:18:5f:44:1d:64:d0:76:ef:
+ 09:c5:23:21:03:32:9c:c4:23:af:c4:1f:85:fd:da:b8:40:33:
+ b6:c2:7d:2b:67:ff:88:a0:9c:a8:2e:9e:4b:40:44:6b:bc:c0:
+ 3b:f2:b3:a3:d5:f0:b4:04:85:cd:b4:cd:49:3d:34:64:1e:1d:
+ 16:a1:8f:05:74:8e:91:ee:98:6c:cc:c8:d8:c3:5e:fd:65:4a:
+ 15:ed:28:cb:0b:c3:b6:29:bc:d6:3d:0d:0e:a8:21:36:27:74:
+ 9d:f2:7c:58:1f:88:25:35:2b:7f:4c:16:38:df:0f:32:8f:db:
+ 22:96:ad:e8:8b:bd:d8:d5:e9:e1:b0:fe:53:03:e6:c7:67:78:
+ bf:a6:50:dc:2a:0a:c9:a2:df:6a:d5:c3:db:eb:20:1c:78:ed:
+ 69:14:d4:f5:26:62:78:f6:33:a0:ac:95:19:5d:a6:d9:30:8d:
+ 21:80:2d:42:dc:a5:a5:a0:42:41:e8:60:f1:4d:81:6d:e6:58:
+ 32:b9:e4:23:09:34:3e:7a:fb:69:4b:f3:c0:8a:00:c3:59:2b:
+ 02:13:fc:4e:9c:3e:8f:34:fe:b0:ca:07:df:6b:1d:97:9c:ca:
+ a9:b1:b6:8f:2d:92:6c:12:4b:64:23:d6:47:c1:f2:6f:79:16:
+ 78:7b:f8:36:b9:83:a3:a4:e7:0f:c0:99:d9:a3:09:45:ac:92:
+ 52:62:26:64:51:04:e9:92:6f:3e:f9:62:93:c5:2a:00:5b:d3:
+ 0b:66:75:ad:bb:5d:12:37:09:3c:b6:95:6d:c2:05:17:8f:d7:
+ 79:aa:0d:6a:6c:00:6e:94:0c:e8:e3:31:9d:8e:63:e9:f9:d2:
+ dc:8e:07:36:9a:e3:08:55
+-----BEGIN CERTIFICATE-----
+MIID7DCCAdSgAwIBAgIBFDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQ0MFoXDTE5
+MDMxMTAzMjQ0MFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
+AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjg0LzAwMDYwDQYJ
+KoZIhvcNAQEFBQADggIBAEnaRhTxWkoJyzal/qtQ9erhshh53Nd5u6iwjQu14alg
+24rpOrgVsOvkRb+QZGtOwdx+nV9HDr57IrrCcT1di48UZx0ZUVQFWgYR4R/Ku5ga
+o9YWuV2NA3AoQMo6ff6nw0CregpCOpX22v282QlQcJp6tOmudbfNqFb0LnzvQGNt
+AtpQKcjfL0AEhJ1gojwh/NZkAnLLTFvhaNkKFoRYR6XRKBiG6we5H9ufRt5rLS5O
+IJpAOlaGKJ/FFZcaP3AYX0QdZNB27wnFIyEDMpzEI6/EH4X92rhAM7bCfStn/4ig
+nKgunktARGu8wDvys6PV8LQEhc20zUk9NGQeHRahjwV0jpHumGzMyNjDXv1lShXt
+KMsLw7YpvNY9DQ6oITYndJ3yfFgfiCU1K39MFjjfDzKP2yKWreiLvdjV6eGw/lMD
+5sdneL+mUNwqCsmi32rVw9vrIBx47WkU1PUmYnj2M6CslRldptkwjSGALULcpaWg
+QkHoYPFNgW3mWDK55CMJND56+2lL88CKAMNZKwIT/E6cPo80/rDKB99rHZecyqmx
+to8tkmwSS2Qj1kfB8m95Fnh7+Da5g6Ok5w/AmdmjCUWsklJiJmRRBOmSbz75YpPF
+KgBb0wtmda27XRI3CTy2lW3CBReP13mqDWpsAG6UDOjjMZ2OY+n50tyOBzaa4whV
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 21 (0x15)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 14 11:35:42 2009 GMT
+ Not After : Mar 14 11:35:42 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
+ 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
+ cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
+ ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
+ 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
+ b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
+ ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
+ 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
+ c7:92:f2:b3:ba:6c:90:3d:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ OCSP No Check:
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 80:91:21:6b:30:15:99:38:e1:5c:74:82:7d:25:f0:ee:15:cb:
+ 44:f0:01:16:3d:17:09:7f:8e:73:bf:3b:34:52:c7:1d:0f:f6:
+ 8f:30:34:76:d7:c2:b9:95:14:a0:01:f8:93:de:ff:62:7e:c1:
+ 79:f2:de:e2:cf:0d:f8:9a:b3:6a:ab:cf:cf:68:12:9f:e2:81:
+ 7b:05:1f:27:34:a6:f6:68:9c:46:45:cd:d5:02:d7:7d:e0:d9:
+ b5:ef:7b:f6:7b:5c:d9:29:ae:f2:55:dd:10:7a:58:74:bc:ef:
+ a9:9b:9f:a8:e4:89:99:f0:df:3e:d4:c9:64:85:fa:fa:15:d0:
+ d2:20:2c:07:49:55:43:50:f4:0a:fd:dc:20:e5:cf:d5:e7:d6:
+ 2c:65:af:18:37:13:78:f5:dd:6e:43:a1:aa:be:93:20:be:4c:
+ 1f:71:47:10:cb:1c:48:62:5a:80:c6:d5:a4:23:c0:06:a0:e5:
+ d7:d5:b2:bb:4e:d8:fe:cf:d7:ae:93:ce:bb:ab:96:07:f8:a3:
+ fb:e9:4f:04:b0:96:a5:b4:3f:89:2c:d5:c9:cd:95:6c:38:cc:
+ 68:f3:3c:1b:0f:0e:c6:d2:b8:bc:8e:5a:97:66:eb:b7:9e:c1:
+ 3a:0c:17:74:e8:4c:91:5b:33:e4:3f:b5:1c:d7:91:e2:6f:5b:
+ 9c:27:ad:00:c6:30:49:ba:2e:a0:8d:a1:6f:c5:97:e5:b7:58:
+ ca:ee:8c:71:4e:3c:7a:f1:82:fc:6e:74:77:53:e5:d1:7a:02:
+ 35:c2:6b:91:7a:38:2c:17:42:45:2a:a6:b3:e9:e2:7e:80:a0:
+ b4:7d:dc:a8:4b:76:34:92:cf:87:76:b8:a8:31:b5:a7:1d:cf:
+ 93:10:bf:1d:bc:5a:65:1e:95:17:8c:4c:d6:5a:b4:08:a4:b7:
+ 9c:99:3a:a9:b4:45:c1:aa:5a:62:7f:6e:25:63:01:c3:e3:ad:
+ c0:1a:d7:5d:75:07:60:93:73:8e:9e:1e:7c:96:2d:39:b8:1b:
+ 85:4a:9e:8f:b9:2e:eb:94:c4:83:43:60:87:30:26:0b:9f:26:
+ a9:02:81:4a:df:20:08:e0:2c:8f:b8:c5:96:38:7e:b8:c8:88:
+ 32:e6:d4:ab:e4:13:4e:fe:66:fc:77:ef:e4:1c:5a:76:8d:60:
+ e4:f9:d7:be:ed:94:f2:92:e3:b5:5c:28:ea:a4:2d:d6:b6:76:
+ 64:4b:d4:f1:3a:eb:22:08:b0:f0:a9:31:1a:1d:e4:59:c3:07:
+ 7b:28:ed:55:ac:e6:bf:da:21:ce:44:77:79:10:a5:5c:66:b3:
+ a7:65:e1:15:59:81:f7:48:f4:eb:83:2a:08:1b:4f:08:0b:fd:
+ 2c:22:21:a7:c7:6b:87:d1
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAZ+gAwIBAgIBFTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNDExMzU0MloXDTEw
+MDMxNDExMzU0MlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
+rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
+sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
+j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3
+DQEBBQUAA4ICAQCAkSFrMBWZOOFcdIJ9JfDuFctE8AEWPRcJf45zvzs0UscdD/aP
+MDR218K5lRSgAfiT3v9ifsF58t7izw34mrNqq8/PaBKf4oF7BR8nNKb2aJxGRc3V
+Atd94Nm173v2e1zZKa7yVd0Qelh0vO+pm5+o5ImZ8N8+1Mlkhfr6FdDSICwHSVVD
+UPQK/dwg5c/V59YsZa8YNxN49d1uQ6GqvpMgvkwfcUcQyxxIYlqAxtWkI8AGoOXX
+1bK7Ttj+z9euk867q5YH+KP76U8EsJaltD+JLNXJzZVsOMxo8zwbDw7G0ri8jlqX
+Zuu3nsE6DBd06EyRWzPkP7Uc15Hib1ucJ60AxjBJui6gjaFvxZflt1jK7oxxTjx6
+8YL8bnR3U+XRegI1wmuRejgsF0JFKqaz6eJ+gKC0fdyoS3Y0ks+HdrioMbWnHc+T
+EL8dvFplHpUXjEzWWrQIpLecmTqptEXBqlpif24lYwHD463AGtdddQdgk3OOnh58
+li05uBuFSp6PuS7rlMSDQ2CHMCYLnyapAoFK3yAI4CyPuMWWOH64yIgy5tSr5BNO
+/mb8d+/kHFp2jWDk+de+7ZTykuO1XCjqpC3WtnZkS9TxOusiCLDwqTEaHeRZwwd7
+KO1VrOa/2iHORHd5EKVcZrOnZeEVWYH3SPTrgyoIG08IC/0sIiGnx2uH0Q==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 22 (0x16)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 14 13:48:12 2009 GMT
+ Not After : Mar 14 13:48:12 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:85/0007
+
+ Signature Algorithm: sha1WithRSAEncryption
+ b1:9e:ce:8d:09:9e:f9:21:6f:be:f2:a7:54:6e:24:82:e3:2b:
+ 88:b7:0d:e0:e2:49:33:b4:8b:ad:60:71:cc:20:23:57:cf:17:
+ a8:46:c0:a7:1a:5f:8e:8d:1a:cc:0b:1b:da:a4:34:b1:d7:74:
+ 1b:a7:e4:71:a1:2d:fd:2e:18:51:02:2c:93:ff:a9:f7:98:bd:
+ ed:6b:4c:55:8e:24:f6:97:8e:8a:80:56:52:7a:17:da:94:96:
+ fa:27:78:8c:65:40:a6:b1:d2:2a:13:fe:76:c0:0c:f2:04:3f:
+ d1:88:25:c3:5a:05:ca:33:d7:bb:27:e2:8b:e8:d4:00:fd:fc:
+ b6:a8:9d:27:c2:f9:ea:98:32:79:85:9d:a3:e7:bf:78:65:e8:
+ 15:ef:49:48:87:a9:b2:b4:c4:cb:ec:a7:da:90:36:d6:c5:6f:
+ ff:c3:85:19:13:0b:27:6a:d3:c4:e7:97:62:08:49:a3:e9:22:
+ 9a:3c:d1:91:8f:6e:8e:87:47:0e:38:43:8e:5a:84:f6:9c:24:
+ c1:9f:90:29:dc:38:73:72:7d:3f:d6:7f:dd:b3:d1:1d:cf:7b:
+ bc:31:a6:6b:b4:be:10:06:94:69:a0:16:ef:bd:e9:e7:a2:8b:
+ 18:e1:10:27:7f:9d:8a:f9:60:18:d5:93:54:d6:4e:c2:31:bf:
+ 37:00:db:d5:cf:85:da:e9:7b:e4:bb:48:f3:a5:6e:ba:48:1b:
+ 50:6a:10:99:f8:77:81:95:78:1b:d0:fe:d0:74:47:28:05:34:
+ 32:32:5f:1f:52:42:85:f8:7a:f1:a8:87:ff:2f:6c:ec:83:09:
+ 91:85:0a:43:ce:35:a2:7f:94:b6:ae:70:94:b6:0f:c9:c7:8a:
+ ee:7c:a7:32:8a:ee:c3:e1:ee:01:34:c1:b8:db:98:80:4c:ac:
+ 5f:ac:18:02:fa:f5:c1:36:df:39:57:57:81:b9:26:d0:81:0e:
+ 75:79:18:21:29:a6:cb:eb:97:58:f2:dd:8a:88:c1:a2:c7:54:
+ 9f:97:89:b1:ef:ff:11:5f:18:0a:cd:25:3e:d8:35:07:45:55:
+ 1e:bb:a2:54:fc:66:ac:0f:ac:2a:77:d6:1a:a4:44:cc:5a:49:
+ 37:45:70:5b:c9:3d:2c:6d:c1:7e:af:4d:9c:4f:2a:a2:d9:01:
+ 3d:e2:7f:a4:f2:4b:d7:60:b1:06:a3:b4:46:35:43:1c:be:79:
+ 46:a7:8a:50:ee:22:4f:b8:57:45:c9:83:8a:65:bb:7a:86:b3:
+ 30:3a:7c:62:d3:b7:08:34:a7:05:0a:44:a7:57:5c:2b:b6:34:
+ 03:ea:3a:61:06:c9:f2:65:16:f2:20:c5:32:0a:61:20:c9:f7:
+ 07:2e:e8:d2:f2:67:c4:64
+-----BEGIN CERTIFICATE-----
+MIID7DCCAdSgAwIBAgIBFjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNDEzNDgxMloXDTEw
+MDMxNDEzNDgxMlowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
+AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjg1LzAwMDcwDQYJ
+KoZIhvcNAQEFBQADggIBALGezo0Jnvkhb77yp1RuJILjK4i3DeDiSTO0i61gccwg
+I1fPF6hGwKcaX46NGswLG9qkNLHXdBun5HGhLf0uGFECLJP/qfeYve1rTFWOJPaX
+joqAVlJ6F9qUlvoneIxlQKax0ioT/nbADPIEP9GIJcNaBcoz17sn4ovo1AD9/Lao
+nSfC+eqYMnmFnaPnv3hl6BXvSUiHqbK0xMvsp9qQNtbFb//DhRkTCydq08Tnl2II
+SaPpIpo80ZGPbo6HRw44Q45ahPacJMGfkCncOHNyfT/Wf92z0R3Pe7wxpmu0vhAG
+lGmgFu+96eeiixjhECd/nYr5YBjVk1TWTsIxvzcA29XPhdrpe+S7SPOlbrpIG1Bq
+EJn4d4GVeBvQ/tB0RygFNDIyXx9SQoX4evGoh/8vbOyDCZGFCkPONaJ/lLaucJS2
+D8nHiu58pzKK7sPh7gE0wbjbmIBMrF+sGAL69cE23zlXV4G5JtCBDnV5GCEppsvr
+l1jy3YqIwaLHVJ+XibHv/xFfGArNJT7YNQdFVR67olT8ZqwPrCp31hqkRMxaSTdF
+cFvJPSxtwX6vTZxPKqLZAT3if6TyS9dgsQajtEY1Qxy+eUanilDuIk+4V0XJg4pl
+u3qGszA6fGLTtwg0pwUKRKdXXCu2NAPqOmEGyfJlFvIgxTIKYSDJ9wcu6NLyZ8Rk
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 23 (0x17)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 05:36:43 2009 GMT
+ Not After : Mar 16 05:36:43 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 6C:00:26:BD:98:D4:60:DD:06:EA:CA:73:09:35:6A:7E:1F:92:D9:59
+ X509v3 Authority Key Identifier:
+ DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA
+ serial:F2:5B:40:5B:C2:B7:D0:64
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 5b:8c:6e:80:cd:e0:8f:cc:7d:a4:c1:d6:61:9a:78:93:eb:04:
+ 85:60:12:e1:1c:6d:0d:2e:fa:2a:1e:c9:08:ac:b5:6d:a8:00:
+ c8:8b:e5:1d:72:80:5a:df:d1:c9:88:10:a6:fe:35:62:11:72:
+ 5f:08:e7:94:f2:0a:0b:79:0e:04:9f:4f:16:d9:45:10:67:c4:
+ 5e:a2:34:a6:89:f9:67:3c:88:9e:82:d4:d4:28:42:ce:bd:c8:
+ 0a:cf:b6:9f:a9:7f:a1:5d:21:58:95:64:bd:84:24:2c:00:bf:
+ 29:ea:b6:f6:d2:b4:b9:03:6b:34:81:cb:5d:a8:fb:55:96:99:
+ 1a:71:94:cf:37:7e:83:c5:01:a6:cb:cd:38:06:27:49:99:56:
+ 38:06:19:f7:62:80:24:8c:4f:79:0f:2d:a4:b8:cc:6e:4b:35:
+ 5a:d2:8e:f1:26:b4:fb:d7:85:0d:7f:c6:a2:a3:20:e5:48:b8:
+ 0b:ee:a0:7d:a9:6d:e2:88:41:ee:f6:47:a6:1f:52:c2:ca:6c:
+ d9:d0:53:0f:a3:db:ee:12:0f:56:cf:51:75:70:9a:1a:02:c4:
+ ff:7e:46:77:75:1b:d6:d9:e2:7b:fb:a6:0f:11:49:9f:59:5d:
+ 2c:d8:0f:61:eb:c4:8f:51:1a:95:ae:dd:33:0e:da:40:90:67:
+ 6b:a3:7b:4d:9d:a2:53:37:c1:98:a5:c1:f5:b4:a6:dd:5e:ac:
+ b3:d3:ef:9d:1a:bc:15:1b:cb:8b:b7:73:ba:bd:3d:b9:6a:18:
+ e2:a2:ad:d8:54:5e:ea:81:71:ad:a1:e2:83:c9:89:3c:83:35:
+ 92:80:65:46:aa:45:45:4f:a3:c5:a4:a3:32:43:05:ec:a4:9f:
+ 61:5a:14:1a:0b:5b:6e:84:bf:d7:1d:fe:20:eb:c0:45:d4:92:
+ f2:56:09:12:dd:1a:0d:75:9d:43:0b:0b:71:0d:c7:1b:38:63:
+ b5:75:7b:f2:3e:d6:0d:07:21:ab:73:51:fe:e3:0f:36:b4:33:
+ d3:94:f2:ae:42:24:b1:2e:9d:68:69:18:d2:5a:1e:64:a6:67:
+ d2:40:f9:de:b5:d5:dd:15:72:de:05:a0:43:c7:b9:13:bd:e5:
+ 10:fd:52:f1:27:0f:95:5a:a4:cd:5a:ba:c6:7c:bd:14:4e:46:
+ 51:b1:b9:00:98:23:16:ce:ae:0a:6c:11:67:18:73:e7:d1:aa:
+ e9:6e:99:82:b7:2b:f2:e7:8c:8e:b5:2a:76:16:14:57:93:5e:
+ a4:7a:ec:f5:96:90:22:88:66:ca:3c:8b:92:95:2c:21:3f:a0:
+ 9e:56:c5:c2:27:1a:d8:9e:fa:fd:da:3b:96:52:cc:94:cf:5f:
+ d3:a8:b0:c0:f5:7c:58:f6
+-----BEGIN CERTIFICATE-----
+MIIEhjCCAm6gAwIBAgIBFzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjA1MzY0M1oXDTEw
+MDMxNjA1MzY0M1owYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaOB0TCBzjAJBgNVHRME
+AjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
+ZTAdBgNVHQ4EFgQUbAAmvZjUYN0G6spzCTVqfh+S2VkwdAYDVR0jBG0wa6FepFww
+WjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xETAPBgNVBAcTCFN1
+d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMQswCQYDVQQDEwJDQYIJAPJb
+QFvCt9BkMA0GCSqGSIb3DQEBBQUAA4ICAQBbjG6AzeCPzH2kwdZhmniT6wSFYBLh
+HG0NLvoqHskIrLVtqADIi+UdcoBa39HJiBCm/jViEXJfCOeU8goLeQ4En08W2UUQ
+Z8ReojSmiflnPIiegtTUKELOvcgKz7afqX+hXSFYlWS9hCQsAL8p6rb20rS5A2s0
+gctdqPtVlpkacZTPN36DxQGmy804BidJmVY4Bhn3YoAkjE95Dy2kuMxuSzVa0o7x
+JrT714UNf8aioyDlSLgL7qB9qW3iiEHu9kemH1LCymzZ0FMPo9vuEg9Wz1F1cJoa
+AsT/fkZ3dRvW2eJ7+6YPEUmfWV0s2A9h68SPURqVrt0zDtpAkGdro3tNnaJTN8GY
+pcH1tKbdXqyz0++dGrwVG8uLt3O6vT25ahjioq3YVF7qgXGtoeKDyYk8gzWSgGVG
+qkVFT6PFpKMyQwXspJ9hWhQaC1tuhL/XHf4g68BF1JLyVgkS3RoNdZ1DCwtxDccb
+OGO1dXvyPtYNByGrc1H+4w82tDPTlPKuQiSxLp1oaRjSWh5kpmfSQPnetdXdFXLe
+BaBDx7kTveUQ/VLxJw+VWqTNWrrGfL0UTkZRsbkAmCMWzq4KbBFnGHPn0arpbpmC
+tyvy54yOtSp2FhRXk16keuz1lpAiiGbKPIuSlSwhP6CeVsXCJxrYnvr92juWUsyU
+z1/TqLDA9XxY9g==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 24 (0x18)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 05:38:34 2009 GMT
+ Not After : Mar 16 05:38:34 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
+ 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
+ fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
+ b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
+ 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
+ 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
+ 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
+ bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
+ 2a:e8:e8:44:0f:59:ea:e7:bf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 6C:00:26:BD:98:D4:60:DD:06:EA:CA:73:09:35:6A:7E:1F:92:D9:59
+ X509v3 Authority Key Identifier:
+ DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA
+ serial:F2:5B:40:5B:C2:B7:D0:64
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 5e:a6:39:dd:09:b5:6e:ef:1c:05:01:1b:91:7b:cc:26:66:0b:
+ 53:f0:69:1b:ae:7e:10:42:ef:38:c7:ce:09:0f:17:c9:28:df:
+ 7d:ab:e2:b6:ab:8d:56:17:38:db:e7:b0:2a:52:e0:ec:16:6a:
+ cf:db:8b:31:4f:bb:88:89:2e:24:1c:db:a3:b1:c9:fb:d5:9b:
+ e2:58:1d:6d:ca:cc:14:79:cc:e0:b1:27:8f:2a:a2:60:90:dc:
+ 7e:bf:52:65:1d:81:14:18:65:d4:f4:af:43:00:bc:88:50:4b:
+ ef:14:1a:5f:d2:7e:64:0e:fd:e0:26:cb:09:f8:b7:04:49:3e:
+ 6f:56:88:fa:0d:9e:23:90:06:98:ff:75:06:29:09:9b:df:21:
+ 69:e9:fa:53:a4:c0:9a:06:a7:e2:50:03:e8:13:32:db:a0:62:
+ 5f:a6:0e:3b:7f:0a:d8:f7:62:56:2e:ca:4b:f7:cb:59:00:d8:
+ 15:32:57:fc:67:24:8e:38:c1:7f:3a:a6:ca:ac:29:5b:b6:e6:
+ e5:2b:5a:f4:52:16:e3:5b:00:f1:46:c9:29:9b:75:e3:e3:28:
+ 69:fa:cb:52:69:5c:96:1b:2d:a2:ee:26:e3:df:10:fe:67:31:
+ 7f:bf:3a:7c:81:8c:87:1c:7c:ba:11:96:21:23:02:f9:ab:d8:
+ a7:33:ca:b2:47:12:07:c8:c7:a1:67:2a:1f:81:0d:11:f6:12:
+ c2:5e:b3:82:77:fb:d6:6e:a9:e5:0e:b3:5c:49:da:c5:b6:0a:
+ 3b:55:80:8a:b5:0d:ce:94:64:3f:68:f4:e9:4a:00:5b:1b:19:
+ a2:29:bc:2f:a4:7c:23:ee:30:c4:48:7e:8b:c5:65:f4:1b:cc:
+ 4c:5e:dc:fb:38:ed:2d:8e:2b:d8:e4:65:d4:bd:9f:9e:6f:08:
+ d0:35:24:86:72:f8:0d:ec:e0:15:49:ed:2a:67:43:13:88:f8:
+ fa:1f:03:e1:cb:14:e4:3c:5d:f9:78:b1:1c:a6:20:05:22:b1:
+ dc:e2:3d:d4:1c:62:a6:32:61:03:ce:2a:3c:bc:08:57:65:de:
+ ec:cf:26:ef:fd:1d:b8:91:f1:a7:e5:d9:2c:94:70:cb:e4:9c:
+ c6:78:b6:f3:ff:e4:9b:89:aa:fa:30:1d:62:0a:a7:ba:59:57:
+ 7b:40:f4:bb:47:1a:80:a7:f3:f4:da:ea:2f:e5:96:0b:7f:39:
+ f7:66:0c:bb:c3:33:c9:2d:9d:36:eb:29:6a:31:1b:b9:f6:31:
+ 3c:b7:fc:18:29:0f:67:a4:ca:6c:db:56:b2:fe:17:37:4d:35:
+ 38:c5:e8:62:b0:94:3a:ba:da:f6:4b:6c:81:22:05:90:60:ba:
+ 0d:0c:d8:d8:e2:c8:33:6a
+-----BEGIN CERTIFICATE-----
+MIIEhjCCAm6gAwIBAgIBGDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjA1MzgzNFoXDTEw
+MDMxNjA1MzgzNFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
+YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
+YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
+Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
+bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaOB0TCBzjAJBgNVHRME
+AjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
+ZTAdBgNVHQ4EFgQUbAAmvZjUYN0G6spzCTVqfh+S2VkwdAYDVR0jBG0wa6FepFww
+WjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xETAPBgNVBAcTCFN1
+d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMQswCQYDVQQDEwJDQYIJAPJb
+QFvCt9BkMA0GCSqGSIb3DQEBBQUAA4ICAQBepjndCbVu7xwFARuRe8wmZgtT8Gkb
+rn4QQu84x84JDxfJKN99q+K2q41WFzjb57AqUuDsFmrP24sxT7uIiS4kHNujscn7
+1ZviWB1tyswUeczgsSePKqJgkNx+v1JlHYEUGGXU9K9DALyIUEvvFBpf0n5kDv3g
+JssJ+LcEST5vVoj6DZ4jkAaY/3UGKQmb3yFp6fpTpMCaBqfiUAPoEzLboGJfpg47
+fwrY92JWLspL98tZANgVMlf8ZySOOMF/OqbKrClbtublK1r0UhbjWwDxRskpm3Xj
+4yhp+stSaVyWGy2i7ibj3xD+ZzF/vzp8gYyHHHy6EZYhIwL5q9inM8qyRxIHyMeh
+ZyofgQ0R9hLCXrOCd/vWbqnlDrNcSdrFtgo7VYCKtQ3OlGQ/aPTpSgBbGxmiKbwv
+pHwj7jDESH6LxWX0G8xMXtz7OO0tjivY5GXUvZ+ebwjQNSSGcvgN7OAVSe0qZ0MT
+iPj6HwPhyxTkPF35eLEcpiAFIrHc4j3UHGKmMmEDzio8vAhXZd7szybv/R24kfGn
+5dkslHDL5JzGeLbz/+Sbiar6MB1iCqe6WVd7QPS7RxqAp/P02uov5ZYLfzn3Zgy7
+wzPJLZ026ylqMRu59jE8t/wYKQ9npMps21ay/hc3TTU4xehisJQ6utr2S2yBIgWQ
+YLoNDNjY4sgzag==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 25 (0x19)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 06:18:33 2009 GMT
+ Not After : Mar 16 06:18:33 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Second Responder Certificate
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:aa:01:31:49:34:0e:6c:b5:25:a0:da:35:71:cf:
+ 9d:a7:c4:ad:27:31:ee:c2:46:fe:03:8f:4f:ed:f7:
+ 75:d5:b9:01:c6:a9:8f:8d:17:ca:8c:82:82:63:ed:
+ 08:d4:05:9e:31:3c:c9:66:59:41:72:63:8e:01:3e:
+ a2:39:d1:9c:51:9c:c5:9a:ad:72:0d:e6:2b:19:ba:
+ 45:a6:18:f6:e2:79:72:4b:5e:79:74:38:b5:86:9c:
+ 57:bb:2c:e8:f5:57:9b:32:34:86:2a:2f:40:2f:5d:
+ dd:9c:f5:63:d4:2e:ad:b1:d3:25:22:7c:86:89:84:
+ c9:26:70:3c:c8:11:64:ed:47
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Extended Key Usage:
+ OCSP Signing
+ OCSP No Check:
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 23:9f:5b:21:e4:9f:c8:2f:37:b9:e4:84:fa:72:b5:16:b1:59:
+ 1d:5a:76:1a:be:ce:e2:08:d1:0e:0e:a1:ed:0a:5f:71:68:4e:
+ 7e:34:f2:7f:3c:2d:5a:d2:a3:2d:b1:91:a6:46:c4:13:ac:5f:
+ 2f:35:23:f2:d9:19:16:74:ee:1e:18:b8:43:7c:d0:7a:33:96:
+ 0b:ae:12:be:91:68:1b:98:7f:b3:5e:a2:c1:d8:64:e9:b6:24:
+ 3c:ef:f3:b7:0a:66:f9:8b:9b:9d:30:10:f5:95:97:83:41:6e:
+ 22:f7:1c:19:d6:da:6a:92:e1:28:79:f7:7d:60:12:f8:fe:e1:
+ 79:f7:8b:b5:04:a3:9d:b5:cb:a7:e6:b2:50:a4:48:ee:e6:d5:
+ 6e:ea:b6:3a:ca:c8:11:3a:4d:c1:20:e5:4b:d2:59:f3:af:40:
+ a9:4f:aa:81:1a:2d:4b:c2:99:43:fa:11:05:85:11:cf:ec:9b:
+ b3:96:4e:62:8e:3e:3c:64:82:df:50:ab:6a:31:e6:66:35:c0:
+ c5:dd:c2:a3:ba:f1:2b:66:7f:19:ba:3e:05:e8:e4:69:48:33:
+ 9a:89:39:2c:dc:b1:98:02:b5:18:8d:11:54:a9:40:27:2b:38:
+ 42:a4:fc:ea:46:80:0a:07:c7:a6:af:0a:2a:47:6d:bb:44:e8:
+ 3e:b7:27:ba:7b:1f:3a:00:c5:7f:de:96:88:dd:6b:bc:65:19:
+ 8f:39:96:53:13:78:4d:59:d8:76:5b:17:eb:57:71:2d:fb:2a:
+ b5:c9:d3:ea:af:9b:7c:39:88:82:c5:13:8a:d8:d5:4c:f5:90:
+ 25:dd:11:ef:f4:d2:5b:4f:e7:d8:d7:ee:c6:7b:2f:59:6d:55:
+ 54:3f:6e:ac:16:f4:3d:8a:b3:76:65:f6:13:6c:e8:6d:68:bf:
+ 2b:79:66:ed:9a:02:e7:4e:3b:65:cd:de:38:84:bc:7b:56:a2:
+ e6:bb:88:f1:54:71:eb:4d:04:e7:13:80:44:73:53:66:90:ef:
+ c7:c4:cf:e6:87:91:2c:cf:23:06:95:16:08:90:6a:9d:df:06:
+ 51:89:39:f0:61:5c:b8:79:7d:c4:ad:c4:4c:26:30:3d:13:bc:
+ ac:4f:bb:69:42:e1:28:89:1d:ac:1e:a7:81:86:4e:fd:4d:ba:
+ 06:a4:9b:33:06:e0:39:76:52:52:12:eb:c4:be:f5:e9:c9:ff:
+ 73:df:f2:6c:73:27:64:60:5d:1b:5f:9c:07:8e:89:10:a3:27:
+ 15:0e:7b:08:1e:a2:57:8c:f2:a5:e6:4c:86:4a:03:7a:45:a1:
+ ee:40:71:15:17:55:a3:7d:24:33:b3:57:46:11:07:c6:19:a0:
+ 50:aa:3a:97:7a:41:36:dc
+-----BEGIN CERTIFICATE-----
+MIID2jCCAcKgAwIBAgIBGTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjA2MTgzM1oXDTEw
+MDMxNjA2MTgzM1owYTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJTAjBgNVBAMTHFNlY29uZCBSZXNwb25k
+ZXIgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKoBMUk0
+Dmy1JaDaNXHPnafErScx7sJG/gOPT+33ddW5Acapj40XyoyCgmPtCNQFnjE8yWZZ
+QXJjjgE+ojnRnFGcxZqtcg3mKxm6RaYY9uJ5ckteeXQ4tYacV7ss6PVXmzI0hiov
+QC9d3Zz1Y9QurbHTJSJ8homEySZwPMgRZO1HAgMBAAGjKDAmMBMGA1UdJQQMMAoG
+CCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQADggIBACOf
+WyHkn8gvN7nkhPpytRaxWR1adhq+zuII0Q4Ooe0KX3FoTn408n88LVrSoy2xkaZG
+xBOsXy81I/LZGRZ07h4YuEN80HozlguuEr6RaBuYf7NeosHYZOm2JDzv87cKZvmL
+m50wEPWVl4NBbiL3HBnW2mqS4Sh5931gEvj+4Xn3i7UEo521y6fmslCkSO7m1W7q
+tjrKyBE6TcEg5UvSWfOvQKlPqoEaLUvCmUP6EQWFEc/sm7OWTmKOPjxkgt9Qq2ox
+5mY1wMXdwqO68Stmfxm6PgXo5GlIM5qJOSzcsZgCtRiNEVSpQCcrOEKk/OpGgAoH
+x6avCipHbbtE6D63J7p7HzoAxX/elojda7xlGY85llMTeE1Z2HZbF+tXcS37KrXJ
+0+qvm3w5iILFE4rY1Uz1kCXdEe/00ltP59jX7sZ7L1ltVVQ/bqwW9D2Ks3Zl9hNs
+6G1ovyt5Zu2aAudOO2XN3jiEvHtWoua7iPFUcetNBOcTgERzU2aQ78fEz+aHkSzP
+IwaVFgiQap3fBlGJOfBhXLh5fcStxEwmMD0TvKxPu2lC4SiJHawep4GGTv1Nugak
+mzMG4Dl2UlIS68S+9enJ/3Pf8mxzJ2RgXRtfnAeOiRCjJxUOewgeoleM8qXmTIZK
+A3pFoe5AcRUXVaN9JDOzV0YRB8YZoFCqOpd6QTbc
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 26 (0x1a)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 11:42:26 2009 GMT
+ Not After : Mar 16 11:42:26 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
+ 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
+ cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
+ ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
+ 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
+ b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
+ ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
+ 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
+ c7:92:f2:b3:ba:6c:90:3d:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Extended Key Usage:
+ OCSP No Check
+ Signature Algorithm: sha1WithRSAEncryption
+ a9:46:f1:69:d0:17:5c:84:65:ff:4e:17:ba:5a:3a:2a:f5:75:
+ ec:c2:2f:50:1a:fc:ce:7e:b0:9f:16:bd:51:fd:27:51:1a:8f:
+ 8c:d9:b1:c3:27:e9:b4:77:17:2d:d8:fc:e9:fe:e0:57:35:08:
+ 8f:f2:50:18:9b:e9:14:90:c2:e2:94:1b:19:18:9d:df:c1:20:
+ 9f:fd:4c:31:a1:b6:68:41:b6:93:66:04:74:03:d4:34:a2:cb:
+ bd:88:3a:36:9c:c0:a0:79:52:33:3d:c5:9f:fb:3e:32:24:cb:
+ 68:aa:78:d2:24:a3:44:39:55:28:3d:20:9a:c0:e9:98:cf:44:
+ 40:74:4c:83:83:8d:1d:2a:ce:f8:1d:b4:3c:f1:ca:60:5c:58:
+ 4a:7c:a9:6d:96:1c:96:16:82:7d:0c:14:26:6d:b6:e4:2f:05:
+ 4c:6f:0a:ed:59:aa:43:f8:e7:f5:a2:a5:01:c0:32:87:32:73:
+ fe:e4:b2:c0:ee:07:cf:f3:07:e4:e5:16:c2:07:91:7c:01:8c:
+ 5d:89:38:40:c6:43:80:ac:fb:cc:27:5a:de:9b:c7:70:c6:5b:
+ 2e:c8:c7:f9:08:2f:42:7e:ee:44:6e:50:29:5b:19:2f:16:fb:
+ 0d:16:f9:43:f3:82:c2:c0:ed:2d:a2:51:f2:1c:07:61:1b:2e:
+ c4:be:f4:7d:20:83:a9:0d:ff:bb:ec:86:c5:c5:5e:57:66:70:
+ 06:f1:0e:89:ba:a7:6b:39:dd:46:46:dc:a6:ec:fe:c8:44:4e:
+ bd:1d:d5:9b:2b:a2:df:04:9d:40:35:ce:35:3b:d1:b7:91:5c:
+ e6:5f:83:23:a2:9e:d5:be:46:9f:6a:43:4c:36:86:4c:a9:a5:
+ ce:05:e1:c2:65:9b:70:cd:67:63:c7:a5:1b:01:0d:3e:c3:cd:
+ 91:3e:65:33:72:2b:38:14:db:18:bb:f9:1a:3d:80:92:fb:66:
+ 86:06:29:0b:48:ef:91:35:e6:00:8f:81:22:3f:3a:36:af:9c:
+ 7f:9e:b1:f5:40:ab:43:8b:ff:f2:a2:0a:8d:7e:23:e3:97:3a:
+ 72:3d:70:fb:25:61:e0:a6:26:b3:d8:6e:62:77:ab:be:b8:16:
+ 88:2e:b5:0c:9a:44:e9:7f:01:96:d1:29:08:b1:a3:55:00:97:
+ ff:9d:2f:68:b8:bb:88:8f:03:47:4c:39:a9:62:fe:e0:fa:eb:
+ 4c:f2:f6:0e:23:43:ca:83:cb:54:84:79:c4:72:9d:1b:02:97:
+ ec:4a:50:5f:cd:10:ba:89:fb:4f:2e:df:50:06:be:55:fd:30:
+ c9:ca:58:94:a3:d3:e3:42:83:21:79:89:f7:dd:eb:46:f0:9a:
+ 88:1b:26:d9:a5:de:4b:c7
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAaSgAwIBAgIBGjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjExNDIyNloXDTEw
+MDMxNjExNDIyNlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
+rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
+sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
+j9ppRseS8rO6bJA9cQIDAQABoxgwFjAUBgNVHSUEDTALBgkrBgEFBQcwAQUwDQYJ
+KoZIhvcNAQEFBQADggIBAKlG8WnQF1yEZf9OF7paOir1dezCL1Aa/M5+sJ8WvVH9
+J1Eaj4zZscMn6bR3Fy3Y/On+4Fc1CI/yUBib6RSQwuKUGxkYnd/BIJ/9TDGhtmhB
+tpNmBHQD1DSiy72IOjacwKB5UjM9xZ/7PjIky2iqeNIko0Q5VSg9IJrA6ZjPREB0
+TIODjR0qzvgdtDzxymBcWEp8qW2WHJYWgn0MFCZttuQvBUxvCu1ZqkP45/WipQHA
+Mocyc/7kssDuB8/zB+TlFsIHkXwBjF2JOEDGQ4Cs+8wnWt6bx3DGWy7Ix/kIL0J+
+7kRuUClbGS8W+w0W+UPzgsLA7S2iUfIcB2EbLsS+9H0gg6kN/7vshsXFXldmcAbx
+Dom6p2s53UZG3Kbs/shETr0d1Zsrot8EnUA1zjU70beRXOZfgyOintW+Rp9qQ0w2
+hkyppc4F4cJlm3DNZ2PHpRsBDT7DzZE+ZTNyKzgU2xi7+Ro9gJL7ZoYGKQtI75E1
+5gCPgSI/OjavnH+esfVAq0OL//KiCo1+I+OXOnI9cPslYeCmJrPYbmJ3q764Fogu
+tQyaROl/AZbRKQixo1UAl/+dL2i4u4iPA0dMOali/uD660zy9g4jQ8qDy1SEecRy
+nRsCl+xKUF/NELqJ+08u31AGvlX9MMnKWJSj0+NCgyF5iffd60bwmogbJtml3kvH
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 27 (0x1b)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 11:56:53 2009 GMT
+ Not After : Mar 16 11:56:53 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
+ 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
+ cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
+ ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
+ 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
+ b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
+ ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
+ 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
+ c7:92:f2:b3:ba:6c:90:3d:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ OCSP No Check:
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 30:ef:e6:6f:c4:15:ce:e0:09:3e:ab:07:cb:30:ca:64:77:a0:
+ cb:ca:9e:0e:b5:57:10:16:65:f3:f6:ff:76:c6:30:f1:28:5b:
+ 0f:9e:57:dd:fc:0a:b2:45:7b:ff:2a:e5:52:5c:39:62:cf:ff:
+ 20:06:e5:d4:50:d9:20:07:29:65:db:4a:96:b3:62:6e:3c:8e:
+ fc:8c:16:2f:b7:e6:82:13:e5:c9:47:ae:79:25:6c:1b:90:01:
+ 53:3a:d6:65:9d:3f:0d:b4:69:cc:72:e1:e1:5b:f3:bc:80:5d:
+ a0:a0:3a:be:99:59:e2:b4:84:eb:53:91:b7:f5:87:0c:e6:81:
+ 47:b2:be:28:5f:7c:26:df:18:ea:fc:7f:36:bb:3d:a3:9a:2b:
+ 86:04:32:26:7e:25:12:45:d0:56:6e:a7:d1:43:7d:f2:d4:85:
+ d3:a6:4e:9d:82:3b:15:77:5b:b5:77:7d:37:06:1c:84:ed:09:
+ bc:21:bb:fd:56:89:ee:f7:7d:8d:8f:ae:ab:37:5a:c0:9e:17:
+ 43:77:19:b3:2f:26:4b:1d:68:e3:95:0f:f9:09:6a:27:a5:26:
+ e0:00:cc:a4:7d:4c:89:a4:d9:54:56:5c:80:10:b2:eb:23:9d:
+ 53:64:ac:45:7e:85:ff:4b:34:29:56:91:8a:a6:9d:19:9f:0c:
+ 1a:c3:3a:82:eb:9f:0e:ab:a2:18:0a:d9:cd:20:bb:1a:33:51:
+ 38:c6:5b:7e:bf:fe:6f:cd:96:b9:b3:22:7e:99:b0:5b:52:e0:
+ a6:3b:07:87:28:83:18:12:cb:5e:d1:8e:29:52:e1:16:9e:a1:
+ 7e:0a:5c:2c:e2:e1:9d:2d:19:ce:c5:f3:f0:a1:99:18:5f:6d:
+ ea:07:8e:b5:0e:ab:e3:76:b8:f3:22:77:2b:52:70:4d:d3:9a:
+ 26:85:81:2c:13:70:d7:5e:da:0a:13:64:74:f4:22:98:33:c6:
+ 1f:99:6c:6a:55:7a:05:e6:51:7e:9b:ae:27:ff:68:4b:a9:5b:
+ 71:69:9f:fe:86:3f:3e:5d:47:8f:72:4b:07:2e:9a:29:07:36:
+ e3:2c:dd:94:72:f6:9b:04:b4:18:2a:49:c6:b6:1c:7f:e5:81:
+ ea:21:13:ca:50:0e:fe:b0:47:04:4d:52:b0:dc:39:50:a5:ac:
+ 4c:7a:72:c8:a3:c9:d3:f2:07:dc:1b:bc:83:e7:6c:9d:2a:a9:
+ c0:0a:5f:ff:d1:fc:d3:8f:fe:8c:b3:58:64:b5:d6:44:6a:7e:
+ b5:23:ea:7d:18:a5:f3:e1:7a:d1:56:cf:7d:05:b9:29:fc:28:
+ c1:e7:50:37:49:c7:17:69:73:d1:91:ac:d0:a3:ef:c1:99:1d:
+ 91:f6:55:9b:46:b6:46:4e
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAZ+gAwIBAgIBGzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjExNTY1M1oXDTEw
+MDMxNjExNTY1M1owUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
+rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
+sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
+j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3
+DQEBBQUAA4ICAQAw7+ZvxBXO4Ak+qwfLMMpkd6DLyp4OtVcQFmXz9v92xjDxKFsP
+nlfd/AqyRXv/KuVSXDliz/8gBuXUUNkgByll20qWs2JuPI78jBYvt+aCE+XJR655
+JWwbkAFTOtZlnT8NtGnMcuHhW/O8gF2goDq+mVnitITrU5G39YcM5oFHsr4oX3wm
+3xjq/H82uz2jmiuGBDImfiUSRdBWbqfRQ33y1IXTpk6dgjsVd1u1d303BhyE7Qm8
+Ibv9Vonu932Nj66rN1rAnhdDdxmzLyZLHWjjlQ/5CWonpSbgAMykfUyJpNlUVlyA
+ELLrI51TZKxFfoX/SzQpVpGKpp0ZnwwawzqC658Oq6IYCtnNILsaM1E4xlt+v/5v
+zZa5syJ+mbBbUuCmOweHKIMYEste0Y4pUuEWnqF+Clws4uGdLRnOxfPwoZkYX23q
+B461DqvjdrjzIncrUnBN05omhYEsE3DXXtoKE2R09CKYM8YfmWxqVXoF5lF+m64n
+/2hLqVtxaZ/+hj8+XUePcksHLpopBzbjLN2UcvabBLQYKknGthx/5YHqIRPKUA7+
+sEcETVKw3DlQpaxMenLIo8nT8gfcG7yD52ydKqnACl//0fzTj/6Ms1hktdZEan61
+I+p9GKXz4XrRVs99Bbkp/CjB51A3SccXaXPRkazQo+/BmR2R9lWbRrZGTg==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 28 (0x1c)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 12:10:50 2009 GMT
+ Not After : Mar 16 12:10:50 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
+ 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
+ cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
+ ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
+ 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
+ b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
+ ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
+ 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
+ c7:92:f2:b3:ba:6c:90:3d:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ OCSP No Check:
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 9e:15:66:51:b4:ba:c2:50:57:2f:fb:35:bd:43:53:67:26:73:
+ 96:30:ae:28:d3:fb:b6:d1:4c:e4:bb:1a:c6:f3:e4:40:b6:bb:
+ a8:85:c8:1f:e8:09:cd:5a:ec:c2:4d:21:7c:24:85:c2:78:1d:
+ 97:1f:65:41:50:4c:f7:c2:87:0d:5f:1b:0e:30:b1:66:97:9b:
+ 4d:d3:32:27:e2:a5:50:17:80:55:0b:d7:4e:ae:9d:94:c1:4f:
+ c3:98:f4:d7:64:9c:e5:c9:16:e0:2a:11:8e:27:8d:00:d8:5d:
+ 3d:61:15:8b:0d:16:39:f1:71:a1:d4:0c:28:fe:d8:47:09:d7:
+ be:00:95:39:3b:c0:1c:b2:fd:c4:74:e0:97:df:61:4d:90:db:
+ 7f:bf:85:21:72:91:90:fa:19:67:6e:cf:ef:61:86:0d:6d:60:
+ c6:9b:83:5a:44:fb:d6:d2:1f:f1:2b:5e:0f:3d:6c:a3:07:c3:
+ e6:99:13:73:53:71:b5:29:97:d9:43:73:f7:f5:47:41:08:92:
+ 59:22:95:3e:8d:5e:ff:3f:ad:17:2f:b4:2d:da:b8:5e:09:5a:
+ 23:c7:b4:eb:cb:3b:b8:83:e9:1c:5c:72:df:65:52:36:54:2f:
+ 73:0c:57:89:32:80:a4:3e:80:5b:d4:cf:84:73:63:62:27:86:
+ 0a:61:51:63:1a:58:e8:ed:09:5b:a7:99:97:a3:e6:00:ee:46:
+ e5:b7:c6:2f:2f:1a:57:8c:8b:e4:ff:19:f1:eb:3d:8a:ef:a6:
+ ea:3b:7e:d8:82:d6:cf:ff:fc:56:b9:85:4d:9a:21:a4:05:d3:
+ 3a:9a:84:b6:cc:2a:d5:7b:08:2b:00:fe:de:aa:55:53:4f:5c:
+ d1:a3:61:8e:44:d3:85:22:ab:88:a6:79:dc:8d:b4:39:e7:28:
+ 5a:30:68:10:bc:94:19:95:5f:6c:58:94:a4:05:da:5e:d9:1e:
+ ae:7b:50:cc:33:e8:db:b6:8f:ee:2e:28:da:fe:31:18:c1:a8:
+ 50:d9:2b:5c:b1:f8:1b:f5:ab:35:28:31:ca:85:3e:2b:14:0f:
+ 5a:49:94:6e:1b:3e:d7:ee:8b:ee:51:f2:24:7e:a6:d7:fd:b3:
+ 48:7e:e1:39:d9:e5:fa:4a:72:2c:4e:6f:64:39:48:88:23:3b:
+ 23:b3:7f:b1:aa:07:76:37:49:e1:81:fa:57:e5:58:d6:b8:bd:
+ e1:84:e4:47:7e:02:23:3c:21:3e:51:42:c5:ad:dd:41:1c:e5:
+ 27:17:c0:2c:cf:11:f0:19:ab:96:92:f3:d8:88:df:11:bc:7f:
+ 05:aa:14:03:7f:4b:31:2a:8f:1b:00:79:4e:bd:1e:71:24:3f:
+ c8:27:5a:e6:a7:8a:87:3e
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAZ+gAwIBAgIBHDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyMTA1MFoXDTEw
+MDMxNjEyMTA1MFowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
+rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
+sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
+j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3
+DQEBBQUAA4ICAQCeFWZRtLrCUFcv+zW9Q1NnJnOWMK4o0/u20UzkuxrG8+RAtruo
+hcgf6AnNWuzCTSF8JIXCeB2XH2VBUEz3wocNXxsOMLFml5tN0zIn4qVQF4BVC9dO
+rp2UwU/DmPTXZJzlyRbgKhGOJ40A2F09YRWLDRY58XGh1Awo/thHCde+AJU5O8Ac
+sv3EdOCX32FNkNt/v4UhcpGQ+hlnbs/vYYYNbWDGm4NaRPvW0h/xK14PPWyjB8Pm
+mRNzU3G1KZfZQ3P39UdBCJJZIpU+jV7/P60XL7Qt2rheCVojx7Tryzu4g+kcXHLf
+ZVI2VC9zDFeJMoCkPoBb1M+Ec2NiJ4YKYVFjGljo7Qlbp5mXo+YA7kblt8YvLxpX
+jIvk/xnx6z2K76bqO37YgtbP//xWuYVNmiGkBdM6moS2zCrVewgrAP7eqlVTT1zR
+o2GORNOFIquIpnncjbQ55yhaMGgQvJQZlV9sWJSkBdpe2R6ue1DMM+jbto/uLija
+/jEYwahQ2Stcsfgb9as1KDHKhT4rFA9aSZRuGz7X7ovuUfIkfqbX/bNIfuE52eX6
+SnIsTm9kOUiIIzsjs3+xqgd2N0nhgfpX5VjWuL3hhORHfgIjPCE+UULFrd1BHOUn
+F8AszxHwGauWkvPYiN8RvH8FqhQDf0sxKo8bAHlOvR5xJD/IJ1rmp4qHPg==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 29 (0x1d)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 12:12:56 2009 GMT
+ Not After : Mar 16 12:12:56 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
+ 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
+ cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
+ ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
+ 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
+ b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
+ ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
+ 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
+ c7:92:f2:b3:ba:6c:90:3d:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ OCSP No Check:
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 08:72:72:7b:9c:62:fb:4d:ed:66:dc:d9:f2:db:a0:89:0e:ff:
+ 04:54:3a:16:60:e4:d9:c8:68:44:54:ee:27:a9:8a:45:ff:26:
+ 7e:05:1e:c9:61:cd:f3:54:25:d8:72:6e:6f:87:a1:65:ad:cd:
+ f4:8b:86:8f:5e:20:ab:82:4f:ac:1e:ec:a7:fd:66:2b:33:73:
+ 64:44:36:8a:a8:3e:fa:9c:48:ce:ec:52:a9:23:51:94:4b:61:
+ 55:d5:ea:83:95:30:a2:af:ef:69:ac:bc:48:47:bd:5f:18:5a:
+ 64:71:6c:65:a9:e7:fd:d2:c1:5f:56:68:6c:90:74:f9:a3:35:
+ 92:7d:aa:d9:d7:64:20:6d:84:d1:53:a8:b8:06:05:83:5f:e2:
+ e4:94:81:55:09:df:3d:88:fb:76:f1:ee:59:67:75:41:70:77:
+ fe:7c:c2:b6:d3:7a:13:a0:ab:99:62:7a:fc:5e:d2:ea:d0:99:
+ 91:3a:57:8b:01:99:3a:78:3b:6c:b6:8d:1b:9d:21:69:90:28:
+ 34:c6:f3:14:81:94:d3:9d:5c:d2:0b:44:78:29:f9:fb:c2:e8:
+ 30:47:eb:27:ab:8b:b5:d4:28:a3:6d:fa:83:5d:13:76:da:d2:
+ da:77:c3:d0:e0:d3:8b:c1:6e:e4:e0:94:b3:6a:4d:60:9b:84:
+ 24:02:75:ca:89:4b:60:83:51:3a:7a:b1:c7:e7:d4:55:40:fa:
+ ac:7e:1b:c4:f4:d9:01:e2:84:e7:16:20:92:68:6f:dd:2f:a5:
+ 5a:c5:40:24:9f:89:e9:53:43:02:76:ea:a2:be:17:de:c8:da:
+ fa:0e:2a:b8:98:25:0f:c9:2e:31:6f:a9:bf:ec:54:09:bf:e0:
+ 74:af:23:bd:ee:b1:c4:2b:91:8a:dc:c4:14:e5:52:c9:c8:fd:
+ ae:c0:87:e1:8e:a9:b5:25:2b:ce:43:fa:3a:2a:02:fb:2f:9a:
+ 04:7a:39:e1:8f:84:99:4c:61:6a:24:7c:a3:66:bc:93:80:4e:
+ 14:22:bc:fb:eb:a0:2f:e2:5a:be:01:c5:3d:76:72:ce:d6:be:
+ e7:e0:01:27:ca:22:35:1b:81:84:c4:d6:ee:24:8d:f0:be:cd:
+ 0e:a8:85:29:f2:23:20:23:52:14:4a:c0:8a:ac:9a:d6:14:63:
+ 01:1f:41:f7:8c:c5:18:4e:39:64:05:f6:da:44:a3:18:1a:6f:
+ 77:62:40:f2:e5:d6:ab:4d:55:8b:ed:76:f6:73:80:de:1c:b9:
+ 69:84:11:aa:e2:56:07:e6:0a:a1:41:4b:a5:b4:92:f4:30:48:
+ 4d:df:e6:a6:52:97:84:8d:7e:04:24:99:d1:93:a4:55:8b:d7:
+ c9:82:44:63:74:f3:1f:d5
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAZ+gAwIBAgIBHTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyMTI1NloXDTEw
+MDMxNjEyMTI1NlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
+rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
+sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
+j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3
+DQEBBQUAA4ICAQAIcnJ7nGL7Te1m3Nny26CJDv8EVDoWYOTZyGhEVO4nqYpF/yZ+
+BR7JYc3zVCXYcm5vh6Flrc30i4aPXiCrgk+sHuyn/WYrM3NkRDaKqD76nEjO7FKp
+I1GUS2FV1eqDlTCir+9prLxIR71fGFpkcWxlqef90sFfVmhskHT5ozWSfarZ12Qg
+bYTRU6i4BgWDX+LklIFVCd89iPt28e5ZZ3VBcHf+fMK203oToKuZYnr8XtLq0JmR
+OleLAZk6eDtsto0bnSFpkCg0xvMUgZTTnVzSC0R4Kfn7wugwR+snq4u11CijbfqD
+XRN22tLad8PQ4NOLwW7k4JSzak1gm4QkAnXKiUtgg1E6erHH59RVQPqsfhvE9NkB
+4oTnFiCSaG/dL6VaxUAkn4npU0MCduqivhfeyNr6Diq4mCUPyS4xb6m/7FQJv+B0
+ryO97rHEK5GK3MQU5VLJyP2uwIfhjqm1JSvOQ/o6KgL7L5oEejnhj4SZTGFqJHyj
+ZryTgE4UIrz766Av4lq+AcU9dnLO1r7n4AEnyiI1G4GExNbuJI3wvs0OqIUp8iMg
+I1IUSsCKrJrWFGMBH0H3jMUYTjlkBfbaRKMYGm93YkDy5darTVWL7Xb2c4DeHLlp
+hBGq4lYH5gqhQUultJL0MEhN3+amUpeEjX4EJJnRk6RVi9fJgkRjdPMf1Q==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 30 (0x1e)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 12:13:11 2009 GMT
+ Not After : Mar 16 12:13:11 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
+ 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
+ cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
+ ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
+ 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
+ b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
+ ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
+ 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
+ c7:92:f2:b3:ba:6c:90:3d:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ OCSP No Check:
+
+ X509v3 Extended Key Usage:
+ OCSP Signing
+ Signature Algorithm: sha1WithRSAEncryption
+ 8f:da:fe:f8:bb:53:ba:a5:4a:ed:09:6e:4e:5e:10:3f:aa:ce:
+ b4:49:9e:53:d9:66:ff:3c:1e:d6:b4:7b:b5:ca:74:7e:11:12:
+ 2e:da:a5:9b:2d:81:40:aa:f6:06:4a:df:43:59:63:cd:31:05:
+ 8b:20:4b:1d:c0:66:e7:02:c5:6f:b3:a6:5e:ad:73:fc:88:61:
+ e7:b4:fe:59:c7:3b:85:4c:06:97:87:5f:c3:80:fc:28:29:b4:
+ 2d:c6:3b:ea:ac:4d:ce:d8:f3:f7:ca:45:9c:23:33:80:23:da:
+ 83:39:a7:d6:51:a0:a2:79:56:48:f3:2b:ca:c4:31:56:09:ab:
+ 2e:c8:50:0a:24:c1:36:3e:11:5d:cd:1b:9b:d7:38:59:70:a1:
+ ea:de:50:fa:44:37:33:1a:b3:24:b7:a6:29:3c:21:1e:66:cf:
+ 23:65:12:90:01:20:1a:b4:be:39:ff:7e:bf:55:17:5f:bd:fc:
+ 77:67:12:15:c9:9c:42:7f:49:f5:6f:96:15:68:ba:e9:b1:16:
+ dc:ac:92:b0:26:55:2e:1f:90:62:1c:da:29:94:1c:17:d3:92:
+ 6b:1d:83:bc:ac:cb:3f:b9:d1:e4:e2:a4:67:f4:c0:a1:21:ff:
+ 3f:92:ab:9a:d2:6f:8b:0b:f9:a0:75:b2:da:20:38:08:b6:b9:
+ 1c:b8:8a:af:c8:67:63:f2:53:fa:9e:0c:8f:3d:fa:5d:07:0d:
+ af:96:10:e6:fa:6f:76:c4:7e:ac:82:e7:2c:04:c4:7b:66:be:
+ 25:69:f9:cb:10:1d:8f:29:6a:f1:0b:50:b3:00:d6:47:75:03:
+ b6:34:96:60:f8:32:e2:9b:a0:b2:71:e4:6f:31:4f:d3:64:48:
+ d3:01:27:ba:e8:11:76:36:86:7e:74:9d:44:cd:25:bc:7f:90:
+ f7:64:a1:10:ae:75:82:f9:5d:b6:65:83:5b:71:19:89:9d:0e:
+ 70:01:46:bf:86:d2:82:cf:ca:c5:c6:34:54:67:ea:e4:9c:32:
+ db:12:ad:d2:8d:78:9b:07:cb:06:f1:f0:3c:0a:56:70:11:9b:
+ 71:2d:41:1c:b5:81:cf:a1:6f:2e:17:f5:54:99:ea:c0:79:e5:
+ d0:0c:df:50:2a:aa:ff:e3:8b:a3:66:2a:9f:f0:84:b6:8f:e6:
+ 8e:fd:d9:91:e5:8c:8b:5b:d1:77:d7:1d:b1:06:b6:1e:48:32:
+ 82:d5:28:f2:24:40:2e:71:5c:e1:16:1e:14:2d:77:22:d3:ab:
+ 84:b6:c0:ad:67:3d:b2:a6:15:f8:00:f9:95:f7:32:05:3b:e7:
+ a7:41:62:16:3f:f6:55:f1:c0:9e:6a:c5:00:a1:9c:78:27:58:
+ ea:80:17:5f:80:fa:9d:b0
+-----BEGIN CERTIFICATE-----
+MIIDzDCCAbSgAwIBAgIBHjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyMTMxMVoXDTEw
+MDMxNjEyMTMxMVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
+rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
+sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
+j9ppRseS8rO6bJA9cQIDAQABoygwJjAPBgkrBgEFBQcwAQUEAgUAMBMGA1UdJQQM
+MAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA4ICAQCP2v74u1O6pUrtCW5OXhA/
+qs60SZ5T2Wb/PB7WtHu1ynR+ERIu2qWbLYFAqvYGSt9DWWPNMQWLIEsdwGbnAsVv
+s6ZerXP8iGHntP5ZxzuFTAaXh1/DgPwoKbQtxjvqrE3O2PP3ykWcIzOAI9qDOafW
+UaCieVZI8yvKxDFWCasuyFAKJME2PhFdzRub1zhZcKHq3lD6RDczGrMkt6YpPCEe
+Zs8jZRKQASAatL45/36/VRdfvfx3ZxIVyZxCf0n1b5YVaLrpsRbcrJKwJlUuH5Bi
+HNoplBwX05JrHYO8rMs/udHk4qRn9MChIf8/kqua0m+LC/mgdbLaIDgItrkcuIqv
+yGdj8lP6ngyPPfpdBw2vlhDm+m92xH6sgucsBMR7Zr4lafnLEB2PKWrxC1CzANZH
+dQO2NJZg+DLim6CyceRvMU/TZEjTASe66BF2NoZ+dJ1EzSW8f5D3ZKEQrnWC+V22
+ZYNbcRmJnQ5wAUa/htKCz8rFxjRUZ+rknDLbEq3SjXibB8sG8fA8ClZwEZtxLUEc
+tYHPoW8uF/VUmerAeeXQDN9QKqr/44ujZiqf8IS2j+aO/dmR5YyLW9F31x2xBrYe
+SDKC1SjyJEAucVzhFh4ULXci06uEtsCtZz2yphX4APmV9zIFO+enQWIWP/ZV8cCe
+asUAoZx4J1jqgBdfgPqdsA==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 31 (0x1f)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 12:18:09 2009 GMT
+ Not After : Mar 16 12:18:09 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
+ 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
+ cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
+ ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
+ 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
+ b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
+ ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
+ 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
+ c7:92:f2:b3:ba:6c:90:3d:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ OCSP No Check:
+
+ X509v3 Extended Key Usage:
+ OCSP Signing
+ Signature Algorithm: sha1WithRSAEncryption
+ 79:52:2d:07:c5:c3:28:24:6e:4e:fa:96:bc:67:29:f8:1c:1d:
+ b0:c9:ea:1a:5a:1b:6c:a6:c8:c2:05:3f:3c:2c:8d:23:6c:5e:
+ 04:09:ae:80:d5:a6:0b:72:6b:58:29:45:4f:38:f6:01:14:0e:
+ fd:6a:c3:80:8d:a6:1c:05:e9:9f:a5:a9:93:0a:f3:2a:6b:47:
+ dd:b9:77:4f:89:e9:e8:15:ae:46:d1:55:0e:79:d2:63:df:0a:
+ 28:c6:c3:6b:d9:b8:66:6a:b1:28:15:68:ec:33:2d:51:9e:eb:
+ 08:12:61:5c:6d:17:b9:6c:db:33:b6:e4:99:4f:7c:3e:3c:31:
+ 28:04:8a:d9:a8:dd:43:b4:80:4c:3d:8f:43:a8:d4:8b:da:f5:
+ 04:7d:0c:c3:f7:c3:75:ab:b1:a9:a3:7e:f1:d0:44:46:99:c0:
+ 7f:00:ce:3d:82:b4:07:4b:37:5f:68:49:99:d9:9d:c9:b0:ab:
+ 8b:45:2b:cd:b0:19:33:3a:81:8e:25:1e:e8:ad:b7:1c:8b:0a:
+ 18:96:e2:78:cc:53:ef:fc:b4:90:46:55:7b:d6:3b:8f:cf:e0:
+ 7f:f9:0e:41:04:a4:06:3e:9c:86:6e:c8:2c:11:de:6a:8b:82:
+ a5:49:70:d2:ac:3a:45:4a:c9:fb:1e:a5:4c:0e:1d:88:b5:86:
+ ac:08:a6:57:61:6c:1c:7f:63:7a:44:ad:50:16:f8:f9:2f:22:
+ 4b:ba:ae:22:fc:b9:58:fe:9d:b4:31:a8:7d:f5:86:18:03:01:
+ 7b:51:c1:57:7f:62:77:1d:e6:98:06:1c:da:7f:cd:f0:e8:12:
+ 9c:7e:70:c3:bc:bd:db:18:de:57:f3:4c:1a:6a:b6:e1:24:3f:
+ 2c:2d:3e:ee:7f:01:45:84:09:5f:cf:ff:a6:26:a9:36:8e:13:
+ d8:f5:72:85:4a:0e:55:a5:6c:27:ef:91:e4:1c:93:f4:93:75:
+ c4:b5:22:16:b3:af:ec:81:72:dd:f2:4c:a4:f5:99:00:f7:e8:
+ f1:9e:a1:e3:a1:dd:ea:e3:5e:47:d1:ea:72:cb:6d:b6:60:cc:
+ de:3c:f4:cf:7e:c1:3d:bf:c1:34:88:cb:ee:a2:23:2e:72:ca:
+ 56:f2:ec:9b:16:3b:5e:8e:02:0f:d5:7e:d2:8a:49:26:fb:59:
+ 3f:6c:15:1c:b3:cf:a0:6e:70:b6:81:31:44:cf:9a:70:1d:86:
+ a6:9a:7e:7e:88:85:34:72:9d:da:3e:3f:65:ad:ad:d2:67:2a:
+ 22:62:4d:c2:9a:dd:f4:23:45:be:e2:e2:26:cb:f4:7b:f4:5f:
+ 45:d2:6a:71:a9:9c:69:cd:c5:c1:f3:96:44:f5:d2:95:77:bc:
+ 1c:aa:79:cc:a1:d5:3c:32
+-----BEGIN CERTIFICATE-----
+MIIDzDCCAbSgAwIBAgIBHzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyMTgwOVoXDTEw
+MDMxNjEyMTgwOVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
+rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
+sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
+j9ppRseS8rO6bJA9cQIDAQABoygwJjAPBgkrBgEFBQcwAQUEAgUAMBMGA1UdJQQM
+MAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA4ICAQB5Ui0HxcMoJG5O+pa8Zyn4
+HB2wyeoaWhtspsjCBT88LI0jbF4ECa6A1aYLcmtYKUVPOPYBFA79asOAjaYcBemf
+pamTCvMqa0fduXdPienoFa5G0VUOedJj3wooxsNr2bhmarEoFWjsMy1RnusIEmFc
+bRe5bNsztuSZT3w+PDEoBIrZqN1DtIBMPY9DqNSL2vUEfQzD98N1q7Gpo37x0ERG
+mcB/AM49grQHSzdfaEmZ2Z3JsKuLRSvNsBkzOoGOJR7orbcciwoYluJ4zFPv/LSQ
+RlV71juPz+B/+Q5BBKQGPpyGbsgsEd5qi4KlSXDSrDpFSsn7HqVMDh2ItYasCKZX
+YWwcf2N6RK1QFvj5LyJLuq4i/LlY/p20Mah99YYYAwF7UcFXf2J3HeaYBhzaf83w
+6BKcfnDDvL3bGN5X80waarbhJD8sLT7ufwFFhAlfz/+mJqk2jhPY9XKFSg5VpWwn
+75HkHJP0k3XEtSIWs6/sgXLd8kyk9ZkA9+jxnqHjod3q415H0epyy222YMzePPTP
+fsE9v8E0iMvuoiMucspW8uybFjtejgIP1X7Sikkm+1k/bBUcs8+gbnC2gTFEz5pw
+HYammn5+iIU0cp3aPj9lra3SZyoiYk3Cmt30I0W+4uImy/R79F9F0mpxqZxpzcXB
+85ZE9dKVd7wcqnnModU8Mg==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 32 (0x20)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 12:29:16 2009 GMT
+ Not After : Mar 16 12:29:16 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
+ 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
+ cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
+ ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
+ 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
+ b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
+ ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
+ 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
+ c7:92:f2:b3:ba:6c:90:3d:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Extended Key Usage:
+ OCSP Signing
+ OCSP No Check:
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 22:63:3c:cd:27:23:8b:bf:c2:f1:d9:e8:f8:62:0b:58:a6:7d:
+ d7:f1:1f:d8:a2:0e:02:1f:51:30:a9:fd:b6:2a:e0:f3:55:f4:
+ a6:a4:d5:f2:3b:b1:2d:09:66:67:ab:f3:12:07:4f:98:96:7d:
+ 7a:95:64:99:df:b0:75:b1:5a:51:76:bc:70:82:80:5f:14:0c:
+ d6:f3:4a:0c:26:87:d2:ad:ed:8a:fe:94:73:6b:37:c6:3e:b5:
+ 70:a4:06:a8:48:af:fc:45:6c:d8:71:ae:9d:a1:05:14:26:bc:
+ 3c:76:1e:f0:d4:00:08:b3:5d:9e:0b:da:c4:51:c2:3f:da:25:
+ e5:ff:9f:20:9a:30:c1:03:cb:62:64:2d:de:20:a0:c4:53:d9:
+ a8:b2:36:4d:db:2f:1d:f6:31:48:b1:8a:32:9d:4a:5d:b2:8d:
+ e1:57:e7:47:c8:c6:58:e2:91:5f:de:dd:6c:e1:36:57:12:7d:
+ 54:75:5b:d8:11:15:75:53:70:79:4e:46:ce:5d:b5:4d:62:ac:
+ 79:14:0a:0b:57:aa:ef:43:aa:5c:7f:97:df:cf:51:7c:08:98:
+ db:36:f2:9d:66:7f:98:c2:9e:2b:70:85:f0:9c:41:19:32:c2:
+ 5c:27:08:7e:b9:d1:f1:fb:a6:05:55:ad:6e:73:04:dd:14:fb:
+ d6:e5:17:f6:3b:bc:30:93:e8:0f:66:0f:90:2b:c4:60:f7:2c:
+ de:35:e1:33:da:a0:67:54:00:d8:2a:2f:e1:8c:0b:a3:33:94:
+ 32:cc:94:fe:d6:d8:96:0c:58:92:ee:89:a8:8e:c8:75:e5:a3:
+ 2a:94:8a:b8:bb:c2:c3:1c:1d:4d:af:c9:4a:5b:6a:83:34:34:
+ ed:f8:f4:fc:23:d5:93:85:39:ad:12:d6:86:48:e4:9c:23:b2:
+ 84:9e:77:8f:3f:17:c2:91:b8:95:a8:69:4d:43:be:a1:13:9c:
+ d8:30:cb:e1:ce:91:92:11:eb:b3:e3:83:2c:ab:f1:2b:3e:7d:
+ 5d:dc:6b:69:64:28:a5:cc:06:8e:39:9f:f6:11:ec:f9:b3:86:
+ bb:c6:26:2f:a9:dd:70:39:34:e3:7a:97:4e:f2:cd:fd:8f:29:
+ d7:e7:37:15:53:ab:98:3c:51:65:0c:c4:d1:0e:cb:33:17:4f:
+ 1c:b3:81:e5:90:f0:43:86:74:a3:40:c4:4a:0d:bb:65:0b:c2:
+ de:b7:ec:e8:99:e4:92:d1:16:31:0a:2b:6a:d9:e5:8c:13:3f:
+ ec:e6:cf:c0:08:6b:92:37:ae:e2:a9:9c:c6:3b:0f:2d:e4:82:
+ d6:b5:92:be:db:65:53:95:7f:fe:09:cd:79:bd:23:ac:3b:5c:
+ ec:3b:98:90:76:90:c4:c5
+-----BEGIN CERTIFICATE-----
+MIIDzDCCAbSgAwIBAgIBIDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyMjkxNloXDTEw
+MDMxNjEyMjkxNlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
+rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
+sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
+j9ppRseS8rO6bJA9cQIDAQABoygwJjATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkr
+BgEFBQcwAQUEAgUAMA0GCSqGSIb3DQEBBQUAA4ICAQAiYzzNJyOLv8Lx2ej4YgtY
+pn3X8R/Yog4CH1Ewqf22KuDzVfSmpNXyO7EtCWZnq/MSB0+Yln16lWSZ37B1sVpR
+drxwgoBfFAzW80oMJofSre2K/pRzazfGPrVwpAaoSK/8RWzYca6doQUUJrw8dh7w
+1AAIs12eC9rEUcI/2iXl/58gmjDBA8tiZC3eIKDEU9mosjZN2y8d9jFIsYoynUpd
+so3hV+dHyMZY4pFf3t1s4TZXEn1UdVvYERV1U3B5TkbOXbVNYqx5FAoLV6rvQ6pc
+f5ffz1F8CJjbNvKdZn+Ywp4rcIXwnEEZMsJcJwh+udHx+6YFVa1ucwTdFPvW5Rf2
+O7wwk+gPZg+QK8Rg9yzeNeEz2qBnVADYKi/hjAujM5QyzJT+1tiWDFiS7omojsh1
+5aMqlIq4u8LDHB1Nr8lKW2qDNDTt+PT8I9WThTmtEtaGSOScI7KEnnePPxfCkbiV
+qGlNQ76hE5zYMMvhzpGSEeuz44Msq/ErPn1d3GtpZCilzAaOOZ/2Eez5s4a7xiYv
+qd1wOTTjepdO8s39jynX5zcVU6uYPFFlDMTRDsszF08cs4HlkPBDhnSjQMRKDbtl
+C8Let+zomeSS0RYxCitq2eWMEz/s5s/ACGuSN67iqZzGOw8t5ILWtZK+22VTlX/+
+Cc15vSOsO1zsO5iQdpDExQ==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 33 (0x21)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 12:33:25 2009 GMT
+ Not After : Mar 16 12:33:25 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
+ 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
+ cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
+ ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
+ 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
+ b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
+ ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
+ 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
+ c7:92:f2:b3:ba:6c:90:3d:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ OCSP No Check:
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 82:41:0d:08:56:89:0d:b0:bc:15:6e:8a:aa:b9:85:55:2c:61:
+ 4f:78:7c:41:3d:d3:06:00:3a:de:69:19:4f:b2:44:bd:fd:ca:
+ 42:aa:ed:12:76:bb:6e:e7:fa:29:ab:ec:7b:d5:cb:48:8a:e8:
+ 3b:ef:30:a4:b1:94:73:83:43:21:f9:1f:7c:38:cc:a9:9b:a1:
+ 7b:ba:af:96:9e:c4:e2:96:39:6f:d5:ec:b2:5a:95:a2:ee:4a:
+ b2:c4:45:df:54:12:69:fa:2f:b6:e3:42:8f:da:e9:eb:8b:0a:
+ 14:fd:c2:da:97:07:fd:31:6f:74:8a:cc:18:43:4c:e6:e3:de:
+ 91:4b:72:d4:1d:17:51:18:d8:6c:b7:51:e4:ad:e0:f3:45:70:
+ 98:e7:1a:e5:e6:bc:54:7a:b6:e4:a3:66:0a:e0:7e:2f:71:64:
+ f9:b8:f6:b9:eb:ca:e4:a9:14:b2:b2:82:39:19:e4:57:76:68:
+ 66:92:a3:15:e8:83:cb:d7:2c:fb:5e:e7:c3:50:9d:df:a5:dc:
+ c6:f7:a0:93:e6:ab:bb:f8:8e:85:4c:a2:3a:bd:8c:c7:e8:0d:
+ 13:df:e8:cb:8c:4a:ef:d6:8c:42:e6:e0:9c:45:60:e3:45:ad:
+ ad:d9:fb:56:7a:ca:73:2d:87:33:c8:37:b9:f3:9a:a6:c3:c2:
+ 79:76:29:aa:c7:75:b7:12:fb:14:07:e0:13:48:c1:69:ad:a3:
+ bd:9f:94:83:46:aa:b3:44:0a:f2:62:bb:55:9a:80:46:fb:86:
+ af:0d:60:39:7a:ee:dc:ac:15:a2:1f:2b:c2:43:0f:cd:d2:c0:
+ 49:a9:7f:1e:28:ca:69:91:e0:06:1d:b2:ed:71:02:0a:1f:7b:
+ 2f:19:8b:fe:5d:b3:b8:dd:a0:ad:0d:c6:75:47:ae:15:8e:d1:
+ 4f:f3:1c:f3:ee:fe:eb:34:c2:ea:9d:7d:6d:33:00:8a:55:e8:
+ ef:26:68:a4:91:90:d5:f9:e4:1c:5f:77:14:c8:17:b1:fd:41:
+ f2:28:74:ca:1a:e4:be:01:26:cf:3d:3b:46:98:6e:25:ee:ab:
+ 66:75:3d:a5:cf:06:5a:5f:ff:a9:3a:58:de:3d:2f:22:0a:13:
+ 5a:94:6a:f2:fd:f0:1a:c2:06:c9:96:f1:3a:59:87:50:83:5c:
+ 57:c3:e4:36:df:7a:0d:02:c3:20:c2:cb:2c:cc:df:46:6c:51:
+ df:04:11:51:11:ae:81:a3:2a:2e:35:a8:77:1b:37:35:37:54:
+ ea:3b:c1:46:a7:48:e3:78:40:c3:a2:3a:f7:3e:94:ff:48:4c:
+ 55:79:ff:84:e5:38:4c:f3:16:82:27:7f:e1:c2:61:96:d3:d3:
+ c1:94:92:94:8c:3d:3e:34
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAZ+gAwIBAgIBITANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyMzMyNVoXDTEw
+MDMxNjEyMzMyNVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
+rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
+sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
+j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3
+DQEBBQUAA4ICAQCCQQ0IVokNsLwVboqquYVVLGFPeHxBPdMGADreaRlPskS9/cpC
+qu0Sdrtu5/opq+x71ctIiug77zCksZRzg0Mh+R98OMypm6F7uq+WnsTiljlv1eyy
+WpWi7kqyxEXfVBJp+i+240KP2unriwoU/cLalwf9MW90iswYQ0zm496RS3LUHRdR
+GNhst1HkreDzRXCY5xrl5rxUerbko2YK4H4vcWT5uPa568rkqRSysoI5GeRXdmhm
+kqMV6IPL1yz7XufDUJ3fpdzG96CT5qu7+I6FTKI6vYzH6A0T3+jLjErv1oxC5uCc
+RWDjRa2t2ftWespzLYczyDe585qmw8J5dimqx3W3EvsUB+ATSMFpraO9n5SDRqqz
+RAryYrtVmoBG+4avDWA5eu7crBWiHyvCQw/N0sBJqX8eKMppkeAGHbLtcQIKH3sv
+GYv+XbO43aCtDcZ1R64VjtFP8xzz7v7rNMLqnX1tMwCKVejvJmikkZDV+eQcX3cU
+yBex/UHyKHTKGuS+ASbPPTtGmG4l7qtmdT2lzwZaX/+pOljePS8iChNalGry/fAa
+wgbJlvE6WYdQg1xXw+Q233oNAsMgwssszN9GbFHfBBFREa6BoyouNah3Gzc1N1Tq
+O8FGp0jjeEDDojr3PpT/SExVef+E5ThM8xaCJ3/hwmGW09PBlJKUjD0+NA==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 34 (0x22)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 12:50:36 2009 GMT
+ Not After : Mar 16 12:50:36 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
+ 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
+ cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
+ ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
+ 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
+ b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
+ ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
+ 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
+ c7:92:f2:b3:ba:6c:90:3d:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ OCSP No Check:
+
+ X509v3 Extended Key Usage:
+ OCSP Signing
+ Signature Algorithm: sha1WithRSAEncryption
+ 01:64:cf:9d:45:b8:8f:e5:96:d2:fe:3f:dc:bc:58:cb:db:6b:
+ 26:ec:33:9b:84:6a:f8:a9:3e:5a:8a:3b:97:63:db:c8:d1:0c:
+ 3e:c1:8d:1f:6f:16:20:9a:d9:97:78:2f:7a:4f:d1:49:fa:e0:
+ 0d:fe:aa:20:d4:97:71:ed:44:63:2d:eb:91:86:83:70:0e:44:
+ 1d:7c:91:3d:31:11:a8:bb:60:7c:65:71:73:1c:b1:5e:d2:f2:
+ 11:78:be:3a:90:2d:a4:79:a0:b6:53:33:8e:cb:f4:ee:5e:ce:
+ 4b:41:19:c5:27:13:f5:fa:09:4c:5d:af:52:59:95:4c:2f:2b:
+ 3b:24:2c:54:8f:72:2f:86:c7:57:a4:3a:f3:f2:bf:29:60:f5:
+ f6:31:73:8a:62:2e:83:c5:8c:91:ba:85:ab:e1:b6:5a:fb:50:
+ fd:e5:3e:96:f7:dd:9b:1d:91:ac:2d:1b:b7:ca:62:c8:f7:a4:
+ 17:6d:2d:ab:87:4b:69:9e:0f:cc:6a:e4:40:3b:82:64:c7:0d:
+ 7b:81:56:20:5d:cd:1b:99:2e:35:31:78:4a:e6:d8:aa:8e:42:
+ 6c:c5:e5:bf:a0:f1:5a:1e:21:6a:c0:cb:85:f1:90:6c:93:53:
+ 66:a8:62:1e:a7:77:15:1f:de:09:23:13:5f:b8:12:33:31:c1:
+ 4b:44:3b:e1:c4:3f:6a:f5:98:72:d1:ab:e7:9f:0e:f1:46:19:
+ 0b:09:f6:bd:f4:fe:e0:1f:9f:ff:5c:3b:69:42:5e:ec:a5:ab:
+ 85:11:29:23:24:fc:37:ab:4f:b0:9c:a3:2c:5d:84:4d:b3:d9:
+ fc:a0:87:36:15:22:30:b5:de:f8:27:4e:12:41:11:81:3b:8b:
+ 2d:d8:34:d5:79:0b:fa:47:54:5b:46:2e:2c:6d:f4:e1:7e:78:
+ 2d:86:ec:17:5e:29:3a:97:af:7e:0e:df:9a:d2:7d:f0:10:0d:
+ c0:ac:ce:5c:ae:fe:b4:01:82:cf:5f:f9:be:ba:b2:15:5d:04:
+ 5a:58:06:92:2a:5f:e3:98:6a:10:da:51:60:30:66:17:cb:ba:
+ 5b:79:e8:17:63:16:e8:67:40:07:c6:ea:b9:8f:12:d4:31:de:
+ 95:b8:dd:e6:04:5b:3f:b6:c6:25:7b:23:51:2f:62:c5:5f:f9:
+ d5:2e:9b:7f:ba:d9:fc:72:6f:3a:2c:b6:1f:98:87:ea:48:df:
+ 07:97:90:6d:21:48:6b:6a:92:d5:d0:2e:6b:37:56:3e:2a:74:
+ fa:84:02:57:9c:81:eb:e0:2d:3a:e4:2c:94:15:69:75:65:e0:
+ d7:b2:d5:a8:94:39:da:21:85:b2:51:bc:c3:b0:da:16:a5:06:
+ 98:bc:9f:e6:ea:4a:2c:ab
+-----BEGIN CERTIFICATE-----
+MIIDzDCCAbSgAwIBAgIBIjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyNTAzNloXDTEw
+MDMxNjEyNTAzNlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
+rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
+sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
+j9ppRseS8rO6bJA9cQIDAQABoygwJjAPBgkrBgEFBQcwAQUEAgUAMBMGA1UdJQQM
+MAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA4ICAQABZM+dRbiP5ZbS/j/cvFjL
+22sm7DObhGr4qT5aijuXY9vI0Qw+wY0fbxYgmtmXeC96T9FJ+uAN/qog1Jdx7URj
+LeuRhoNwDkQdfJE9MRGou2B8ZXFzHLFe0vIReL46kC2keaC2UzOOy/TuXs5LQRnF
+JxP1+glMXa9SWZVMLys7JCxUj3IvhsdXpDrz8r8pYPX2MXOKYi6DxYyRuoWr4bZa
++1D95T6W992bHZGsLRu3ymLI96QXbS2rh0tpng/MauRAO4Jkxw17gVYgXc0bmS41
+MXhK5tiqjkJsxeW/oPFaHiFqwMuF8ZBsk1NmqGIep3cVH94JIxNfuBIzMcFLRDvh
+xD9q9Zhy0avnnw7xRhkLCfa99P7gH5//XDtpQl7spauFESkjJPw3q0+wnKMsXYRN
+s9n8oIc2FSIwtd74J04SQRGBO4st2DTVeQv6R1RbRi4sbfThfngthuwXXik6l69+
+Dt+a0n3wEA3ArM5crv60AYLPX/m+urIVXQRaWAaSKl/jmGoQ2lFgMGYXy7pbeegX
+YxboZ0AHxuq5jxLUMd6VuN3mBFs/tsYleyNRL2LFX/nVLpt/utn8cm86LLYfmIfq
+SN8Hl5BtIUhrapLV0C5rN1Y+KnT6hAJXnIHr4C065CyUFWl1ZeDXstWolDnaIYWy
+UbzDsNoWpQaYvJ/m6kosqw==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 35 (0x23)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 12:59:02 2009 GMT
+ Not After : Mar 16 12:59:02 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
+ 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
+ cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
+ ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
+ 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
+ b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
+ ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
+ 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
+ c7:92:f2:b3:ba:6c:90:3d:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ OCSP No Check:
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 56:3b:b8:5c:63:eb:9d:db:55:cc:00:8e:5b:2b:2b:b1:17:d4:
+ f0:a4:ca:f7:b9:02:37:ea:2a:ff:df:34:a0:ba:af:a2:47:a5:
+ 8e:1a:f9:eb:97:51:16:a5:6a:35:20:3f:5a:8a:25:98:00:73:
+ 3e:b1:c9:1c:9c:a2:12:72:be:3f:ce:e3:7e:09:c0:8c:4a:eb:
+ 33:4c:77:7c:5c:7c:d7:20:07:a0:9f:48:1d:f9:9a:24:e1:50:
+ f6:63:c4:6e:70:65:12:51:47:79:c5:0e:d9:c2:c5:f5:69:67:
+ 34:a5:b9:64:6e:31:ed:76:5b:66:74:41:10:35:58:48:43:e1:
+ 29:72:25:dd:64:9b:80:03:31:96:a2:d0:75:58:06:66:37:c2:
+ 86:fb:42:a6:50:3b:8c:22:e0:b9:a7:b5:7d:35:df:5d:58:ca:
+ f1:e9:be:60:6d:cc:2d:72:d7:c6:c1:8e:48:6f:ed:54:06:fa:
+ 31:92:c7:34:8a:64:32:82:4b:a9:20:9f:8c:1d:2d:c1:f1:35:
+ 77:5b:0f:7d:f0:2a:0c:a8:b2:cb:86:ac:cd:9c:5d:91:df:78:
+ b1:e1:cc:1e:f7:da:7e:3d:01:4a:86:07:86:9f:50:3b:69:91:
+ cf:3e:22:ec:7a:e3:c8:8f:f8:69:d2:f0:16:de:b6:5c:e4:fa:
+ 89:1a:de:74:d3:fb:df:16:1d:46:d4:7d:b6:74:8a:eb:fc:bf:
+ c0:82:3b:1d:c3:af:6f:b5:12:f2:c6:cc:05:47:12:cb:4e:f6:
+ 48:b9:da:bd:da:b0:dc:3c:a5:83:29:11:7e:66:7f:1e:08:5f:
+ 7e:90:13:a5:63:c9:76:5e:91:b2:37:3b:ff:e7:8d:07:ab:0c:
+ 34:57:17:8d:09:92:86:1b:63:68:c1:e3:c8:f1:56:19:46:5b:
+ a9:1a:13:a2:23:9b:57:2d:92:25:cc:b7:fe:62:1c:80:bb:08:
+ e4:23:1d:9f:ad:5c:41:6d:27:b2:9d:d6:03:96:c6:22:f1:cb:
+ 87:04:c7:55:22:4b:88:6c:07:11:e6:d1:ca:0e:2a:5a:a4:9b:
+ ea:e4:90:ef:e5:ea:ae:a5:db:dd:dd:85:da:a3:80:1a:fb:91:
+ df:f3:8a:65:35:8f:a8:d4:65:51:b7:f7:f9:fb:b4:97:d8:a2:
+ 4d:04:4d:f5:89:d2:ed:ee:f4:2e:b4:ba:45:8f:36:1d:20:0a:
+ 89:c6:aa:be:39:1c:cb:e4:07:a1:d0:0e:c7:8c:b0:70:25:10:
+ 7e:cb:64:0d:1f:32:5e:b5:7b:c0:d9:15:e4:aa:a5:b3:5f:4a:
+ 91:0f:b5:b8:9e:a2:6b:f7:d7:73:35:dc:bc:e2:88:6e:b1:79:
+ 0c:f6:dd:e9:9a:fb:1a:45
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAZ+gAwIBAgIBIzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyNTkwMloXDTEw
+MDMxNjEyNTkwMlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
+rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
+sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
+j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3
+DQEBBQUAA4ICAQBWO7hcY+ud21XMAI5bKyuxF9TwpMr3uQI36ir/3zSguq+iR6WO
+Gvnrl1EWpWo1ID9aiiWYAHM+sckcnKIScr4/zuN+CcCMSuszTHd8XHzXIAegn0gd
++Zok4VD2Y8RucGUSUUd5xQ7ZwsX1aWc0pblkbjHtdltmdEEQNVhIQ+EpciXdZJuA
+AzGWotB1WAZmN8KG+0KmUDuMIuC5p7V9Nd9dWMrx6b5gbcwtctfGwY5Ib+1UBvox
+ksc0imQygkupIJ+MHS3B8TV3Ww998CoMqLLLhqzNnF2R33ix4cwe99p+PQFKhgeG
+n1A7aZHPPiLseuPIj/hp0vAW3rZc5PqJGt500/vfFh1G1H22dIrr/L/Agjsdw69v
+tRLyxswFRxLLTvZIudq92rDcPKWDKRF+Zn8eCF9+kBOlY8l2XpGyNzv/540Hqww0
+VxeNCZKGG2NowePI8VYZRlupGhOiI5tXLZIlzLf+YhyAuwjkIx2frVxBbSeyndYD
+lsYi8cuHBMdVIkuIbAcR5tHKDipapJvq5JDv5equpdvd3YXao4Aa+5Hf84plNY+o
+1GVRt/f5+7SX2KJNBE31idLt7vQutLpFjzYdIAqJxqq+ORzL5Aeh0A7HjLBwJRB+
+y2QNHzJetXvA2RXkqqWzX0qRD7W4nqJr99dzNdy84ohusXkM9t3pmvsaRQ==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 36 (0x24)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 12:59:24 2009 GMT
+ Not After : Mar 16 12:59:24 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
+ 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
+ cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
+ ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
+ 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
+ b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
+ ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
+ 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
+ c7:92:f2:b3:ba:6c:90:3d:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ OCSP No Check:
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 5c:26:43:01:d9:b4:43:ff:e0:3f:49:67:cd:a3:ea:1c:b3:75:
+ f9:12:d8:c8:0b:96:65:a5:bd:db:15:3c:d6:18:2c:00:59:2d:
+ 1c:17:a6:74:8d:48:03:70:9c:c9:70:00:74:81:0b:b6:5d:c3:
+ cf:41:ed:1b:1a:06:89:f7:e3:b0:61:33:bf:b9:9b:11:68:bb:
+ 30:50:c2:f5:13:40:84:42:b8:7d:9e:cb:03:03:8f:5c:7b:44:
+ 23:dc:e3:ed:dc:09:c6:d4:aa:23:19:50:bc:6c:2a:a9:f9:3b:
+ 55:e7:3d:34:aa:6e:96:7a:a5:72:95:9e:42:21:05:ca:98:1d:
+ 06:80:55:8e:b8:eb:d7:56:12:f9:84:c3:c9:2e:73:eb:fa:5b:
+ 15:f4:11:a5:95:b5:52:90:52:c7:0e:8c:7a:5d:30:34:2e:4b:
+ ca:98:91:19:cc:3b:88:5f:18:85:8f:0d:31:97:ee:2d:7c:d4:
+ 95:ea:b1:03:15:7d:f6:0a:64:bd:8f:b4:fd:7e:51:91:c2:6d:
+ 13:51:7c:0f:d8:6d:6e:a8:56:3a:73:a2:d9:9a:37:19:ce:31:
+ 8f:a2:b7:39:c9:5e:f0:8b:7d:fe:e4:19:9d:49:11:86:1c:d6:
+ 04:00:84:53:62:ee:94:f9:7c:b3:2d:db:5a:3c:3d:ce:e9:5f:
+ 76:52:c5:b8:b6:2b:02:52:8a:b2:5f:99:00:9b:12:36:77:d4:
+ 38:ad:8f:34:b3:7e:2b:6d:cf:34:7b:f3:62:79:4b:da:8f:54:
+ bd:cb:f9:d8:10:71:d7:dc:37:34:f9:2c:33:b9:33:b0:38:f8:
+ ec:6c:70:61:ad:37:92:28:71:a5:fe:08:54:9f:1d:6f:ba:28:
+ 1d:6b:a8:35:a4:09:06:73:b8:38:a4:32:48:a9:4b:a9:7c:32:
+ 0c:18:bd:4b:8f:e0:b6:d7:83:30:89:df:d2:da:5a:f6:5b:fa:
+ 84:5c:32:bf:1d:6d:1d:9e:d5:a9:a2:75:88:3d:4a:15:d8:cb:
+ 41:7d:ec:94:f1:18:f6:9f:7f:c6:75:1f:77:02:2f:7b:30:1e:
+ 56:b6:bd:b1:c6:d9:e9:44:71:bb:1c:74:a0:17:1a:da:10:4e:
+ 22:f1:e0:13:6e:ec:56:61:18:72:fe:81:a6:2d:47:c3:90:9a:
+ 3a:4d:06:97:9a:22:ef:f4:7c:37:d9:64:3b:6c:15:9f:fd:77:
+ cc:a9:77:ff:6a:7e:dd:06:0d:43:c5:a6:37:39:df:4d:a5:80:
+ ac:5d:f8:d5:7c:ca:90:a3:58:2b:b6:ea:ed:f1:c3:91:15:28:
+ e3:5e:c0:fb:f9:6e:18:de:63:df:43:a5:d3:8f:ae:4e:44:3c:
+ 4c:6c:92:40:1f:bd:d1:6a
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAZ+gAwIBAgIBJDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyNTkyNFoXDTEw
+MDMxNjEyNTkyNFowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
+rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
+sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
+j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3
+DQEBBQUAA4ICAQBcJkMB2bRD/+A/SWfNo+ocs3X5EtjIC5Zlpb3bFTzWGCwAWS0c
+F6Z0jUgDcJzJcAB0gQu2XcPPQe0bGgaJ9+OwYTO/uZsRaLswUML1E0CEQrh9nssD
+A49ce0Qj3OPt3AnG1KojGVC8bCqp+TtV5z00qm6WeqVylZ5CIQXKmB0GgFWOuOvX
+VhL5hMPJLnPr+lsV9BGllbVSkFLHDox6XTA0LkvKmJEZzDuIXxiFjw0xl+4tfNSV
+6rEDFX32CmS9j7T9flGRwm0TUXwP2G1uqFY6c6LZmjcZzjGPorc5yV7wi33+5Bmd
+SRGGHNYEAIRTYu6U+XyzLdtaPD3O6V92UsW4tisCUoqyX5kAmxI2d9Q4rY80s34r
+bc80e/NieUvaj1S9y/nYEHHX3Dc0+SwzuTOwOPjsbHBhrTeSKHGl/ghUnx1vuigd
+a6g1pAkGc7g4pDJIqUupfDIMGL1Lj+C214Mwid/S2lr2W/qEXDK/HW0dntWponWI
+PUoV2MtBfeyU8Rj2n3/GdR93Ai97MB5Wtr2xxtnpRHG7HHSgFxraEE4i8eATbuxW
+YRhy/oGmLUfDkJo6TQaXmiLv9Hw32WQ7bBWf/XfMqXf/an7dBg1DxaY3Od9NpYCs
+XfjVfMqQo1grturt8cORFSjjXsD7+W4Y3mPfQ6XTj65ORDxMbJJAH73Rag==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 37 (0x25)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 12:59:41 2009 GMT
+ Not After : Mar 16 12:59:41 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
+ 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
+ cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
+ ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
+ 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
+ b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
+ ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
+ 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
+ c7:92:f2:b3:ba:6c:90:3d:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ OCSP No Check:
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 26:92:48:59:3d:33:df:db:c5:57:57:5a:6e:1d:b0:33:bc:83:
+ c5:27:d8:97:dc:a7:96:24:19:d8:58:8b:7d:9b:e7:80:89:6a:
+ e2:7c:fe:68:6e:11:3d:83:40:65:01:f1:44:58:20:9a:3b:14:
+ c6:66:ed:1b:e4:86:46:fb:81:6b:b1:9d:0c:4a:0b:5d:90:c6:
+ d0:08:0a:3d:b2:45:31:a1:aa:0f:e9:be:f2:5f:03:31:70:10:
+ 55:c8:6e:d8:df:ca:9b:3e:77:f5:c5:c0:87:e0:8e:f2:16:c2:
+ d5:35:a9:e6:c6:e7:15:e7:4d:db:f2:bd:01:8f:23:59:2b:36:
+ 5e:97:80:ec:02:47:60:a6:9f:a3:57:b8:d4:ef:81:9f:6b:c8:
+ 58:65:43:8a:47:c1:8d:1c:20:e5:1e:e1:ce:89:72:60:ec:63:
+ c2:96:11:0e:be:98:d3:8f:85:b7:33:28:fb:d5:57:4e:96:3f:
+ 2b:1c:d6:65:e7:ad:82:67:d8:ca:82:be:a7:74:7b:87:02:8b:
+ de:70:aa:d3:77:e7:6d:e4:97:02:24:07:ea:03:40:de:16:de:
+ 94:0c:7e:d9:f3:cc:37:ac:b9:39:ee:ea:b5:4b:ee:21:00:9c:
+ 0a:54:cf:bd:35:dd:92:71:8b:98:4d:9b:f9:4e:40:b1:d2:bb:
+ 9c:5c:98:53:dc:7f:13:e5:c6:21:b8:c5:42:81:f0:10:bc:a6:
+ 0d:b7:53:9b:38:67:82:85:2d:bd:87:20:f6:e0:4c:06:a0:b8:
+ 30:a6:74:b2:ee:43:31:95:53:02:ad:c0:88:83:d0:70:d1:af:
+ b4:97:66:d1:00:c9:c5:d2:a7:d1:be:b1:fb:1b:75:86:a1:ef:
+ 0d:c2:78:77:ae:d5:aa:e9:2c:66:80:f7:04:7c:b9:f5:cd:32:
+ cf:c2:a2:11:9f:34:39:ec:ee:e0:fe:80:c4:34:24:c3:1c:43:
+ 3b:44:d2:55:44:55:28:ef:38:bd:07:37:ad:fd:92:2e:1b:96:
+ 0d:0a:08:84:a6:74:4c:c3:99:0b:11:36:4e:04:47:6a:82:b3:
+ 45:c7:73:7c:9e:9f:a3:46:c2:b5:26:21:21:8d:04:31:79:db:
+ b6:71:b0:1b:7f:3c:9b:eb:07:cc:0d:c2:44:20:48:91:1d:b3:
+ 2a:34:4f:b9:f3:4e:6f:86:46:83:3c:56:ab:87:8f:bf:e6:15:
+ 60:4d:d3:d9:56:0e:9c:eb:86:ea:df:2d:1c:5e:9b:c7:38:ec:
+ c5:db:22:b7:92:55:2b:ba:3e:3f:da:09:5e:82:ab:9a:fe:bb:
+ 2b:ac:11:f3:b9:d8:8f:aa:35:66:d3:cd:bc:5b:69:11:e6:06:
+ 31:92:07:a2:3f:86:26:43
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAZ+gAwIBAgIBJTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyNTk0MVoXDTEw
+MDMxNjEyNTk0MVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
+rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
+sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
+j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3
+DQEBBQUAA4ICAQAmkkhZPTPf28VXV1puHbAzvIPFJ9iX3KeWJBnYWIt9m+eAiWri
+fP5obhE9g0BlAfFEWCCaOxTGZu0b5IZG+4FrsZ0MSgtdkMbQCAo9skUxoaoP6b7y
+XwMxcBBVyG7Y38qbPnf1xcCH4I7yFsLVNanmxucV503b8r0BjyNZKzZel4DsAkdg
+pp+jV7jU74Gfa8hYZUOKR8GNHCDlHuHOiXJg7GPClhEOvpjTj4W3Myj71VdOlj8r
+HNZl562CZ9jKgr6ndHuHAovecKrTd+dt5JcCJAfqA0DeFt6UDH7Z88w3rLk57uq1
+S+4hAJwKVM+9Nd2ScYuYTZv5TkCx0rucXJhT3H8T5cYhuMVCgfAQvKYNt1ObOGeC
+hS29hyD24EwGoLgwpnSy7kMxlVMCrcCIg9Bw0a+0l2bRAMnF0qfRvrH7G3WGoe8N
+wnh3rtWq6SxmgPcEfLn1zTLPwqIRnzQ57O7g/oDENCTDHEM7RNJVRFUo7zi9Bzet
+/ZIuG5YNCgiEpnRMw5kLETZOBEdqgrNFx3N8np+jRsK1JiEhjQQxedu2cbAbfzyb
+6wfMDcJEIEiRHbMqNE+5805vhkaDPFarh4+/5hVgTdPZVg6c64bq3y0cXpvHOOzF
+2yK3klUruj4/2glegqua/rsrrBHzudiPqjVm0828W2kR5gYxkgeiP4YmQw==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 38 (0x26)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 14:04:29 2009 GMT
+ Not After : Mar 16 14:04:29 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Responder certificate with nocheck ext. field
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c3:69:f4:12:34:1b:04:51:33:26:84:9e:5a:fe:
+ 2b:d7:d8:eb:6a:14:af:e5:58:68:a5:71:e4:5e:8a:
+ 55:dc:69:71:14:3f:16:48:b1:52:ee:22:05:fd:2a:
+ e7:6e:ce:f1:24:49:f0:06:3d:f5:ed:6c:ed:26:11:
+ 93:93:4e:08:05:91:26:b9:22:e8:77:8b:6f:50:a5:
+ db:14:28:2c:c2:94:86:d2:64:11:0e:8a:51:eb:54:
+ 3b:5a:1f:70:0a:b2:5c:e2:b2:62:99:30:7c:8c:71:
+ f6:08:28:4f:d9:38:38:38:f3:82:cd:3a:ed:57:5c:
+ c9:d2:bc:47:fa:96:24:2e:d5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ OCSP No Check:
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 41:77:99:bc:20:b3:78:98:b9:5c:ce:5b:21:0c:27:40:77:3c:
+ 98:1e:f0:b6:2e:5f:70:f1:80:b1:bc:7b:fb:02:4d:86:a8:e9:
+ 0c:fb:d9:ec:f4:f6:bb:33:8b:f4:f4:6d:21:f7:08:5a:aa:5c:
+ ab:bf:05:c6:7f:4f:65:b7:c9:85:77:35:67:37:f9:a3:78:d8:
+ 7c:40:ca:2d:f6:17:f0:14:47:78:82:3b:ed:58:0b:b1:2d:69:
+ 47:ee:39:35:17:04:94:2a:d6:57:d7:85:4b:76:a7:bc:38:31:
+ 7f:a2:65:fe:e5:f5:7c:de:61:ee:ef:58:06:a1:3f:c1:49:cf:
+ e6:83:94:6a:42:d3:c4:f8:d7:51:2d:7c:1c:1e:3c:43:77:6b:
+ c9:64:aa:ca:30:94:ec:05:84:0e:54:6d:1d:95:74:82:88:90:
+ 45:f9:25:83:23:2c:51:98:2e:91:6d:06:77:19:97:58:88:54:
+ 5c:99:e3:71:c2:97:93:b5:5d:d2:c7:58:a7:f7:ec:b2:18:b1:
+ d5:b7:13:59:9f:d9:cf:5c:b2:48:a9:55:ec:25:2c:67:e2:f4:
+ b1:12:7f:18:a7:35:28:c3:fd:29:d2:84:f5:91:4e:57:a4:27:
+ 42:37:a2:2d:ea:ae:a1:c8:c3:0a:b5:ee:60:b0:c3:6e:df:e3:
+ 0c:33:65:06:21:89:51:83:7a:24:4a:e8:79:48:1d:a5:d4:35:
+ dd:3f:c8:46:9b:77:8f:3e:28:26:a2:08:aa:72:9d:a4:12:05:
+ ae:5b:2c:e9:28:3d:6d:87:0c:ed:c1:74:19:c9:c5:67:34:bf:
+ 6e:cb:9f:3c:2e:12:b2:57:80:b3:bd:97:8d:16:ba:2a:7f:28:
+ 9d:66:6f:78:c4:a3:26:81:07:68:3f:8c:ca:08:cc:3a:0e:de:
+ 0d:6d:c6:c8:c9:9e:b0:a0:aa:89:b9:a3:96:a8:31:65:2b:bf:
+ fe:01:b9:26:9e:27:31:b6:c9:28:a9:f3:0c:bd:26:c5:b2:8d:
+ 35:9b:50:6e:e0:38:76:2f:7a:44:a2:7d:54:c5:fa:bf:0b:d8:
+ 0c:ae:97:ed:64:b9:0d:42:07:87:4b:e7:f2:bb:77:1e:19:61:
+ 47:3d:7b:bc:a7:9b:b7:d1:d9:2a:de:ec:f8:6d:f2:0b:1e:21:
+ 2f:8b:9b:6e:67:07:06:df:fb:30:83:4f:67:7d:d2:b0:9a:2c:
+ 0d:06:d0:9e:08:51:f2:e4:3f:56:ff:ec:32:d6:08:52:3e:00:
+ 16:b1:8c:8a:8d:01:3f:12:6b:df:53:e8:2d:1d:4c:e5:72:86:
+ 96:cf:2b:40:d7:2f:d0:e7:9f:ce:19:a1:65:30:cd:1a:82:fa:
+ 5a:c5:2d:a0:0a:5f:18:2a
+-----BEGIN CERTIFICATE-----
+MIID1jCCAb6gAwIBAgIBJjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjE0MDQyOVoXDTEw
+MDMxNjE0MDQyOVowcjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xNjA0BgNVBAMTLVJlc3BvbmRlciBjZXJ0
+aWZpY2F0ZSB3aXRoIG5vY2hlY2sgZXh0LiBmaWVsZDCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAw2n0EjQbBFEzJoSeWv4r19jrahSv5VhopXHkXopV3GlxFD8W
+SLFS7iIF/Srnbs7xJEnwBj317WztJhGTk04IBZEmuSLod4tvUKXbFCgswpSG0mQR
+DopR61Q7Wh9wCrJc4rJimTB8jHH2CChP2Tg4OPOCzTrtV1zJ0rxH+pYkLtUCAwEA
+AaMTMBEwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQUFAAOCAgEAQXeZvCCz
+eJi5XM5bIQwnQHc8mB7wti5fcPGAsbx7+wJNhqjpDPvZ7PT2uzOL9PRtIfcIWqpc
+q78Fxn9PZbfJhXc1Zzf5o3jYfEDKLfYX8BRHeII77VgLsS1pR+45NRcElCrWV9eF
+S3anvDgxf6Jl/uX1fN5h7u9YBqE/wUnP5oOUakLTxPjXUS18HB48Q3dryWSqyjCU
+7AWEDlRtHZV0goiQRfklgyMsUZgukW0GdxmXWIhUXJnjccKXk7Vd0sdYp/fsshix
+1bcTWZ/Zz1yySKlV7CUsZ+L0sRJ/GKc1KMP9KdKE9ZFOV6QnQjeiLequocjDCrXu
+YLDDbt/jDDNlBiGJUYN6JEroeUgdpdQ13T/IRpt3jz4oJqIIqnKdpBIFrlss6Sg9
+bYcM7cF0GcnFZzS/bsufPC4SsleAs72XjRa6Kn8onWZveMSjJoEHaD+MygjMOg7e
+DW3GyMmesKCqibmjlqgxZSu//gG5Jp4nMbbJKKnzDL0mxbKNNZtQbuA4di96RKJ9
+VMX6vwvYDK6X7WS5DUIHh0vn8rt3HhlhRz17vKebt9HZKt7s+G3yCx4hL4ubbmcH
+Bt/7MINPZ33SsJosDQbQnghR8uQ/Vv/sMtYIUj4AFrGMio0BPxJr31PoLR1M5XKG
+ls8rQNcv0OefzhmhZTDNGoL6WsUtoApfGCo=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 39 (0x27)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 23:06:11 2009 GMT
+ Not After : Mar 14 23:06:11 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Responder certificate with nocheck ext. field
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c3:69:f4:12:34:1b:04:51:33:26:84:9e:5a:fe:
+ 2b:d7:d8:eb:6a:14:af:e5:58:68:a5:71:e4:5e:8a:
+ 55:dc:69:71:14:3f:16:48:b1:52:ee:22:05:fd:2a:
+ e7:6e:ce:f1:24:49:f0:06:3d:f5:ed:6c:ed:26:11:
+ 93:93:4e:08:05:91:26:b9:22:e8:77:8b:6f:50:a5:
+ db:14:28:2c:c2:94:86:d2:64:11:0e:8a:51:eb:54:
+ 3b:5a:1f:70:0a:b2:5c:e2:b2:62:99:30:7c:8c:71:
+ f6:08:28:4f:d9:38:38:38:f3:82:cd:3a:ed:57:5c:
+ c9:d2:bc:47:fa:96:24:2e:d5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ OCSP No Check:
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 69:71:40:12:af:e4:be:42:52:ff:7a:a8:bf:e3:41:f2:2b:75:
+ 0d:22:10:e8:d6:1e:d3:c0:bb:90:7f:76:46:92:a9:63:2b:50:
+ 74:c8:73:c4:7b:0e:a0:b7:ed:5c:20:06:18:64:1b:7b:82:21:
+ a7:82:bc:c0:33:53:8b:5f:68:c7:de:5f:95:31:52:93:5d:0f:
+ 78:4c:ff:50:2f:e0:57:ba:f5:49:cb:94:ba:34:85:e9:f1:10:
+ 76:27:66:6d:d6:46:f6:9d:51:2d:04:96:b5:78:f7:c6:1b:25:
+ b4:0a:e7:89:f4:9f:a5:33:92:51:00:86:97:0f:47:cc:3a:8d:
+ 5e:3a:c2:ad:51:48:7e:7a:03:7a:d1:a7:6d:14:8a:64:f9:5a:
+ e1:1c:cb:82:e1:42:f3:8c:dc:87:8e:9b:c8:e4:68:3c:26:eb:
+ 0a:19:c8:1c:71:88:7e:c9:66:f7:fe:1a:ee:3a:52:1b:54:60:
+ 95:e8:37:e6:0d:b3:8b:bf:02:07:e7:f8:16:64:f9:34:50:8c:
+ bd:54:e5:d1:0b:a8:5f:59:79:de:2a:ea:44:92:be:3e:b2:0d:
+ cd:fa:df:d3:93:10:c9:ef:40:d3:31:a7:06:e3:39:15:68:5d:
+ d7:94:4f:96:69:8e:13:8d:f3:fb:79:eb:33:50:1e:af:fa:c3:
+ d8:81:47:1b:89:05:39:62:ea:c4:ef:f7:15:29:e2:43:f2:66:
+ 93:51:20:12:10:17:c9:c7:f3:7c:e0:fd:59:dc:38:ca:b2:f5:
+ fd:fe:5d:f8:9a:83:70:72:b9:e1:6b:a6:60:db:9d:a3:58:3e:
+ 5e:73:a4:ce:18:12:ba:dc:56:72:f8:b4:d8:4c:e8:d9:9c:5e:
+ cf:d1:76:56:7e:2e:33:9d:1a:80:eb:dd:7c:69:c0:9c:d3:5c:
+ 5c:d3:a2:89:7c:44:87:66:10:6e:f9:90:b6:72:58:90:77:48:
+ ea:56:25:52:e3:c6:bd:3c:95:99:ae:fd:2a:f7:b2:1f:87:bc:
+ af:93:ba:2d:0f:1a:ff:7e:90:3b:ae:63:96:9e:68:97:32:16:
+ ed:b8:ce:7d:48:f2:b9:83:fc:24:dc:34:1a:34:a4:19:80:78:
+ ec:b2:6c:a0:e8:15:37:1e:8d:fa:b9:62:a2:25:5d:d3:14:50:
+ f6:68:4b:09:b3:12:ac:cc:63:bb:2b:e6:2a:33:ee:c7:1c:c6:
+ 64:14:47:e2:c3:29:26:ba:f9:e8:2e:34:c1:cc:9e:3b:2d:57:
+ cd:f7:fe:fb:d8:13:65:5c:42:a8:71:61:df:d7:ae:16:71:7f:
+ fd:fb:66:d6:a2:92:52:e9:cb:65:03:7d:13:8c:bc:d4:5a:1a:
+ c0:55:0d:5f:1c:85:a0:1e
+-----BEGIN CERTIFICATE-----
+MIID1jCCAb6gAwIBAgIBJzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjIzMDYxMVoXDTE5
+MDMxNDIzMDYxMVowcjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xNjA0BgNVBAMTLVJlc3BvbmRlciBjZXJ0
+aWZpY2F0ZSB3aXRoIG5vY2hlY2sgZXh0LiBmaWVsZDCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAw2n0EjQbBFEzJoSeWv4r19jrahSv5VhopXHkXopV3GlxFD8W
+SLFS7iIF/Srnbs7xJEnwBj317WztJhGTk04IBZEmuSLod4tvUKXbFCgswpSG0mQR
+DopR61Q7Wh9wCrJc4rJimTB8jHH2CChP2Tg4OPOCzTrtV1zJ0rxH+pYkLtUCAwEA
+AaMTMBEwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQUFAAOCAgEAaXFAEq/k
+vkJS/3qov+NB8it1DSIQ6NYe08C7kH92RpKpYytQdMhzxHsOoLftXCAGGGQbe4Ih
+p4K8wDNTi19ox95flTFSk10PeEz/UC/gV7r1ScuUujSF6fEQdidmbdZG9p1RLQSW
+tXj3xhsltArnifSfpTOSUQCGlw9HzDqNXjrCrVFIfnoDetGnbRSKZPla4RzLguFC
+84zch46byORoPCbrChnIHHGIfslm9/4a7jpSG1Rgleg35g2zi78CB+f4FmT5NFCM
+vVTl0QuoX1l53irqRJK+PrINzfrf05MQye9A0zGnBuM5FWhd15RPlmmOE43z+3nr
+M1Aer/rD2IFHG4kFOWLqxO/3FSniQ/Jmk1EgEhAXycfzfOD9Wdw4yrL1/f5d+JqD
+cHK54WumYNudo1g+XnOkzhgSutxWcvi02Ezo2Zxez9F2Vn4uM50agOvdfGnAnNNc
+XNOiiXxEh2YQbvmQtnJYkHdI6lYlUuPGvTyVma79KveyH4e8r5O6LQ8a/36QO65j
+lp5olzIW7bjOfUjyuYP8JNw0GjSkGYB47LJsoOgVNx6N+rlioiVd0xRQ9mhLCbMS
+rMxjuyvmKjPuxxzGZBRH4sMpJrr56C40wcyeOy1Xzff++9gTZVxCqHFh39euFnF/
+/ftm1qKSUunLZQN9E4y81FoawFUNXxyFoB4=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 40 (0x28)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 23:08:54 2009 GMT
+ Not After : Mar 14 23:08:54 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder's certificate with delegation
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d0:8a:8e:73:c5:57:a8:03:b0:2c:1f:05:05:36:
+ 1b:90:89:db:48:b2:cd:e8:ea:02:95:d8:30:c3:c6:
+ 3e:6a:8c:19:70:0c:a7:cb:a6:07:df:ec:42:c9:dc:
+ 18:cf:ef:73:cd:d1:eb:51:c0:bd:0e:51:63:6f:a3:
+ ce:26:a0:02:da:32:a3:65:36:ad:42:02:85:9b:df:
+ 9e:0a:51:41:93:f9:02:ff:f0:63:be:38:2e:b9:d9:
+ 07:db:3c:81:23:4f:2a:0d:24:50:6e:e2:ef:59:f4:
+ 91:3a:fb:fd:55:19:4b:49:71:08:bd:f9:2d:ea:64:
+ 82:f6:1a:ca:46:60:ac:de:e5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Extended Key Usage:
+ OCSP Signing
+ OCSP No Check:
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 05:a1:04:c7:55:71:a8:52:04:d6:60:f3:37:08:15:50:86:71:
+ bf:8e:9e:9b:60:50:6e:57:1e:b1:30:3a:e0:8a:e0:74:90:c0:
+ be:97:78:f1:8b:52:f3:6b:e6:45:38:a5:7b:e2:47:2d:5c:80:
+ 15:e7:74:b2:b1:66:db:eb:96:67:7c:01:8b:5e:c1:c2:59:33:
+ 2e:62:a9:a3:7f:c7:b8:07:ee:27:22:83:11:e3:e9:b9:59:a5:
+ 1f:27:1f:6f:b9:34:c5:c2:ae:d5:cd:59:59:28:05:78:ff:0f:
+ 18:6a:c8:22:5b:40:06:0b:a9:ee:8c:e5:44:04:59:a0:f2:42:
+ e8:52:a4:ec:45:78:1e:b4:cf:02:e5:b5:31:d2:f4:93:15:58:
+ bc:02:a6:b0:01:5a:d9:72:eb:80:64:e9:f1:d5:38:69:f4:1a:
+ 4d:7c:78:d7:ba:9e:ca:41:22:a6:09:c2:7e:fe:90:20:7f:72:
+ ae:ca:76:30:39:e5:1e:70:63:bc:68:e4:ee:0f:e7:7a:b0:cf:
+ c4:70:26:b8:dd:4e:9f:9f:75:11:05:be:d8:17:95:c1:75:ac:
+ e6:91:f7:b8:8e:93:f3:45:c1:9d:10:10:71:69:92:6d:f1:b8:
+ 73:18:ed:02:84:6d:ab:6c:cc:91:be:ac:3c:61:39:48:74:e2:
+ 27:b9:16:5e:02:6c:c4:1b:35:a2:68:24:44:5c:4e:37:58:6d:
+ f3:a4:e9:6a:d9:56:92:6d:05:6e:e1:f3:f5:7b:11:40:4b:2b:
+ 13:32:e5:18:5b:62:64:1a:17:9f:91:fd:0c:95:54:02:09:6f:
+ 48:ea:c8:ae:7e:24:bb:a8:b1:33:c8:98:50:90:8d:b2:5b:21:
+ 1e:af:d2:78:ae:87:a7:32:82:3d:aa:9d:66:0d:92:59:02:8c:
+ 3f:73:43:76:74:58:f9:95:fd:5c:90:31:d7:c7:7a:2a:fb:e0:
+ bb:b8:50:62:3c:44:09:34:dd:68:10:11:be:c6:c3:65:a4:e8:
+ e3:9d:0f:59:a2:a7:e5:d5:97:8b:48:a0:d4:30:31:aa:9e:4b:
+ e2:30:ed:06:72:c8:97:0d:6a:70:a8:c9:ca:9c:d4:f1:57:0b:
+ bf:24:43:7e:b7:a1:a5:91:af:ac:ae:f5:c6:8b:ef:aa:61:e5:
+ c4:7d:37:31:a0:5f:e9:45:9d:d8:08:b9:15:da:16:2a:16:77:
+ c7:82:0e:02:6e:9b:ec:25:f3:8f:8d:11:41:0b:56:a9:7b:1d:
+ 0f:f3:be:fa:46:ee:cb:80:3b:09:1f:85:90:70:ed:1d:e3:65:
+ f4:81:3f:ef:86:32:6c:9c:b0:35:e2:73:41:fb:0c:0c:2d:2d:
+ cb:45:0e:73:d3:39:98:36
+-----BEGIN CERTIFICATE-----
+MIID6jCCAdKgAwIBAgIBKDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjIzMDg1NFoXDTE5
+MDMxNDIzMDg1NFowcTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xNTAzBgNVBAMTLE9DU1AgUmVzcG9uZGVy
+J3MgY2VydGlmaWNhdGUgd2l0aCBkZWxlZ2F0aW9uMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDQio5zxVeoA7AsHwUFNhuQidtIss3o6gKV2DDDxj5qjBlwDKfL
+pgff7ELJ3BjP73PN0etRwL0OUWNvo84moALaMqNlNq1CAoWb354KUUGT+QL/8GO+
+OC652QfbPIEjTyoNJFBu4u9Z9JE6+/1VGUtJcQi9+S3qZIL2GspGYKze5QIDAQAB
+oygwJjATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMA0GCSqG
+SIb3DQEBBQUAA4ICAQAFoQTHVXGoUgTWYPM3CBVQhnG/jp6bYFBuVx6xMDrgiuB0
+kMC+l3jxi1Lza+ZFOKV74kctXIAV53SysWbb65ZnfAGLXsHCWTMuYqmjf8e4B+4n
+IoMR4+m5WaUfJx9vuTTFwq7VzVlZKAV4/w8YasgiW0AGC6nujOVEBFmg8kLoUqTs
+RXgetM8C5bUx0vSTFVi8AqawAVrZcuuAZOnx1Thp9BpNfHjXup7KQSKmCcJ+/pAg
+f3KuynYwOeUecGO8aOTuD+d6sM/EcCa43U6fn3URBb7YF5XBdazmkfe4jpPzRcGd
+EBBxaZJt8bhzGO0ChG2rbMyRvqw8YTlIdOInuRZeAmzEGzWiaCREXE43WG3zpOlq
+2VaSbQVu4fP1exFASysTMuUYW2JkGhefkf0MlVQCCW9I6siufiS7qLEzyJhQkI2y
+WyEer9J4roenMoI9qp1mDZJZAow/c0N2dFj5lf1ckDHXx3oq++C7uFBiPEQJNN1o
+EBG+xsNlpOjjnQ9Zoqfl1ZeLSKDUMDGqnkviMO0GcsiXDWpwqMnKnNTxVwu/JEN+
+t6Glka+srvXGi++qYeXEfTcxoF/pRZ3YCLkV2hYqFnfHgg4CbpvsJfOPjRFBC1ap
+ex0P8776Ru7LgDsJH4WQcO0d42X0gT/vhjJsnLA14nNB+wwMLS3LRQ5z0zmYNg==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 41 (0x29)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 23:32:11 2009 GMT
+ Not After : Mar 14 23:32:11 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Seventh OCSP Client certificate
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ab:f9:60:ff:9d:55:0f:31:12:2c:f2:df:64:22:
+ fb:c0:97:1d:e4:13:fb:d7:15:37:5d:b9:2d:97:37:
+ c4:e8:34:cb:00:85:22:4d:8a:85:80:a1:ae:90:5e:
+ 71:bf:6d:0d:a3:c3:8d:ce:47:58:60:25:bb:9c:95:
+ 0a:0b:cd:23:01:ae:18:be:d5:65:bd:8b:55:bf:ee:
+ 59:8a:db:20:bd:f9:f3:ac:53:2e:09:99:fb:27:7d:
+ 23:8b:f6:96:d9:41:37:0a:43:16:1f:f9:5d:84:b3:
+ 3b:79:45:ff:dd:b2:35:99:c0:db:85:24:22:a8:7e:
+ ff:e0:8b:f2:d8:ca:3e:ae:e5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:86/0008
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 08:02:c2:09:8a:f6:f1:d7:9e:d3:30:dc:ce:97:fc:84:bd:5b:
+ ae:60:39:82:0a:06:38:43:1e:55:de:83:11:d3:12:e0:81:76:
+ fd:5c:6e:9e:30:73:6d:8f:b2:32:a6:60:24:24:ee:e3:fd:73:
+ 10:12:e6:c7:23:6b:1f:4e:b5:52:e3:12:09:ee:dd:19:d2:b4:
+ a6:34:e6:14:3c:79:58:95:4b:25:e3:f6:97:d2:cc:20:93:48:
+ 1f:d5:2f:37:db:15:bf:f4:71:ad:04:bd:95:80:57:a5:49:bb:
+ aa:ca:f3:ff:af:62:dd:f9:94:75:38:59:6c:74:ef:ac:1e:19:
+ 60:6d:4b:be:f7:62:2f:c6:68:b9:c4:fc:8a:fd:9f:b2:4d:44:
+ 87:12:51:6e:7d:5f:41:2c:ea:e6:9c:3c:bd:cf:dc:aa:14:b2:
+ 34:16:e0:38:b3:8c:f4:d7:68:1f:6c:cc:3c:da:30:32:8e:58:
+ 5b:9a:bf:75:7a:38:a3:cf:60:6f:74:cc:a6:c1:55:f6:96:84:
+ 98:04:db:b1:07:d6:f6:06:11:af:c2:fb:81:a4:77:04:4d:55:
+ 9d:c4:28:d4:3c:d0:97:a0:f8:d4:18:59:cc:23:3a:b3:c0:82:
+ ad:1d:e2:4c:e4:da:24:73:cd:77:ab:db:22:07:94:d1:16:26:
+ 27:82:e2:d5:82:f9:e1:29:fb:8f:9e:88:a2:1b:5c:8b:31:3c:
+ c6:1c:ae:16:31:28:f8:e2:5c:9d:e9:e8:d7:d9:fe:0a:39:3f:
+ fa:65:20:53:5e:20:32:4b:b8:a8:4b:a8:b8:e8:f1:3f:0a:80:
+ 7d:b4:8c:1b:e6:54:d3:02:d6:56:a3:a6:4e:87:9a:51:ed:0d:
+ 52:9b:e1:66:c8:64:c8:95:55:08:aa:f9:c0:9d:5a:89:03:21:
+ 6b:29:96:f8:42:64:6a:3f:d5:92:d5:13:00:6c:89:38:ea:01:
+ 0d:28:3b:a0:12:e1:cf:cf:fd:10:5e:a3:9b:67:0b:3e:a7:17:
+ 7a:de:76:25:26:54:db:0f:a8:f9:e9:50:f0:1e:9a:0d:ad:d6:
+ ad:63:32:be:c0:bb:7a:66:be:c9:d3:f2:1e:48:c3:f5:2b:15:
+ 4d:39:cc:88:32:65:97:99:01:41:12:07:4e:d7:1d:af:fa:46:
+ 29:93:02:70:ed:df:89:a3:d5:50:1c:07:ed:df:f8:5c:d6:11:
+ c6:1a:32:e6:2b:e7:49:d8:82:16:dd:41:5d:13:9c:a0:00:68:
+ 82:54:f8:5e:2a:81:3e:fe:0b:bf:6e:de:e2:b4:4f:09:31:74:
+ 4d:6a:2d:b7:a9:0a:54:f4:a7:1f:63:8a:6e:73:bc:e3:38:9e:
+ b8:26:e5:f6:8a:dd:ad:14
+-----BEGIN CERTIFICATE-----
+MIID7TCCAdWgAwIBAgIBKTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjIzMzIxMVoXDTE5
+MDMxNDIzMzIxMVowZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xKDAmBgNVBAMTH1NldmVudGggT0NTUCBD
+bGllbnQgY2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKv5
+YP+dVQ8xEizy32Qi+8CXHeQT+9cVN125LZc3xOg0ywCFIk2KhYChrpBecb9tDaPD
+jc5HWGAlu5yVCgvNIwGuGL7VZb2LVb/uWYrbIL3586xTLgmZ+yd9I4v2ltlBNwpD
+Fh/5XYSzO3lF/92yNZnA24UkIqh+/+CL8tjKPq7lAgMBAAGjODA2MDQGCCsGAQUF
+BwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovLzEyNy4wLjAuMTo4Ni8wMDA4MA0G
+CSqGSIb3DQEBBQUAA4ICAQAIAsIJivbx157TMNzOl/yEvVuuYDmCCgY4Qx5V3oMR
+0xLggXb9XG6eMHNtj7IypmAkJO7j/XMQEubHI2sfTrVS4xIJ7t0Z0rSmNOYUPHlY
+lUsl4/aX0swgk0gf1S832xW/9HGtBL2VgFelSbuqyvP/r2Ld+ZR1OFlsdO+sHhlg
+bUu+92Ivxmi5xPyK/Z+yTUSHElFufV9BLOrmnDy9z9yqFLI0FuA4s4z012gfbMw8
+2jAyjlhbmr91ejijz2BvdMymwVX2loSYBNuxB9b2BhGvwvuBpHcETVWdxCjUPNCX
+oPjUGFnMIzqzwIKtHeJM5Nokc813q9siB5TRFiYnguLVgvnhKfuPnoiiG1yLMTzG
+HK4WMSj44lyd6ejX2f4KOT/6ZSBTXiAyS7ioS6i46PE/CoB9tIwb5lTTAtZWo6ZO
+h5pR7Q1Sm+FmyGTIlVUIqvnAnVqJAyFrKZb4QmRqP9WS1RMAbIk46gENKDugEuHP
+z/0QXqObZws+pxd63nYlJlTbD6j56VDwHpoNrdatYzK+wLt6Zr7J0/IeSMP1KxVN
+OcyIMmWXmQFBEgdO1x2v+kYpkwJw7d+Jo9VQHAft3/hc1hHGGjLmK+dJ2IIW3UFd
+E5ygAGiCVPheKoE+/gu/bt7itE8JMXRNai23qQpU9KcfY4puc7zjOJ64JuX2it2t
+FA==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 42 (0x2a)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Jun 20 08:21:47 2009 GMT
+ Not After : Jun 18 08:21:47 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First Test Certificate
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:cf:0f:cf:a5:08:18:bf:8b:6c:2c:3c:55:fe:02:
+ 43:b7:a8:af:45:a3:4a:28:63:d1:da:26:7a:c2:0d:
+ f8:58:a5:73:c5:db:b8:fb:62:47:ea:17:7b:25:6b:
+ d1:8c:e2:74:96:f4:6b:e5:49:3b:b3:e5:6a:63:36:
+ 19:f8:3c:d8:4b:9c:14:9d:2b:6a:71:cc:3a:9f:b9:
+ d5:db:60:8e:44:40:d7:12:53:52:e5:71:41:c8:bf:
+ ec:0d:9c:5b:7c:8e:ac:99:47:65:50:e5:f8:95:3e:
+ 8a:3c:99:d9:75:47:73:51:f4:fd:36:46:ed:1a:77:
+ 10:ce:1d:01:0c:86:6b:23:ff
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 25:0C:EC:1F:D6:1A:A2:95:AF:C1:A3:DA:EF:B1:F3:BE:62:F3:10:6C
+ X509v3 Authority Key Identifier:
+ DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA
+ serial:F2:5B:40:5B:C2:B7:D0:64
+
+ Signature Algorithm: sha256WithRSAEncryption
+ b1:3e:50:ff:5f:32:b2:09:6b:52:98:07:5a:78:7f:fe:12:6f:
+ 87:25:d4:bc:96:45:07:31:e0:ae:52:d1:9e:04:d8:05:84:cf:
+ e2:e5:82:01:b5:46:ce:4e:47:d6:ef:87:7c:37:d6:67:99:ab:
+ ad:4d:70:eb:98:fe:31:f1:f8:e9:a2:c5:40:4f:a6:c4:79:15:
+ 64:d3:64:d2:3f:05:b5:08:16:88:46:22:72:86:a1:8e:ef:df:
+ 67:25:d7:74:bd:01:04:b8:70:00:0d:9d:36:d0:9e:3a:4b:7e:
+ 0d:3d:9e:3d:ce:fb:47:ee:7d:5b:b9:c1:65:2b:4c:ef:26:89:
+ ed:1b:bc:17:4a:63:41:b3:99:e7:c5:4d:d5:31:af:d7:4b:3b:
+ 37:ce:99:da:8f:53:20:40:14:95:14:09:61:ba:9c:c0:1b:66:
+ 7c:e7:e3:4c:28:c6:48:e8:6c:02:55:3c:44:18:d1:29:88:7b:
+ ff:30:e5:be:ee:8e:da:95:fe:04:c2:c8:a1:ce:81:46:b9:bb:
+ b2:3d:ad:af:a9:e3:a8:c1:8f:d8:51:48:d1:c6:e9:c8:c8:94:
+ 6f:7c:b0:fc:92:04:d0:8f:30:30:f1:a3:d0:f8:dc:aa:52:2c:
+ 1f:bd:f3:67:ac:97:6e:0d:1a:82:c1:a2:30:9e:d3:95:74:47:
+ b5:49:c8:73:7a:c6:73:20:18:7a:98:8f:c1:3e:5f:1a:04:33:
+ 9b:ff:e0:ab:9e:f8:ca:92:bc:e8:94:b8:ce:87:89:75:e6:49:
+ bd:d5:7f:1f:44:b6:48:fc:02:4f:b5:25:f4:ff:53:98:5f:0f:
+ 95:52:d2:00:2a:41:85:cb:8d:f4:a1:a6:ef:68:ac:b5:fa:a7:
+ 94:91:cc:64:5c:30:43:01:90:84:eb:8f:66:3b:98:4c:42:43:
+ 3d:31:47:28:da:49:eb:e9:14:67:c5:81:f6:13:a3:c3:a5:ee:
+ c4:28:0e:52:ee:c7:b2:e6:f8:c3:79:63:12:45:c1:06:5b:94:
+ 48:f1:4c:32:c7:69:9d:6d:b3:0b:c5:98:93:f4:4b:c7:64:35:
+ 23:22:56:c7:fa:e3:0c:3b:39:cf:b4:ca:cf:d2:10:97:b3:95:
+ e4:f7:53:d3:cb:5e:43:82:d4:7c:e5:83:a4:cf:4e:0b:c8:16:
+ 35:5e:8a:2b:47:8a:6e:2f:98:02:d4:cc:9d:28:a9:95:ff:ab:
+ 73:df:01:c6:ff:df:7b:33:21:e0:db:81:8d:59:11:f0:f3:92:
+ f7:c5:8c:83:2e:22:55:dd:1f:78:5c:f7:a3:fc:de:99:8f:46:
+ 50:ff:75:db:bb:58:07:fa:01:c1:67:8c:18:c4:3f:2f:b7:41:
+ f7:ec:56:e7:1a:4b:e4:78
+-----BEGIN CERTIFICATE-----
+MIIEfjCCAmagAwIBAgIBKjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDYyMDA4MjE0N1oXDTE5
+MDYxODA4MjE0N1owWzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xHzAdBgNVBAMTFkZpcnN0IFRlc3QgQ2Vy
+dGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8Pz6UIGL+LbCw8
+Vf4CQ7eor0WjSihj0domesIN+Filc8XbuPtiR+oXeyVr0YzidJb0a+VJO7PlamM2
+Gfg82EucFJ0ranHMOp+51dtgjkRA1xJTUuVxQci/7A2cW3yOrJlHZVDl+JU+ijyZ
+2XVHc1H0/TZG7Rp3EM4dAQyGayP/AgMBAAGjgdEwgc4wCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFCUM7B/WGqKVr8Gj2u+x875i8xBsMHQGA1UdIwRtMGuhXqRcMFoxCzAJBgNV
+BAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMREwDwYDVQQHEwhTdXdvbi1TaTEW
+MBQGA1UEChMNU2Ftc3VuZyBFbGVjLjELMAkGA1UEAxMCQ0GCCQDyW0BbwrfQZDAN
+BgkqhkiG9w0BAQsFAAOCAgEAsT5Q/18ysglrUpgHWnh//hJvhyXUvJZFBzHgrlLR
+ngTYBYTP4uWCAbVGzk5H1u+HfDfWZ5mrrU1w65j+MfH46aLFQE+mxHkVZNNk0j8F
+tQgWiEYicoahju/fZyXXdL0BBLhwAA2dNtCeOkt+DT2ePc77R+59W7nBZStM7yaJ
+7Ru8F0pjQbOZ58VN1TGv10s7N86Z2o9TIEAUlRQJYbqcwBtmfOfjTCjGSOhsAlU8
+RBjRKYh7/zDlvu6O2pX+BMLIoc6BRrm7sj2tr6njqMGP2FFI0cbpyMiUb3yw/JIE
+0I8wMPGj0PjcqlIsH73zZ6yXbg0agsGiMJ7TlXRHtUnIc3rGcyAYepiPwT5fGgQz
+m//gq574ypK86JS4zoeJdeZJvdV/H0S2SPwCT7Ul9P9TmF8PlVLSACpBhcuN9KGm
+72istfqnlJHMZFwwQwGQhOuPZjuYTEJDPTFHKNpJ6+kUZ8WB9hOjw6XuxCgOUu7H
+sub4w3ljEkXBBluUSPFMMsdpnW2zC8WYk/RLx2Q1IyJWx/rjDDs5z7TKz9IQl7OV
+5PdT08teQ4LUfOWDpM9OC8gWNV6KK0eKbi+YAtTMnSiplf+rc98Bxv/fezMh4NuB
+jVkR8POS98WMgy4iVd0feFz3o/zemY9GUP9127tYB/oBwWeMGMQ/L7dB9+xW5xpL
+5Hg=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAxeGHrxpZR44wOoWcabXK6qAonmAvtoteQu9qim1mdlyFOL4t
+vMMQiEDIctVmHNblNNqVj0iy+ogH69rHqRhImXW/MiqFrt0Gwdx+0KomqUPCXfmk
+8458MkFwyN3bXVqtV7/tccix1OY5oakFUX/tYYwaCVr0cgUuev8ShxJ3Gr+3JTzZ
+M8cGlN+M6eRfG5kuS9xMF2bZ7dlrqIuhdkFTCoARtt9NCewEKVwGBTJpVHVvHAuM
+RuOaDw31G+kdI0OFUFCSNGDzTOevLGiMgIcHcmmV80EUYn4+3KZFdASi6/NlGLLS
+0tEfJ29Qs7WGxU7+Ya1orKEUgtSSfbjTDW7xqLIz/trVUTL6FhLiUs6JCdsKxkjq
+BZ3OauhrW0E45XeaNNvS2OfEgZsa7Z+cRAysqFEE3WXTiEQsGVNSoaC9epYGBgHT
+e5oe3rVSXgeMA+otaSZa78JmUQ7p7CgKgkcI9HRnz2AZ2twzMkFoXZ2xx66shxgv
+6tKUAtOSmjdKJCJGWpw1JBBRSEVwT5+xCrTnSBfGToAyNmLcRkL8uPZn+hhx/mGL
+C3uCfMy7HkDQzGhvyDiBEYiE47EPFmDndf1+t1NbrGcxMYeraaqZW1Ceq6/Pow1w
+PDtyckFRCRRYeSrjC8vfLrNuEEVRexfuAEqjHQkxjc8d4f66e0s2hZ2L0X0CAwEA
+AQKCAgBEQ968QLnGHr5yof9o1IdxU9lPcd1j+0aEjvXRVZaAhMCM58b9lMnSR48f
+VpFIp7Yg+ruX17uvBFi/PBWfNzpsfpt8IgFGZwfav0eckuaNhEu8gdAvGdustrjD
+Aw6XcR3V5Od0VolK6jW9mIK2MAzjlyKwUYl9AF6dnft1T6B5QORc21YPL70MhOan
+FdrduYWoNBKoDBponJYwaiNEmZqdR7tUvEpmft6cqhuFlXOS6IRxR2aYWhKe2PDT
+NSORM8z8/R7DJSMqR8894b9+45ZlGRna9nui0uy60D2rnaHbBne9AowKoIw/3X4Y
+0SnyTaMibWFsFJHv5Ie5CZb9zmVdcqAKZniikngDOLkxdqTr1U4T4hAP4ICahKjl
+/mugIlg67Oua6Opd2LBpDsw4/5nXM2XyWwb6OFdDVCvnsV9v1pdRu2m8qZIQkWwC
+2eEkuN3aW0DYOalWldjLggMGFrByZKp6H2+upvygJdInRIOlNA4e+aOmFFLWnCQ3
+HgXlLXvT8FJsAs/52eYTi3QFaYSb+WgagROw7FBZHXwyfV7f2Lrty9o/lh4AwAqv
+4KtPfhQ0eVtB/3L7Pa+QuW5IBjjUbrrNCH3uo+NuJ+mOVzVZ/eVF4WlEDhapTyCh
+YL/hMMIijRhf4VNkNch84Ly2lzvMxTnO/yFgomgMBf7vdYJBnQKCAQEA8LNvx3U2
+rNQqa342Uep15k3RBUTDtN8d6s06CpiRz+d/qKl/8MteENl0SQAOGmbmVfa4QUD9
+jFCD18D0sM0qERLB63Jwr62y1sRi2m47QEzWHzx81OxjKHZZw2K6YmHXE9JzurX5
+2+ifdUiU2uOmqS1IVrIFOZuQef0xqVq7PSSjbL3DwPefWQakRnmhpL1iTzgnswTu
+7PPoqZaV9QmgjCGgMhNZlvQINXM8dYsAgfUlVZwKqkzAip9FpJLdmOUhyF2I+p6b
+zjSwsA0MslyBqc/mkZBxAjMR7j4KeshwCosGpf12Ax/7eWIsBZBI2+GktPsUwiS0
+FsCX7b5s/Xk1SwKCAQEA0nVZUelZKUg+aoaQmAoJ1h83XaqOqV+uN7jjxYag9+Ts
+Ay4mfhkMra6p7xfEz0lWiOVXDfq7jOSiefsvIAaVlr+EPBzyGpFN46S0A00EKloZ
+ysP2R3bqI46VlqPcqaSZoj8dGWVN+gmz7zuu0usv0uzZx9wJ8cbxkC9LnD9Ka7dG
+ea8al5FoC2eJHQGMfIj+RlRWdSZ2dkRWPb9oLpaTtQW7iLnFQDheZcK8lTcBxTc5
+gkGqv4Ab/ItNg6ukCd75lgHdxgNE5GNfBofu/68zn1qJjpP4YwJ9B8+4JPHmfl2f
+F4OGvD9jq439/z8M4ymM4TjQbi0qYDfGPfgeja//VwKCAQAutcOlY1u+4lVxEscb
+0nIaxVMgwJ1yBjJaFIWE9OKnA/fEFVCcu/p/LpPgbsBN41YjrINJNoF9r0pGnk1d
+2hKlyYwUUtsHXJ/uCaJdXTLmYYLUAPsAnvcHLSBySEB/Qxln4VlQDGx2fogjTHiG
+mdMH1Z/KIzXcXhIFelse0FqxnOCSA6lvUx57Oky62HPD8nSXhwA9P2HWXebysiRb
+rwiW6RebYCHsp2LIbJp4/QaWMaqTGHsBXW+n9wyeyVlziFOr/GrOp+T4eUUohP/H
+xSfsekn2SZ+Em8CJCUUjWq5TfXNG1w8FwDke7yw30C4zbXB3Jpp6qoDAQZO6MVAZ
+SGJNAoIBAE1B2sog+SQYayE7yLSnarj5uJ9fzwMKJrA55RNLuqeFl8YLGQJNO8Q+
+TA+DEDJv355dYjm1g0fTXnmc5c3B3QP7xhUzIwTxtkAM5DAaA59wd+thSHUviAAJ
+hYxJFuYHkIZo2MvLznYtPapipGi1AVdSrxeZBOWGfILLedwft7gXDX35868UJ7eY
+CFNnkCTfPUigCST0O6RqraX5L8t6Zzqaoh8s4uYSS0Tb2dKE4Nd+0FOqu32VD7ED
+ii79wTgGbGTOxpS7+nxEpkuFdwzRSggDel+mnhXqge9uJ1EYo95bi91b4QgV1QbT
+FxyuDpMNW7QJ4Smw1s9/afyxqrWkl/0CggEBAO5OYdCU/EQCmz2cNcYTbUQRffh9
+cpILgXA8RI7Ravn7x9AyjoO9mhBwQRernPX/YQdL1homYhOC/NW7xCyr8qpOhmLh
+bplV/TBOl74w114EZxvv0w4M9gxP666x3Kx7FzFs4gLNcHXh3eA8jzjiEJQQafwy
+/LPDjVf1mQjmVKVj8keqsB2pJi/NgJuCl7qBdJbNvzcw/bhAT1HhQwuZ+2Z9+lO0
+5mcaxOgbvEv1MBQ5J/m0Afx5fYcNQbrS8S43b3Z3aiqd0ljybs3eDg3JEuRLMYc4
+EDiEvtDqv0nq/VK1yTYG1DhZRDPaVxWUplVl/sH57FzpbY4nVyUvAt5tSUo=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+authorityInfoAccess = OCSP;URI:http://127.0.0.1:80/0002
--- /dev/null
+authorityInfoAccess = OCSP;URI:http://127.0.0.1:81/0003
--- /dev/null
+authorityInfoAccess = OCSP;URI:http://127.0.0.1:82/0004
--- /dev/null
+authorityInfoAccess = OCSP;URI:http://127.0.0.1:83/0005
--- /dev/null
+authorityInfoAccess = OCSP;URI:http://127.0.0.1:84/0006
--- /dev/null
+authorityInfoAccess = OCSP;URI:http://127.0.0.1:85/0007
--- /dev/null
+authorityInfoAccess = OCSP;URI:http://127.0.0.1:86/0008
--- /dev/null
+authorityInfoAccess = OCSP;URI:http://127.0.0.1:89/0002
--- /dev/null
+authorityInfoAccess = OCSP;URI:http://127.0.0.1:90/0003
--- /dev/null
+extendedKeyUsage=OCSPSigning
--- /dev/null
+extendedKeyUsage=OCSPSigning
+noCheck=
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7 (0x7)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 10 00:14:51 2009 GMT
+ Not After : Mar 10 00:14:51 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
+ 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
+ cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
+ ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
+ 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
+ b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
+ ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
+ 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
+ c7:92:f2:b3:ba:6c:90:3d:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Extended Key Usage:
+ OCSP Signing
+ Signature Algorithm: sha1WithRSAEncryption
+ 2d:28:82:cc:79:30:2e:b5:8e:4f:d9:3b:f4:8b:c8:a3:e6:3b:
+ cb:2c:0f:97:1c:8b:7f:06:e1:5d:3b:ec:af:c5:de:ef:c4:fa:
+ 0b:63:ee:cb:ad:60:7f:42:6f:82:6d:f2:fb:bb:9a:36:f7:1a:
+ 6c:9c:82:e8:17:18:41:35:47:72:e8:36:b4:1a:c1:ae:59:7c:
+ 92:07:62:8f:00:9a:2e:c8:5e:62:20:5f:14:82:0d:fe:de:04:
+ c8:b0:b6:03:d4:aa:41:70:4f:f9:05:ba:b5:c7:3c:36:a0:68:
+ 81:c5:82:91:56:fc:65:fe:73:c4:b3:91:d2:c4:51:16:cb:48:
+ 32:e3:b1:ea:a4:dc:e0:de:9b:f2:75:22:cd:04:2d:2d:c9:76:
+ aa:3b:b8:c6:1a:86:86:1f:a7:11:e0:6d:16:f4:5b:b3:09:1d:
+ 34:c1:0e:1a:c8:21:82:91:73:bc:e5:c5:cb:d3:ed:46:d5:f5:
+ a6:f8:65:a6:91:7b:cd:a9:0d:a6:37:3e:d9:3f:6f:c4:c7:aa:
+ d9:95:75:dc:6d:38:9e:54:3d:0f:a1:26:16:28:71:6b:14:9e:
+ be:66:8b:f4:71:c1:3e:34:a0:a1:5d:da:31:1c:63:9f:9d:01:
+ 7f:62:13:9d:3b:74:a2:b3:0a:d5:24:c0:35:07:c0:6d:20:c1:
+ 2a:21:fb:82:a5:9c:eb:3e:ce:25:57:02:d6:38:77:5e:a0:2a:
+ 52:0c:f7:3f:f3:d3:aa:0c:53:a9:1c:e9:39:d7:0d:96:28:b8:
+ e2:e9:1c:e3:92:12:1e:e1:3e:44:5a:fb:25:1e:2c:74:a9:93:
+ 24:a0:f0:02:63:bf:e2:45:a0:c5:6f:40:e4:3b:b2:b1:f1:0a:
+ 19:89:b9:54:d6:61:21:3d:7b:4b:91:fe:d9:f0:e1:48:20:d9:
+ 0b:e2:be:dd:f7:5b:6f:c8:76:ca:74:9f:a5:4a:9a:9c:1d:f0:
+ ec:40:72:82:67:fc:2a:9f:4e:f1:7f:e4:b5:7e:c0:3f:22:36:
+ 18:c3:48:88:7f:0c:2d:26:cc:40:c5:82:bd:23:e5:6c:ce:3c:
+ 27:19:27:fe:7b:1b:fa:cb:38:0a:9f:a6:44:4b:c2:22:63:68:
+ 3c:fa:86:11:af:5d:05:7c:5b:fd:26:9a:78:18:c7:f6:1e:1f:
+ 69:b9:ba:71:3b:dc:95:c1:3f:59:17:42:f1:48:2b:10:5f:67:
+ 46:32:37:4a:1a:85:d0:00:81:92:50:6c:29:80:e1:b5:bf:52:
+ a8:79:c0:5d:b9:36:e3:f7:d5:69:dc:de:54:13:c0:d3:6e:7a:
+ 9c:a8:e9:e4:f6:57:ed:aa:bd:6e:c1:c5:35:ed:72:17:65:e3:
+ cd:f0:a3:a0:10:95:b8:70
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAaOgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMDAwMTQ1MVoXDTEw
+MDMxMDAwMTQ1MVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
+rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
+sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
+j9ppRseS8rO6bJA9cQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkq
+hkiG9w0BAQUFAAOCAgEALSiCzHkwLrWOT9k79IvIo+Y7yywPlxyLfwbhXTvsr8Xe
+78T6C2Puy61gf0Jvgm3y+7uaNvcabJyC6BcYQTVHcug2tBrBrll8kgdijwCaLshe
+YiBfFIIN/t4EyLC2A9SqQXBP+QW6tcc8NqBogcWCkVb8Zf5zxLOR0sRRFstIMuOx
+6qTc4N6b8nUizQQtLcl2qju4xhqGhh+nEeBtFvRbswkdNMEOGsghgpFzvOXFy9Pt
+RtX1pvhlppF7zakNpjc+2T9vxMeq2ZV13G04nlQ9D6EmFihxaxSevmaL9HHBPjSg
+oV3aMRxjn50Bf2ITnTt0orMK1STANQfAbSDBKiH7gqWc6z7OJVcC1jh3XqAqUgz3
+P/PTqgxTqRzpOdcNlii44ukc45ISHuE+RFr7JR4sdKmTJKDwAmO/4kWgxW9A5Duy
+sfEKGYm5VNZhIT17S5H+2fDhSCDZC+K+3fdbb8h2ynSfpUqanB3w7EBygmf8Kp9O
+8X/ktX7APyI2GMNIiH8MLSbMQMWCvSPlbM48Jxkn/nsb+ss4Cp+mREvCImNoPPqG
+Ea9dBXxb/SaaeBjH9h4fabm6cTvclcE/WRdC8UgrEF9nRjI3ShqF0ACBklBsKYDh
+tb9SqHnAXbk24/fVadzeVBPA0256nKjp5PZX7aq9bsHFNe1yF2XjzfCjoBCVuHA=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC5DoAg/HRJCMuDh3bkQgNCblYbrnNDm6bPXTMdN8+1Irx5Xmpp
+Aj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47LisOggn6nnirjtP+Rvhtjl1Tv+
+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttqj9ppRseS8rO6bJA9cQIDAQAB
+AoGAfBn7VyO2IBxjzssTsjOK2AwCdwHgjqBdl4aa9qctBf5LguEMX2uAHDlh+FGZ
+Dwgk3eqMJ9M5315fukg4m9D/SSJB5KzmdUB9OQaVe5zhteWOyFUFmMPWOwckKbHj
+EZ+VLpab1PcQQm7VPPAGkF2p2J5UTR/JXt3ZPPj25+orKXkCQQDtnKJ0KtowUUjM
+84+EV9nb7MdJJSAYBr0FKwqSyXsE/WdjqIGh5n/DtJcx6j44IaTn77EIOWHjztQa
+e7/uuZ63AkEAx2CvuyGE4gijAZSQl7gLdgd5JbaJ4dXsFYb5WZK9TuoglsFoUFjC
+aWP9ozPQQGCdTjt4LM5Ln3SuShIopBndFwJBAK0CuwsI1LwPw4lv4tUDPp8y5dxt
+itPTvDgSIe3FhKyacniPDmy7L9ZpHRn8LHekj7VNwsJxPcSpKalq59LEFzsCQCAT
+vjItQmPbX95xOJIwWiezLBqVM7nR4RnVjWiL40k/Ad8/XrkOjrjGDZikTW0OHkDn
+8H3E8wXEkAX6xe8g+iECQEq02B0Je95yRzhFU2OfcZFz9B5YdNXkWAORNGNHV8nO
+m4hVtlawDFWvhHhB/o6JG3QlN3UWy0TRgqZssfb+pNA=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7 (0x7)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 10 00:14:51 2009 GMT
+ Not After : Mar 10 00:14:51 2010 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
+ 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
+ cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
+ ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
+ 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
+ b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
+ ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
+ 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
+ c7:92:f2:b3:ba:6c:90:3d:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Extended Key Usage:
+ OCSP Signing
+ Signature Algorithm: sha1WithRSAEncryption
+ 2d:28:82:cc:79:30:2e:b5:8e:4f:d9:3b:f4:8b:c8:a3:e6:3b:
+ cb:2c:0f:97:1c:8b:7f:06:e1:5d:3b:ec:af:c5:de:ef:c4:fa:
+ 0b:63:ee:cb:ad:60:7f:42:6f:82:6d:f2:fb:bb:9a:36:f7:1a:
+ 6c:9c:82:e8:17:18:41:35:47:72:e8:36:b4:1a:c1:ae:59:7c:
+ 92:07:62:8f:00:9a:2e:c8:5e:62:20:5f:14:82:0d:fe:de:04:
+ c8:b0:b6:03:d4:aa:41:70:4f:f9:05:ba:b5:c7:3c:36:a0:68:
+ 81:c5:82:91:56:fc:65:fe:73:c4:b3:91:d2:c4:51:16:cb:48:
+ 32:e3:b1:ea:a4:dc:e0:de:9b:f2:75:22:cd:04:2d:2d:c9:76:
+ aa:3b:b8:c6:1a:86:86:1f:a7:11:e0:6d:16:f4:5b:b3:09:1d:
+ 34:c1:0e:1a:c8:21:82:91:73:bc:e5:c5:cb:d3:ed:46:d5:f5:
+ a6:f8:65:a6:91:7b:cd:a9:0d:a6:37:3e:d9:3f:6f:c4:c7:aa:
+ d9:95:75:dc:6d:38:9e:54:3d:0f:a1:26:16:28:71:6b:14:9e:
+ be:66:8b:f4:71:c1:3e:34:a0:a1:5d:da:31:1c:63:9f:9d:01:
+ 7f:62:13:9d:3b:74:a2:b3:0a:d5:24:c0:35:07:c0:6d:20:c1:
+ 2a:21:fb:82:a5:9c:eb:3e:ce:25:57:02:d6:38:77:5e:a0:2a:
+ 52:0c:f7:3f:f3:d3:aa:0c:53:a9:1c:e9:39:d7:0d:96:28:b8:
+ e2:e9:1c:e3:92:12:1e:e1:3e:44:5a:fb:25:1e:2c:74:a9:93:
+ 24:a0:f0:02:63:bf:e2:45:a0:c5:6f:40:e4:3b:b2:b1:f1:0a:
+ 19:89:b9:54:d6:61:21:3d:7b:4b:91:fe:d9:f0:e1:48:20:d9:
+ 0b:e2:be:dd:f7:5b:6f:c8:76:ca:74:9f:a5:4a:9a:9c:1d:f0:
+ ec:40:72:82:67:fc:2a:9f:4e:f1:7f:e4:b5:7e:c0:3f:22:36:
+ 18:c3:48:88:7f:0c:2d:26:cc:40:c5:82:bd:23:e5:6c:ce:3c:
+ 27:19:27:fe:7b:1b:fa:cb:38:0a:9f:a6:44:4b:c2:22:63:68:
+ 3c:fa:86:11:af:5d:05:7c:5b:fd:26:9a:78:18:c7:f6:1e:1f:
+ 69:b9:ba:71:3b:dc:95:c1:3f:59:17:42:f1:48:2b:10:5f:67:
+ 46:32:37:4a:1a:85:d0:00:81:92:50:6c:29:80:e1:b5:bf:52:
+ a8:79:c0:5d:b9:36:e3:f7:d5:69:dc:de:54:13:c0:d3:6e:7a:
+ 9c:a8:e9:e4:f6:57:ed:aa:bd:6e:c1:c5:35:ed:72:17:65:e3:
+ cd:f0:a3:a0:10:95:b8:70
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAaOgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMDAwMTQ1MVoXDTEw
+MDMxMDAwMTQ1MVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
+rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
+sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
+j9ppRseS8rO6bJA9cQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkq
+hkiG9w0BAQUFAAOCAgEALSiCzHkwLrWOT9k79IvIo+Y7yywPlxyLfwbhXTvsr8Xe
+78T6C2Puy61gf0Jvgm3y+7uaNvcabJyC6BcYQTVHcug2tBrBrll8kgdijwCaLshe
+YiBfFIIN/t4EyLC2A9SqQXBP+QW6tcc8NqBogcWCkVb8Zf5zxLOR0sRRFstIMuOx
+6qTc4N6b8nUizQQtLcl2qju4xhqGhh+nEeBtFvRbswkdNMEOGsghgpFzvOXFy9Pt
+RtX1pvhlppF7zakNpjc+2T9vxMeq2ZV13G04nlQ9D6EmFihxaxSevmaL9HHBPjSg
+oV3aMRxjn50Bf2ITnTt0orMK1STANQfAbSDBKiH7gqWc6z7OJVcC1jh3XqAqUgz3
+P/PTqgxTqRzpOdcNlii44ukc45ISHuE+RFr7JR4sdKmTJKDwAmO/4kWgxW9A5Duy
+sfEKGYm5VNZhIT17S5H+2fDhSCDZC+K+3fdbb8h2ynSfpUqanB3w7EBygmf8Kp9O
+8X/ktX7APyI2GMNIiH8MLSbMQMWCvSPlbM48Jxkn/nsb+ss4Cp+mREvCImNoPPqG
+Ea9dBXxb/SaaeBjH9h4fabm6cTvclcE/WRdC8UgrEF9nRjI3ShqF0ACBklBsKYDh
+tb9SqHnAXbk24/fVadzeVBPA0256nKjp5PZX7aq9bsHFNe1yF2XjzfCjoBCVuHA=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 39 (0x27)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 23:06:11 2009 GMT
+ Not After : Mar 14 23:06:11 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Responder certificate with nocheck ext. field
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c3:69:f4:12:34:1b:04:51:33:26:84:9e:5a:fe:
+ 2b:d7:d8:eb:6a:14:af:e5:58:68:a5:71:e4:5e:8a:
+ 55:dc:69:71:14:3f:16:48:b1:52:ee:22:05:fd:2a:
+ e7:6e:ce:f1:24:49:f0:06:3d:f5:ed:6c:ed:26:11:
+ 93:93:4e:08:05:91:26:b9:22:e8:77:8b:6f:50:a5:
+ db:14:28:2c:c2:94:86:d2:64:11:0e:8a:51:eb:54:
+ 3b:5a:1f:70:0a:b2:5c:e2:b2:62:99:30:7c:8c:71:
+ f6:08:28:4f:d9:38:38:38:f3:82:cd:3a:ed:57:5c:
+ c9:d2:bc:47:fa:96:24:2e:d5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ OCSP No Check:
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 69:71:40:12:af:e4:be:42:52:ff:7a:a8:bf:e3:41:f2:2b:75:
+ 0d:22:10:e8:d6:1e:d3:c0:bb:90:7f:76:46:92:a9:63:2b:50:
+ 74:c8:73:c4:7b:0e:a0:b7:ed:5c:20:06:18:64:1b:7b:82:21:
+ a7:82:bc:c0:33:53:8b:5f:68:c7:de:5f:95:31:52:93:5d:0f:
+ 78:4c:ff:50:2f:e0:57:ba:f5:49:cb:94:ba:34:85:e9:f1:10:
+ 76:27:66:6d:d6:46:f6:9d:51:2d:04:96:b5:78:f7:c6:1b:25:
+ b4:0a:e7:89:f4:9f:a5:33:92:51:00:86:97:0f:47:cc:3a:8d:
+ 5e:3a:c2:ad:51:48:7e:7a:03:7a:d1:a7:6d:14:8a:64:f9:5a:
+ e1:1c:cb:82:e1:42:f3:8c:dc:87:8e:9b:c8:e4:68:3c:26:eb:
+ 0a:19:c8:1c:71:88:7e:c9:66:f7:fe:1a:ee:3a:52:1b:54:60:
+ 95:e8:37:e6:0d:b3:8b:bf:02:07:e7:f8:16:64:f9:34:50:8c:
+ bd:54:e5:d1:0b:a8:5f:59:79:de:2a:ea:44:92:be:3e:b2:0d:
+ cd:fa:df:d3:93:10:c9:ef:40:d3:31:a7:06:e3:39:15:68:5d:
+ d7:94:4f:96:69:8e:13:8d:f3:fb:79:eb:33:50:1e:af:fa:c3:
+ d8:81:47:1b:89:05:39:62:ea:c4:ef:f7:15:29:e2:43:f2:66:
+ 93:51:20:12:10:17:c9:c7:f3:7c:e0:fd:59:dc:38:ca:b2:f5:
+ fd:fe:5d:f8:9a:83:70:72:b9:e1:6b:a6:60:db:9d:a3:58:3e:
+ 5e:73:a4:ce:18:12:ba:dc:56:72:f8:b4:d8:4c:e8:d9:9c:5e:
+ cf:d1:76:56:7e:2e:33:9d:1a:80:eb:dd:7c:69:c0:9c:d3:5c:
+ 5c:d3:a2:89:7c:44:87:66:10:6e:f9:90:b6:72:58:90:77:48:
+ ea:56:25:52:e3:c6:bd:3c:95:99:ae:fd:2a:f7:b2:1f:87:bc:
+ af:93:ba:2d:0f:1a:ff:7e:90:3b:ae:63:96:9e:68:97:32:16:
+ ed:b8:ce:7d:48:f2:b9:83:fc:24:dc:34:1a:34:a4:19:80:78:
+ ec:b2:6c:a0:e8:15:37:1e:8d:fa:b9:62:a2:25:5d:d3:14:50:
+ f6:68:4b:09:b3:12:ac:cc:63:bb:2b:e6:2a:33:ee:c7:1c:c6:
+ 64:14:47:e2:c3:29:26:ba:f9:e8:2e:34:c1:cc:9e:3b:2d:57:
+ cd:f7:fe:fb:d8:13:65:5c:42:a8:71:61:df:d7:ae:16:71:7f:
+ fd:fb:66:d6:a2:92:52:e9:cb:65:03:7d:13:8c:bc:d4:5a:1a:
+ c0:55:0d:5f:1c:85:a0:1e
+-----BEGIN CERTIFICATE-----
+MIID1jCCAb6gAwIBAgIBJzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjIzMDYxMVoXDTE5
+MDMxNDIzMDYxMVowcjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xNjA0BgNVBAMTLVJlc3BvbmRlciBjZXJ0
+aWZpY2F0ZSB3aXRoIG5vY2hlY2sgZXh0LiBmaWVsZDCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAw2n0EjQbBFEzJoSeWv4r19jrahSv5VhopXHkXopV3GlxFD8W
+SLFS7iIF/Srnbs7xJEnwBj317WztJhGTk04IBZEmuSLod4tvUKXbFCgswpSG0mQR
+DopR61Q7Wh9wCrJc4rJimTB8jHH2CChP2Tg4OPOCzTrtV1zJ0rxH+pYkLtUCAwEA
+AaMTMBEwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQUFAAOCAgEAaXFAEq/k
+vkJS/3qov+NB8it1DSIQ6NYe08C7kH92RpKpYytQdMhzxHsOoLftXCAGGGQbe4Ih
+p4K8wDNTi19ox95flTFSk10PeEz/UC/gV7r1ScuUujSF6fEQdidmbdZG9p1RLQSW
+tXj3xhsltArnifSfpTOSUQCGlw9HzDqNXjrCrVFIfnoDetGnbRSKZPla4RzLguFC
+84zch46byORoPCbrChnIHHGIfslm9/4a7jpSG1Rgleg35g2zi78CB+f4FmT5NFCM
+vVTl0QuoX1l53irqRJK+PrINzfrf05MQye9A0zGnBuM5FWhd15RPlmmOE43z+3nr
+M1Aer/rD2IFHG4kFOWLqxO/3FSniQ/Jmk1EgEhAXycfzfOD9Wdw4yrL1/f5d+JqD
+cHK54WumYNudo1g+XnOkzhgSutxWcvi02Ezo2Zxez9F2Vn4uM50agOvdfGnAnNNc
+XNOiiXxEh2YQbvmQtnJYkHdI6lYlUuPGvTyVma79KveyH4e8r5O6LQ8a/36QO65j
+lp5olzIW7bjOfUjyuYP8JNw0GjSkGYB47LJsoOgVNx6N+rlioiVd0xRQ9mhLCbMS
+rMxjuyvmKjPuxxzGZBRH4sMpJrr56C40wcyeOy1Xzff++9gTZVxCqHFh39euFnF/
+/ftm1qKSUunLZQN9E4y81FoawFUNXxyFoB4=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDDafQSNBsEUTMmhJ5a/ivX2OtqFK/lWGilceReilXcaXEUPxZI
+sVLuIgX9KuduzvEkSfAGPfXtbO0mEZOTTggFkSa5Iuh3i29QpdsUKCzClIbSZBEO
+ilHrVDtaH3AKslzismKZMHyMcfYIKE/ZODg484LNOu1XXMnSvEf6liQu1QIDAQAB
+AoGADsM3XBSxoc7clWFZcThYaZMKndX4P9RA+5ayEO5UdDVHBKeLcGxs/m51k12l
+ZDqf/wTS7DXMGWasN78GLg+sDVXKhzmGIcI7Lql8bVbeXIn8CQaCG+Ol7VmUwDw4
+LAoguwyyKZbeWTzsdRdumhHyLnjVXDnBw3oUYGDtVvIMgXUCQQDo4Y+qsWEa/88O
+M+0LjnM0Ua4DGpHLiKtGkmsc9+Lyhq1bRa07F78ufsVW7Fv3esOa2dyOU9+cK/oe
+fukRZH3/AkEA1tAzV8bRVxoyFahZ31yEnag9op+ZdH45TiIKT/TpA3skxaanV5aJ
+xa3czmfOge3izwZ5e/Gq2MVuCHiRUUb7KwJAQy11/P5IDbrHJsix04iXEPuS39BV
+SEo3ZhcskOGs9NsGvPJ/gzFZc/cbw/RQnzYpoMzBw8jME0fYUd24K806TwJAWQD2
+5P2Zqy9NZS/V3PgmcnRM5V6fZGcQM1FjWHGvQiP5vnMojt/uwZsiC9ty8t6vxPt3
+xmUBVsOmrZfXDggM9QJBAKKwevWzPt5v42+mZhN1qWeHgHk/urFWn5+ITIzVNZmD
+FvIQ/2iBj2YmLiD3pbgT0eflAdfSM8enTyqZ431nOFE=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 40 (0x28)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 16 23:08:54 2009 GMT
+ Not After : Mar 14 23:08:54 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder's certificate with delegation
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d0:8a:8e:73:c5:57:a8:03:b0:2c:1f:05:05:36:
+ 1b:90:89:db:48:b2:cd:e8:ea:02:95:d8:30:c3:c6:
+ 3e:6a:8c:19:70:0c:a7:cb:a6:07:df:ec:42:c9:dc:
+ 18:cf:ef:73:cd:d1:eb:51:c0:bd:0e:51:63:6f:a3:
+ ce:26:a0:02:da:32:a3:65:36:ad:42:02:85:9b:df:
+ 9e:0a:51:41:93:f9:02:ff:f0:63:be:38:2e:b9:d9:
+ 07:db:3c:81:23:4f:2a:0d:24:50:6e:e2:ef:59:f4:
+ 91:3a:fb:fd:55:19:4b:49:71:08:bd:f9:2d:ea:64:
+ 82:f6:1a:ca:46:60:ac:de:e5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Extended Key Usage:
+ OCSP Signing
+ OCSP No Check:
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 05:a1:04:c7:55:71:a8:52:04:d6:60:f3:37:08:15:50:86:71:
+ bf:8e:9e:9b:60:50:6e:57:1e:b1:30:3a:e0:8a:e0:74:90:c0:
+ be:97:78:f1:8b:52:f3:6b:e6:45:38:a5:7b:e2:47:2d:5c:80:
+ 15:e7:74:b2:b1:66:db:eb:96:67:7c:01:8b:5e:c1:c2:59:33:
+ 2e:62:a9:a3:7f:c7:b8:07:ee:27:22:83:11:e3:e9:b9:59:a5:
+ 1f:27:1f:6f:b9:34:c5:c2:ae:d5:cd:59:59:28:05:78:ff:0f:
+ 18:6a:c8:22:5b:40:06:0b:a9:ee:8c:e5:44:04:59:a0:f2:42:
+ e8:52:a4:ec:45:78:1e:b4:cf:02:e5:b5:31:d2:f4:93:15:58:
+ bc:02:a6:b0:01:5a:d9:72:eb:80:64:e9:f1:d5:38:69:f4:1a:
+ 4d:7c:78:d7:ba:9e:ca:41:22:a6:09:c2:7e:fe:90:20:7f:72:
+ ae:ca:76:30:39:e5:1e:70:63:bc:68:e4:ee:0f:e7:7a:b0:cf:
+ c4:70:26:b8:dd:4e:9f:9f:75:11:05:be:d8:17:95:c1:75:ac:
+ e6:91:f7:b8:8e:93:f3:45:c1:9d:10:10:71:69:92:6d:f1:b8:
+ 73:18:ed:02:84:6d:ab:6c:cc:91:be:ac:3c:61:39:48:74:e2:
+ 27:b9:16:5e:02:6c:c4:1b:35:a2:68:24:44:5c:4e:37:58:6d:
+ f3:a4:e9:6a:d9:56:92:6d:05:6e:e1:f3:f5:7b:11:40:4b:2b:
+ 13:32:e5:18:5b:62:64:1a:17:9f:91:fd:0c:95:54:02:09:6f:
+ 48:ea:c8:ae:7e:24:bb:a8:b1:33:c8:98:50:90:8d:b2:5b:21:
+ 1e:af:d2:78:ae:87:a7:32:82:3d:aa:9d:66:0d:92:59:02:8c:
+ 3f:73:43:76:74:58:f9:95:fd:5c:90:31:d7:c7:7a:2a:fb:e0:
+ bb:b8:50:62:3c:44:09:34:dd:68:10:11:be:c6:c3:65:a4:e8:
+ e3:9d:0f:59:a2:a7:e5:d5:97:8b:48:a0:d4:30:31:aa:9e:4b:
+ e2:30:ed:06:72:c8:97:0d:6a:70:a8:c9:ca:9c:d4:f1:57:0b:
+ bf:24:43:7e:b7:a1:a5:91:af:ac:ae:f5:c6:8b:ef:aa:61:e5:
+ c4:7d:37:31:a0:5f:e9:45:9d:d8:08:b9:15:da:16:2a:16:77:
+ c7:82:0e:02:6e:9b:ec:25:f3:8f:8d:11:41:0b:56:a9:7b:1d:
+ 0f:f3:be:fa:46:ee:cb:80:3b:09:1f:85:90:70:ed:1d:e3:65:
+ f4:81:3f:ef:86:32:6c:9c:b0:35:e2:73:41:fb:0c:0c:2d:2d:
+ cb:45:0e:73:d3:39:98:36
+-----BEGIN CERTIFICATE-----
+MIID6jCCAdKgAwIBAgIBKDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjIzMDg1NFoXDTE5
+MDMxNDIzMDg1NFowcTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xNTAzBgNVBAMTLE9DU1AgUmVzcG9uZGVy
+J3MgY2VydGlmaWNhdGUgd2l0aCBkZWxlZ2F0aW9uMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDQio5zxVeoA7AsHwUFNhuQidtIss3o6gKV2DDDxj5qjBlwDKfL
+pgff7ELJ3BjP73PN0etRwL0OUWNvo84moALaMqNlNq1CAoWb354KUUGT+QL/8GO+
+OC652QfbPIEjTyoNJFBu4u9Z9JE6+/1VGUtJcQi9+S3qZIL2GspGYKze5QIDAQAB
+oygwJjATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMA0GCSqG
+SIb3DQEBBQUAA4ICAQAFoQTHVXGoUgTWYPM3CBVQhnG/jp6bYFBuVx6xMDrgiuB0
+kMC+l3jxi1Lza+ZFOKV74kctXIAV53SysWbb65ZnfAGLXsHCWTMuYqmjf8e4B+4n
+IoMR4+m5WaUfJx9vuTTFwq7VzVlZKAV4/w8YasgiW0AGC6nujOVEBFmg8kLoUqTs
+RXgetM8C5bUx0vSTFVi8AqawAVrZcuuAZOnx1Thp9BpNfHjXup7KQSKmCcJ+/pAg
+f3KuynYwOeUecGO8aOTuD+d6sM/EcCa43U6fn3URBb7YF5XBdazmkfe4jpPzRcGd
+EBBxaZJt8bhzGO0ChG2rbMyRvqw8YTlIdOInuRZeAmzEGzWiaCREXE43WG3zpOlq
+2VaSbQVu4fP1exFASysTMuUYW2JkGhefkf0MlVQCCW9I6siufiS7qLEzyJhQkI2y
+WyEer9J4roenMoI9qp1mDZJZAow/c0N2dFj5lf1ckDHXx3oq++C7uFBiPEQJNN1o
+EBG+xsNlpOjjnQ9Zoqfl1ZeLSKDUMDGqnkviMO0GcsiXDWpwqMnKnNTxVwu/JEN+
+t6Glka+srvXGi++qYeXEfTcxoF/pRZ3YCLkV2hYqFnfHgg4CbpvsJfOPjRFBC1ap
+ex0P8776Ru7LgDsJH4WQcO0d42X0gT/vhjJsnLA14nNB+wwMLS3LRQ5z0zmYNg==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDQio5zxVeoA7AsHwUFNhuQidtIss3o6gKV2DDDxj5qjBlwDKfL
+pgff7ELJ3BjP73PN0etRwL0OUWNvo84moALaMqNlNq1CAoWb354KUUGT+QL/8GO+
+OC652QfbPIEjTyoNJFBu4u9Z9JE6+/1VGUtJcQi9+S3qZIL2GspGYKze5QIDAQAB
+AoGAN5sqft45EFjjafBfg1M5KGJJ8WmUFC4JwHDkF9/NltWClukY+Oltohy6dl7U
+0uUziMcXqzXsc1vqWsNf3da+y3oApBa83lI0u02Quzfjc3Lod+Blg7F6RA2dujg+
+3r6Zsop82NWnsMVqxi6+ZjXymSndu8UoY2k/+0N4Ct3916UCQQD9tWlBrKwPhVI3
+tz1Ho0peEdHrn6FXg21rvZgy+RMuiJUummwZZVUDS8ag2OPymffpNCZjbLTDXlaS
+LGKwWt8vAkEA0my3N0557HO345VHlhFiOc1wKcAVN06PNzjU1FZ9PqQeOpoVj4E5
+LlZK625v8d6N8/W8EFbjxfsVll4/P2Q+KwJAS5noYJqctw9KXbHrv9In0fpLbIQn
+5tUSIR3hIadZEO/ATJ/VgIfSmmXVLY8T9fHtjv9sRQpanzEYaPxy+AxMHwJAb0q8
+pG3HIn4Zli7QC9jp4LR9TDehgPz11jkip6OO3mCi9E+mc53fBljxiw9/+abB4XPo
+oaOzGHUx97OlM/vqvQJBAKSUpOYm8HPvMiHUAZElqD+gCSPM1ocv5MpQjm6t7Bc+
+WTCWBulo/KPHIG0wI4Ug/PtA29DsdC0mqQVLZZ9r0IE=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 14 (0xe)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Mar 13 03:16:42 2009 GMT
+ Not After : Mar 11 03:16:42 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Second Responder Certificate
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:aa:01:31:49:34:0e:6c:b5:25:a0:da:35:71:cf:
+ 9d:a7:c4:ad:27:31:ee:c2:46:fe:03:8f:4f:ed:f7:
+ 75:d5:b9:01:c6:a9:8f:8d:17:ca:8c:82:82:63:ed:
+ 08:d4:05:9e:31:3c:c9:66:59:41:72:63:8e:01:3e:
+ a2:39:d1:9c:51:9c:c5:9a:ad:72:0d:e6:2b:19:ba:
+ 45:a6:18:f6:e2:79:72:4b:5e:79:74:38:b5:86:9c:
+ 57:bb:2c:e8:f5:57:9b:32:34:86:2a:2f:40:2f:5d:
+ dd:9c:f5:63:d4:2e:ad:b1:d3:25:22:7c:86:89:84:
+ c9:26:70:3c:c8:11:64:ed:47
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Extended Key Usage:
+ OCSP Signing
+ Signature Algorithm: sha1WithRSAEncryption
+ b8:56:6b:f9:21:8a:79:e8:53:38:c7:84:e0:c3:96:6c:f3:71:
+ 95:dc:31:9a:ef:fc:fb:b5:18:c6:35:26:3d:ee:4d:00:9c:e4:
+ 10:25:a9:2e:a0:41:8a:37:a9:91:02:9c:52:ec:0d:7a:bf:e9:
+ bb:54:6d:4a:92:5c:9d:c8:01:17:a3:8f:25:fd:32:a7:11:e4:
+ 77:fd:ce:7c:4b:c9:ae:32:e6:d5:25:cc:a4:97:bb:07:f3:1d:
+ f0:11:8a:d8:f1:37:e6:4f:3c:99:30:44:20:04:3d:82:fc:87:
+ 60:24:21:a9:46:e7:d8:41:2c:76:d8:a5:58:44:ca:85:71:31:
+ 24:f2:45:7d:fb:70:db:1b:93:42:21:85:69:5d:19:13:85:7c:
+ 85:6c:83:8f:bf:c1:a7:3d:49:b9:68:4e:a2:12:2e:9d:89:c3:
+ a7:1b:86:71:e4:cc:29:79:0e:b1:19:07:ca:2d:b8:95:87:f4:
+ 8d:4a:be:06:0d:d0:e1:1a:ed:ea:a2:52:f3:f2:7b:1f:3c:10:
+ c6:67:be:00:3a:36:ca:ad:93:d4:ee:b3:9d:e8:47:6e:bb:6f:
+ 12:6b:cf:3d:73:22:a3:15:e0:e1:51:88:86:e6:2a:23:ee:e1:
+ 32:55:0c:b8:73:35:f7:42:9e:4c:c4:ea:f5:3c:d5:20:ef:32:
+ 27:c2:b5:9b:ad:f0:a8:bf:72:5c:5b:fc:41:e4:a0:6d:b2:4d:
+ c0:69:a5:b2:dc:70:d6:90:ae:2e:81:41:f4:ec:33:c5:43:4e:
+ 70:eb:1c:17:4c:d9:ed:8f:97:2e:20:17:9d:40:bc:d1:ae:74:
+ 21:8b:ab:cc:b0:86:5a:cd:42:9c:df:13:16:59:56:27:be:26:
+ bb:92:5f:7a:86:9e:f5:19:45:1f:36:8a:e3:55:5d:89:3b:2f:
+ ed:13:9c:e7:ae:bd:eb:34:31:a2:02:70:0c:a7:32:d3:d1:be:
+ c0:2f:0e:10:b7:43:2d:ab:68:70:b4:a1:e1:25:c1:ae:1c:43:
+ 32:c0:90:81:c1:39:0b:27:e7:14:c9:28:db:40:0f:1f:9c:ce:
+ 1b:8b:26:ca:b8:41:01:e7:cb:92:b0:8a:14:00:f3:e0:3c:84:
+ d3:2c:45:19:15:01:02:ab:bd:e8:19:6b:d7:7e:c6:5a:a9:3a:
+ d5:00:23:15:2a:e9:93:7d:11:75:cc:c6:c3:8e:5f:3f:d3:3f:
+ 05:9f:40:12:a9:a8:bc:50:dc:42:02:62:7d:00:6a:ef:08:e1:
+ 69:87:4d:2a:9b:54:49:35:80:58:12:92:a1:33:65:20:5f:29:
+ cf:ab:03:8e:0b:91:08:9e:52:d6:b2:d7:ec:bb:38:9b:d5:5d:
+ f6:b2:89:f5:00:bb:0f:f2
+-----BEGIN CERTIFICATE-----
+MIIDyTCCAbGgAwIBAgIBDjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMTY0MloXDTE5
+MDMxMTAzMTY0MlowYTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJTAjBgNVBAMTHFNlY29uZCBSZXNwb25k
+ZXIgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKoBMUk0
+Dmy1JaDaNXHPnafErScx7sJG/gOPT+33ddW5Acapj40XyoyCgmPtCNQFnjE8yWZZ
+QXJjjgE+ojnRnFGcxZqtcg3mKxm6RaYY9uJ5ckteeXQ4tYacV7ss6PVXmzI0hiov
+QC9d3Zz1Y9QurbHTJSJ8homEySZwPMgRZO1HAgMBAAGjFzAVMBMGA1UdJQQMMAoG
+CCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA4ICAQC4Vmv5IYp56FM4x4Tgw5Zs83GV
+3DGa7/z7tRjGNSY97k0AnOQQJakuoEGKN6mRApxS7A16v+m7VG1KklydyAEXo48l
+/TKnEeR3/c58S8muMubVJcykl7sH8x3wEYrY8TfmTzyZMEQgBD2C/IdgJCGpRufY
+QSx22KVYRMqFcTEk8kV9+3DbG5NCIYVpXRkThXyFbIOPv8GnPUm5aE6iEi6dicOn
+G4Zx5MwpeQ6xGQfKLbiVh/SNSr4GDdDhGu3qolLz8nsfPBDGZ74AOjbKrZPU7rOd
+6Eduu28Sa889cyKjFeDhUYiG5ioj7uEyVQy4czX3Qp5MxOr1PNUg7zInwrWbrfCo
+v3JcW/xB5KBtsk3AaaWy3HDWkK4ugUH07DPFQ05w6xwXTNntj5cuIBedQLzRrnQh
+i6vMsIZazUKc3xMWWVYnvia7kl96hp71GUUfNorjVV2JOy/tE5znrr3rNDGiAnAM
+pzLT0b7ALw4Qt0Mtq2hwtKHhJcGuHEMywJCBwTkLJ+cUySjbQA8fnM4biybKuEEB
+58uSsIoUAPPgPITTLEUZFQECq73oGWvXfsZaqTrVACMVKumTfRF1zMbDjl8/0z8F
+n0ASqai8UNxCAmJ9AGrvCOFph00qm1RJNYBYEpKhM2UgXynPqwOOC5EInlLWstfs
+uzib1V32son1ALsP8g==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCqATFJNA5stSWg2jVxz52nxK0nMe7CRv4Dj0/t93XVuQHGqY+N
+F8qMgoJj7QjUBZ4xPMlmWUFyY44BPqI50ZxRnMWarXIN5isZukWmGPbieXJLXnl0
+OLWGnFe7LOj1V5syNIYqL0AvXd2c9WPULq2x0yUifIaJhMkmcDzIEWTtRwIDAQAB
+AoGANCB/e0Gx9pUov4SJBKezYKDGsxD1c66O7op/6KiLAghjSgXt1UZpPeI6luc0
+YMaENfa8jlxp2+g4v5rz5SSneEK4G/Qx5dNh+wMEr0iE7PWgkgmOgDj2beaqcFP1
+l1QG0pshiW4VuD+erfPuWMBzPPGC5rGlyFCDgvHelybbuNECQQDaPgCAmxk1CcVD
+hN6TIA9Q1kkzALKvFntrKGgSy/c/tY+FkYQbMl8EPqaiIs+sseXCtW1kLELQU5gY
+tZsF7wMpAkEAx2q9HZ4s+K141csh+7pLhum/xR2lYJ4Gu2qtj15Xq2fWdRDLvbdv
+lt+R0Mw9H+cDlgmPQHnYWglajRC2EKJq7wJAbydzFA1qukO+r9PllOOYSWDKqWpq
+l5iIxZwv3Zr60/0CG1JxCXUPRdcvAZdfVKLK1e+XxpRwdzCMX9FnIo+IeQJAfIPY
+a9rtJ6VhctTwdjafnDDuDg1xyr9BYtq8Xm3A/gTLMrN3FBGquqEEckRk0juz0IZN
+jSvHfIikorpRhFd1vwJBAMKpl679FQG6Bcl6TPXnFuiw3/g/4zFGBONQGhBwl6xb
+PwrJ4Iv1XzZ1VtVvp5c5sRkCf6F1Lv7pyZsCMLD8wrQ=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 42 (0x2a)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
+ Validity
+ Not Before: Jun 20 08:21:47 2009 GMT
+ Not After : Jun 18 08:21:47 2019 GMT
+ Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First Test Certificate
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:cf:0f:cf:a5:08:18:bf:8b:6c:2c:3c:55:fe:02:
+ 43:b7:a8:af:45:a3:4a:28:63:d1:da:26:7a:c2:0d:
+ f8:58:a5:73:c5:db:b8:fb:62:47:ea:17:7b:25:6b:
+ d1:8c:e2:74:96:f4:6b:e5:49:3b:b3:e5:6a:63:36:
+ 19:f8:3c:d8:4b:9c:14:9d:2b:6a:71:cc:3a:9f:b9:
+ d5:db:60:8e:44:40:d7:12:53:52:e5:71:41:c8:bf:
+ ec:0d:9c:5b:7c:8e:ac:99:47:65:50:e5:f8:95:3e:
+ 8a:3c:99:d9:75:47:73:51:f4:fd:36:46:ed:1a:77:
+ 10:ce:1d:01:0c:86:6b:23:ff
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 25:0C:EC:1F:D6:1A:A2:95:AF:C1:A3:DA:EF:B1:F3:BE:62:F3:10:6C
+ X509v3 Authority Key Identifier:
+ DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA
+ serial:F2:5B:40:5B:C2:B7:D0:64
+
+ Signature Algorithm: sha256WithRSAEncryption
+ b1:3e:50:ff:5f:32:b2:09:6b:52:98:07:5a:78:7f:fe:12:6f:
+ 87:25:d4:bc:96:45:07:31:e0:ae:52:d1:9e:04:d8:05:84:cf:
+ e2:e5:82:01:b5:46:ce:4e:47:d6:ef:87:7c:37:d6:67:99:ab:
+ ad:4d:70:eb:98:fe:31:f1:f8:e9:a2:c5:40:4f:a6:c4:79:15:
+ 64:d3:64:d2:3f:05:b5:08:16:88:46:22:72:86:a1:8e:ef:df:
+ 67:25:d7:74:bd:01:04:b8:70:00:0d:9d:36:d0:9e:3a:4b:7e:
+ 0d:3d:9e:3d:ce:fb:47:ee:7d:5b:b9:c1:65:2b:4c:ef:26:89:
+ ed:1b:bc:17:4a:63:41:b3:99:e7:c5:4d:d5:31:af:d7:4b:3b:
+ 37:ce:99:da:8f:53:20:40:14:95:14:09:61:ba:9c:c0:1b:66:
+ 7c:e7:e3:4c:28:c6:48:e8:6c:02:55:3c:44:18:d1:29:88:7b:
+ ff:30:e5:be:ee:8e:da:95:fe:04:c2:c8:a1:ce:81:46:b9:bb:
+ b2:3d:ad:af:a9:e3:a8:c1:8f:d8:51:48:d1:c6:e9:c8:c8:94:
+ 6f:7c:b0:fc:92:04:d0:8f:30:30:f1:a3:d0:f8:dc:aa:52:2c:
+ 1f:bd:f3:67:ac:97:6e:0d:1a:82:c1:a2:30:9e:d3:95:74:47:
+ b5:49:c8:73:7a:c6:73:20:18:7a:98:8f:c1:3e:5f:1a:04:33:
+ 9b:ff:e0:ab:9e:f8:ca:92:bc:e8:94:b8:ce:87:89:75:e6:49:
+ bd:d5:7f:1f:44:b6:48:fc:02:4f:b5:25:f4:ff:53:98:5f:0f:
+ 95:52:d2:00:2a:41:85:cb:8d:f4:a1:a6:ef:68:ac:b5:fa:a7:
+ 94:91:cc:64:5c:30:43:01:90:84:eb:8f:66:3b:98:4c:42:43:
+ 3d:31:47:28:da:49:eb:e9:14:67:c5:81:f6:13:a3:c3:a5:ee:
+ c4:28:0e:52:ee:c7:b2:e6:f8:c3:79:63:12:45:c1:06:5b:94:
+ 48:f1:4c:32:c7:69:9d:6d:b3:0b:c5:98:93:f4:4b:c7:64:35:
+ 23:22:56:c7:fa:e3:0c:3b:39:cf:b4:ca:cf:d2:10:97:b3:95:
+ e4:f7:53:d3:cb:5e:43:82:d4:7c:e5:83:a4:cf:4e:0b:c8:16:
+ 35:5e:8a:2b:47:8a:6e:2f:98:02:d4:cc:9d:28:a9:95:ff:ab:
+ 73:df:01:c6:ff:df:7b:33:21:e0:db:81:8d:59:11:f0:f3:92:
+ f7:c5:8c:83:2e:22:55:dd:1f:78:5c:f7:a3:fc:de:99:8f:46:
+ 50:ff:75:db:bb:58:07:fa:01:c1:67:8c:18:c4:3f:2f:b7:41:
+ f7:ec:56:e7:1a:4b:e4:78
+-----BEGIN CERTIFICATE-----
+MIIEfjCCAmagAwIBAgIBKjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJLUjET
+MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
+DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDYyMDA4MjE0N1oXDTE5
+MDYxODA4MjE0N1owWzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
+FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xHzAdBgNVBAMTFkZpcnN0IFRlc3QgQ2Vy
+dGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8Pz6UIGL+LbCw8
+Vf4CQ7eor0WjSihj0domesIN+Filc8XbuPtiR+oXeyVr0YzidJb0a+VJO7PlamM2
+Gfg82EucFJ0ranHMOp+51dtgjkRA1xJTUuVxQci/7A2cW3yOrJlHZVDl+JU+ijyZ
+2XVHc1H0/TZG7Rp3EM4dAQyGayP/AgMBAAGjgdEwgc4wCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFCUM7B/WGqKVr8Gj2u+x875i8xBsMHQGA1UdIwRtMGuhXqRcMFoxCzAJBgNV
+BAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMREwDwYDVQQHEwhTdXdvbi1TaTEW
+MBQGA1UEChMNU2Ftc3VuZyBFbGVjLjELMAkGA1UEAxMCQ0GCCQDyW0BbwrfQZDAN
+BgkqhkiG9w0BAQsFAAOCAgEAsT5Q/18ysglrUpgHWnh//hJvhyXUvJZFBzHgrlLR
+ngTYBYTP4uWCAbVGzk5H1u+HfDfWZ5mrrU1w65j+MfH46aLFQE+mxHkVZNNk0j8F
+tQgWiEYicoahju/fZyXXdL0BBLhwAA2dNtCeOkt+DT2ePc77R+59W7nBZStM7yaJ
+7Ru8F0pjQbOZ58VN1TGv10s7N86Z2o9TIEAUlRQJYbqcwBtmfOfjTCjGSOhsAlU8
+RBjRKYh7/zDlvu6O2pX+BMLIoc6BRrm7sj2tr6njqMGP2FFI0cbpyMiUb3yw/JIE
+0I8wMPGj0PjcqlIsH73zZ6yXbg0agsGiMJ7TlXRHtUnIc3rGcyAYepiPwT5fGgQz
+m//gq574ypK86JS4zoeJdeZJvdV/H0S2SPwCT7Ul9P9TmF8PlVLSACpBhcuN9KGm
+72istfqnlJHMZFwwQwGQhOuPZjuYTEJDPTFHKNpJ6+kUZ8WB9hOjw6XuxCgOUu7H
+sub4w3ljEkXBBluUSPFMMsdpnW2zC8WYk/RLx2Q1IyJWx/rjDDs5z7TKz9IQl7OV
+5PdT08teQ4LUfOWDpM9OC8gWNV6KK0eKbi+YAtTMnSiplf+rc98Bxv/fezMh4NuB
+jVkR8POS98WMgy4iVd0feFz3o/zemY9GUP9127tYB/oBwWeMGMQ/L7dB9+xW5xpL
+5Hg=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=AU, ST=Some-State, L=root, O=Internet Widgits Pty Ltd, OU=root, CN=root/emailAddress=root
+ Validity
+ Not Before: May 13 01:21:41 2011 GMT
+ Not After : May 12 01:21:41 2012 GMT
+ Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain1, CN=chain1/emailAddress=chain1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ae:6d:d3:18:3f:b2:63:ab:fb:72:ce:ff:9a:8b:
+ 07:4a:52:c5:99:0e:9e:5c:68:ce:82:67:07:7a:27:
+ 11:98:a7:fe:3a:68:3f:4e:4b:74:d4:a5:77:15:87:
+ 7e:9c:9f:10:82:2f:1c:e3:c0:c7:1e:8b:35:ab:3a:
+ f6:13:44:81:43:22:a7:fa:06:36:9c:55:53:7a:9d:
+ 18:9b:a0:f4:93:58:50:2c:cd:ab:ec:32:2f:fa:4f:
+ ff:6e:6a:68:75:15:76:e1:b1:e1:67:f9:13:0a:d0:
+ 9b:db:12:b9:fd:dd:51:19:e4:63:d0:d0:56:b5:6a:
+ 00:a5:03:68:e7:77:21:b0:f9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 01:d3:3c:dc:a0:62:14:99:b8:b1:99:cf:0c:4a:50:2b:f7:1e:
+ 56:f6:de:ce:80:b4:32:bb:0c:5c:45:b7:78:e5:27:ee:90:0c:
+ a0:db:ef:32:85:85:08:c6:4a:e6:22:7b:56:61:d5:b4:4e:a1:
+ 7e:ed:60:c2:bf:bc:51:89:9a:b1:73:c2:e0:bb:3d:4e:fa:6f:
+ 3e:32:b5:7f:b4:bc:0f:8a:ca:7d:f0:bf:da:b1:12:23:0e:cc:
+ 57:e5:58:7c:23:38:b1:d8:b2:13:d8:6a:0d:20:bd:e9:66:51:
+ 2d:e6:57:a1:33:17:69:6d:21:9f:18:37:23:6c:ca:0e:b0:c4:
+ 47:86
+-----BEGIN CERTIFICATE-----
+MIICjDCCAfWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBhzELMAkGA1UEBhMCQVUx
+EzARBgNVBAgTClNvbWUtU3RhdGUxDTALBgNVBAcTBHJvb3QxITAfBgNVBAoTGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UECxMEcm9vdDENMAsGA1UEAxME
+cm9vdDETMBEGCSqGSIb3DQEJARYEcm9vdDAeFw0xMTA1MTMwMTIxNDFaFw0xMjA1
+MTIwMTIxNDFaMH4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEw
+HwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAsTBmNoYWlu
+MTEPMA0GA1UEAxMGY2hhaW4xMRUwEwYJKoZIhvcNAQkBFgZjaGFpbjEwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAK5t0xg/smOr+3LO/5qLB0pSxZkOnlxozoJn
+B3onEZin/jpoP05LdNSldxWHfpyfEIIvHOPAxx6LNas69hNEgUMip/oGNpxVU3qd
+GJug9JNYUCzNq+wyL/pP/25qaHUVduGx4Wf5EwrQm9sSuf3dURnkY9DQVrVqAKUD
+aOd3IbD5AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
+AdM83KBiFJm4sZnPDEpQK/ceVvbezoC0MrsMXEW3eOUn7pAMoNvvMoWFCMZK5iJ7
+VmHVtE6hfu1gwr+8UYmasXPC4Ls9TvpvPjK1f7S8D4rKffC/2rESIw7MV+VYfCM4
+sdiyE9hqDSC96WZRLeZXoTMXaW0hnxg3I2zKDrDER4Y=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain1, CN=chain1/emailAddress=chain1
+ Validity
+ Not Before: May 13 01:22:02 2011 GMT
+ Not After : May 12 01:22:02 2012 GMT
+ Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain2, CN=chain2/emailAddress=chain2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c4:20:c7:96:1e:c5:33:47:ac:e5:ad:2b:0b:63:
+ ce:e4:44:33:e3:7f:16:ae:f0:d8:7c:b0:96:01:69:
+ 38:63:4f:62:7d:97:d6:31:c9:0d:10:24:f5:17:40:
+ 13:f0:1a:70:70:5e:3f:05:4d:d9:67:52:ed:41:83:
+ b7:d2:bb:bf:3d:29:98:07:a3:64:1e:2f:1e:13:8c:
+ 7a:c1:62:33:66:33:3e:d4:26:5a:59:99:05:8e:67:
+ c7:68:cd:f2:8d:6f:fb:8c:07:63:ab:50:68:03:88:
+ ae:0a:5c:9b:b6:9b:c1:18:7b:ef:cd:c9:f0:5e:44:
+ ab:56:d6:df:48:41:d3:21:51
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 53:5a:c3:bb:48:87:d0:a2:7d:20:68:02:7c:be:18:93:b6:3d:
+ 83:e4:10:1a:a7:4d:37:24:3e:6c:41:bd:8f:1d:3b:89:08:5a:
+ e3:ba:81:9b:e8:fc:0e:fc:3d:0a:70:f2:11:69:59:de:ba:45:
+ b4:97:b8:d2:e0:5a:d1:a4:75:bc:68:d5:5f:71:36:78:32:ae:
+ d3:31:26:80:f3:f3:a8:54:33:f7:be:a3:0c:2d:d9:9b:b8:33:
+ 03:be:54:7b:f5:c4:cf:62:9b:25:0c:79:76:12:10:b6:84:1e:
+ f1:ff:7c:fe:0a:ac:46:85:26:52:d5:6f:cc:e5:89:e7:ca:8d:
+ 71:69
+-----BEGIN CERTIFICATE-----
+MIICgjCCAeugAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
+dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjExDzANBgNVBAMTBmNoYWluMTEVMBMGCSqG
+SIb3DQEJARYGY2hhaW4xMB4XDTExMDUxMzAxMjIwMloXDTEyMDUxMjAxMjIwMlow
+fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW4yMQ8wDQYDVQQD
+EwZjaGFpbjIxFTATBgkqhkiG9w0BCQEWBmNoYWluMjCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAxCDHlh7FM0es5a0rC2PO5EQz438WrvDYfLCWAWk4Y09ifZfW
+MckNECT1F0AT8BpwcF4/BU3ZZ1LtQYO30ru/PSmYB6NkHi8eE4x6wWIzZjM+1CZa
+WZkFjmfHaM3yjW/7jAdjq1BoA4iuClybtpvBGHvvzcnwXkSrVtbfSEHTIVECAwEA
+AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBTWsO7SIfQon0g
+aAJ8vhiTtj2D5BAap003JD5sQb2PHTuJCFrjuoGb6PwO/D0KcPIRaVneukW0l7jS
+4FrRpHW8aNVfcTZ4Mq7TMSaA8/OoVDP3vqMMLdmbuDMDvlR79cTPYpslDHl2EhC2
+hB7x/3z+CqxGhSZS1W/M5Ynnyo1xaQ==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 2 (0x2)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain2, CN=chain2/emailAddress=chain2
+ Validity
+ Not Before: May 13 01:22:13 2011 GMT
+ Not After : May 12 01:22:13 2012 GMT
+ Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain3, CN=chain3/emailAddress=chain3
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:a2:52:3c:b7:64:b4:05:92:cd:b2:58:0c:81:5c:
+ b4:bd:a4:10:99:17:1a:35:f2:de:f8:86:db:e9:24:
+ a3:01:b1:d6:03:a9:f8:2b:d1:cd:f7:7b:9a:c0:a0:
+ a9:8d:6d:34:94:7c:2c:4c:5c:c0:26:db:46:13:a3:
+ c2:c4:2d:eb:ac:cb:5b:64:09:2c:23:eb:b5:8c:80:
+ 12:d6:cd:7b:fa:5f:d9:7a:17:b6:fc:d5:65:fa:d4:
+ 94:d9:9a:cf:b5:9e:87:99:f7:3e:32:6c:0d:5c:1f:
+ 09:77:a1:4b:ae:c1:47:27:60:a2:7e:f5:94:66:5f:
+ 7b:ea:e1:a9:b1:24:5a:40:03
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 80:03:04:99:b2:ea:8c:d8:0a:76:e5:08:fc:2d:72:f9:d5:90:
+ 8e:ce:3b:c0:ac:d0:57:d1:44:d2:84:cf:83:82:05:70:46:d9:
+ e8:07:cf:90:e4:cb:4c:7a:a0:98:d9:e3:be:86:23:71:a2:64:
+ 36:df:43:54:1d:03:cf:85:5f:e6:43:cc:d3:ca:da:a2:31:2b:
+ dd:5a:da:d9:26:38:29:9e:89:04:cc:f9:55:a5:35:77:77:57:
+ ab:58:aa:d2:19:39:ad:6b:d2:3f:d9:e0:d7:58:ea:41:79:2a:
+ f2:50:ec:3f:89:0a:aa:ec:d6:eb:20:af:5e:52:ff:4d:39:34:
+ 9c:99
+-----BEGIN CERTIFICATE-----
+MIICgjCCAeugAwIBAgIBAjANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
+dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjIxDzANBgNVBAMTBmNoYWluMjEVMBMGCSqG
+SIb3DQEJARYGY2hhaW4yMB4XDTExMDUxMzAxMjIxM1oXDTEyMDUxMjAxMjIxM1ow
+fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW4zMQ8wDQYDVQQD
+EwZjaGFpbjMxFTATBgkqhkiG9w0BCQEWBmNoYWluMzCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAolI8t2S0BZLNslgMgVy0vaQQmRcaNfLe+Ibb6SSjAbHWA6n4
+K9HN93uawKCpjW00lHwsTFzAJttGE6PCxC3rrMtbZAksI+u1jIAS1s17+l/Zehe2
+/NVl+tSU2ZrPtZ6Hmfc+MmwNXB8Jd6FLrsFHJ2CifvWUZl976uGpsSRaQAMCAwEA
+AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCAAwSZsuqM2Ap2
+5Qj8LXL51ZCOzjvArNBX0UTShM+DggVwRtnoB8+Q5MtMeqCY2eO+hiNxomQ230NU
+HQPPhV/mQ8zTytqiMSvdWtrZJjgpnokEzPlVpTV3d1erWKrSGTmta9I/2eDXWOpB
+eSryUOw/iQqq7NbrIK9eUv9NOTScmQ==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 3 (0x3)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain3, CN=chain3/emailAddress=chain3
+ Validity
+ Not Before: May 13 01:22:24 2011 GMT
+ Not After : May 12 01:22:24 2012 GMT
+ Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain4, CN=chain4/emailAddress=chain4
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b5:4a:07:d9:39:8b:6d:46:b2:91:b7:d0:20:e5:
+ 5e:41:8e:59:9c:78:8e:b1:54:8a:2e:fb:6a:f1:51:
+ 1c:90:78:3a:b6:98:ae:eb:1b:86:94:36:1c:10:d1:
+ ab:47:e2:87:96:cb:e9:70:db:5e:29:2f:24:e6:c4:
+ a1:de:08:33:81:66:5b:53:8b:54:90:d8:75:7b:ec:
+ c4:62:61:eb:06:5e:0f:e7:a4:8e:3b:53:50:8e:31:
+ f2:42:df:4e:e3:38:8b:46:d5:47:ae:81:3e:31:9e:
+ 70:42:b6:08:b7:c0:ed:a7:3f:b9:72:5b:1b:21:4e:
+ 0c:77:21:46:92:a0:a5:4e:a5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 14:49:d0:40:34:42:87:e5:c3:13:4b:42:41:e7:7f:cf:85:66:
+ d8:80:62:4f:5a:d6:38:44:25:67:cb:14:bf:3c:6e:ab:97:9f:
+ e8:e7:2f:eb:79:ef:97:d2:81:57:e1:a0:e6:10:34:d1:98:4d:
+ 78:45:9f:98:dd:80:33:b8:64:17:de:3b:f4:e8:99:01:d3:a1:
+ 56:96:dc:79:5b:75:5a:d1:63:df:4e:9b:4d:6a:65:0d:f4:6d:
+ 20:ca:51:c0:db:52:7f:4c:b9:32:d5:be:a9:05:ae:b3:19:23:
+ 5d:38:33:3e:48:66:eb:fb:af:8c:8a:f1:11:61:9d:36:f3:06:
+ 3e:95
+-----BEGIN CERTIFICATE-----
+MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
+dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjMxDzANBgNVBAMTBmNoYWluMzEVMBMGCSqG
+SIb3DQEJARYGY2hhaW4zMB4XDTExMDUxMzAxMjIyNFoXDTEyMDUxMjAxMjIyNFow
+fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW40MQ8wDQYDVQQD
+EwZjaGFpbjQxFTATBgkqhkiG9w0BCQEWBmNoYWluNDCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAtUoH2TmLbUaykbfQIOVeQY5ZnHiOsVSKLvtq8VEckHg6tpiu
+6xuGlDYcENGrR+KHlsvpcNteKS8k5sSh3ggzgWZbU4tUkNh1e+zEYmHrBl4P56SO
+O1NQjjHyQt9O4ziLRtVHroE+MZ5wQrYIt8Dtpz+5clsbIU4MdyFGkqClTqUCAwEA
+AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAUSdBANEKH5cMT
+S0JB53/PhWbYgGJPWtY4RCVnyxS/PG6rl5/o5y/ree+X0oFX4aDmEDTRmE14RZ+Y
+3YAzuGQX3jv06JkB06FWltx5W3Va0WPfTptNamUN9G0gylHA21J/TLky1b6pBa6z
+GSNdODM+SGbr+6+MivERYZ028wY+lQ==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4 (0x4)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain4, CN=chain4/emailAddress=chain4
+ Validity
+ Not Before: May 13 01:22:35 2011 GMT
+ Not After : May 12 01:22:35 2012 GMT
+ Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain5, CN=chain5/emailAddress=chain5
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:f1:32:40:b3:f9:95:60:3a:29:3c:1c:cc:a4:f5:
+ e5:08:19:dd:32:95:a2:62:cf:35:74:c2:85:1b:99:
+ c9:3e:3a:90:d2:b5:9a:be:9a:cf:e9:77:13:26:4c:
+ d2:78:06:3d:19:9b:d7:38:05:66:ca:d2:36:e7:a2:
+ ce:bc:81:aa:31:23:c8:5d:a7:7c:41:25:44:79:99:
+ ac:10:34:16:10:b8:29:a1:5d:96:f8:47:7f:d1:5c:
+ 68:b2:85:8a:99:28:65:00:94:d9:e6:df:1c:37:59:
+ db:88:87:5f:b3:e5:a9:88:86:86:30:71:f0:22:24:
+ 57:3a:5b:58:04:db:c3:94:0f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 26:7c:b5:24:c8:8b:49:4b:d1:d6:76:16:db:75:cb:c4:a8:34:
+ 92:30:e6:e9:8b:7d:70:b7:24:d9:42:e2:b3:16:83:1e:48:1f:
+ a2:b5:02:e0:74:3c:f5:bd:b3:03:59:6a:3e:68:6b:bf:3d:38:
+ d6:86:fd:ef:ae:3d:2e:55:8a:67:42:02:fa:2c:ef:4e:81:aa:
+ 06:0a:95:80:90:dc:39:af:7e:b1:0d:c8:78:b1:17:59:49:40:
+ 5d:b0:d2:86:03:1c:3a:a4:f6:26:b1:23:b2:89:a7:22:f5:02:
+ c7:9e:61:82:ee:c0:3d:a6:cc:bf:de:eb:d3:6e:73:ed:a5:85:
+ a5:b6
+-----BEGIN CERTIFICATE-----
+MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
+dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjQxDzANBgNVBAMTBmNoYWluNDEVMBMGCSqG
+SIb3DQEJARYGY2hhaW40MB4XDTExMDUxMzAxMjIzNVoXDTEyMDUxMjAxMjIzNVow
+fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW41MQ8wDQYDVQQD
+EwZjaGFpbjUxFTATBgkqhkiG9w0BCQEWBmNoYWluNTCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEA8TJAs/mVYDopPBzMpPXlCBndMpWiYs81dMKFG5nJPjqQ0rWa
+vprP6XcTJkzSeAY9GZvXOAVmytI256LOvIGqMSPIXad8QSVEeZmsEDQWELgpoV2W
++Ed/0VxosoWKmShlAJTZ5t8cN1nbiIdfs+WpiIaGMHHwIiRXOltYBNvDlA8CAwEA
+AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAmfLUkyItJS9HW
+dhbbdcvEqDSSMObpi31wtyTZQuKzFoMeSB+itQLgdDz1vbMDWWo+aGu/PTjWhv3v
+rj0uVYpnQgL6LO9OgaoGCpWAkNw5r36xDch4sRdZSUBdsNKGAxw6pPYmsSOyiaci
+9QLHnmGC7sA9psy/3uvTbnPtpYWltg==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 5 (0x5)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain5, CN=chain5/emailAddress=chain5
+ Validity
+ Not Before: May 13 01:23:13 2011 GMT
+ Not After : May 12 01:23:13 2012 GMT
+ Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=server, CN=server/emailAddress=server
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d9:75:ea:49:42:39:98:26:0f:61:30:bd:f3:70:
+ 17:bd:ca:5b:1b:a1:31:68:9d:63:7e:a6:c5:1e:2e:
+ 1f:13:63:6b:ef:b0:23:b7:21:b6:1e:f7:65:f1:01:
+ e7:1c:4a:c8:d1:15:20:e9:d4:cb:9d:b2:4c:57:b4:
+ a8:4b:0e:e3:5b:54:16:10:51:3b:3f:af:51:e9:e3:
+ d0:7d:1e:a3:30:59:dd:8e:8c:b5:69:02:5d:a3:5e:
+ 37:02:22:05:e2:6d:04:b8:fb:2b:33:d5:59:c9:e3:
+ 9e:74:59:65:b2:7f:03:e5:0c:dd:93:62:1a:55:94:
+ 4d:5c:e1:bd:cc:99:19:04:61
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 2E:EE:9A:24:CA:AA:22:7C:B3:7F:13:56:FC:A8:FC:06:0F:FB:63:7D
+ X509v3 Authority Key Identifier:
+ DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain4/CN=chain4/emailAddress=chain4
+ serial:04
+
+ Signature Algorithm: sha1WithRSAEncryption
+ d6:e7:97:51:80:37:cc:cf:b5:96:47:cc:4b:ca:62:f4:d1:43:
+ a1:d2:8b:9a:21:50:99:04:9f:c0:00:f1:0c:71:18:82:88:63:
+ 9e:86:6c:a1:2c:25:0e:c1:30:32:db:02:5b:47:ae:8d:5e:ba:
+ 0f:3d:16:84:39:c6:30:91:8d:b9:23:1b:a9:58:52:9c:49:81:
+ c9:87:e3:34:1d:dc:a0:dd:81:0b:1e:f6:d7:a7:2e:bd:dc:1c:
+ 7b:d7:5c:0f:ec:da:09:81:45:36:63:76:e8:31:ba:cd:26:dc:
+ 7a:80:18:c4:3e:be:14:14:07:dc:4b:1a:b5:c4:2c:38:10:f6:
+ 13:84
+-----BEGIN CERTIFICATE-----
+MIIDZTCCAs6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
+dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjUxDzANBgNVBAMTBmNoYWluNTEVMBMGCSqG
+SIb3DQEJARYGY2hhaW41MB4XDTExMDUxMzAxMjMxM1oXDTEyMDUxMjAxMjMxM1ow
+fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGc2VydmVyMQ8wDQYDVQQD
+EwZzZXJ2ZXIxFTATBgkqhkiG9w0BCQEWBnNlcnZlcjCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEA2XXqSUI5mCYPYTC983AXvcpbG6ExaJ1jfqbFHi4fE2Nr77Aj
+tyG2Hvdl8QHnHErI0RUg6dTLnbJMV7SoSw7jW1QWEFE7P69R6ePQfR6jMFndjoy1
+aQJdo143AiIF4m0EuPsrM9VZyeOedFllsn8D5Qzdk2IaVZRNXOG9zJkZBGECAwEA
+AaOB8jCB7zAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQULu6aJMqqInyzfxNW/Kj8Bg/7Y30w
+gZQGA1UdIwSBjDCBiaGBg6SBgDB+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
+ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ8wDQYD
+VQQLEwZjaGFpbjQxDzANBgNVBAMTBmNoYWluNDEVMBMGCSqGSIb3DQEJARYGY2hh
+aW40ggEEMA0GCSqGSIb3DQEBBQUAA4GBANbnl1GAN8zPtZZHzEvKYvTRQ6HSi5oh
+UJkEn8AA8QxxGIKIY56GbKEsJQ7BMDLbAltHro1eug89FoQ5xjCRjbkjG6lYUpxJ
+gcmH4zQd3KDdgQse9tenLr3cHHvXXA/s2gmBRTZjdugxus0m3HqAGMQ+vhQUB9xL
+GrXELDgQ9hOE
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDfjCCAuegAwIBAgIJAJpBROaNArZVMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD
+VQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTENMAsGA1UEBxMEcm9vdDEhMB8G
+A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQLEwRyb290MQ0w
+CwYDVQQDEwRyb290MRMwEQYJKoZIhvcNAQkBFgRyb290MB4XDTExMDUxMjA1NDE1
+NFoXDTEyMDUxMTA1NDE1NFowgYcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21l
+LVN0YXRlMQ0wCwYDVQQHEwRyb290MSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRz
+IFB0eSBMdGQxDTALBgNVBAsTBHJvb3QxDTALBgNVBAMTBHJvb3QxEzARBgkqhkiG
+9w0BCQEWBHJvb3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDZOXVYvgdH
+kSZMQi259Uscs8ny6MkvH9VYoK7sKtTKnk0IDjge/srEfOs3mqtNDDL4SI3tS9wH
+6AsRn/ixuPF1tmFoFmnP66Mk0+XaB0DxppSmtUqYdKdXIplRTmOzS+pcMi9aL3G8
+uhb2mxZp9gOUt0WXToHpGWpVMg5/G6ptAgMBAAGjge8wgewwHQYDVR0OBBYEFJUV
+1626bZK5TUMrRw6PcabInryvMIG8BgNVHSMEgbQwgbGAFJUV1626bZK5TUMrRw6P
+cabInryvoYGNpIGKMIGHMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0
+ZTENMAsGA1UEBxMEcm9vdDEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkg
+THRkMQ0wCwYDVQQLEwRyb290MQ0wCwYDVQQDEwRyb290MRMwEQYJKoZIhvcNAQkB
+FgRyb290ggkAmkFE5o0CtlUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOB
+gQA/yOsY9OTiNklnJablnVur+G/BIqxdOryUojlxQw/yagS2pnvvC2nxPcPBdaao
+qvISRWhGIsuhKPUQg4J+OBk6KMHKB79aJljjvjty4ApN7xyFpJQljD+4UFW+U+Yf
+kD1tq5SG8hg00YyklFq8mzBiPV97gfseGm4KzwK6RK0EHQ==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=AU, ST=Some-State, L=root, O=Internet Widgits Pty Ltd, OU=root, CN=root/emailAddress=root
+ Validity
+ Not Before: May 13 01:21:41 2011 GMT
+ Not After : May 12 01:21:41 2012 GMT
+ Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain1, CN=chain1/emailAddress=chain1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ae:6d:d3:18:3f:b2:63:ab:fb:72:ce:ff:9a:8b:
+ 07:4a:52:c5:99:0e:9e:5c:68:ce:82:67:07:7a:27:
+ 11:98:a7:fe:3a:68:3f:4e:4b:74:d4:a5:77:15:87:
+ 7e:9c:9f:10:82:2f:1c:e3:c0:c7:1e:8b:35:ab:3a:
+ f6:13:44:81:43:22:a7:fa:06:36:9c:55:53:7a:9d:
+ 18:9b:a0:f4:93:58:50:2c:cd:ab:ec:32:2f:fa:4f:
+ ff:6e:6a:68:75:15:76:e1:b1:e1:67:f9:13:0a:d0:
+ 9b:db:12:b9:fd:dd:51:19:e4:63:d0:d0:56:b5:6a:
+ 00:a5:03:68:e7:77:21:b0:f9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 01:d3:3c:dc:a0:62:14:99:b8:b1:99:cf:0c:4a:50:2b:f7:1e:
+ 56:f6:de:ce:80:b4:32:bb:0c:5c:45:b7:78:e5:27:ee:90:0c:
+ a0:db:ef:32:85:85:08:c6:4a:e6:22:7b:56:61:d5:b4:4e:a1:
+ 7e:ed:60:c2:bf:bc:51:89:9a:b1:73:c2:e0:bb:3d:4e:fa:6f:
+ 3e:32:b5:7f:b4:bc:0f:8a:ca:7d:f0:bf:da:b1:12:23:0e:cc:
+ 57:e5:58:7c:23:38:b1:d8:b2:13:d8:6a:0d:20:bd:e9:66:51:
+ 2d:e6:57:a1:33:17:69:6d:21:9f:18:37:23:6c:ca:0e:b0:c4:
+ 47:86
+-----BEGIN CERTIFICATE-----
+MIICjDCCAfWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBhzELMAkGA1UEBhMCQVUx
+EzARBgNVBAgTClNvbWUtU3RhdGUxDTALBgNVBAcTBHJvb3QxITAfBgNVBAoTGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UECxMEcm9vdDENMAsGA1UEAxME
+cm9vdDETMBEGCSqGSIb3DQEJARYEcm9vdDAeFw0xMTA1MTMwMTIxNDFaFw0xMjA1
+MTIwMTIxNDFaMH4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEw
+HwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAsTBmNoYWlu
+MTEPMA0GA1UEAxMGY2hhaW4xMRUwEwYJKoZIhvcNAQkBFgZjaGFpbjEwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAK5t0xg/smOr+3LO/5qLB0pSxZkOnlxozoJn
+B3onEZin/jpoP05LdNSldxWHfpyfEIIvHOPAxx6LNas69hNEgUMip/oGNpxVU3qd
+GJug9JNYUCzNq+wyL/pP/25qaHUVduGx4Wf5EwrQm9sSuf3dURnkY9DQVrVqAKUD
+aOd3IbD5AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
+AdM83KBiFJm4sZnPDEpQK/ceVvbezoC0MrsMXEW3eOUn7pAMoNvvMoWFCMZK5iJ7
+VmHVtE6hfu1gwr+8UYmasXPC4Ls9TvpvPjK1f7S8D4rKffC/2rESIw7MV+VYfCM4
+sdiyE9hqDSC96WZRLeZXoTMXaW0hnxg3I2zKDrDER4Y=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain1, CN=chain1/emailAddress=chain1
+ Validity
+ Not Before: May 13 01:22:02 2011 GMT
+ Not After : May 12 01:22:02 2012 GMT
+ Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain2, CN=chain2/emailAddress=chain2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c4:20:c7:96:1e:c5:33:47:ac:e5:ad:2b:0b:63:
+ ce:e4:44:33:e3:7f:16:ae:f0:d8:7c:b0:96:01:69:
+ 38:63:4f:62:7d:97:d6:31:c9:0d:10:24:f5:17:40:
+ 13:f0:1a:70:70:5e:3f:05:4d:d9:67:52:ed:41:83:
+ b7:d2:bb:bf:3d:29:98:07:a3:64:1e:2f:1e:13:8c:
+ 7a:c1:62:33:66:33:3e:d4:26:5a:59:99:05:8e:67:
+ c7:68:cd:f2:8d:6f:fb:8c:07:63:ab:50:68:03:88:
+ ae:0a:5c:9b:b6:9b:c1:18:7b:ef:cd:c9:f0:5e:44:
+ ab:56:d6:df:48:41:d3:21:51
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 53:5a:c3:bb:48:87:d0:a2:7d:20:68:02:7c:be:18:93:b6:3d:
+ 83:e4:10:1a:a7:4d:37:24:3e:6c:41:bd:8f:1d:3b:89:08:5a:
+ e3:ba:81:9b:e8:fc:0e:fc:3d:0a:70:f2:11:69:59:de:ba:45:
+ b4:97:b8:d2:e0:5a:d1:a4:75:bc:68:d5:5f:71:36:78:32:ae:
+ d3:31:26:80:f3:f3:a8:54:33:f7:be:a3:0c:2d:d9:9b:b8:33:
+ 03:be:54:7b:f5:c4:cf:62:9b:25:0c:79:76:12:10:b6:84:1e:
+ f1:ff:7c:fe:0a:ac:46:85:26:52:d5:6f:cc:e5:89:e7:ca:8d:
+ 71:69
+-----BEGIN CERTIFICATE-----
+MIICgjCCAeugAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
+dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjExDzANBgNVBAMTBmNoYWluMTEVMBMGCSqG
+SIb3DQEJARYGY2hhaW4xMB4XDTExMDUxMzAxMjIwMloXDTEyMDUxMjAxMjIwMlow
+fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW4yMQ8wDQYDVQQD
+EwZjaGFpbjIxFTATBgkqhkiG9w0BCQEWBmNoYWluMjCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAxCDHlh7FM0es5a0rC2PO5EQz438WrvDYfLCWAWk4Y09ifZfW
+MckNECT1F0AT8BpwcF4/BU3ZZ1LtQYO30ru/PSmYB6NkHi8eE4x6wWIzZjM+1CZa
+WZkFjmfHaM3yjW/7jAdjq1BoA4iuClybtpvBGHvvzcnwXkSrVtbfSEHTIVECAwEA
+AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBTWsO7SIfQon0g
+aAJ8vhiTtj2D5BAap003JD5sQb2PHTuJCFrjuoGb6PwO/D0KcPIRaVneukW0l7jS
+4FrRpHW8aNVfcTZ4Mq7TMSaA8/OoVDP3vqMMLdmbuDMDvlR79cTPYpslDHl2EhC2
+hB7x/3z+CqxGhSZS1W/M5Ynnyo1xaQ==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 2 (0x2)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain2, CN=chain2/emailAddress=chain2
+ Validity
+ Not Before: May 13 01:22:13 2011 GMT
+ Not After : May 12 01:22:13 2012 GMT
+ Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain3, CN=chain3/emailAddress=chain3
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:a2:52:3c:b7:64:b4:05:92:cd:b2:58:0c:81:5c:
+ b4:bd:a4:10:99:17:1a:35:f2:de:f8:86:db:e9:24:
+ a3:01:b1:d6:03:a9:f8:2b:d1:cd:f7:7b:9a:c0:a0:
+ a9:8d:6d:34:94:7c:2c:4c:5c:c0:26:db:46:13:a3:
+ c2:c4:2d:eb:ac:cb:5b:64:09:2c:23:eb:b5:8c:80:
+ 12:d6:cd:7b:fa:5f:d9:7a:17:b6:fc:d5:65:fa:d4:
+ 94:d9:9a:cf:b5:9e:87:99:f7:3e:32:6c:0d:5c:1f:
+ 09:77:a1:4b:ae:c1:47:27:60:a2:7e:f5:94:66:5f:
+ 7b:ea:e1:a9:b1:24:5a:40:03
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 80:03:04:99:b2:ea:8c:d8:0a:76:e5:08:fc:2d:72:f9:d5:90:
+ 8e:ce:3b:c0:ac:d0:57:d1:44:d2:84:cf:83:82:05:70:46:d9:
+ e8:07:cf:90:e4:cb:4c:7a:a0:98:d9:e3:be:86:23:71:a2:64:
+ 36:df:43:54:1d:03:cf:85:5f:e6:43:cc:d3:ca:da:a2:31:2b:
+ dd:5a:da:d9:26:38:29:9e:89:04:cc:f9:55:a5:35:77:77:57:
+ ab:58:aa:d2:19:39:ad:6b:d2:3f:d9:e0:d7:58:ea:41:79:2a:
+ f2:50:ec:3f:89:0a:aa:ec:d6:eb:20:af:5e:52:ff:4d:39:34:
+ 9c:99
+-----BEGIN CERTIFICATE-----
+MIICgjCCAeugAwIBAgIBAjANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
+dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjIxDzANBgNVBAMTBmNoYWluMjEVMBMGCSqG
+SIb3DQEJARYGY2hhaW4yMB4XDTExMDUxMzAxMjIxM1oXDTEyMDUxMjAxMjIxM1ow
+fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW4zMQ8wDQYDVQQD
+EwZjaGFpbjMxFTATBgkqhkiG9w0BCQEWBmNoYWluMzCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAolI8t2S0BZLNslgMgVy0vaQQmRcaNfLe+Ibb6SSjAbHWA6n4
+K9HN93uawKCpjW00lHwsTFzAJttGE6PCxC3rrMtbZAksI+u1jIAS1s17+l/Zehe2
+/NVl+tSU2ZrPtZ6Hmfc+MmwNXB8Jd6FLrsFHJ2CifvWUZl976uGpsSRaQAMCAwEA
+AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCAAwSZsuqM2Ap2
+5Qj8LXL51ZCOzjvArNBX0UTShM+DggVwRtnoB8+Q5MtMeqCY2eO+hiNxomQ230NU
+HQPPhV/mQ8zTytqiMSvdWtrZJjgpnokEzPlVpTV3d1erWKrSGTmta9I/2eDXWOpB
+eSryUOw/iQqq7NbrIK9eUv9NOTScmQ==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 3 (0x3)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain3, CN=chain3/emailAddress=chain3
+ Validity
+ Not Before: May 13 01:22:24 2011 GMT
+ Not After : May 12 01:22:24 2012 GMT
+ Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain4, CN=chain4/emailAddress=chain4
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b5:4a:07:d9:39:8b:6d:46:b2:91:b7:d0:20:e5:
+ 5e:41:8e:59:9c:78:8e:b1:54:8a:2e:fb:6a:f1:51:
+ 1c:90:78:3a:b6:98:ae:eb:1b:86:94:36:1c:10:d1:
+ ab:47:e2:87:96:cb:e9:70:db:5e:29:2f:24:e6:c4:
+ a1:de:08:33:81:66:5b:53:8b:54:90:d8:75:7b:ec:
+ c4:62:61:eb:06:5e:0f:e7:a4:8e:3b:53:50:8e:31:
+ f2:42:df:4e:e3:38:8b:46:d5:47:ae:81:3e:31:9e:
+ 70:42:b6:08:b7:c0:ed:a7:3f:b9:72:5b:1b:21:4e:
+ 0c:77:21:46:92:a0:a5:4e:a5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 14:49:d0:40:34:42:87:e5:c3:13:4b:42:41:e7:7f:cf:85:66:
+ d8:80:62:4f:5a:d6:38:44:25:67:cb:14:bf:3c:6e:ab:97:9f:
+ e8:e7:2f:eb:79:ef:97:d2:81:57:e1:a0:e6:10:34:d1:98:4d:
+ 78:45:9f:98:dd:80:33:b8:64:17:de:3b:f4:e8:99:01:d3:a1:
+ 56:96:dc:79:5b:75:5a:d1:63:df:4e:9b:4d:6a:65:0d:f4:6d:
+ 20:ca:51:c0:db:52:7f:4c:b9:32:d5:be:a9:05:ae:b3:19:23:
+ 5d:38:33:3e:48:66:eb:fb:af:8c:8a:f1:11:61:9d:36:f3:06:
+ 3e:95
+-----BEGIN CERTIFICATE-----
+MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
+dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjMxDzANBgNVBAMTBmNoYWluMzEVMBMGCSqG
+SIb3DQEJARYGY2hhaW4zMB4XDTExMDUxMzAxMjIyNFoXDTEyMDUxMjAxMjIyNFow
+fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW40MQ8wDQYDVQQD
+EwZjaGFpbjQxFTATBgkqhkiG9w0BCQEWBmNoYWluNDCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAtUoH2TmLbUaykbfQIOVeQY5ZnHiOsVSKLvtq8VEckHg6tpiu
+6xuGlDYcENGrR+KHlsvpcNteKS8k5sSh3ggzgWZbU4tUkNh1e+zEYmHrBl4P56SO
+O1NQjjHyQt9O4ziLRtVHroE+MZ5wQrYIt8Dtpz+5clsbIU4MdyFGkqClTqUCAwEA
+AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAUSdBANEKH5cMT
+S0JB53/PhWbYgGJPWtY4RCVnyxS/PG6rl5/o5y/ree+X0oFX4aDmEDTRmE14RZ+Y
+3YAzuGQX3jv06JkB06FWltx5W3Va0WPfTptNamUN9G0gylHA21J/TLky1b6pBa6z
+GSNdODM+SGbr+6+MivERYZ028wY+lQ==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4 (0x4)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain4, CN=chain4/emailAddress=chain4
+ Validity
+ Not Before: May 13 01:22:35 2011 GMT
+ Not After : May 12 01:22:35 2012 GMT
+ Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain5, CN=chain5/emailAddress=chain5
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:f1:32:40:b3:f9:95:60:3a:29:3c:1c:cc:a4:f5:
+ e5:08:19:dd:32:95:a2:62:cf:35:74:c2:85:1b:99:
+ c9:3e:3a:90:d2:b5:9a:be:9a:cf:e9:77:13:26:4c:
+ d2:78:06:3d:19:9b:d7:38:05:66:ca:d2:36:e7:a2:
+ ce:bc:81:aa:31:23:c8:5d:a7:7c:41:25:44:79:99:
+ ac:10:34:16:10:b8:29:a1:5d:96:f8:47:7f:d1:5c:
+ 68:b2:85:8a:99:28:65:00:94:d9:e6:df:1c:37:59:
+ db:88:87:5f:b3:e5:a9:88:86:86:30:71:f0:22:24:
+ 57:3a:5b:58:04:db:c3:94:0f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 26:7c:b5:24:c8:8b:49:4b:d1:d6:76:16:db:75:cb:c4:a8:34:
+ 92:30:e6:e9:8b:7d:70:b7:24:d9:42:e2:b3:16:83:1e:48:1f:
+ a2:b5:02:e0:74:3c:f5:bd:b3:03:59:6a:3e:68:6b:bf:3d:38:
+ d6:86:fd:ef:ae:3d:2e:55:8a:67:42:02:fa:2c:ef:4e:81:aa:
+ 06:0a:95:80:90:dc:39:af:7e:b1:0d:c8:78:b1:17:59:49:40:
+ 5d:b0:d2:86:03:1c:3a:a4:f6:26:b1:23:b2:89:a7:22:f5:02:
+ c7:9e:61:82:ee:c0:3d:a6:cc:bf:de:eb:d3:6e:73:ed:a5:85:
+ a5:b6
+-----BEGIN CERTIFICATE-----
+MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
+dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjQxDzANBgNVBAMTBmNoYWluNDEVMBMGCSqG
+SIb3DQEJARYGY2hhaW40MB4XDTExMDUxMzAxMjIzNVoXDTEyMDUxMjAxMjIzNVow
+fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW41MQ8wDQYDVQQD
+EwZjaGFpbjUxFTATBgkqhkiG9w0BCQEWBmNoYWluNTCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEA8TJAs/mVYDopPBzMpPXlCBndMpWiYs81dMKFG5nJPjqQ0rWa
+vprP6XcTJkzSeAY9GZvXOAVmytI256LOvIGqMSPIXad8QSVEeZmsEDQWELgpoV2W
++Ed/0VxosoWKmShlAJTZ5t8cN1nbiIdfs+WpiIaGMHHwIiRXOltYBNvDlA8CAwEA
+AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAmfLUkyItJS9HW
+dhbbdcvEqDSSMObpi31wtyTZQuKzFoMeSB+itQLgdDz1vbMDWWo+aGu/PTjWhv3v
+rj0uVYpnQgL6LO9OgaoGCpWAkNw5r36xDch4sRdZSUBdsNKGAxw6pPYmsSOyiaci
+9QLHnmGC7sA9psy/3uvTbnPtpYWltg==
+-----END CERTIFICATE-----
--- /dev/null
+basicConstraints=CA:TRUE
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl
+MQ8wDQYDVQQHEwZjaGFpbjExITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5
+IEx0ZDEPMA0GA1UECxMGY2hhaW4xMQ8wDQYDVQQDEwZjaGFpbjExFTATBgkqhkiG
+9w0BCQEWBmNoYWluMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArm3TGD+y
+Y6v7cs7/mosHSlLFmQ6eXGjOgmcHeicRmKf+Omg/Tkt01KV3FYd+nJ8Qgi8c48DH
+Hos1qzr2E0SBQyKn+gY2nFVTep0Ym6D0k1hQLM2r7DIv+k//bmpodRV24bHhZ/kT
+CtCb2xK5/d1RGeRj0NBWtWoApQNo53chsPkCAwEAAaAAMA0GCSqGSIb3DQEBBQUA
+A4GBAEZdP93VI8InLmmg/d8SigIev7EfkTxhw1kVmGAdfbEpBuBuKj2ls7FUx6Ee
+hz72r2SjFGDJmPeAJwpL+DNQXc+8SywMMwGCTxgz2bHgBGKPc780SlezixYkxxuS
+uhkDw9o+SP7v4SQXhlHI9lEccEk3T7HmQc7uDZN81cHT/jjU
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl
+MQ8wDQYDVQQHEwZjaGFpbjIxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5
+IEx0ZDEPMA0GA1UECxMGY2hhaW4yMQ8wDQYDVQQDEwZjaGFpbjIxFTATBgkqhkiG
+9w0BCQEWBmNoYWluMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxCDHlh7F
+M0es5a0rC2PO5EQz438WrvDYfLCWAWk4Y09ifZfWMckNECT1F0AT8BpwcF4/BU3Z
+Z1LtQYO30ru/PSmYB6NkHi8eE4x6wWIzZjM+1CZaWZkFjmfHaM3yjW/7jAdjq1Bo
+A4iuClybtpvBGHvvzcnwXkSrVtbfSEHTIVECAwEAAaAAMA0GCSqGSIb3DQEBBQUA
+A4GBAJDdqMxSiUEjahKvVWsnaUOEqZADE9ncVH1Zp2oiIOTaGoj6TNR08BgAo1Rf
+OA5saruaJhak8gvZenvMjl48LoHq1rg5BxlumOqy87flCQO9YRP2+FTzcprCCMoK
+O8DuRov7j6+c30H2F3xaxABzlHlOniL659Q9gHm7tTg9dowK
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl
+MQ8wDQYDVQQHEwZjaGFpbjMxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5
+IEx0ZDEPMA0GA1UECxMGY2hhaW4zMQ8wDQYDVQQDEwZjaGFpbjMxFTATBgkqhkiG
+9w0BCQEWBmNoYWluMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAolI8t2S0
+BZLNslgMgVy0vaQQmRcaNfLe+Ibb6SSjAbHWA6n4K9HN93uawKCpjW00lHwsTFzA
+JttGE6PCxC3rrMtbZAksI+u1jIAS1s17+l/Zehe2/NVl+tSU2ZrPtZ6Hmfc+MmwN
+XB8Jd6FLrsFHJ2CifvWUZl976uGpsSRaQAMCAwEAAaAAMA0GCSqGSIb3DQEBBQUA
+A4GBAJ0QAZHBPgrCTfpY3x+iz798F/HUaXLdZ1PpGWvNAXA5eEvD3gQUW2VTDmxS
+WhvIIRuI5KMKAW+tngo/Avfq2pGDSAnBxA+sSLXg/Hesgx2v9A2PsHDQ7rsAZvsz
+N+QgyHD2tI/aD1vLnHpFJWy9RFCaWU67q5m09ox0M0AcYYbT
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl
+MQ8wDQYDVQQHEwZjaGFpbjQxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5
+IEx0ZDEPMA0GA1UECxMGY2hhaW40MQ8wDQYDVQQDEwZjaGFpbjQxFTATBgkqhkiG
+9w0BCQEWBmNoYWluNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtUoH2TmL
+bUaykbfQIOVeQY5ZnHiOsVSKLvtq8VEckHg6tpiu6xuGlDYcENGrR+KHlsvpcNte
+KS8k5sSh3ggzgWZbU4tUkNh1e+zEYmHrBl4P56SOO1NQjjHyQt9O4ziLRtVHroE+
+MZ5wQrYIt8Dtpz+5clsbIU4MdyFGkqClTqUCAwEAAaAAMA0GCSqGSIb3DQEBBQUA
+A4GBAJPwc6IqD20GEyd+ridxaMu2ZxWOSwDs8SZ+Zl9ysbCYP3fClBpL8aCoqPOG
+Mgwsp7m4KrwReNYO2jF2TPmHqrpdoYsFLh4SrET4GkUpbdNaJMbzJLcAHYC45W7J
+2WnliPdMRG44LAUYA+p46do627qcAHwTdqr0ULg9MNYxHEc4
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl
+MQ8wDQYDVQQHEwZjaGFpbjUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5
+IEx0ZDEPMA0GA1UECxMGY2hhaW41MQ8wDQYDVQQDEwZjaGFpbjUxFTATBgkqhkiG
+9w0BCQEWBmNoYWluNTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA8TJAs/mV
+YDopPBzMpPXlCBndMpWiYs81dMKFG5nJPjqQ0rWavprP6XcTJkzSeAY9GZvXOAVm
+ytI256LOvIGqMSPIXad8QSVEeZmsEDQWELgpoV2W+Ed/0VxosoWKmShlAJTZ5t8c
+N1nbiIdfs+WpiIaGMHHwIiRXOltYBNvDlA8CAwEAAaAAMA0GCSqGSIb3DQEBBQUA
+A4GBADmAeL4VKRFVGCVb4rH4HAtIb5Mzn5eqTmCPTqFHTCMfwuHLcvTiAtWZUnkY
+65AraaOnqxZHBeLDIYAX/4rTlg6kdCwnjcImYKuF7YP0aFAClon57cS0ZUKdxpO7
+1EVm2vFIpm0KI7tGHTFKU7FK3wu7GtXrdB4tVbW6i7skeWZD
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl
+MQ8wDQYDVQQHEwZzZXJ2ZXIxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5
+IEx0ZDEPMA0GA1UECxMGc2VydmVyMQ8wDQYDVQQDEwZzZXJ2ZXIxFTATBgkqhkiG
+9w0BCQEWBnNlcnZlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2XXqSUI5
+mCYPYTC983AXvcpbG6ExaJ1jfqbFHi4fE2Nr77AjtyG2Hvdl8QHnHErI0RUg6dTL
+nbJMV7SoSw7jW1QWEFE7P69R6ePQfR6jMFndjoy1aQJdo143AiIF4m0EuPsrM9VZ
+yeOedFllsn8D5Qzdk2IaVZRNXOG9zJkZBGECAwEAAaAAMA0GCSqGSIb3DQEBBQUA
+A4GBAIyuwA0UbZ3K93G8OmuSZ2Xiyt5nPvzRFIAZlK6TMGNYTmMWLEkNz/AL1qBX
+EByJmCuho83Ei4WRB4xaOfaL/Yq5cRR+Xadz8tjAwpzrT8JpxEUmj4MHABN0EcXr
+q3Gz0rvxnDiV6v+1TkbGAfdpzF+pZAh05DdtswLXJ2EoEn29
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+V 120512012141Z 00 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain1/CN=chain1/emailAddress=chain1
+V 120512012202Z 01 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain2/CN=chain2/emailAddress=chain2
+V 120512012213Z 02 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain3/CN=chain3/emailAddress=chain3
+V 120512012224Z 03 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain4/CN=chain4/emailAddress=chain4
+V 120512012235Z 04 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain5/CN=chain5/emailAddress=chain5
+V 120512012313Z 05 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=server/CN=server/emailAddress=server
--- /dev/null
+unique_subject = yes
--- /dev/null
+unique_subject = yes
--- /dev/null
+V 120512012141Z 00 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain1/CN=chain1/emailAddress=chain1
+V 120512012202Z 01 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain2/CN=chain2/emailAddress=chain2
+V 120512012213Z 02 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain3/CN=chain3/emailAddress=chain3
+V 120512012224Z 03 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain4/CN=chain4/emailAddress=chain4
+V 120512012235Z 04 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain5/CN=chain5/emailAddress=chain5
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDQ2Tl1WL4HR5EmTEItufVLHLPJ8ujJLx/VWKCu7CrUyp5NCA44
+Hv7KxHzrN5qrTQwy+EiN7UvcB+gLEZ/4sbjxdbZhaBZpz+ujJNPl2gdA8aaUprVK
+mHSnVyKZUU5js0vqXDIvWi9xvLoW9psWafYDlLdFl06B6RlqVTIOfxuqbQIDAQAB
+AoGALIc0Bf3+viSXIPg/X+p3DyW2e4dL9KEUg3NbBxCZbTcqGzhtd6+8GVVdYPVB
+B+bsg+2F4qTGeMpCwiFm3ypdSNMqPCe+u8UF8Sw82th7m+Tkj5nM4svtkMT+CWZ2
+/SkJDWPplv0ipBPmYCrX7pMyTkBQxIOAoJh5P2Bb2m+u0y0CQQD6jp0W3tNCZ2m1
+yoIGRWLQDANqZdiOarL2vlu9ksKxySu5sA/COcOCKS4JaE56uebSKZEriLdKFCqd
+X/fxv81rAkEA1WKpxTphvNhVKyNsMZbhLoMEB1XUHX08dap1Oiwp5nu4S95RFXKE
+LAwngdqApRwrqXQO9WqDpMIDbkHnu2nFhwJBALCgDh8MLxK1gbB0NBqlmRWeEl5T
+s0gZ8VS9NkC6D2Nys88vTLyXKbo8u0ZIcGJVYGCwirSMqOCgvLW57DhQBEcCQQCg
+A4mdvcb3Lx7G55xFn4gjMdo+ie0zY+uHrRiVU/LjxJkSQ5d4RtS4lzC1Hp5jsjlH
+rCFfhc1MKrUZ5FAa6RlXAkBG+TojT8xAF+XzxPEG8ZIRpS75PDek+BTOJNpxbvvk
+LyEbsJ054HwYJbEenYrhJiAXGRxQS9wzTXm7vUO/NZlJ
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCubdMYP7Jjq/tyzv+aiwdKUsWZDp5caM6CZwd6JxGYp/46aD9O
+S3TUpXcVh36cnxCCLxzjwMceizWrOvYTRIFDIqf6BjacVVN6nRiboPSTWFAszavs
+Mi/6T/9uamh1FXbhseFn+RMK0JvbErn93VEZ5GPQ0Fa1agClA2jndyGw+QIDAQAB
+AoGATPoWoKrrlOT/EMmdL5yPWRNyNHupE2sFR7MkL5oyP8ZTgX8kAO933agwB4ZG
+L+RaqrkT7MbUmPwicTCSDCq9SCLSL+fQS/hujdRbsBhnLTuAiaIblmpDYO5z6Rma
+tUXnImdvKROpYmBNNzFzDlj0686KahdYGXJOTFYSST3QHEkCQQDap3/5ursNj1NY
+dehaiUhYD3mOqgrj/MhN+JHNR6Eb3qQQ1Aa/rQmEkPnmopNy7qc/B+6Y4CMxNLkM
+bHSyre2/AkEAzDibGZCBct4slqyuPyZTfgh3UQSaCQ4CSF7HG/Pj/ZeHqDnKoxR7
+v//WZy5gxHZ7CrSWM/laNOd6svdtQs1/RwJBAJ1UMK1MQxN6sYnRLSMX7MoQOHMC
+v1tUo/wWgzKl+7LF/F9vcHuy0kpk1quxB0+HkSe1WWT+wdPCD/R0hXOb2pkCQFt0
+ehjfuujbEDLF0B6dpkRJvE0+91BYwrLwJtCgzxgQ1QKEJvgTQzv/cV+xyEoTGRT5
+PE64Oyp4A13EKl0BNB8CQF7C0zzEBE/MngPizBU6KEfo47c0hD57IUVGcIA3juwm
+AELZem13BOjaDk9CEZppfk1lpdU0ZKmkIodlDwLVgLE=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDEIMeWHsUzR6zlrSsLY87kRDPjfxau8Nh8sJYBaThjT2J9l9Yx
+yQ0QJPUXQBPwGnBwXj8FTdlnUu1Bg7fSu789KZgHo2QeLx4TjHrBYjNmMz7UJlpZ
+mQWOZ8dozfKNb/uMB2OrUGgDiK4KXJu2m8EYe+/NyfBeRKtW1t9IQdMhUQIDAQAB
+AoGALCNoZ2uDW9gMnB/NqSGMJSkIOHGYjERdpColiCnC6+6orrUmGkwx6Wk300Sz
+d/yrQ06ihjIP9EXgaTcYfo+MKPW4pt5P980H8sZg8XKSwv94gigKoSLAT0jPmFr1
+Z9YXew3b3Js0sd0K/i79pTAC1uIzaHeBjgB+D/SVbVmiX+UCQQDl66n5k43+aidO
+TDVizP59SvUPulvEkiWyy59+pvIBkAVtpYFQkS8Ty50M3w+qk3wmjPUbl6NeqFbw
+Qb75rLZbAkEA2l/c5D3XdWOmSb8eA5jIa6fIytSHRjOaiYGOAhzH/umWgtmqwNPg
+xG9CNsw35bRj9PrL2wpw0UlFUWykdkXOwwJBANKBgP9bZH8R6+jZB2vtKffHADYl
+Ns3zzQY1PlM0QJDDruSjypDcTFEAdEsLk4lmPR4Cootfu5j34ZlZaKOpyM8CQHC/
+YAAkAdNlMN0QpQF8Z7ZVubEni/Rt/lMSpexnScdOeVxz39qRSpKBUzGRvSaHPbil
+qI0eVeNorjZ9HmjGYBsCQQDEMANkM1n9eYcOuDseJpxh2G43IUN2zJauOkChQ3QH
+Rd9aNw3GPBzKw2JbGuYQqdHPMdaoUcCcRAkQQbS2kEm7
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCiUjy3ZLQFks2yWAyBXLS9pBCZFxo18t74htvpJKMBsdYDqfgr
+0c33e5rAoKmNbTSUfCxMXMAm20YTo8LELeusy1tkCSwj67WMgBLWzXv6X9l6F7b8
+1WX61JTZms+1noeZ9z4ybA1cHwl3oUuuwUcnYKJ+9ZRmX3vq4amxJFpAAwIDAQAB
+AoGBAIRhv4TuS2eUP9AowSIrwng7uxGv5r+C8VgNXIK7T3oNWHaqg2zxciJZm29o
+WH+wRcanstUge9H02SUhVLH8pYx9fFj0swfRhul8ISYVTRowH8I3K5wXjmeBU+z3
+WWyJfFqbsvyTaxdfEfXIoWI/d4vHVz5DeTnWKtntr/Nls/whAkEA1Yw3m3RERisP
+Ck9/1C2pzOBtrtHKLVJzQDV/NZBo7+CIMxuOWnbDNnoi+IgacNYtCfxchbF7TtUk
++Pm07HqV0wJBAMKXBdak9PtQjNHyGEyzpqlZpM0auukgXY/EgOcVC86vof2fR5f9
+vhvMLbsxkFWziH1rt67H/8YAhnGpTt/PXxECQBONyFW6urm2HaVzDCBwofi5oDF+
+0kV+JEF/5IsSExnL9IzBfDJ6Z3uoiWU6iTlF00/zxMEVNFZOnBkUPGXe/7MCQHfi
+xdUVcl23pdrfVftDn8Wsli1Lb6abqykdPvGf9NNVP+9bB6frzAmiRPaUtcEnSEtF
+ZziGvd2Gi05RqmeXgpECQQCTS/meiClVDAn0Wnc3WgShKSBQINIiWUWApsAOdVSJ
+32yo5yR9qScoaW9TDroHiEfshdnC7NNh1fBbLZna96if
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQC1SgfZOYttRrKRt9Ag5V5BjlmceI6xVIou+2rxURyQeDq2mK7r
+G4aUNhwQ0atH4oeWy+lw214pLyTmxKHeCDOBZltTi1SQ2HV77MRiYesGXg/npI47
+U1COMfJC307jOItG1UeugT4xnnBCtgi3wO2nP7lyWxshTgx3IUaSoKVOpQIDAQAB
+AoGAC9E3kcFehVEGctk4h+xrqHpO/RQeuRB5sXZSEkjnQ8OSkDSDsm+o5iBg0/fW
+4mixzfKc1O53xNd94E0RABgowzpg3cuOkLWmBYyw//9av3EQUPH9ZKrr1cVgHUvN
+pTJckhiZTbMPCibdoeulorkjWJ2kgsz8d4NKpBz03VyUHkECQQDtbYze5rXNXtAc
+OyYJv33CyKf8D5e7A4Gv9KRAjQF/6dNniRxggzPB8uE30EeC/iJ2f/o8NcItSlxE
+y5PDxF8nAkEAw3hP/xqp5FVH78i3DL1X9WuQDy+eTXv9GCt7Y51jKLRcG5ArwQuy
+uIwx9Ki3REiVBsKNH+YPj9mhmNOLuFsDUwJAFr2IYY0NWqc7HYkYwpRBsldPp5fC
+u5nBYR34YWpf+2Vk5yS9wAyw92GQ6qybPNOkb18gk4W+nGHj5n7tHzH+vwJAMmoq
+f8pZvSl9t0uWYrPHJuZKLpCCjMuI2J4GYgfq1knGY9mIX27r9os6KzcEpZjuzuKI
+0YxdwSVJd4hARhk7PwJACI3n/qMb/AiYY9Kh2vUZFcV10BA4zN2bq69wmmSzsIqx
+wRBOALPPKRKDsS/aA7ZgPAAiHjXcyazXyWKeObeQ3w==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDxMkCz+ZVgOik8HMyk9eUIGd0ylaJizzV0woUbmck+OpDStZq+
+ms/pdxMmTNJ4Bj0Zm9c4BWbK0jbnos68gaoxI8hdp3xBJUR5mawQNBYQuCmhXZb4
+R3/RXGiyhYqZKGUAlNnm3xw3WduIh1+z5amIhoYwcfAiJFc6W1gE28OUDwIDAQAB
+AoGAVG4P4jBCzs1tM8KtDC2bP6u2F4fzsPzxrG6PI6tAm8zqdyflBEWy8/mftW98
+2VDtwHIh81VIt0TAvXLrRWdqSF1KqaP1rGdfBBjy7VX/F/RM9BJkGyGGK4muFn5z
+ILkTyUokCIvCea59Nxjz8efk4UT8VKTrLUe/aW7AYtyFaRECQQD9hDdNGtkh2CiX
+BaMY8kbamWRNGO+hthD3bmtWaqBJBY2F/bgF0D1F71bMT2Po1JX01GLrPDX/WDIY
+JANfHYkHAkEA848js49pOq2Xeu7vQUbUGufjiAxq5WcMiM1qrNBIi8Nz7eSC20WO
+NB4f39UU7K0HndnpohEcCkBa+5j0efqCuQJBAPChlNQtDbhgMnbWtO6y2KoZOukr
+KBl4dTZGqr+FycpF6QUrxIZQGDjParXXDWAsmIGhLptVtXM/RZ1AYargn/UCQAb4
+zfjR3h1D4tYuCMNBl8i9YpH+aQDwFjfESY1w2OLHUYY5yFUmhI+RXTA3FUZBHbqz
+BjERdFAGz5PsKPNk7GECQGoi4PRFAA/VRgDQ5PVYqW86pfG0ULyneHBZIg57Urqg
+5Umq3ct6qZT+/H2pSonJYkNWKdMJiCK7jU6H5h7z47E=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDZdepJQjmYJg9hML3zcBe9ylsboTFonWN+psUeLh8TY2vvsCO3
+IbYe92XxAeccSsjRFSDp1MudskxXtKhLDuNbVBYQUTs/r1Hp49B9HqMwWd2OjLVp
+Al2jXjcCIgXibQS4+ysz1VnJ4550WWWyfwPlDN2TYhpVlE1c4b3MmRkEYQIDAQAB
+AoGAGiCCr56XUOJxwpmamN8E2zauz5kEWK9gPt1GnaOo9Clj1H5zLBOO0BWlV9mE
+rO+HRSemtrFsbVv4tCjud2Yohp2yAAe8nnW33Xf4KDLZ62wtP5HCXaIoNZKmTnpC
+QHc2I/k674jUGE4tCvrYwg0CJQQrpTpXizA8YECudxZ48okCQQD9gKVPdlBeEsF2
+OVKHF//n1LI6+2cD9sWoPzdXayVcpemDyTl+GIQYhqZDVWsMj6DvfOHHlNZdYGr2
+XrmCbvCvAkEA25peZpnAnnwcqgKUrbaNKq5rmYPtbdu5I6rloMUs/OiO2lHkXs9Q
+QN904G1dTYOcaEOVH5nMuwD04Es/7Lj/7wJBALE9SddV9Hjhiivbhiz4Ba8UUgzV
+C0CFP8sTb+EKA9RUGAFRJoZYI7t2ITcAuNjObwoieUVudbZRnFdnATMF1/cCQQCF
+SEvDOc4OYoWDKc3TINjM7s+ffNK9un3DiBWWXhXP6dXJ66oPYQP0W6s0Cyx1v0tO
+fLYlV9NKLGpzNzi1FBNBAkAO4WRyZXBK9BVBLyfJq77uptlLZW71yl2X1oSklFyM
+MpLH4u1SJorRypt7MsxPgcF4pAZSs/TWaCmx8nmSBcEE
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 5 (0x5)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain5, CN=chain5/emailAddress=chain5
+ Validity
+ Not Before: May 13 01:23:13 2011 GMT
+ Not After : May 12 01:23:13 2012 GMT
+ Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=server, CN=server/emailAddress=server
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d9:75:ea:49:42:39:98:26:0f:61:30:bd:f3:70:
+ 17:bd:ca:5b:1b:a1:31:68:9d:63:7e:a6:c5:1e:2e:
+ 1f:13:63:6b:ef:b0:23:b7:21:b6:1e:f7:65:f1:01:
+ e7:1c:4a:c8:d1:15:20:e9:d4:cb:9d:b2:4c:57:b4:
+ a8:4b:0e:e3:5b:54:16:10:51:3b:3f:af:51:e9:e3:
+ d0:7d:1e:a3:30:59:dd:8e:8c:b5:69:02:5d:a3:5e:
+ 37:02:22:05:e2:6d:04:b8:fb:2b:33:d5:59:c9:e3:
+ 9e:74:59:65:b2:7f:03:e5:0c:dd:93:62:1a:55:94:
+ 4d:5c:e1:bd:cc:99:19:04:61
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 2E:EE:9A:24:CA:AA:22:7C:B3:7F:13:56:FC:A8:FC:06:0F:FB:63:7D
+ X509v3 Authority Key Identifier:
+ DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain4/CN=chain4/emailAddress=chain4
+ serial:04
+
+ Signature Algorithm: sha1WithRSAEncryption
+ d6:e7:97:51:80:37:cc:cf:b5:96:47:cc:4b:ca:62:f4:d1:43:
+ a1:d2:8b:9a:21:50:99:04:9f:c0:00:f1:0c:71:18:82:88:63:
+ 9e:86:6c:a1:2c:25:0e:c1:30:32:db:02:5b:47:ae:8d:5e:ba:
+ 0f:3d:16:84:39:c6:30:91:8d:b9:23:1b:a9:58:52:9c:49:81:
+ c9:87:e3:34:1d:dc:a0:dd:81:0b:1e:f6:d7:a7:2e:bd:dc:1c:
+ 7b:d7:5c:0f:ec:da:09:81:45:36:63:76:e8:31:ba:cd:26:dc:
+ 7a:80:18:c4:3e:be:14:14:07:dc:4b:1a:b5:c4:2c:38:10:f6:
+ 13:84
+-----BEGIN CERTIFICATE-----
+MIIDZTCCAs6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
+dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjUxDzANBgNVBAMTBmNoYWluNTEVMBMGCSqG
+SIb3DQEJARYGY2hhaW41MB4XDTExMDUxMzAxMjMxM1oXDTEyMDUxMjAxMjMxM1ow
+fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGc2VydmVyMQ8wDQYDVQQD
+EwZzZXJ2ZXIxFTATBgkqhkiG9w0BCQEWBnNlcnZlcjCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEA2XXqSUI5mCYPYTC983AXvcpbG6ExaJ1jfqbFHi4fE2Nr77Aj
+tyG2Hvdl8QHnHErI0RUg6dTLnbJMV7SoSw7jW1QWEFE7P69R6ePQfR6jMFndjoy1
+aQJdo143AiIF4m0EuPsrM9VZyeOedFllsn8D5Qzdk2IaVZRNXOG9zJkZBGECAwEA
+AaOB8jCB7zAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQULu6aJMqqInyzfxNW/Kj8Bg/7Y30w
+gZQGA1UdIwSBjDCBiaGBg6SBgDB+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
+ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ8wDQYD
+VQQLEwZjaGFpbjQxDzANBgNVBAMTBmNoYWluNDEVMBMGCSqGSIb3DQEJARYGY2hh
+aW40ggEEMA0GCSqGSIb3DQEBBQUAA4GBANbnl1GAN8zPtZZHzEvKYvTRQ6HSi5oh
+UJkEn8AA8QxxGIKIY56GbKEsJQ7BMDLbAltHro1eug89FoQ5xjCRjbkjG6lYUpxJ
+gcmH4zQd3KDdgQse9tenLr3cHHvXXA/s2gmBRTZjdugxus0m3HqAGMQ+vhQUB9xL
+GrXELDgQ9hOE
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICpzCCAhCgAwIBAgIBADANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJDUjEM
+MAoGA1UECBMDU1RSMQswCQYDVQQKEwJPUjEMMAoGA1UECxMDT1VSMQwwCgYDVQQD
+EwNDTlIxFTATBgkqhkiG9w0BCQEWBkVtYWlsUjAeFw0wNzEyMTkwNTE5MjBaFw0x
+MDEyMTgwNTE5MjBaMFsxCzAJBgNVBAYTAkNSMQwwCgYDVQQIEwNTVFIxCzAJBgNV
+BAoTAk9SMQwwCgYDVQQLEwNPVVIxDDAKBgNVBAMTA0NOUjEVMBMGCSqGSIb3DQEJ
+ARYGRW1haWxSMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG2dhVCOuBD2i4
+mjWLU8vkQpRVylojbSzxvO3uynaOZAnhqLxu2F2ugR1NLJOlrgbjq13xCO4FjKZj
+eb4kln5HJl7GLCNz8ns2+kAtwiVfpZnQ8U6Y/1BLiB7sLH+ONB4g6Rm9cgST1e6H
+e/EJMkzU75+wkj94ORZ4TINDU4kU4QIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUX0cbXBYMGt9k4/HRapEA9XUlKk4wHwYDVR0jBBgwFoAUX0cbXBYMGt9k4/HR
+apEA9XUlKk4wDQYJKoZIhvcNAQEFBQADgYEAXyKHjF6k0yNY/og30g1+SsNxYNqC
+yzGEbCywXELFakhQ1qmx12VY6qkeo+khyuiRfp9cDx8sSQ2asypIYeO9ctRNmp4D
+lC8YNI7BdY/g4Xq7uy4BKeng8Mv8VNAtdBaKreJqSk5RvQmepXRiTJgo2DzGlCU5
+3aU1rQ6vF96wFt4=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMCS1Ix
+FDASBgNVBAgTC0t5dW5nLWdpIGRvMRIwEAYDVQQHEwlTdS13b24gc2kxEDAOBgNV
+BAoTB1NhbXN1bmcxDDAKBgNVBAsTA0RNQzEQMA4GA1UEAxMHQ0EgY2VydDEdMBsG
+CSqGSIb3DQEJARYOY2FAc2Ftc3VuZy5jb20wHhcNMTEwNDAxMDgyNDAyWhcNMTIw
+MzMxMDgyNDAyWjBWMQswCQYDVQQGEwJLUjEUMBIGA1UECBMLS3l1bmctZ2kgZG8x
+EDAOBgNVBAoTB1NhbXN1bmcxDDAKBgNVBAsTA0RNQzERMA8GA1UEAxMIdGVzdHRl
+c3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOP+k1tVoVt6Sbvv/y41PP/2
+abO0S3EJW2p/twZ164Dzd7g21r63zUkBfD3pET0x2IL1N48QlTYwDj7bmzRH+i1v
+7Jxk4w6Op7Oho0mPjJ+Plvjfz5LCuwOOupw5V6TpZ2FtGaFcNWIK20BaLuZOyDAl
+m0HXGbfkuESZ9dayHvEtAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgEN
+BB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQ6leM2
+NG1RdqMk7cmJ1IVi2Zjk+DAfBgNVHSMEGDAWgBTNauriVKaL7CMpmNmXIOmNU7GR
+hTANBgkqhkiG9w0BAQUFAAOBgQCU+c0daLk+AHvSOetVRVFkkY3VMnWw7RURD8CU
+FDkb+Kz6huYlvh9pfkGn7HmxjUARJ6UpxokZ69toOv1UB0Ix4kyT3CCvf0EcnrjG
+1fAYrROOhNYlntSTDcgwB2VzXSZ9WEAOBj/B+/nGb7gkkAmf++4FKTMQLZvg5gQr
+700V7Q==
+-----END CERTIFICATE-----
--- /dev/null
+afgnwthbgowjfkvbasdlkfgnaldfnglkwdafbkwjtghsghsfgusrfghadfht5ehadgfhsg
+hsfghsdrghsfh56h thdfghedrgrger[gfdghwdfhsadfhgsdfhasdfghasdfhsadfhgadfg
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICsDCCAhmgAwIBAgIJAN8GoBDEijurMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTEwNTE5MDExMzEyWhcNMTIwNTE4MDExMzEyWjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDQXOd31QayaocvkpRZgLPd0d+bUaoMWQE5t6NtgKmvC83o3qZFoigKjox2BeTx
++ywyhAMiLpob2Hn3Rl4OuKFIUiEn6xdpW+29HeenxK2cZRVmfdsqylqpkdfi3fQY
+aIDp4Z+aHXaVAN/5hz5UtRHKlMaz+euTLd6BhQPQX0txFwIDAQABo4GnMIGkMB0G
+A1UdDgQWBBSsnqdXF5mOVx9EXUG/y7O7nRjIWTB1BgNVHSMEbjBsgBSsnqdXF5mO
+Vx9EXUG/y7O7nRjIWaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
+U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAN8GoBDE
+ijurMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAzkDAU7L/iIuweO2n
+2AoFzTX9sIk+1vq5CC5jtgCOe9Sa92TJcKDOySxpZJz5gpW+bZi+BjNbYiSqMASg
+whlY63X+i0Ea5RKZTkoQZLfWw+dKKIlSqJfixkUPScOn7mmDM8sCMMXNJ/KaZqRK
+Ojl5x1BXedyIzOzk/7Dcz2jGQUs=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDQXOd31QayaocvkpRZgLPd0d+bUaoMWQE5t6NtgKmvC83o3qZF
+oigKjox2BeTx+ywyhAMiLpob2Hn3Rl4OuKFIUiEn6xdpW+29HeenxK2cZRVmfdsq
+ylqpkdfi3fQYaIDp4Z+aHXaVAN/5hz5UtRHKlMaz+euTLd6BhQPQX0txFwIDAQAB
+AoGBAMJNAGSUuGwEPxAzxjc4d4Jwxe4W11YwYZ4rCzF/+7wKa/euOKtSrbg6ee1N
+TdQBf5OT20Ay6O7yjbnzWp6ruWkCbTtRSd2GY/hUP+o0XEEeyRAEvWD6UCeWlUy9
+Geu8ePe30O6tvdBdS33+Y1OLHbSyA6UobT040HwiLOeKX67BAkEA8AAKZvtiuJmm
+muMkja4arMs1iGEezvMqBLhcqmqB4IOMbOWGgXUpdz/RVU8bkv6aoz7MmcIAyr+h
+POLh84mXZwJBAN5A7UQmBGiPd3eMI3012wf2N6MGbRk/5ZkVOO5q/0kPq3Mqdmfi
+oZpqUOLvTqdeYPJCIPKN3SAMne9v4oCautECQQDYVgEKcUG8yuvuJB+4Ap+S8J3x
+sDH4NCLFHHaTOuyVt56mLoN/QGA/WOxWLLfbWduEmUAOvVy/ZdtuqckpIPazAkBE
+RQdczpy+DYux8h8YoAlm2a/faOLsRZ9eNZGmUsGWDLUqjBmQ8aGYUB4Gh2HOsYPw
+BnYea4tIA/gji2e0/1JxAkEAswhUY3QeaXIawxdnswmeHu5KUhiM2LZXSo+DoOf2
+vNDPZviZX2LaZ79i1na3JkFaYJvLSemBICbLwWC/3GgOAg==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 5 (0x5)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain5, CN=chain5/emailAddress=chain5
+ Validity
+ Not Before: May 13 01:23:13 2011 GMT
+ Not After : May 12 01:23:13 2012 GMT
+ Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=server, CN=server/emailAddress=server
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d9:75:ea:49:42:39:98:26:0f:61:30:bd:f3:70:
+ 17:bd:ca:5b:1b:a1:31:68:9d:63:7e:a6:c5:1e:2e:
+ 1f:13:63:6b:ef:b0:23:b7:21:b6:1e:f7:65:f1:01:
+ e7:1c:4a:c8:d1:15:20:e9:d4:cb:9d:b2:4c:57:b4:
+ a8:4b:0e:e3:5b:54:16:10:51:3b:3f:af:51:e9:e3:
+ d0:7d:1e:a3:30:59:dd:8e:8c:b5:69:02:5d:a3:5e:
+ 37:02:22:05:e2:6d:04:b8:fb:2b:33:d5:59:c9:e3:
+ 9e:74:59:65:b2:7f:03:e5:0c:dd:93:62:1a:55:94:
+ 4d:5c:e1:bd:cc:99:19:04:61
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 2E:EE:9A:24:CA:AA:22:7C:B3:7F:13:56:FC:A8:FC:06:0F:FB:63:7D
+ X509v3 Authority Key Identifier:
+ DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain4/CN=chain4/emailAddress=chain4
+ serial:04
+
+ Signature Algorithm: sha1WithRSAEncryption
+ d6:e7:97:51:80:37:cc:cf:b5:96:47:cc:4b:ca:62:f4:d1:43:
+ a1:d2:8b:9a:21:50:99:04:9f:c0:00:f1:0c:71:18:82:88:63:
+ 9e:86:6c:a1:2c:25:0e:c1:30:32:db:02:5b:47:ae:8d:5e:ba:
+ 0f:3d:16:84:39:c6:30:91:8d:b9:23:1b:a9:58:52:9c:49:81:
+ c9:87:e3:34:1d:dc:a0:dd:81:0b:1e:f6:d7:a7:2e:bd:dc:1c:
+ 7b:d7:5c:0f:ec:da:09:81:45:36:63:76:e8:31:ba:cd:26:dc:
+ 7a:80:18:c4:3e:be:14:14:07:dc:4b:1a:b5:c4:2c:38:10:f6:
+ 13:84
+-----BEGIN CERTIFICATE-----
+MIIDZTCCAs6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
+dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjUxDzANBgNVBAMTBmNoYWluNTEVMBMGCSqG
+SIb3DQEJARYGY2hhaW41MB4XDTExMDUxMzAxMjMxM1oXDTEyMDUxMjAxMjMxM1ow
+fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGc2VydmVyMQ8wDQYDVQQD
+EwZzZXJ2ZXIxFTATBgkqhkiG9w0BCQEWBnNlcnZlcjCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEA2XXqSUI5mCYPYTC983AXvcpbG6ExaJ1jfqbFHi4fE2Nr77Aj
+tyG2Hvdl8QHnHErI0RUg6dTLnbJMV7SoSw7jW1QWEFE7P69R6ePQfR6jMFndjoy1
+aQJdo143AiIF4m0EuPsrM9VZyeOedFllsn8D5Qzdk2IaVZRNXOG9zJkZBGECAwEA
+AaOB8jCB7zAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQULu6aJMqqInyzfxNW/Kj8Bg/7Y30w
+gZQGA1UdIwSBjDCBiaGBg6SBgDB+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
+ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ8wDQYD
+VQQLEwZjaGFpbjQxDzANBgNVBAMTBmNoYWluNDEVMBMGCSqGSIb3DQEJARYGY2hh
+aW40ggEEMA0GCSqGSIb3DQEBBQUAA4GBANbnl1GAN8zPtZZHzEvKYvTRQ6HSi5oh
+UJkEn8AA8QxxGIKIY56GbKEsJQ7BMDLbAltHro1eug89FoQ5xjCRjbkjG6lYUpxJ
+gcmH4zQd3KDdgQse9tenLr3cHHvXXA/s2gmBRTZjdugxus0m3HqAGMQ+vhQUB9xL
+GrXELDgQ9hOE
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDZdepJQjmYJg9hML3zcBe9ylsboTFonWN+psUeLh8TY2vvsCO3
+IbYe92XxAeccSsjRFSDp1MudskxXtKhLDuNbVBYQUTs/r1Hp49B9HqMwWd2OjLVp
+Al2jXjcCIgXibQS4+ysz1VnJ4550WWWyfwPlDN2TYhpVlE1c4b3MmRkEYQIDAQAB
+AoGAGiCCr56XUOJxwpmamN8E2zauz5kEWK9gPt1GnaOo9Clj1H5zLBOO0BWlV9mE
+rO+HRSemtrFsbVv4tCjud2Yohp2yAAe8nnW33Xf4KDLZ62wtP5HCXaIoNZKmTnpC
+QHc2I/k674jUGE4tCvrYwg0CJQQrpTpXizA8YECudxZ48okCQQD9gKVPdlBeEsF2
+OVKHF//n1LI6+2cD9sWoPzdXayVcpemDyTl+GIQYhqZDVWsMj6DvfOHHlNZdYGr2
+XrmCbvCvAkEA25peZpnAnnwcqgKUrbaNKq5rmYPtbdu5I6rloMUs/OiO2lHkXs9Q
+QN904G1dTYOcaEOVH5nMuwD04Es/7Lj/7wJBALE9SddV9Hjhiivbhiz4Ba8UUgzV
+C0CFP8sTb+EKA9RUGAFRJoZYI7t2ITcAuNjObwoieUVudbZRnFdnATMF1/cCQQCF
+SEvDOc4OYoWDKc3TINjM7s+ffNK9un3DiBWWXhXP6dXJ66oPYQP0W6s0Cyx1v0tO
+fLYlV9NKLGpzNzi1FBNBAkAO4WRyZXBK9BVBLyfJq77uptlLZW71yl2X1oSklFyM
+MpLH4u1SJorRypt7MsxPgcF4pAZSs/TWaCmx8nmSBcEE
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ localKeyID: 36 5A C4 1E 25 04 62 BD 9A E0 42 59 82 36 DD 24 FE AD 83 A0
+subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=server/CN=server/emailAddress=server
+issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain5/CN=chain5/emailAddress=chain5
+-----BEGIN CERTIFICATE-----
+MIIDZTCCAs6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
+dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjUxDzANBgNVBAMTBmNoYWluNTEVMBMGCSqG
+SIb3DQEJARYGY2hhaW41MB4XDTExMDUxMzAxMjMxM1oXDTEyMDUxMjAxMjMxM1ow
+fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGc2VydmVyMQ8wDQYDVQQD
+EwZzZXJ2ZXIxFTATBgkqhkiG9w0BCQEWBnNlcnZlcjCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEA2XXqSUI5mCYPYTC983AXvcpbG6ExaJ1jfqbFHi4fE2Nr77Aj
+tyG2Hvdl8QHnHErI0RUg6dTLnbJMV7SoSw7jW1QWEFE7P69R6ePQfR6jMFndjoy1
+aQJdo143AiIF4m0EuPsrM9VZyeOedFllsn8D5Qzdk2IaVZRNXOG9zJkZBGECAwEA
+AaOB8jCB7zAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQULu6aJMqqInyzfxNW/Kj8Bg/7Y30w
+gZQGA1UdIwSBjDCBiaGBg6SBgDB+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
+ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ8wDQYD
+VQQLEwZjaGFpbjQxDzANBgNVBAMTBmNoYWluNDEVMBMGCSqGSIb3DQEJARYGY2hh
+aW40ggEEMA0GCSqGSIb3DQEBBQUAA4GBANbnl1GAN8zPtZZHzEvKYvTRQ6HSi5oh
+UJkEn8AA8QxxGIKIY56GbKEsJQ7BMDLbAltHro1eug89FoQ5xjCRjbkjG6lYUpxJ
+gcmH4zQd3KDdgQse9tenLr3cHHvXXA/s2gmBRTZjdugxus0m3HqAGMQ+vhQUB9xL
+GrXELDgQ9hOE
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ localKeyID: 36 5A C4 1E 25 04 62 BD 9A E0 42 59 82 36 DD 24 FE AD 83 A0
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDZdepJQjmYJg9hML3zcBe9ylsboTFonWN+psUeLh8TY2vvsCO3
+IbYe92XxAeccSsjRFSDp1MudskxXtKhLDuNbVBYQUTs/r1Hp49B9HqMwWd2OjLVp
+Al2jXjcCIgXibQS4+ysz1VnJ4550WWWyfwPlDN2TYhpVlE1c4b3MmRkEYQIDAQAB
+AoGAGiCCr56XUOJxwpmamN8E2zauz5kEWK9gPt1GnaOo9Clj1H5zLBOO0BWlV9mE
+rO+HRSemtrFsbVv4tCjud2Yohp2yAAe8nnW33Xf4KDLZ62wtP5HCXaIoNZKmTnpC
+QHc2I/k674jUGE4tCvrYwg0CJQQrpTpXizA8YECudxZ48okCQQD9gKVPdlBeEsF2
+OVKHF//n1LI6+2cD9sWoPzdXayVcpemDyTl+GIQYhqZDVWsMj6DvfOHHlNZdYGr2
+XrmCbvCvAkEA25peZpnAnnwcqgKUrbaNKq5rmYPtbdu5I6rloMUs/OiO2lHkXs9Q
+QN904G1dTYOcaEOVH5nMuwD04Es/7Lj/7wJBALE9SddV9Hjhiivbhiz4Ba8UUgzV
+C0CFP8sTb+EKA9RUGAFRJoZYI7t2ITcAuNjObwoieUVudbZRnFdnATMF1/cCQQCF
+SEvDOc4OYoWDKc3TINjM7s+ffNK9un3DiBWWXhXP6dXJ66oPYQP0W6s0Cyx1v0tO
+fLYlV9NKLGpzNzi1FBNBAkAO4WRyZXBK9BVBLyfJq77uptlLZW71yl2X1oSklFyM
+MpLH4u1SJorRypt7MsxPgcF4pAZSs/TWaCmx8nmSBcEE
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAuqgAwIBAgIJAMU+zh6oJmrXMA0GCSqGSIb3DQEBBQUAMIGIMQswCQYD
+VQQGEwJLUjEUMBIGA1UECBMLS3l1bmctZ2kgZG8xEjAQBgNVBAcTCVN1LXdvbiBz
+aTEQMA4GA1UEChMHU2Ftc3VuZzEMMAoGA1UECxMDRE1DMRAwDgYDVQQDEwdDQSBj
+ZXJ0MR0wGwYJKoZIhvcNAQkBFg5jYUBzYW1zdW5nLmNvbTAeFw0xMTAzMjkwMjQ1
+MzhaFw0xMjAzMjgwMjQ1MzhaMIGIMQswCQYDVQQGEwJLUjEUMBIGA1UECBMLS3l1
+bmctZ2kgZG8xEjAQBgNVBAcTCVN1LXdvbiBzaTEQMA4GA1UEChMHU2Ftc3VuZzEM
+MAoGA1UECxMDRE1DMRAwDgYDVQQDEwdDQSBjZXJ0MR0wGwYJKoZIhvcNAQkBFg5j
+YUBzYW1zdW5nLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwTDwxz9h
+2KaO4X29eKQxT3XCNRMnzSpx62rNLLGaXYrOMYHQcUDOkwEFRw4fV4yxqXgwk7Bv
+4C+anNX2jN6SkYGEj4mGDVrE0jaI60X04tf3fAb0Ltw2PEgKsB56X75PNAxGP8oh
+/y6fysoCAEyNhoYnwEsRrSfWY8iAm+hKAxUCAwEAAaOB8DCB7TAdBgNVHQ4EFgQU
+zWrq4lSmi+wjKZjZlyDpjVOxkYUwgb0GA1UdIwSBtTCBsoAUzWrq4lSmi+wjKZjZ
+lyDpjVOxkYWhgY6kgYswgYgxCzAJBgNVBAYTAktSMRQwEgYDVQQIEwtLeXVuZy1n
+aSBkbzESMBAGA1UEBxMJU3Utd29uIHNpMRAwDgYDVQQKEwdTYW1zdW5nMQwwCgYD
+VQQLEwNETUMxEDAOBgNVBAMTB0NBIGNlcnQxHTAbBgkqhkiG9w0BCQEWDmNhQHNh
+bXN1bmcuY29tggkAxT7OHqgmatcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUF
+AAOBgQB6dqH4U00mnavG0bUVTjhEwYbdQtpSc+fKB3+O9QY4PlLttyd3GfeKmsxe
+Z2RwUtUd3vjEDNPROcDAow6bHdy4B++qoojKVj1INJI0iDG/i6NUnDofsH+NS7mW
+J6FKF6ukwnTfk2HjvIfrLO6S8nSVa1dSoB2GHzg2kWgm36a9pw==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=AU, ST=Some-State, L=root, O=Internet Widgits Pty Ltd, OU=root, CN=root/emailAddress=root
+ Validity
+ Not Before: May 13 01:21:41 2011 GMT
+ Not After : May 12 01:21:41 2012 GMT
+ Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain1, CN=chain1/emailAddress=chain1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ae:6d:d3:18:3f:b2:63:ab:fb:72:ce:ff:9a:8b:
+ 07:4a:52:c5:99:0e:9e:5c:68:ce:82:67:07:7a:27:
+ 11:98:a7:fe:3a:68:3f:4e:4b:74:d4:a5:77:15:87:
+ 7e:9c:9f:10:82:2f:1c:e3:c0:c7:1e:8b:35:ab:3a:
+ f6:13:44:81:43:22:a7:fa:06:36:9c:55:53:7a:9d:
+ 18:9b:a0:f4:93:58:50:2c:cd:ab:ec:32:2f:fa:4f:
+ ff:6e:6a:68:75:15:76:e1:b1:e1:67:f9:13:0a:d0:
+ 9b:db:12:b9:fd:dd:51:19:e4:63:d0:d0:56:b5:6a:
+ 00:a5:03:68:e7:77:21:b0:f9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 01:d3:3c:dc:a0:62:14:99:b8:b1:99:cf:0c:4a:50:2b:f7:1e:
+ 56:f6:de:ce:80:b4:32:bb:0c:5c:45:b7:78:e5:27:ee:90:0c:
+ a0:db:ef:32:85:85:08:c6:4a:e6:22:7b:56:61:d5:b4:4e:a1:
+ 7e:ed:60:c2:bf:bc:51:89:9a:b1:73:c2:e0:bb:3d:4e:fa:6f:
+ 3e:32:b5:7f:b4:bc:0f:8a:ca:7d:f0:bf:da:b1:12:23:0e:cc:
+ 57:e5:58:7c:23:38:b1:d8:b2:13:d8:6a:0d:20:bd:e9:66:51:
+ 2d:e6:57:a1:33:17:69:6d:21:9f:18:37:23:6c:ca:0e:b0:c4:
+ 47:86
+-----BEGIN CERTIFICATE-----
+MIICjDCCAfWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBhzELMAkGA1UEBhMCQVUx
+EzARBgNVBAgTClNvbWUtU3RhdGUxDTALBgNVBAcTBHJvb3QxITAfBgNVBAoTGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UECxMEcm9vdDENMAsGA1UEAxME
+cm9vdDETMBEGCSqGSIb3DQEJARYEcm9vdDAeFw0xMTA1MTMwMTIxNDFaFw0xMjA1
+MTIwMTIxNDFaMH4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEw
+HwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAsTBmNoYWlu
+MTEPMA0GA1UEAxMGY2hhaW4xMRUwEwYJKoZIhvcNAQkBFgZjaGFpbjEwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAK5t0xg/smOr+3LO/5qLB0pSxZkOnlxozoJn
+B3onEZin/jpoP05LdNSldxWHfpyfEIIvHOPAxx6LNas69hNEgUMip/oGNpxVU3qd
+GJug9JNYUCzNq+wyL/pP/25qaHUVduGx4Wf5EwrQm9sSuf3dURnkY9DQVrVqAKUD
+aOd3IbD5AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
+AdM83KBiFJm4sZnPDEpQK/ceVvbezoC0MrsMXEW3eOUn7pAMoNvvMoWFCMZK5iJ7
+VmHVtE6hfu1gwr+8UYmasXPC4Ls9TvpvPjK1f7S8D4rKffC/2rESIw7MV+VYfCM4
+sdiyE9hqDSC96WZRLeZXoTMXaW0hnxg3I2zKDrDER4Y=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCubdMYP7Jjq/tyzv+aiwdKUsWZDp5caM6CZwd6JxGYp/46aD9O
+S3TUpXcVh36cnxCCLxzjwMceizWrOvYTRIFDIqf6BjacVVN6nRiboPSTWFAszavs
+Mi/6T/9uamh1FXbhseFn+RMK0JvbErn93VEZ5GPQ0Fa1agClA2jndyGw+QIDAQAB
+AoGATPoWoKrrlOT/EMmdL5yPWRNyNHupE2sFR7MkL5oyP8ZTgX8kAO933agwB4ZG
+L+RaqrkT7MbUmPwicTCSDCq9SCLSL+fQS/hujdRbsBhnLTuAiaIblmpDYO5z6Rma
+tUXnImdvKROpYmBNNzFzDlj0686KahdYGXJOTFYSST3QHEkCQQDap3/5ursNj1NY
+dehaiUhYD3mOqgrj/MhN+JHNR6Eb3qQQ1Aa/rQmEkPnmopNy7qc/B+6Y4CMxNLkM
+bHSyre2/AkEAzDibGZCBct4slqyuPyZTfgh3UQSaCQ4CSF7HG/Pj/ZeHqDnKoxR7
+v//WZy5gxHZ7CrSWM/laNOd6svdtQs1/RwJBAJ1UMK1MQxN6sYnRLSMX7MoQOHMC
+v1tUo/wWgzKl+7LF/F9vcHuy0kpk1quxB0+HkSe1WWT+wdPCD/R0hXOb2pkCQFt0
+ehjfuujbEDLF0B6dpkRJvE0+91BYwrLwJtCgzxgQ1QKEJvgTQzv/cV+xyEoTGRT5
+PE64Oyp4A13EKl0BNB8CQF7C0zzEBE/MngPizBU6KEfo47c0hD57IUVGcIA3juwm
+AELZem13BOjaDk9CEZppfk1lpdU0ZKmkIodlDwLVgLE=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCubdMYP7Jjq/tyzv+aiwdKUsWZ
+Dp5caM6CZwd6JxGYp/46aD9OS3TUpXcVh36cnxCCLxzjwMceizWrOvYTRIFDIqf6
+BjacVVN6nRiboPSTWFAszavsMi/6T/9uamh1FXbhseFn+RMK0JvbErn93VEZ5GPQ
+0Fa1agClA2jndyGw+QIDAQAB
+-----END PUBLIC KEY-----
--- /dev/null
+this is test file
--- /dev/null
++Y\87K~\9f³bê\ 2\94\11PP\13[íÀ\13l\91È\9aÚâþ\97áyH`3Ã\\90U\8e\fA¬oJI\88QO-8\8f®Õ¹¸\f
+|1\11m\ 5\f\90Y· \8a2U\98NJÒ\83ÂîvÍ\e&Ñïj\rA\1d\83\8fTÃ\9dìñz\13\15;î)z«qºÏÂ#<2ÀY\14\ 5\8c\7f4M\ 4\ 44îà
+!!(°:J\98
\ No newline at end of file
--- /dev/null
+K1mHS36fs2LqApQRUFATW+3AE2yRyJra4v6X4XlIYDPDXJBVjgxBrG9KSYhRTy04
+j67VubgMCnwxEW0FDJBZtwmKMlWYTkrSg8Luds0bJtHvag1BHYOPVMOd7PF6ExU7
+7il6q3G6z8IjPDLAWRQFjH80TQQENO7gCiEhKLA6Spg=
--- /dev/null
+this is test2
--- /dev/null
+#include <stdio.h>
+#include <unistd.h>
+
+#include "cert-service.h"
+
+#define RELATIVE_PATH "./data/Broot.der"
+#define ABSOLUTE_PATH "./data/Broot.der" // for target
+
+int tcase_1_success()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+
+ // delete 'Broot.der' from '.../code-signing/java/operator'
+ ret = cert_svc_delete_certificate_from_store("Broot.der", "code-signing_java_operator");
+ if(ret == CERT_SVC_ERR_NO_ERROR) {
+ if((access("/opt/share/cert-svc/certs/code-signing/java/operator/Broot.der", F_OK)) != 0)
+ return 0;
+ else
+ return -1;
+ }
+ else
+ return -1;
+}
+
+int tcase_2_success()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+
+ // delete 'Broot.der' from '.../ssl'
+ ret = cert_svc_delete_certificate_from_store("Broot.der", NULL);
+ if(ret == CERT_SVC_ERR_NO_ERROR) {
+ if((access("/opt/share/cert-svc/certs/ssl/Broot.der", F_OK)) != 0)
+ return 0;
+ else
+ return -1;
+ }
+ else
+ return -1;
+}
+
+int tcase_3_fail()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+
+ // delete NULL
+ ret = cert_svc_delete_certificate_from_store(NULL, "code-signing_java_operator");
+ if(ret == CERT_SVC_ERR_INVALID_PARAMETER)
+ return 0;
+ else
+ return -1;
+}
+
+int tcase_4_fail()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+
+ // delete 'Broot.der' from invalid directory
+ ret = cert_svc_delete_certificate_from_store("Broot.der", "code-signing_debian");
+ if(ret == CERT_SVC_ERR_FILE_IO)
+ return 0;
+ else
+ return -1;
+}
+
+int main(void)
+{
+ int ret = -1;
+
+ // store test files
+ cert_svc_add_certificate_to_store(RELATIVE_PATH, "code-signing_java_operator");
+ cert_svc_add_certificate_to_store(RELATIVE_PATH, NULL);
+
+ // test case 1 : success
+ ret = tcase_1_success();
+ if(ret == 0)
+ fprintf(stdout, "** Success to delete test 1 - testpath: code-signing **\n");
+ else
+ fprintf(stdout, "** Fail to delete test1 **\n");
+
+ // test case 2 : success - no location (ssl)
+ ret = tcase_2_success();
+ if(ret == 0)
+ fprintf(stdout, "** Success to delete test 2 - testpath: ssl **\n");
+ else
+ fprintf(stdout, "** Fail to delete test2 **\n");
+
+ // test case 3 : fail - no filename
+ ret = tcase_3_fail();
+ if(ret == 0)
+ fprintf(stdout, "** Success to delete test 3 - no filename **\n");
+ else
+ fprintf(stdout, "** Fail to delete test3 **\n");
+
+ // test case 4 : fail - invalid dir name
+ ret = tcase_4_fail();
+ if(ret == 0)
+ fprintf(stdout, "** Success to delete test 4 - invalid dir path **\n");
+ else
+ fprintf(stdout, "** Fail to delete test4 **\n");
+
+ return 0;
+}
--- /dev/null
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "cert-service.h"
+
+#define DER_CERT "./data/Broot.pem"
+#define PEM_CERT "./data/Broot.der"
+#define PFX_CERT "./data/pfx/temp/server.pfx"
+#define INVALID_CERT "./data/invalidCert.der"
+
+int tcase_1_success()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ CERT_CONTEXT* ctx = NULL;
+
+ // initialize cert context
+ ctx = cert_svc_cert_context_init();
+
+ // load certificate file to buffer
+ if((ret = cert_svc_load_file_to_context(ctx, DER_CERT)) != CERT_SVC_ERR_NO_ERROR)
+ goto err;
+
+ // extract certificate data
+ if((ret = cert_svc_extract_certificate_data(ctx)) != CERT_SVC_ERR_NO_ERROR)
+ goto err;
+
+err:
+ // finalize cert context
+ cert_svc_cert_context_final(ctx);
+ return ret;
+}
+
+int tcase_2_success()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ CERT_CONTEXT* ctx = NULL;
+
+ // initialize cert context
+ ctx = cert_svc_cert_context_init();
+
+ // load certificate file to buffer
+ if((ret = cert_svc_load_file_to_context(ctx, PEM_CERT)) != CERT_SVC_ERR_NO_ERROR)
+ goto err;
+
+ // extract certificate data
+ if((ret = cert_svc_extract_certificate_data(ctx)) != CERT_SVC_ERR_NO_ERROR)
+ goto err;
+
+err:
+ // finalize cert context
+ cert_svc_cert_context_final(ctx);
+ return ret;
+}
+
+int tcase_3_success()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ CERT_CONTEXT* ctx = NULL;
+ unsigned char* prikey = NULL;
+ char* pass = "test\0";
+
+ // initialize cert context
+ ctx = cert_svc_cert_context_init();
+
+ // load certificate file to buffer
+ if((ret = cert_svc_load_PFX_file_to_context(ctx, &prikey, PFX_CERT, pass)) != CERT_SVC_ERR_NO_ERROR)
+ goto err;
+ printf(" ****** prikey: [%s]\n", prikey);
+
+ // extract certificate data
+ if((ret = cert_svc_extract_certificate_data(ctx)) != CERT_SVC_ERR_NO_ERROR)
+ goto err;
+
+err:
+ // finalize cert context
+ cert_svc_cert_context_final(ctx);
+ if(prikey != NULL)
+ free(prikey);
+ return ret;
+}
+
+int tcase_4_fail()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ CERT_CONTEXT* ctx = NULL;
+
+ // initialize cert context
+ ctx = cert_svc_cert_context_init();
+
+ // extract certificate data
+ if((ret = cert_svc_extract_certificate_data(ctx)) != CERT_SVC_ERR_INVALID_PARAMETER)
+ goto err;
+ ret = CERT_SVC_ERR_NO_ERROR;
+
+err:
+ // finalize cert context
+ cert_svc_cert_context_final(ctx);
+ return ret;
+}
+
+int tcase_5_fail()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ CERT_CONTEXT* ctx = NULL;
+
+ // initialize cert context
+ ctx = cert_svc_cert_context_init();
+
+ // load certificate file to buffer
+ if((ret = cert_svc_load_file_to_context(ctx, INVALID_CERT)) != CERT_SVC_ERR_NO_ERROR)
+ goto err;
+
+ // extract certificate data
+ if((ret = cert_svc_extract_certificate_data(ctx)) != CERT_SVC_ERR_INVALID_CERTIFICATE)
+ goto err;
+ ret = CERT_SVC_ERR_NO_ERROR;
+
+err:
+ // finalize cert context
+ cert_svc_cert_context_final(ctx);
+ return ret;
+}
+
+int main(int argc, char* argv[])
+{
+ int ret = -1;
+
+ // store test certificate
+ cert_svc_add_certificate_to_store(DER_CERT, NULL);
+ cert_svc_add_certificate_to_store(PEM_CERT, NULL);
+ cert_svc_add_certificate_to_store(PFX_CERT, NULL);
+
+ // extract test - success: PEM
+ ret = tcase_1_success();
+ if(ret == 0)
+ fprintf(stdout, "** Success to extract certificate: DER type **\n");
+ else
+ fprintf(stdout, "** Fail to extract certificate: DER type **\n");
+
+ // extract test - success: DER
+ ret = tcase_2_success();
+ if(ret == 0)
+ fprintf(stdout, "** Success to extract certificate: PEM type **\n");
+ else
+ fprintf(stdout, "** Fail to extract certificate: PEM type **\n");
+
+ // extract test - success: PFX
+ ret = tcase_3_success();
+ if(ret == 0)
+ fprintf(stdout, "** Success to extract certificate: PFX type **\n");
+ else
+ fprintf(stdout, "** Fail to extract certificate: PFX type **\n");
+
+ // extract test - fail: no file
+ ret = tcase_4_fail();
+ if(ret == 0)
+ fprintf(stdout, "** Success to extract certificate: no certificate **\n");
+ else
+ fprintf(stdout, "** Fail to extract certificate: no certificate **\n");
+
+ // extract test - fail: invalid certificate
+ ret = tcase_5_fail();
+ if(ret == 0)
+ fprintf(stdout, "** Success to extract certificate: invalid certificate **\n");
+ else
+ fprintf(stdout, "** Fail to extract certificate: invalid certificate **\n");
+
+ // delete test certificate
+ cert_svc_delete_certificate_from_store("Broot.pem", NULL);
+ cert_svc_delete_certificate_from_store("Broot.der", NULL);
+ cert_svc_delete_certificate_from_store("server.pfx", NULL);
+
+ return 0;
+}
--- /dev/null
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "cert-service.h"
+
+int main(int argc, char* argv[])
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ CERT_CONTEXT* ctx = NULL;
+ cert_svc_cert_descriptor* certDesc = NULL;
+ int i = 0, keyLen = 0;
+ int extNum = 0, j = 0;
+// unsigned char* prikey = NULL;
+
+ ctx = cert_svc_cert_context_init();
+
+ if((ret = cert_svc_load_file_to_context(ctx, argv[1])) != CERT_SVC_ERR_NO_ERROR) {
+ printf("file: [%s]\n", argv[1]);
+ printf("*** Fail to load file, ret: [%d]\n", ret);
+ }
+// if((ret = cert_svc_load_PFX_file_to_context(ctx, &prikey, argv[1], "test")) != CERT_SVC_ERR_NO_ERROR) {
+// printf("file: [%s]\n", argv[1]);
+// printf("*** Fail to load file, ret: [%d]\n", ret);
+// }
+
+ if((ret = cert_svc_extract_certificate_data(ctx)) != CERT_SVC_ERR_NO_ERROR)
+ printf("*** Fail to extract certificate, ret: [%d]\n", ret);
+
+// printf("private key: [%s]\n", prikey);
+
+ certDesc = ctx->certDesc;
+
+ printf("type: [%s]\n", certDesc->type);
+ printf("version: [%d]\n", certDesc->info.version);
+ printf("serial number: [%d]\n", certDesc->info.serialNumber);
+ printf("signature algorithm: [%s]\n", certDesc->info.sigAlgo);
+ printf("issuer: [%s]\n", certDesc->info.issuerStr);
+ printf(" country name: [%s]\n", certDesc->info.issuer.countryName);
+ printf(" state or province name: [%s]\n", certDesc->info.issuer.stateOrProvinceName);
+ printf(" locality name: [%s]\n", certDesc->info.issuer.localityName);
+ printf(" organization name: [%s]\n", certDesc->info.issuer.organizationName);
+ printf(" organization unit name: [%s]\n", certDesc->info.issuer.organizationUnitName);
+ printf(" common name: [%s]\n", certDesc->info.issuer.commonName);
+ printf(" email address: [%s]\n", certDesc->info.issuer.emailAddress);
+ printf("validity:\n");
+ printf(" not before: [%d].[%d].[%d]/[%d]:[%d]:[%d]\n", certDesc->info.validPeriod.firstYear,
+ certDesc->info.validPeriod.firstMonth,
+ certDesc->info.validPeriod.firstDay,
+ certDesc->info.validPeriod.firstHour,
+ certDesc->info.validPeriod.firstMinute,
+ certDesc->info.validPeriod.firstSecond);
+ printf(" not after: [%d].[%d].[%d]/[%d]:[%d]:[%d]\n", certDesc->info.validPeriod.secondYear,
+ certDesc->info.validPeriod.secondMonth,
+ certDesc->info.validPeriod.secondDay,
+ certDesc->info.validPeriod.secondHour,
+ certDesc->info.validPeriod.secondMinute,
+ certDesc->info.validPeriod.secondSecond);
+ printf("subject: [%s]\n", certDesc->info.subjectStr);
+ printf(" country name: [%s]\n", certDesc->info.subject.countryName);
+ printf(" state or province name: [%s]\n", certDesc->info.subject.stateOrProvinceName);
+ printf(" locality name: [%s]\n", certDesc->info.subject.localityName);
+ printf(" organization name: [%s]\n", certDesc->info.subject.organizationName);
+ printf(" organization unit name: [%s]\n", certDesc->info.subject.organizationUnitName);
+ printf(" common name: [%s]\n", certDesc->info.subject.commonName);
+ printf(" email address: [%s]\n", certDesc->info.subject.emailAddress);
+// printf("public key:\n");
+// keyLen = certDesc->info.pubKeyLen;
+// printf(" algorithm: [%s]\n", certDesc->info.pubKeyAlgo);
+// printf(" key:\n");
+// for(i = 0; i < keyLen; i++) {
+// printf("%02X", certDesc->info.pubKey[i]);
+// if(i < (keyLen - 1))
+// printf(":");
+// if(((i+1) % 10) == 0)
+// printf("\n");
+// }
+// printf("\n");
+// printf("issuer UID: [%s]\n", certDesc->info.issuerUID);
+// printf("subject UID: [%s]\n", certDesc->info.subjectUID);
+//
+// printf("extensions:\n");
+// extNum = certDesc->ext.numOfFields;
+// for(i = 0; i < extNum; i++) {
+// printf(" field : [%s]\n", certDesc->ext.fields[i].name);
+// printf(" data : ");
+// for(j = 0; j < certDesc->ext.fields[i].datasize; j++) {
+// printf("%02X", certDesc->ext.fields[i].data[j]);
+// if(j < (certDesc->ext.fields[i].datasize - 1))
+// printf(":");
+// }
+// printf("\n");
+// }
+//
+// printf("signature:\n");
+// printf(" signature algorithm: [%s]\n", certDesc->signatureAlgo);
+// printf(" signature data:\n");
+// for(i = 0; i < certDesc->signatureLen; i++) {
+// printf("%02X", certDesc->signatureData[i]);
+// if(i < (certDesc->signatureLen - 1))
+// printf(":");
+// if(((i+1) % 10) == 0)
+// printf("\n");
+// }
+// printf("\n");
+
+ if((ret = cert_svc_cert_context_final(ctx)) != CERT_SVC_ERR_NO_ERROR)
+ printf("*** Fail to finalize context, ret: [%d]\n", ret);
+
+ return ret;
+}
--- /dev/null
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "cert-service.h"
+
+#define CERT_FILE "./data/Broot.pem"
+#define PFX_FILE "./data/pfx/pfxtest.pfx"
+
+int main()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ CERT_CONTEXT* ctx = NULL;
+ unsigned char* prikey = NULL;
+ char* passp = NULL;
+
+ // initialize
+ ctx = cert_svc_cert_context_init();
+
+ // file load
+// ret = cert_svc_load_file_to_context(ctx, CERT_FILE);
+ ret = cert_svc_load_PFX_file_to_context(ctx, &prikey, PFX_FILE, passp);
+ if(ret != CERT_SVC_ERR_NO_ERROR)
+ printf("\n!!!! FILE LOAD ERROR !!!!\n");
+
+ // extract
+// ret = cert_svc_extract_certificate_data(ctx);
+// if(ret != CERT_SVC_ERR_NO_ERROR)
+// printf("\n!!!! EXTRACT CERT ERROR !!!!\n");
+
+ // finalize
+ if(prikey != NULL)
+ free(prikey);
+ ret = cert_svc_cert_context_final(ctx);
+ if(ret != CERT_SVC_ERR_NO_ERROR)
+ printf("\n!!!! CONTEXT FINAL ERROR !!!!\n");
+
+ return 0;
+}
--- /dev/null
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "cert-service.h"
+
+int main(int argc, char* argv[])
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ search_field fldNo = ISSUER_EMAILADDRESS;
+ char* fldData = "EmailR";
+ cert_svc_filename_list* start = NULL;
+ CERT_CONTEXT* ctx = NULL;
+
+ ctx = cert_svc_cert_context_init();
+
+ ret = cert_svc_search_certificate(ctx, fldNo, fldData);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("[ERROR] error no: [%d]\n", ret);
+ goto err;
+ }
+ else {
+ start = ctx->fileNames;
+ if(start == NULL) {
+ printf("Cannot find any certificate.\n");
+ goto err;
+ }
+
+ while(1) {
+ printf("filename: [%s]\n", start->filename);
+ if(start->next == NULL)
+ break;
+ start = start->next;
+ }
+ }
+
+err:
+ cert_svc_cert_context_final(ctx);
+ return 0;
+}
--- /dev/null
+#include <stdio.h>
+#include <unistd.h>
+
+#include "cert-service.h"
+
+#define RELATIVE_PATH "./data/Broot.der"
+#define ABSOLUTE_PATH "./data/Broot.der"
+
+int tcase_1_success()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+
+ // store relative path
+ ret = cert_svc_add_certificate_to_store(RELATIVE_PATH, "code-signing_java_thirdparty");
+ if(ret == CERT_SVC_ERR_NO_ERROR) {
+ if((access("/opt/share/cert-svc/certs/code-signing/java/thirdparty/Broot.der", F_OK)) != 0) // fail
+ return -1;
+ else
+ return 0;
+ }
+ else
+ return -1;
+
+ // store absolute path - only be in target
+}
+
+int tcase_2_success()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+
+ // store into default path
+ ret = cert_svc_add_certificate_to_store(RELATIVE_PATH, NULL);
+ if(ret == CERT_SVC_ERR_NO_ERROR) {
+ if((access("/opt/share/cert-svc/certs/ssl/Broot.der", F_OK)) != 0) // fail
+ return -1;
+ else
+ return 0;
+ }
+ else
+ return -1;
+}
+
+int tcase_3_fail()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+
+ // store NULL
+ ret = cert_svc_add_certificate_to_store(NULL, "code-signing_wac");
+ if(ret == CERT_SVC_ERR_INVALID_PARAMETER)
+ return 0;
+ else
+ return -1;
+}
+
+int tcase_4_fail()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+
+ // store into invalid directory
+ ret = cert_svc_add_certificate_to_store(RELATIVE_PATH, "code-signing_debian");
+ if(ret == CERT_SVC_ERR_FILE_IO)
+ return 0;
+ else
+ return -1;
+}
+
+int finalize_test()
+{
+ // delete files which be stored during testing
+ if((unlink("/opt/share/cert-svc/certs/code-signing/java/thirdparty/Broot.der")) != 0) // fail
+ return -1;
+ if((unlink("/opt/share/cert-svc/certs/ssl/Broot.der")) != 0) // fail
+ return -1;
+
+ return 0;
+}
+
+int main(void)
+{
+ int ret = -1;
+
+ // test case 1 : success
+ ret = tcase_1_success();
+ if(ret == 0)
+ fprintf(stdout, "** Success to store test 1 - testpath: code_signing **\n");
+ else
+ fprintf(stdout, "** Fail to store test 1 **\n");
+
+ // test case 2 : success - no location (ssl)
+ ret = tcase_2_success();
+ if(ret == 0)
+ fprintf(stdout, "** Success to store test 2 - testpath: ssl **\n");
+ else
+ fprintf(stdout, "** Fail to store test 2 **\n");
+
+ // test case 3 : fail - no filename
+ ret = tcase_3_fail();
+ if(ret == 0)
+ fprintf(stdout, "** Success to store test 3 - no filename **\n");
+ else
+ fprintf(stdout, "** Fail to store test 3 **\n");
+
+ // test case 4 : fail - invalid dir name
+ ret = tcase_4_fail();
+ if(ret == 0)
+ fprintf(stdout, "** Success to store test 4 - invalid dir path **\n");
+ else
+ fprintf(stdout, "** Fail to store test 4 **\n");
+
+ // test finalize
+ ret = finalize_test();
+ if(ret == 0)
+ fprintf(stdout, "** Finalize store test **\n");
+ else
+ fprintf(stdout, "** Fail to finalize store test, ret: [%d] **\n", ret);
+
+ return 0;
+}
--- /dev/null
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "cert-service.h"
+
+#define CERT_PATH "./data/signing/chain1.crt"
+#define MSG_PATH "./data/signing/msg"
+//#define SIG_PATH "./data/signing/msg.sig"
+#define SIG_PATH "./data/signing/msg.sig.enc"
+
+int main(int argc, char* argv[])
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ int validity = 0;
+ CERT_CONTEXT* ctx = NULL;
+ unsigned char* msg = NULL;
+ int msgLen = 0;
+ unsigned char* sig = NULL;
+ unsigned char* tmpSig = NULL;
+ int sigLen = 0;
+ FILE* fp_msg = NULL;
+ FILE* fp_sig = NULL;
+ int i = 0, j = 0;
+
+ ctx = cert_svc_cert_context_init();
+
+ // load certificate
+ if((ret = cert_svc_load_file_to_context(ctx, CERT_PATH)) != CERT_SVC_ERR_NO_ERROR) {
+ printf("Fail to load file to buffer, [%s]\n", CERT_PATH);
+ goto err;
+ }
+
+ // load message
+ if(!(fp_msg = fopen(MSG_PATH, "rb"))) {
+ printf("Fail to open file, [%s]\n", MSG_PATH);
+ goto err;
+ }
+ fseek(fp_msg, 0L, SEEK_END);
+ msgLen = ftell(fp_msg);
+ fseek(fp_msg, 0L, SEEK_SET);
+
+ msg = (unsigned char*)malloc(sizeof(unsigned char) * (msgLen + 1));
+ memset(msg, 0x00, (msgLen + 1));
+ fread(msg, sizeof(unsigned char), msgLen, fp_msg);
+
+ // load signature
+ if(!(fp_sig = fopen(SIG_PATH, "rb"))) {
+ printf("Fail to open file, [%s]\n", SIG_PATH);
+ goto err;
+ }
+ fseek(fp_sig, 0L, SEEK_END);
+ sigLen = ftell(fp_sig);
+ fseek(fp_sig, 0L, SEEK_SET);
+
+ sig = (unsigned char*)malloc(sizeof(unsigned char) * (sigLen + 1));
+ tmpSig = (unsigned char*)malloc(sizeof(unsigned char) * (sigLen + 1));
+ memset(sig, 0x00, (sigLen + 1));
+ memset(tmpSig, 0x00, (sigLen + 1));
+
+ fread(sig, sizeof(unsigned char), sigLen, fp_sig);
+ for(i = 0; i < sigLen; i++) {
+ if(sig[i] != '\n') {
+ tmpSig[j] = sig[i];
+ j++;
+ }
+ }
+
+ // function call
+// if((ret = cert_svc_verify_signature(ctx, msg, sig, sigLen, "SHA1", &validity)) != CERT_SVC_ERR_NO_ERROR) {
+ if((ret = cert_svc_verify_signature(ctx, msg, msgLen, tmpSig, NULL, &validity)) != CERT_SVC_ERR_NO_ERROR) {
+ printf("Fail to verify signature.\n");
+ goto err;
+ }
+ printf("[RESULT] ret: [%d]\n", validity);
+
+err:
+ if(fp_msg != NULL) fclose(fp_msg);
+ if(fp_sig != NULL) fclose(fp_sig);
+ if(msg != NULL) free(msg);
+ if(sig != NULL) free(sig);
+ if(tmpSig != NULL) free(tmpSig);
+ cert_svc_cert_context_final(ctx);
+
+ return 0;
+}
--- /dev/null
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "cert-service.h"
+
+#define TARGET_CERT "./data/cert_chain/server.crt"
+#define CHAIN1_CERT "./data/cert_chain/chain1.crt"
+#define CHAIN2_CERT "./data/cert_chain/chain2.crt"
+#define CHAIN3_CERT "./data/cert_chain/chain3.crt"
+#define CHAIN4_CERT "./data/cert_chain/chain4.crt"
+#define CHAIN5_CERT "./data/cert_chain/chain5.crt"
+
+int main()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ int validity = 0;
+ CERT_CONTEXT* ctx = cert_svc_cert_context_init();
+
+ // load certificate to context
+// if((ret = cert_svc_load_file_to_context(ctx, TARGET_CERT)) != CERT_SVC_ERR_NO_ERROR) {
+ if((ret = cert_svc_load_file_to_context(ctx, CHAIN1_CERT)) != CERT_SVC_ERR_NO_ERROR) {
+ printf("ERR!! ret: [%d]\n", ret);
+ goto err;
+ }
+
+ // push certificates to context
+// if((ret = cert_svc_push_file_into_context(ctx, CHAIN1_CERT)) != CERT_SVC_ERR_NO_ERROR) {
+// printf("ERR!! ret: [%d]\n", ret);
+// goto err;
+// }
+// if((ret = cert_svc_push_file_into_context(ctx, CHAIN2_CERT)) != CERT_SVC_ERR_NO_ERROR) {
+// printf("ERR!! ret: [%d]\n", ret);
+// goto err;
+// }
+// if((ret = cert_svc_push_file_into_context(ctx, CHAIN5_CERT)) != CERT_SVC_ERR_NO_ERROR) {
+// printf("ERR!! ret: [%d]\n", ret);
+// goto err;
+// }
+// if((ret = cert_svc_push_file_into_context(ctx, CHAIN4_CERT)) != CERT_SVC_ERR_NO_ERROR) {
+// printf("ERR!! ret: [%d]\n", ret);
+// goto err;
+// }
+// if((ret = cert_svc_push_file_into_context(ctx, CHAIN3_CERT)) != CERT_SVC_ERR_NO_ERROR) {
+// printf("ERR!! ret: [%d]\n", ret);
+// goto err;
+// }
+//
+// // check linked list
+// if(ctx->certLink == NULL) {
+// printf("FAIL!!\n");
+// goto err;
+// }
+
+ // verify
+ ret = cert_svc_verify_certificate(ctx, &validity);
+ if(ret != CERT_SVC_ERR_NO_ERROR)
+ printf("ret: [%d]\n", ret);
+
+ printf("[RESULT] validity: [%d]\n", validity);
+ printf("[RESULT] root CA path: [%s]\n", ctx->fileNames->filename);
+
+err:
+ cert_svc_cert_context_final(ctx);
+ return 0;
+}
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Jacek Migacz (j.migacz@samsung.com)
+# @version 1.0
+# @brief This package provides bacis check of internal OpenSSL's PKCS#12 routines.
+#
+INCLUDE(FindPkgConfig)
+SET(TARGET_PKCS12_TEST "cert-svc-tests-pkcs12")
+
+PKG_CHECK_MODULES(PKCS12_TEST_DEP
+ libsoup-2.4
+ dpl-test-efl
+ dpl-db-efl
+ libpcrecpp
+ secure-storage
+ REQUIRED
+ )
+
+SET(PKCS12_TEST_SOURCES
+ ${PROJECT_SOURCE_DIR}/tests/pkcs12/pkcs12_test.cpp
+ ${PROJECT_SOURCE_DIR}/tests/pkcs12/test_cases.cpp
+ )
+
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/vcore/src
+ ${PROJECT_SOURCE_DIR}/tests/pkcs12
+ ${PKCS12_TEST_DEP_INCLUDE_DIRS}
+ ${VCOREC_TEST_DEP_INCLUDE_DIRS}
+ )
+
+ADD_EXECUTABLE(${TARGET_PKCS12_TEST} ${PKCS12_TEST_SOURCES})
+
+ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
+
+TARGET_LINK_LIBRARIES(${TARGET_PKCS12_TEST}
+ ${TARGET_PKCS12_TEST_LIB}
+ ${PKCS12_TEST_DEP_LIBRARIES}
+ ${TARGET_VCORE_LIB}
+ ${VCOREC_TEST_DEP_LIBRARIES}
+ )
+
+INSTALL(TARGETS ${TARGET_PKCS12_TEST}
+ DESTINATION /usr/bin
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/pkcs12/test.p12
+ ${PROJECT_SOURCE_DIR}/tests/pkcs12/with_pass.p12
+ ${PROJECT_SOURCE_DIR}/tests/pkcs12/without_pass.p12
+ DESTINATION /opt/apps/widget/tests/pkcs12/
+)
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file pkcs12_test.cpp
+ * @author Jacek Migacz (j.migacz@samsung.com)
+ * @version 1.0
+ * @brief PKCS#12 test runner.
+ */
+#include <dpl/test/test_runner.h>
+#include <cert-svc/ccert.h>
+
+CertSvcInstance vinstance;
+
+int main (int argc, char *argv[]) {
+ certsvc_instance_new(&vinstance);
+ int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+ certsvc_instance_free(vinstance);
+ return status;
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_cases.cpp
+ * @author Jacek Migacz (j.migacz@samsung.com)
+ * @version 1.0
+ * @brief PKCS#12 test cases.
+ */
+#include <string.h>
+#include <dpl/test/test_runner.h>
+#include <dpl/log/log.h>
+#include <cert-svc/cinstance.h>
+#include <cert-svc/ccert.h>
+#include <cert-svc/ccrl.h>
+#include <cert-svc/cocsp.h>
+#include <cert-svc/cpkcs12.h>
+#include <cert-svc/cerror.h>
+#include <cert-service.h>
+
+static CertSvcInstance instance;
+
+#define CREATE_INSTANCE \
+ certsvc_instance_new(&instance);
+#define FREE_INSTANCE \
+ certsvc_instance_free(instance);
+
+RUNNER_TEST(test01_import_and_remove_pkcs12_container) {
+ const char path[] = "/opt/apps/widget/tests/pkcs12/test.p12";
+ const char pass[] = "zaq12WSX";
+ char tmpn[L_tmpnam], *alias;
+ int result;
+
+ CREATE_INSTANCE
+ CertSvcString Alias, Path, Pass;
+ RUNNER_ASSERT_MSG((tmpnam(tmpn)), "tmpnam(3) failed..");
+ alias = strrchr(tmpn, '/');
+ ++alias;
+ RUNNER_ASSERT_MSG(alias && *alias, "Invalid alias.");
+ Alias.privateHandler = (char *)alias;
+ Alias.privateLength = strlen(alias);
+ Pass.privateHandler = (char *)pass;
+ Pass.privateLength = strlen(pass);
+ Path.privateHandler = (char *)path;
+ Path.privateLength = strlen(path);
+ result = certsvc_pkcs12_import_from_file(instance, Path, Pass, Alias);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_import_from_file failed.");
+
+ int is_unique;
+ result = certsvc_pkcs12_alias_exists(instance, Alias, &is_unique);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS && !is_unique, "certsvc_pkcs12_alias_exists failed.");
+
+ char *buf;
+ int size;
+ result = certsvc_pkcs12_private_key_dup(instance, Alias, &buf, &size);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_private_key_dup failed.");
+ certsvc_pkcs12_private_key_free(buf);
+
+ result = certsvc_pkcs12_delete(instance, Alias);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_delete failed.");
+ FREE_INSTANCE
+}
+
+RUNNER_TEST(test02_pkcs12_has_password) {
+ const char with[] = "/opt/apps/widget/tests/pkcs12/with_pass.p12";
+ int has_pwd = 0;
+
+ CREATE_INSTANCE
+ CertSvcString File;
+ File.privateHandler = (char *)with;
+ File.privateLength = strlen(with);
+ int result = certsvc_pkcs12_has_password(instance, File, &has_pwd);
+ FREE_INSTANCE
+
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS && has_pwd == CERTSVC_TRUE, "Error quering pkcs12/pfx container password.");
+}
+
+RUNNER_TEST(test03_pkcs12_has_password) {
+ const char without[] = "/opt/apps/widget/tests/pkcs12/without_pass.p12";
+ int has_pwd = 0;
+
+ CREATE_INSTANCE
+ CertSvcString File;
+ File.privateHandler = (char *)without;
+ File.privateLength = strlen(without);
+ int result = certsvc_pkcs12_has_password(instance, File, &has_pwd);
+ FREE_INSTANCE
+
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS && has_pwd == CERTSVC_FALSE, "Error quering pkcs12/pfx container password.");
+}
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+# @author Pawel Sikorski (p.sikorski@samsung.com)
+# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+# @version 1.0
+# @brief
+#
+INCLUDE(FindPkgConfig)
+SET(TARGET_VCORE_TEST "cert-svc-tests-vcore")
+
+PKG_CHECK_MODULES(VCORE_TEST_DEP
+ libsoup-2.4
+ dpl-test-efl
+ dpl-db-efl
+ libpcrecpp
+ REQUIRED
+ )
+
+SET(VCORE_TESTS_SOURCES
+ ${PROJECT_SOURCE_DIR}/tests/vcore/vcore_tests.cpp
+ ${PROJECT_SOURCE_DIR}/tests/vcore/TestCases.cpp
+ ${PROJECT_SOURCE_DIR}/tests/vcore/TestEnv.cpp
+ ${PROJECT_SOURCE_DIR}/tests/vcore/TestCRL.cpp
+ ${PROJECT_SOURCE_DIR}/tests/vcore/file_input_mapping.cpp
+ )
+
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/vcore/src
+ ${PROJECT_SOURCE_DIR}/tests/vcore
+ ${VCORE_TEST_DEP_INCLUDE_DIRS}
+ )
+
+ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
+
+ADD_EXECUTABLE(${TARGET_VCORE_TEST} ${VCORE_TESTS_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_VCORE_TEST}
+ ${SYS_EFL_LIBRARIES}
+ ${TARGET_VCORE_LIB}
+ ${VCORE_TEST_DEP_LIBRARIES}
+ )
+
+INSTALL(TARGETS ${TARGET_VCORE_TEST}
+ DESTINATION /usr/bin
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE
+ )
+
+INSTALL(FILES ${PROJECT_SOURCE_DIR}/tests/vcore/cert-svc-tests-vcore-ocsp-server.sh
+ DESTINATION /usr/bin
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE
+ )
+
+ADD_CUSTOM_COMMAND(TARGET ${TARGET_VCORE_TEST} POST_BUILD
+ COMMAND ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/create_certs.sh
+ WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/
+ COMMENT "Generate certificate chains"
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/author-signature.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/signature1.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/signature22.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/config.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/index.html
+ DESTINATION
+ /opt/apps/widget/tests/vcore_widget_uncompressed
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_level0deprecated.crt
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_level1.crt
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_level2.crt
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_rootca.crt
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/operator.root.cert.pem
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/root_cacert0.pem
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/CAbundle.crt
+ DESTINATION
+ /opt/apps/widget/tests/vcore_keys
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/root_cacert0.pem
+ DESTINATION
+ /opt/share/cert-svc/certs/code-signing/wac/root_cacert0.pem
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/demoCA/cacert.pem
+ ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/1second_level.pem
+ ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/1third_level.pem
+ ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/2second_level.pem
+ ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/2third_level.pem
+ ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/3second_level.pem
+ ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/3third_level.pem
+ ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/cacrl1.pem
+ ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/cacrl2.pem
+ ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/respcert.pem
+ ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/respcert.key
+ ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/openssl.cnf
+ DESTINATION
+ /opt/apps/widget/tests/vcore_certs/
+)
+
+INSTALL(DIRECTORY
+ ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/demoCA
+ DESTINATION
+ /opt/apps/widget/tests/vcore_certs/
+)
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <algorithm>
+#include <cstring>
+#include <openssl/x509v3.h>
+#include <file_input_mapping.h>
+#include <dpl/log/log.h>
+#include "TestCRL.h"
+
+using namespace ValidationCore;
+using namespace std;
+
+
+namespace {
+const char *CRL_LOOKUP_DIR = "/opt/etc/ssl/certs/";
+const char *beginCertificate = "-----BEGIN CERTIFICATE-----";
+const char *endCertificate = "-----END CERTIFICATE-----";
+const char *beginTrustedCertificate = "-----BEGIN TRUSTED CERTIFICATE-----";
+const char *endTrustedCertificate = "-----END TRUSTED CERTIFICATE-----";
+
+
+bool whiteCharacter(char a){
+ return a == '\n';
+}
+
+}
+
+TestCRL::TestCRL()
+ : CRL(new CRLCacheDAO)
+{
+ //Add additional lookup dir
+ int rv = X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR, X509_FILETYPE_PEM);
+ if (!rv) {
+ LogError("Failed to add lookup dir for PEM files.");
+ ThrowMsg(CRLException::StorageError,
+ "Failed to add lookup dir for PEM files.");
+ }
+ LogInfo("CRL storage initialization complete.");
+}
+
+std::string TestCRL::getFileContent(const std::string &filename)
+{
+ //Only PEM formatted files allowed
+ LogInfo("Read file: " << filename);
+ FileInputMapping file(filename);
+ string content(reinterpret_cast<const char*>(file.GetAddress()),
+ file.GetSize());
+
+ size_t posBegin = content.find(beginCertificate);
+ size_t posEnd = content.find(endCertificate);
+ if (posBegin != string::npos &&
+ posEnd != string::npos) {
+ posBegin += strlen(beginCertificate);
+ } else {
+ posBegin = content.find(beginTrustedCertificate);
+ posEnd = content.find(endTrustedCertificate);
+ if (posBegin != string::npos &&
+ posEnd != string::npos) {
+ posBegin += strlen(beginTrustedCertificate);
+ } else {
+ LogError("Failed to parse PEM file");
+ return string();
+ }
+ }
+ //Remove whitespaces
+ string cert(content, posBegin, posEnd - posBegin);
+ cert.erase(std::remove_if(cert.begin(), cert.end(), whiteCharacter),
+ cert.end());
+
+ return cert;
+}
+
+void TestCRL::addCRLToStore(const string &filename, const string &uri)
+{
+ LogInfo("Read file: " << filename);
+ //Only PEM formatted files allowed
+ FileInputMapping file(filename);
+ char *buffer = new char[file.GetSize()];
+ memcpy(buffer, file.GetAddress(), file.GetSize());
+ CRLDataPtr crl(new CRLData(buffer, file.GetSize(), uri));
+ updateCRL(crl);
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _TEST_CRL_H
+#define _TEST_CRL_H
+
+#include <string>
+#include <vcore/CRL.h>
+#include <vcore/CRLCacheDAO.h>
+
+class TestCRL : public ValidationCore::CRL
+{
+ public:
+ TestCRL();
+
+ void addCRLToStore(const std::string &filename, const std::string &uri);
+
+ //convinient function
+ std::string getFileContent(const std::string &filename);
+};
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <string>
+
+#include <dpl/test/test_runner.h>
+#include <dpl/wrt-dao-ro/global_config.h>
+#include <dpl/log/log.h>
+
+#include <vcore/ReferenceValidator.h>
+#include <vcore/SignatureFinder.h>
+#include <vcore/SignatureReader.h>
+#include <vcore/SignatureValidator.h>
+#include <vcore/OCSP.h>
+#include <vcore/CachedOCSP.h>
+#include "TestEnv.h"
+#include <vcore/SSLContainers.h>
+#include <vcore/Base64.h>
+#include <vcore/CertificateLoader.h>
+#include <vcore/CRL.h>
+#include <vcore/CachedCRL.h>
+#include <vcore/RevocationCheckerBase.h>
+#include "TestCRL.h"
+#include <vcore/CertificateCacheDAO.h>
+
+namespace {
+
+const std::string widget_path =
+ "/opt/apps/widget/tests/vcore_widget_uncompressed/";
+const std::string keys_path = "/opt/apps/widget/tests/vcore_keys/";
+const std::string widget_store_path = "/opt/apps/widget/tests/vcore_widgets/";
+const std::string cert_store_path = "/opt/apps/widget/tests/vcore_certs/";
+const std::string crl_URI = "http://localhost/my.crl";
+
+const std::string anka_ec_key_type = "urn:oid:1.2.840.10045.3.1.7";
+const std::string anka_ec_public_key =
+ "BGi9RmTUjpqCpQjx6SSiKdfmtjQBFNSN7ghm6TuaH9r4x73WddeLxLioH3VEmFLC+QLiR"\
+ "kPxDxL/6YmQdgfGrqk=";
+
+const std::string rsa_modulus =
+ "ocwjKEFaPxLNcPTz2PtT2Gyu5jzkWaPo4thjZo3rXuNbD4TzjY02UGnTxvflNeORLpSS1"\
+ "PeYr/1E/Nhr7qQAzj9g0DwW7p8zQEdOUi3v76VykeB0pFJH+0Fxp6LVBX9Z+EvZk+dbOy"\
+ "GJ4Njm9B6M09axXlV11Anj9B/HYUDfDX8=";
+const std::string rsa_exponent = "AQAB";
+
+const std::string magda_dsa_p =
+ "2BYIQj0ePUVxzrdBT41eCblraa9Dqag7QXFMCRM2PtyS22JPDKuV77tBc/jg0V3htHWdR"\
+ "q9n6/kQDwrP7FIPoLATLIiC3oAYWj46Mr6d9k/tt/JZU6PvULmB2k1wrrmvKUi+U+I5Ro"\
+ "qe8ui8lqR9pp9u2WCh2QmFfCohKNjN5qs=";
+const std::string magda_dsa_q = "4p4JcDqz+S7CbWyd8txApZw0sik=";
+const std::string magda_dsa_g =
+ "AQrLND1ZGFvzwBpPPXplmPh1ijPx1O2gQEvPvyjR88guWcGqQc0m7dTb6PEvbI/oZ0o91"\
+ "k7VEkfthURnNR1WtOLT8dmAuKQfwTQLPwCwUM/QiuWSlCyKLTE4Ev8aOG7ZqWudsKm/td"\
+ "n9pUNGtcod1wo1ZtP7PfEJ6rYZGQDOlz8=";
+
+const std::string googleCA =
+"MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG"
+"A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz"
+"cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2"
+"MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV"
+"BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt"
+"YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN"
+"ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE"
+"BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is"
+"I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G"
+"CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do"
+"lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc"
+"AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k";
+
+const std::string google2nd =
+"MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV"
+"UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi"
+"bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw"
+"MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh"
+"d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD"
+"QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx"
+"PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g"
+"5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo"
+"3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG"
+"A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX"
+"BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov"
+"L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG"
+"AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF"
+"BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB"
+"BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc"
+"q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR"
+"bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv";
+
+const std::string google3rd =
+"MIIDIjCCAougAwIBAgIQK59+5colpiUUIEeCdTqbuTANBgkqhkiG9w0BAQUFADBM"
+"MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg"
+"THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x"
+"MzA5MzAyMzU5NTlaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh"
+"MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRgw"
+"FgYDVQQDFA9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ"
+"AoGBAK85FZho5JL+T0/xu/8NLrD+Jaq9aARnJ+psQ0ynbcvIj36B7ocmJRASVDOe"
+"qj2bj46Ss0sB4/lKKcMP/ay300yXKT9pVc9wgwSvLgRudNYPFwn+niAkJOPHaJys"
+"Eb2S5LIbCfICMrtVGy0WXzASI+JMSo3C2j/huL/3OrGGvvDFAgMBAAGjgecwgeQw"
+"DAYDVR0TAQH/BAIwADA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0"
+"ZS5jb20vVGhhd3RlU0dDQ0EuY3JsMCgGA1UdJQQhMB8GCCsGAQUFBwMBBggrBgEF"
+"BQcDAgYJYIZIAYb4QgQBMHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0"
+"cDovL29jc3AudGhhd3RlLmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3"
+"dGUuY29tL3JlcG9zaXRvcnkvVGhhd3RlX1NHQ19DQS5jcnQwDQYJKoZIhvcNAQEF"
+"BQADgYEANYARzVI+hCn7wSjhIOUCj19xZVgdYnJXPOZeJWHTy60i+NiBpOf0rnzZ"
+"wW2qkw1iB5/yZ0eZNDNPPQJ09IHWOAgh6OKh+gVBnJzJ+fPIo+4NpddQVF4vfXm3"
+"fgp8tuIsqK7+lNfNFjBxBKqeecPStiSnJavwSI4vw6e7UN0Pz7A=";
+
+const std::string certVerisign =
+"MIIG+DCCBeCgAwIBAgIQU9K++SSnJF6DygHkbKokdzANBgkqhkiG9w0BAQUFADCB"
+"vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL"
+"ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug"
+"YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv"
+"VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew"
+"HhcNMTAwNTI2MDAwMDAwWhcNMTIwNTI1MjM1OTU5WjCCASkxEzARBgsrBgEEAYI3"
+"PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxGzAZBgNVBA8TElYx"
+"LjAsIENsYXVzZSA1LihiKTEQMA4GA1UEBRMHMjQ5Nzg4NjELMAkGA1UEBhMCVVMx"
+"DjAMBgNVBBEUBTk0MDQzMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHFA1N"
+"b3VudGFpbiBWaWV3MSIwIAYDVQQJFBk0ODcgRWFzdCBNaWRkbGVmaWVsZCBSb2Fk"
+"MRcwFQYDVQQKFA5WZXJpU2lnbiwgSW5jLjEmMCQGA1UECxQdIFByb2R1Y3Rpb24g"
+"U2VjdXJpdHkgU2VydmljZXMxGTAXBgNVBAMUEHd3dy52ZXJpc2lnbi5jb20wggEi"
+"MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj+PvvK+fZOXwno0yT/OTy2Zm9"
+"ehnZjTtO/X2IWBEa3jG30C52uHFQI4NmXiQVNvJHkBaAj0ilVjvGdxXmkyyFsugt"
+"IWOTZ8pSKdX1tmGFIon6Ko9+lBFkVkudA1ogAUbtTB8IcdeOlpK78T4SjdVMhY18"
+"150YzSw6hRKlw52wBaDxtGZElvOth41K7TUcaDnQVzz5SBPW5MUhi7AWrdoSk17O"
+"BozOzmB/jkYDVDnwLcbR89SLHEOle/idSYSDQUmab3y0JS8RyQV1+DB70mnFALnD"
+"fLiL47nMQQCGxXgp5voQ2YmSXhevKmEJ9vvtC6C7yv2W6yomfS/weUEce9pvAgMB"
+"AAGjggKCMIICfjCBiwYDVR0RBIGDMIGAghB3d3cudmVyaXNpZ24uY29tggx2ZXJp"
+"c2lnbi5jb22CEHd3dy52ZXJpc2lnbi5uZXSCDHZlcmlzaWduLm5ldIIRd3d3LnZl"
+"cmlzaWduLm1vYmmCDXZlcmlzaWduLm1vYmmCD3d3dy52ZXJpc2lnbi5ldYILdmVy"
+"aXNpZ24uZXUwCQYDVR0TBAIwADAdBgNVHQ4EFgQU8oBwK/WBXCZDWi0dbuDgPyTK"
+"iJIwCwYDVR0PBAQDAgWgMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9FVkludGwt"
+"Y3JsLnZlcmlzaWduLmNvbS9FVkludGwyMDA2LmNybDBEBgNVHSAEPTA7MDkGC2CG"
+"SAGG+EUBBxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNv"
+"bS9ycGEwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhCBAEw"
+"HwYDVR0jBBgwFoAUTkPIHXbvN1N6T/JYb5TzOOLVvd8wdgYIKwYBBQUHAQEEajBo"
+"MCsGCCsGAQUFBzABhh9odHRwOi8vRVZJbnRsLW9jc3AudmVyaXNpZ24uY29tMDkG"
+"CCsGAQUFBzAChi1odHRwOi8vRVZJbnRsLWFpYS52ZXJpc2lnbi5jb20vRVZJbnRs"
+"MjAwNi5jZXIwbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEw"
+"HzAHBgUrDgMCGgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28u"
+"dmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQB9VZxB"
+"wDMRGyhFWYkY5rwUVGuDJiGeas2xRJC0G4+riQ7IN7pz2a2BhktmZ5HbxXL4ZEY4"
+"yMN68DEVErhtKiuL02ng27alhlngadKQzSL8pLdmQ+3jEwm9nva5C/7pbeqy+qGF"
+"is4IWNYOc4HKNkABxXm5v0ouys8HPNkTLFLep0gLqRXW3gYN2XbKUWMs7z7hJpkY"
+"GxP8YQSxi513O2dWVCXB8S6erIz9E/bcfdXoCPyQdn42y3IEoJvPvBS3S55fD4+Q"
+"Q43GPhumSg9a6S3hnyw8DX5OiUGmqgQrtSeDRsNmWqtWizEQbe+fotZpEn/7zYTa"
+"tk1ni/k5jDH/QeuG";
+
+const std::string crlExampleCertificate =
+"MIIFlDCCBHygAwIBAgIBADANBgkqhkiG9w0BAQUFADBDMRIwEAYKCZImiZPyLGQB"
+"GRYCZXMxGDAWBgoJkiaJk/IsZAEZFghpcmlzZ3JpZDETMBEGA1UEAxMKSVJJU0dy"
+"aWRDQTAeFw0wNTA2MjgwNTAyMjhaFw0xNTA2MjYwNTAyMjhaMEMxEjAQBgoJkiaJ"
+"k/IsZAEZFgJlczEYMBYGCgmSJomT8ixkARkWCGlyaXNncmlkMRMwEQYDVQQDEwpJ"
+"UklTR3JpZENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CQiWlff"
+"ajoMSTuismKqLQ+Mt33Tq4bBpCZvCBXhqan1R0ksILPtK1L7C8QWqPk6AZZpuNmY"
+"cNVtJGc8ksgDWvX0EB3GKwZTZ8RrSRlSEe9Otq+Ur7S9uxM1JMmCr6zZTMFANzBS"
+"4btnduV78C09IhFYG4OW8IPhNrbfPaeOR+PRPAa/qdSONAwTrM1sZkIvGpAkBWM6"
+"Pn7TK9BAK6GLvwgii780fWj3Cwgmp8EDCTievBbWj+z8/apMEy9R0vyB2dWNNCnk"
+"6q8VvrjgMsJt33O3BqOoBuZ8R/SS9OFWLFSU3s7cfrRaUSJk/Mx8OGFizRkcXSzX"
+"0Nidcg7hX5i78wIDAQABo4ICkTCCAo0wDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E"
+"FgQUnUJkLlupXvH/bMg8NtPxtkOYrRowawYDVR0jBGQwYoAUnUJkLlupXvH/bMg8"
+"NtPxtkOYrRqhR6RFMEMxEjAQBgoJkiaJk/IsZAEZFgJlczEYMBYGCgmSJomT8ixk"
+"ARkWCGlyaXNncmlkMRMwEQYDVQQDEwpJUklTR3JpZENBggEAMA4GA1UdDwEB/wQE"
+"AwIBxjARBglghkgBhvhCAQEEBAMCAAcwOwYJYIZIAYb4QgENBC4WLElSSVNHcmlk"
+"IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IENlcnRpZmljYXRlMIGZBgNVHR8EgZEw"
+"gY4wLqAsoCqGKGh0dHA6Ly93d3cuaXJpc2dyaWQuZXMvcGtpL2NybC9jYWNybC5w"
+"ZW0wXKBaoFiGVmxkYXA6Ly9sZGFwLmlyaXNncmlkLmVzOjEzODAvY249SVJJU0dy"
+"aWRDQSxkYz1pcmlzZ3JpZCxkYz1lcz9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0"
+"MDcGCWCGSAGG+EIBAwQqFihodHRwOi8vd3d3LmlyaXNncmlkLmVzL3BraS9jcmwv"
+"Y2FjcmwucGVtME4GCWCGSAGG+EIBCARBFj9odHRwOi8vd3d3LmlyaXNncmlkLmVz"
+"L3BraS9wb2xpY3kvMS4zLjYuMS40LjEuNzU0Ny4yLjIuNC4xLjEuMS8waQYDVR0g"
+"BGIwYDBeBg0rBgEEAbp7AgIEAQEBME0wSwYIKwYBBQUHAgEWP2h0dHA6Ly93d3cu"
+"aXJpc2dyaWQuZXMvcGtpL3BvbGljeS8xLjMuNi4xLjQuMS43NTQ3LjIuMi40LjEu"
+"MS4xLzANBgkqhkiG9w0BAQUFAAOCAQEAaqRfyLER+P2QOZLLdz66m7FGsgtFsAEx"
+"wiNrIChFWfyHVZG7Ph1fn/GDD5LMsrU23lx3NBN5/feHuut1XNYKNs8vtV07D70r"
+"DKjUlPbmWV0B+/GDxe1FDGop/tKQfyHSUaBuauXChFU/2INu5lhBerNl7QxNJ1ws"
+"cWGiT7R+L/2EjgzWgH1V/0zmIOMep6kY7MUs8rlyF0O5MNFs232cA1trl9kvhAGU"
+"9p58Enf5DWMrh17SPH586yIJeiWZtPez9G54ftY+XIqfn0X0zso0dnoXNJQYS043"
+"/5vSnoHdRx/EmN8yjeEavZtC48moN0iJ38eB44uKgCD77rZW5s1XqA==";
+
+//class TestCleanup
+//{
+// public:
+// explicit TestCleanup(bool bCheckForFakeVerification = false)
+// {
+// if (bCheckForFakeVerification) {
+// bool bUnsetEnvVar = true;
+//
+// m_strEnvVar = "CHECK_ONLY_DOMAIN_INSTEAD_OF_VALIDATION";
+// if (getenv(m_strEnvVar.c_str()) != NULL) {
+// bUnsetEnvVar = false;
+// } else {
+// setenv(m_strEnvVar.c_str(), "1", 0);
+// }
+// }
+// }
+//
+// ~TestCleanup()
+// {
+// if (!m_strRootCAPath.empty()) {
+// removeCertGivenByFilename(m_strRootCAPath.c_str());
+// }
+//
+// if (!m_strEnvVar.empty()) {
+// unsetenv(m_strEnvVar.c_str());
+// }
+// }
+//
+// void setRootCAPath(const std::string& strRootCAPath)
+// {
+// m_strRootCAPath = strRootCAPath;
+// }
+//
+// private:
+// std::string m_strRootCAPath;
+// std::string m_strEnvVar;
+//};
+//
+//class PolicyChanger : public DPL::Event::EventListener<AceUpdateResponseEvent>
+//{
+// public:
+// PolicyChanger()
+// {
+// DPL::Event::EventDeliverySystem::AddListener<AceUpdateResponseEvent>(this);
+// }
+//
+// ~PolicyChanger()
+// {
+// DPL::Event::EventDeliverySystem::RemoveListener<AceUpdateResponseEvent>(this);
+// }
+//
+// void OnEventReceived(const AceUpdateResponseEvent& event)
+// {
+// if (0 != event.GetArg0()) {
+// LogError("Policy change failed");
+// }
+// Assert(0 == event.GetArg0() && "Policy change failed");
+// LoopControl::finish_wait_for_wrt_init();
+// }
+//
+// void updatePolicy(const std::string& path)
+// {
+// AceUpdateRequestEvent event(path);
+// DPL::Event::EventDeliverySystem::Publish(event);
+// LoopControl::wait_for_wrt_init();
+// }
+//};
+
+} // namespace anonymous
+
+using namespace ValidationCore;
+
+//////////////////////////////////////////////////
+//////// VALIDATION CORE TEST SUITE ////////////
+//////////////////////////////////////////////////
+
+RUNNER_TEST(test01_signature_finder)
+{
+ SignatureFileInfoSet signatureSet;
+ SignatureFinder signatureFinder(widget_path);
+ RUNNER_ASSERT_MSG(
+ SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
+ "SignatureFinder failed");
+ RUNNER_ASSERT_MSG(signatureSet.size() == 3,
+ "Some signature has not been found");
+
+ SignatureFileInfo first = *(signatureSet.begin());
+ RUNNER_ASSERT_MSG(
+ std::string("author-signature.xml") == first.getFileName(),
+ "Author Signature");
+ RUNNER_ASSERT_MSG(-1 == first.getFileNumber(), "Wrong signature number.");
+ first = *(signatureSet.rbegin());
+ RUNNER_ASSERT_MSG(std::string("signature22.xml") == first.getFileName(),
+ "Wrong signature fileName.");
+ RUNNER_ASSERT_MSG(22 == first.getFileNumber(), "Wrong signature number.");
+}
+
+RUNNER_TEST(test02_signature_reader)
+{
+ SignatureFileInfoSet signatureSet;
+ SignatureFinder signatureFinder(widget_path);
+ RUNNER_ASSERT_MSG(
+ SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
+ "SignatureFinder failed");
+
+ SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin();
+
+ for (; iter != signatureSet.rend(); ++iter) {
+ SignatureData data(widget_path + iter->getFileName(),
+ iter->getFileNumber());
+ SignatureReader xml;
+ xml.initialize(data, WrtDB::GlobalConfig::GetSignatureXmlSchema());
+ xml.read(data);
+ }
+}
+
+RUNNER_TEST(test03_signature_validator)
+{
+ SignatureFileInfoSet signatureSet;
+ SignatureFinder signatureFinder(widget_path);
+ LogError("Size: " << signatureSet.size());
+ RUNNER_ASSERT_MSG(
+ SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
+ "SignatureFinder failed");
+
+ SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin();
+ LogError("Size: " << signatureSet.size());
+ for (; iter != signatureSet.rend(); ++iter) {
+ SignatureData data(widget_path + iter->getFileName(),
+ iter->getFileNumber());
+ SignatureReader xml;
+ xml.initialize(data, WrtDB::GlobalConfig::GetSignatureXmlSchema());
+ xml.read(data);
+
+ SignatureValidator validator(
+ false,
+ false,
+ false);
+
+ if (data.isAuthorSignature()) {
+ LogError("Author");
+ RUNNER_ASSERT_MSG(
+ SignatureValidator::SIGNATURE_DISREGARD ==
+ validator.check(data, widget_path),
+ "Validation failed");
+ } else {
+ LogError("Distributor");
+ RUNNER_ASSERT_MSG(
+ SignatureValidator::SIGNATURE_VERIFIED ==
+ validator.check(data, widget_path),
+ "Validation failed");
+ }
+ }
+}
+
+RUNNER_TEST(test05_signature_reference)
+{
+ SignatureFileInfoSet signatureSet;
+ SignatureFinder signatureFinder(widget_path);
+ RUNNER_ASSERT_MSG(
+ SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
+ "SignatureFinder failed");
+
+ SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin();
+
+ for (; iter != signatureSet.rend(); ++iter) {
+ SignatureData data(widget_path + iter->getFileName(),
+ iter->getFileNumber());
+ SignatureReader xml;
+ xml.initialize(data, WrtDB::GlobalConfig::GetSignatureXmlSchema());
+ xml.read(data);
+
+ SignatureValidator sval(
+ false,
+ false,
+ false);
+ sval.check(data, widget_path);
+
+ ReferenceValidator val(widget_path);
+ RUNNER_ASSERT(
+ ReferenceValidator::NO_ERROR == val.checkReferences(data));
+ }
+}
+
+RUNNER_TEST(test07t01_base64)
+{
+ std::string strraw = "1234567890qwertyuiop[]asdfghjkl;'zxcvbnm,.";
+ std::string strenc =
+ "MTIzNDU2Nzg5MHF3ZXJ0eXVpb3BbXWFzZGZnaGprbDsnenhjdmJubSwu";
+
+ Base64Encoder encoder;
+ encoder.reset();
+ encoder.append(strraw);
+ encoder.finalize();
+ RUNNER_ASSERT_MSG(strenc == encoder.get(), "Error in Base64Encoder.");
+
+ Base64Decoder decoder;
+ decoder.reset();
+ decoder.append(strenc);
+ RUNNER_ASSERT(decoder.finalize());
+ RUNNER_ASSERT_MSG(strraw == decoder.get(), "Error in Base64Decoder.");
+}
+
+RUNNER_TEST(test07t02_base64)
+{
+ const size_t MAX = 40;
+ char buffer[MAX];
+ for (size_t i = 0; i<MAX; ++i) {
+ buffer[i] = static_cast<char>(i);
+ }
+
+ std::string raw(&buffer[0], &buffer[MAX]);
+
+ RUNNER_ASSERT(MAX == raw.size());
+
+ Base64Encoder encoder;
+ encoder.reset();
+ encoder.append(raw);
+ encoder.finalize();
+ std::string enc = encoder.get();
+
+ Base64Decoder decoder;
+ decoder.reset();
+ decoder.append(enc);
+ RUNNER_ASSERT(decoder.finalize());
+ RUNNER_ASSERT_MSG(raw == decoder.get(), "Error in Base64 conversion.");
+}
+
+RUNNER_TEST(test07t03_base64)
+{
+ std::string invalid = "1234)";
+
+ Base64Decoder decoder;
+ decoder.reset();
+ decoder.append(invalid);
+ RUNNER_ASSERT(false == decoder.finalize());
+}
+
+RUNNER_TEST(test07t04_base64)
+{
+ std::string invalid = "12234";
+
+ Base64Decoder decoder;
+ decoder.reset();
+
+ bool exception = false;
+ Try {
+ std::string temp = decoder.get();
+ } Catch(Base64Decoder::Exception::NotFinalized) {
+ exception = true;
+ }
+
+ RUNNER_ASSERT_MSG(exception, "Base64Decoder does not throw error.");
+}
+
+RUNNER_TEST(test08t01_Certificate)
+{
+ Certificate cert(certVerisign, Certificate::FORM_BASE64);
+
+ DPL::OptionalString result;
+
+ result = cert.getCommonName(Certificate::FIELD_SUBJECT);
+ RUNNER_ASSERT_MSG(!result.IsNull(), "No common name");
+ RUNNER_ASSERT_MSG(*result == DPL::FromUTF8String("www.verisign.com"),
+ "CommonName mismatch");
+
+ result = cert.getCommonName(Certificate::FIELD_ISSUER);
+ RUNNER_ASSERT_MSG(!result.IsNull(), "No common name");
+ RUNNER_ASSERT_MSG(result == DPL::FromUTF8String(
+ "VeriSign Class 3 Extended Validation SSL SGC CA"),
+ "CommonName mismatch");
+
+ result = cert.getCountryName();
+ RUNNER_ASSERT_MSG(!result.IsNull(), "No country");
+ RUNNER_ASSERT_MSG(*result == DPL::FromUTF8String("US"),
+ "Country mismatch");
+}
+
+RUNNER_TEST(test08t02_Certificate)
+{
+ Certificate cert(certVerisign, Certificate::FORM_BASE64);
+
+ Certificate::Fingerprint fin =
+ cert.getFingerprint(Certificate::FINGERPRINT_SHA1);
+
+ unsigned char buff[20] = {
+ 0xb9, 0x72, 0x1e, 0xd5, 0x49,
+ 0xed, 0xbf, 0x31, 0x84, 0xd8,
+ 0x27, 0x0c, 0xfe, 0x03, 0x11,
+ 0x19, 0xdf, 0xc2, 0x2b, 0x0a};
+ RUNNER_ASSERT_MSG(fin.size() == 20, "Wrong size of fingerprint");
+
+ for (size_t i = 0; i<20; ++i) {
+ RUNNER_ASSERT_MSG(fin[i] == buff[i], "Fingerprint mismatch");
+ }
+}
+
+RUNNER_TEST(test08t03_Certificate)
+{
+ Certificate cert(certVerisign, Certificate::FORM_BASE64);
+
+ Certificate::AltNameSet nameSet = cert.getAlternativeNameDNS();
+
+ RUNNER_ASSERT(nameSet.size() == 8);
+
+ DPL::String str = DPL::FromUTF8String("verisign.com");
+ RUNNER_ASSERT(nameSet.find(str) != nameSet.end());
+
+ str = DPL::FromUTF8String("fake.com");
+ RUNNER_ASSERT(nameSet.find(str) == nameSet.end());
+
+}
+
+RUNNER_TEST(test09t01_CertificateCollection)
+{
+ CertificateList list;
+ list.push_back(CertificatePtr(
+ new Certificate(google2nd, Certificate::FORM_BASE64)));
+ list.push_back(CertificatePtr(
+ new Certificate(googleCA, Certificate::FORM_BASE64)));
+ list.push_back(CertificatePtr(
+ new Certificate(google3rd, Certificate::FORM_BASE64)));
+
+ CertificateCollection collection;
+ collection.load(list);
+
+ bool exception = false;
+
+ Try {
+ RUNNER_ASSERT(collection.isChain());
+ } Catch (CertificateCollection::Exception::WrongUsage) {
+ exception = true;
+ }
+
+ RUNNER_ASSERT_MSG(exception, "Exception expected!");
+
+ RUNNER_ASSERT_MSG(collection.sort(), "Sort failed");
+
+ RUNNER_ASSERT(collection.isChain());
+
+ std::string encoded = collection.toBase64String();
+
+ collection.clear();
+
+ RUNNER_ASSERT_MSG(collection.size() == 0, "Function clear failed.");
+
+ collection.load(encoded);
+
+ RUNNER_ASSERT_MSG(collection.sort(), "Sort failed");
+
+ list = collection.getChain();
+
+ RUNNER_ASSERT(
+ DPL::ToUTF8String(*(list.front().Get()->getCommonName())) ==
+ "mail.google.com");
+ RUNNER_ASSERT(
+ DPL::ToUTF8String(*(list.back().Get()->getOrganizationName())) ==
+ "VeriSign, Inc.");
+}
+
+RUNNER_TEST(test51t01_ocsp_validation_negative)
+{
+ CertificateCacheDAO::clearCertificateCache();
+
+ CertificateList lOCSPCertificates;
+ CertificatePtr certificatePtr;
+ CertificatePtr pCert0;
+ CertificatePtr pCert1;
+ CertificatePtr pCert2;
+ CertificatePtr pRootCert;
+ std::string caRootPath(keys_path + "ocsp_rootca.crt"),
+ certLevel0Path(keys_path + "ocsp_level0deprecated.crt"),
+ certLevel1Path(keys_path + "ocsp_level1.crt"),
+ certLevel2Path(keys_path + "ocsp_level2.crt");
+
+ pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str());
+ if (!pRootCert) {
+ RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_rootca.crt");
+ }
+ lOCSPCertificates.push_back(pRootCert);
+
+ pCert0 = RevocationCheckerBase::loadPEMFile(certLevel0Path.c_str());
+ if (!pCert0) {
+ RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_level0.crt");
+ }
+ lOCSPCertificates.push_back(CertificatePtr(pCert0));
+
+ pCert1 = RevocationCheckerBase::loadPEMFile(certLevel1Path.c_str());
+ if (!pCert1) {
+ RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_level1.crt");
+ }
+ lOCSPCertificates.push_back(CertificatePtr(pCert1));
+
+ pCert2 = RevocationCheckerBase::loadPEMFile(certLevel2Path.c_str());
+ if (!pCert2) {
+ RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_level2.crt");
+ }
+ lOCSPCertificates.push_back(CertificatePtr(pCert2));
+
+ OCSP ocsp;
+ ocsp.setDigestAlgorithmForCertId(ValidationCore::OCSP::SHA1);
+ ocsp.setDigestAlgorithmForRequest(ValidationCore::OCSP::SHA1);
+
+ CertificateCollection collection;
+ collection.load(lOCSPCertificates);
+ RUNNER_ASSERT(collection.sort());
+ CertificateList sorted = collection.getChain();
+
+ ocsp.setTrustedStore(sorted);
+ VerificationStatusSet status = ocsp.validateCertificateList(sorted);
+
+ RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_CONNECTION_FAILED),
+ "Caught OCSP connection error from store exception");
+ RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_GOOD),
+ "Caught OCSP verification error exception");
+ RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_VERIFICATION_ERROR),
+ "Caught OCSP verification error exception");
+
+ CertificateCacheDAO::clearCertificateCache();
+}
+
+RUNNER_TEST(test51t02_ocsp_validation_positive)
+{
+ CertificateCacheDAO::clearCertificateCache();
+
+ CertificateList lOCSPCertificates;
+ CertificatePtr certificatePtr;
+ CertificatePtr pCert0;
+ CertificatePtr pCert1;
+ CertificatePtr pCert2;
+ CertificatePtr pRootCert;
+ std::string caRootPath(keys_path + "ocsp_rootca.crt"),
+ certLevel1Path(keys_path + "ocsp_level1.crt"),
+ certLevel2Path(keys_path + "ocsp_level2.crt");
+
+ pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str());
+ if (!pRootCert) {
+ RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_rootca.crt");
+ }
+ lOCSPCertificates.push_back(pRootCert);
+
+ pCert1 = RevocationCheckerBase::loadPEMFile(certLevel1Path.c_str());
+ if (!pCert1) {
+ RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_level1.crt");
+ }
+ lOCSPCertificates.push_back(CertificatePtr(pCert1));
+
+ pCert2 = RevocationCheckerBase::loadPEMFile(certLevel2Path.c_str());
+ if (!pCert2) {
+ RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_level2.crt");
+ }
+ lOCSPCertificates.push_back(CertificatePtr(pCert2));
+
+ OCSP ocsp;
+ ocsp.setDigestAlgorithmForCertId(ValidationCore::OCSP::SHA1);
+ ocsp.setDigestAlgorithmForRequest(ValidationCore::OCSP::SHA1);
+
+ CertificateCollection collection;
+ collection.load(lOCSPCertificates);
+ RUNNER_ASSERT(collection.sort());
+ CertificateList sorted = collection.getChain();
+
+ ocsp.setTrustedStore(sorted);
+ VerificationStatusSet status = ocsp.validateCertificateList(sorted);
+
+ RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_CONNECTION_FAILED),
+ "Caught OCSP connection error from store exception");
+ RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_GOOD),
+ "Caught OCSP verification error exception");
+ RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_VERIFICATION_ERROR),
+ "Caught OCSP verification error exception");
+
+ CertificateCacheDAO::clearCertificateCache();
+}
+
+RUNNER_TEST(test51t04_ocsp_request)
+{
+ CertificateList lTrustedCerts;
+
+ lTrustedCerts.push_back(CertificatePtr(
+ new Certificate(google3rd, Certificate::FORM_BASE64)));
+ lTrustedCerts.push_back(CertificatePtr(
+ new Certificate(google2nd, Certificate::FORM_BASE64)));
+ lTrustedCerts.push_back(CertificatePtr(
+ new Certificate(googleCA, Certificate::FORM_BASE64)));
+
+ CertificateCollection chain;
+ chain.load(lTrustedCerts);
+ chain.sort();
+
+ OCSP ocsp;
+ ocsp.setDigestAlgorithmForCertId(OCSP::SHA1);
+ ocsp.setDigestAlgorithmForRequest(OCSP::SHA1);
+ ocsp.setTrustedStore(lTrustedCerts);
+ VerificationStatus result = ocsp.checkEndEntity(chain);
+
+ RUNNER_ASSERT(VERIFICATION_STATUS_GOOD == result);
+}
+
+RUNNER_TEST(test51t05_cached_ocsp_validation_negative)
+{
+ CertificateCacheDAO::clearCertificateCache();
+
+ CertificateList lOCSPCertificates;
+ CertificatePtr certificatePtr;
+ CertificatePtr pCert0;
+ CertificatePtr pCert1;
+ CertificatePtr pCert2;
+ CertificatePtr pRootCert;
+ std::string caRootPath(keys_path + "ocsp_rootca.crt"),
+ certLevel0Path(keys_path + "ocsp_level0deprecated.crt"),
+ certLevel1Path(keys_path + "ocsp_level1.crt"),
+ certLevel2Path(keys_path + "ocsp_level2.crt");
+
+ pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str());
+ RUNNER_ASSERT_MSG(pRootCert, "Couldn't load ocsp_rootca.crt");
+ lOCSPCertificates.push_back(pRootCert);
+
+ pCert0 = RevocationCheckerBase::loadPEMFile(certLevel0Path.c_str());
+ RUNNER_ASSERT_MSG(pCert0, "Couldn't load ocsp_level0.crt");
+ lOCSPCertificates.push_back(CertificatePtr(pCert0));
+
+ pCert1 = RevocationCheckerBase::loadPEMFile(certLevel1Path.c_str());
+ RUNNER_ASSERT_MSG(pCert1, "Couldn't load ocsp_level1.crt");
+ lOCSPCertificates.push_back(CertificatePtr(pCert1));
+
+ pCert2 = RevocationCheckerBase::loadPEMFile(certLevel2Path.c_str());
+ RUNNER_ASSERT_MSG(pCert2, "Couldn't load ocsp_level2.crt");
+ lOCSPCertificates.push_back(CertificatePtr(pCert2));
+
+ CachedOCSP ocsp;
+
+ CertificateCollection collection;
+ collection.load(lOCSPCertificates);
+ RUNNER_ASSERT(collection.sort());
+
+ VerificationStatus status = ocsp.check(collection);
+
+ RUNNER_ASSERT_MSG(status != VERIFICATION_STATUS_GOOD,
+ "Caught OCSP verification error exception");
+
+ OCSPCachedStatusList respList;
+ CertificateCacheDAO::getOCSPStatusList(&respList);
+ unsigned len = respList.size();
+
+ status = ocsp.check(collection);
+
+ RUNNER_ASSERT_MSG(status != VERIFICATION_STATUS_GOOD,
+ "Caught OCSP verification error exception");
+
+ respList.clear();
+ CertificateCacheDAO::getOCSPStatusList(&respList);
+ RUNNER_ASSERT_MSG(respList.size() == len && len > 0,
+ "Caught OCSP cache error exception");
+
+ CertificateCacheDAO::clearCertificateCache();
+}
+
+RUNNER_TEST(test51t06_cached_ocsp_validation_positive)
+{
+ CertificateCacheDAO::clearCertificateCache();
+
+ CertificateList lOCSPCertificates;
+ CertificatePtr certificatePtr;
+ CertificatePtr pCert0;
+ CertificatePtr pCert1;
+ CertificatePtr pCert2;
+ CertificatePtr pRootCert;
+ std::string caRootPath(keys_path + "ocsp_rootca.crt"),
+ certLevel1Path(keys_path + "ocsp_level1.crt"),
+ certLevel2Path(keys_path + "ocsp_level2.crt");
+
+ pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str());
+ RUNNER_ASSERT_MSG(pRootCert, "Couldn't load ocsp_rootca.crt");
+ lOCSPCertificates.push_back(pRootCert);
+
+ pCert1 = RevocationCheckerBase::loadPEMFile(certLevel1Path.c_str());
+ RUNNER_ASSERT_MSG(pCert1, "Couldn't load ocsp_level1.crt");
+ lOCSPCertificates.push_back(CertificatePtr(pCert1));
+
+ pCert2 = RevocationCheckerBase::loadPEMFile(certLevel2Path.c_str());
+ RUNNER_ASSERT_MSG(pCert2, "Couldn't load ocsp_level2.crt");
+ lOCSPCertificates.push_back(CertificatePtr(pCert2));
+
+ CachedOCSP ocsp;
+
+ CertificateCollection collection;
+ collection.load(lOCSPCertificates);
+ RUNNER_ASSERT(collection.sort());
+
+ VerificationStatus status = ocsp.check(collection);
+
+ RUNNER_ASSERT_MSG(status == VERIFICATION_STATUS_GOOD,
+ "Caught OCSP verification error exception");
+
+ OCSPCachedStatusList respList;
+ CertificateCacheDAO::getOCSPStatusList(&respList);
+ unsigned len = respList.size();
+
+ status = ocsp.check(collection);
+
+ RUNNER_ASSERT_MSG(status == VERIFICATION_STATUS_GOOD,
+ "Caught OCSP verification error exception");
+
+ respList.clear();
+ CertificateCacheDAO::getOCSPStatusList(&respList);
+ RUNNER_ASSERT_MSG(respList.size() == len && len > 0,
+ "Caught OCSP cache error exception");
+
+ CertificateCacheDAO::clearCertificateCache();
+}
+
+RUNNER_TEST(test61_crl_test_revocation_no_crl)
+{
+ //Clear CRL cache so there is no CRL for those certificates URI.
+ CertificateCacheDAO::clearCertificateCache();
+ //Prepare certificate chain
+ TestCRL crl;
+ std::string cacertStr(crl.getFileContent(cert_store_path + "cacert.pem"));
+ std::string certAStr(
+ crl.getFileContent(cert_store_path + "1second_level.pem"));
+ std::string certBStr(
+ crl.getFileContent(cert_store_path + "1third_level.pem"));
+
+ CertificateLoader loader;
+ CertificateList certList;
+ CertificateCollection collection;
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(cacertStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(certAStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(certBStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+
+ collection.load(certList);
+
+ CRL::RevocationStatus status = crl.checkCertificateChain(collection);
+ RUNNER_ASSERT_MSG(status.isCRLValid == false,
+ "Some certificate have no CRL extension!");
+
+ CertificateCacheDAO::clearCertificateCache();
+}
+
+RUNNER_TEST(test62_crl_test_revocation_set1)
+{
+ CertificateCacheDAO::clearCertificateCache();
+
+ //Prepare certificate chain
+ TestCRL crl;
+ std::string cacertStr(crl.getFileContent(cert_store_path + "cacert.pem"));
+ std::string certAStr(
+ crl.getFileContent(cert_store_path + "1second_level.pem"));
+ std::string certBStr(
+ crl.getFileContent(cert_store_path + "1third_level.pem"));
+ crl.addCRLToStore(cert_store_path + "cacrl1.pem", crl_URI);
+
+ CertificateLoader loader;
+ CertificateList certList;
+ CertificateCollection collection;
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(cacertStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(certAStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(certBStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+
+ collection.load(certList);
+
+ CRL::RevocationStatus status = crl.checkCertificateChain(collection);
+ RUNNER_ASSERT(status.isCRLValid);
+ RUNNER_ASSERT(status.isRevoked);
+
+ CertificateCacheDAO::clearCertificateCache();
+}
+
+RUNNER_TEST(test63_crl_test_revocation_set1)
+{
+ CertificateCacheDAO::clearCertificateCache();
+
+ //Prepare certificate chain
+ TestCRL crl;
+ std::string cacertStr(crl.getFileContent(cert_store_path + "cacert.pem"));
+ std::string certAStr(
+ crl.getFileContent(cert_store_path + "1second_level.pem"));
+ std::string certBStr(
+ crl.getFileContent(cert_store_path + "1third_level.pem"));
+ crl.addCRLToStore(cert_store_path + "cacrl1.pem", crl_URI);
+
+ CertificateLoader loader;
+ CertificateList certList;
+ CertificateCollection collection;
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(cacertStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(certAStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(certBStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+
+ collection.load(certList);
+
+ CRL::RevocationStatus status = crl.checkCertificateChain(collection);
+ RUNNER_ASSERT(status.isCRLValid);
+ RUNNER_ASSERT(status.isRevoked);
+
+ CertificateCacheDAO::clearCertificateCache();
+}
+
+RUNNER_TEST(test64_crl_test_revocation_set2)
+{
+ CertificateCacheDAO::clearCertificateCache();
+
+ //Prepare certificate chain
+ TestCRL crl;
+ std::string cacertStr(crl.getFileContent(cert_store_path + "cacert.pem"));
+ std::string certAStr(
+ crl.getFileContent(cert_store_path + "2second_level.pem"));
+ std::string certBStr(
+ crl.getFileContent(cert_store_path + "2third_level.pem"));
+ crl.addCRLToStore(cert_store_path + "cacrl1.pem", crl_URI);
+
+ CertificateLoader loader;
+ CertificateList certList;
+ CertificateCollection collection;
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(cacertStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(certAStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(certBStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+
+ collection.load(certList);
+
+ CRL::RevocationStatus status = crl.checkCertificateChain(collection);
+ RUNNER_ASSERT(status.isCRLValid);
+ RUNNER_ASSERT(!status.isRevoked);
+
+ CertificateCacheDAO::clearCertificateCache();
+}
+
+RUNNER_TEST(test65_crl_test_revocation_set2)
+{
+ CertificateCacheDAO::clearCertificateCache();
+
+ //Prepare certificate chain
+ TestCRL crl;
+ std::string cacertStr(crl.getFileContent(cert_store_path + "cacert.pem"));
+ std::string certAStr(
+ crl.getFileContent(cert_store_path + "2second_level.pem"));
+ std::string certBStr(
+ crl.getFileContent(cert_store_path + "2third_level.pem"));
+ crl.addCRLToStore(cert_store_path + "cacrl2.pem", crl_URI);
+
+ CertificateLoader loader;
+ CertificateList certList;
+ CertificateCollection collection;
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(cacertStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(certAStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(certBStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+
+ collection.load(certList);
+
+ CRL::RevocationStatus status = crl.checkCertificateChain(collection);
+ RUNNER_ASSERT(status.isCRLValid);
+ RUNNER_ASSERT(status.isRevoked);
+
+ CertificateCacheDAO::clearCertificateCache();
+}
+
+RUNNER_TEST(test66_crl_update_expired_lists)
+{
+ CertificateCacheDAO::clearCertificateCache();
+
+ CertificatePtr rootCA(new Certificate(googleCA, Certificate::FORM_BASE64));
+
+ CertificateLoader loader;
+ loader.loadCertificateFromRawData(google2nd);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ TestCRL crl;
+ crl.addToStore(rootCA);
+
+ RUNNER_ASSERT_MSG(
+ crl.updateList(loader.getCertificatePtr(), CRL::UPDATE_ON_EXPIRED),
+ "CRL update on expired succeeded");
+
+ CertificateCacheDAO::clearCertificateCache();
+}
+
+RUNNER_TEST(test67_crl_update_lists_on_demand)
+{
+ CertificateCacheDAO::clearCertificateCache();
+
+ CertificatePtr rootCA(new Certificate(googleCA, Certificate::FORM_BASE64));
+
+ CertificateLoader loader;
+ loader.loadCertificateFromRawData(google2nd);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ TestCRL crl;
+ crl.addToStore(rootCA);
+
+ RUNNER_ASSERT_MSG(
+ crl.updateList(loader.getCertificatePtr(), CRL::UPDATE_ON_DEMAND),
+ "CRL update on demand succeeded");
+
+ CertificateCacheDAO::clearCertificateCache();
+}
+
+RUNNER_TEST(test68_cached_crl_test_positive)
+{
+ CertificateCacheDAO::clearCertificateCache();
+
+ TestCRL crl;
+
+ std::string cacertStr(crl.getFileContent(cert_store_path + "cacert.pem"));
+ std::string certAStr(
+ crl.getFileContent(cert_store_path + "2second_level.pem"));
+ std::string certBStr(
+ crl.getFileContent(cert_store_path + "2third_level.pem"));
+ crl.addCRLToStore(cert_store_path + "cacrl1.pem", crl_URI);
+
+ CertificateLoader loader;
+ CertificateList certList;
+ CertificateCollection collection;
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(cacertStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(certAStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(certBStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+
+ collection.load(certList);
+
+ CRL::RevocationStatus status = crl.checkCertificateChain(collection);
+
+ CachedCRL cached;
+ VerificationStatus cached_status = cached.check(collection);
+ CRLCachedDataList list;
+ CertificateCacheDAO::getCRLResponseList(&list);
+ unsigned len = list.size();
+
+ RUNNER_ASSERT(status.isCRLValid);
+ RUNNER_ASSERT(!status.isRevoked &&
+ cached_status == VERIFICATION_STATUS_GOOD);
+
+ cached_status = cached.check(collection);
+ list.clear();
+ CertificateCacheDAO::getCRLResponseList(&list);
+
+ RUNNER_ASSERT(len == list.size());
+ RUNNER_ASSERT(!status.isRevoked &&
+ cached_status == VERIFICATION_STATUS_GOOD);
+
+ CertificateCacheDAO::clearCertificateCache();
+}
+
+RUNNER_TEST(test69_cached_crl_test_negative)
+{
+ CertificateCacheDAO::clearCertificateCache();
+
+ //Prepare certificate chain
+ TestCRL crl;
+ std::string cacertStr(crl.getFileContent(cert_store_path + "cacert.pem"));
+ std::string certAStr(
+ crl.getFileContent(cert_store_path + "2second_level.pem"));
+ std::string certBStr(
+ crl.getFileContent(cert_store_path + "2third_level.pem"));
+ crl.addCRLToStore(cert_store_path + "cacrl2.pem", crl_URI);
+
+ CertificateLoader loader;
+ CertificateList certList;
+ CertificateCollection collection;
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(cacertStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(certAStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(certBStr) ==
+ CertificateLoader::NO_ERROR);
+ RUNNER_ASSERT(!!loader.getCertificatePtr());
+ certList.push_back(loader.getCertificatePtr());
+
+ collection.load(certList);
+
+ CRL::RevocationStatus status = crl.checkCertificateChain(collection);
+ CachedCRL cached;
+ VerificationStatus cached_status = cached.check(collection);
+ CRLCachedDataList list;
+ CertificateCacheDAO::getCRLResponseList(&list);
+ unsigned len = list.size();
+
+ RUNNER_ASSERT(status.isCRLValid);
+ RUNNER_ASSERT(status.isRevoked &&
+ cached_status == VERIFICATION_STATUS_REVOKED);
+
+ cached_status = cached.check(collection);
+ list.clear();
+ CertificateCacheDAO::getCRLResponseList(&list);
+
+ RUNNER_ASSERT(len == list.size());
+ RUNNER_ASSERT(status.isRevoked &&
+ cached_status == VERIFICATION_STATUS_REVOKED);
+
+ CertificateCacheDAO::clearCertificateCache();
+}
+
+RUNNER_TEST(test70_ocsp_local_validation_positive)
+{
+ CertificateCacheDAO::clearCertificateCache();
+
+ CertificateList lOCSPCertificates;
+ CertificatePtr certificatePtr;
+ CertificatePtr pCert0;
+ CertificatePtr pRootCert;
+ std::string caRootPath(cert_store_path + "cacert.pem"),
+ certLevel0Path(cert_store_path + "1second_level.pem");
+
+ pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str());
+ if (!pRootCert) {
+ RUNNER_ASSERT_MSG(false, "Couldn't load cacert.pem");
+ }
+ lOCSPCertificates.push_back(pRootCert);
+
+ pCert0 = RevocationCheckerBase::loadPEMFile(certLevel0Path.c_str());
+ if (!pCert0) {
+ RUNNER_ASSERT_MSG(false, "Couldn't load 1second_level.pem");
+ }
+ lOCSPCertificates.push_back(CertificatePtr(pCert0));
+
+ OCSP ocsp;
+ ocsp.setDigestAlgorithmForCertId(ValidationCore::OCSP::SHA1);
+ ocsp.setDigestAlgorithmForRequest(ValidationCore::OCSP::SHA1);
+
+ CertificateCollection collection;
+ collection.load(lOCSPCertificates);
+ RUNNER_ASSERT(collection.sort());
+ CertificateList sorted = collection.getChain();
+
+ ocsp.setTrustedStore(sorted);
+ VerificationStatusSet status = ocsp.validateCertificateList(sorted);
+
+ RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_CONNECTION_FAILED),
+ "Caught OCSP connection error - check if "
+ "wrt-tests-vcore-ocsp-server.sh is running!");
+ RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_GOOD),
+ "Caught OCSP verification error exception");
+ RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_VERIFICATION_ERROR),
+ "Caught OCSP verification error exception");
+
+ CertificateCacheDAO::clearCertificateCache();
+}
+
+RUNNER_TEST(test71_ocsp_local_validation_positive)
+{
+ CertificateCacheDAO::clearCertificateCache();
+
+ CertificateList lOCSPCertificates;
+ CertificatePtr certificatePtr;
+ CertificatePtr pCert0;
+ CertificatePtr pRootCert;
+ std::string caRootPath(cert_store_path + "cacert.pem"),
+ certLevel0Path(cert_store_path + "3second_level.pem");
+
+ pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str());
+ if (!pRootCert) {
+ RUNNER_ASSERT_MSG(false, "Couldn't load cacert.pem");
+ }
+ lOCSPCertificates.push_back(pRootCert);
+
+ pCert0 = RevocationCheckerBase::loadPEMFile(certLevel0Path.c_str());
+ if (!pCert0) {
+ RUNNER_ASSERT_MSG(false, "Couldn't load 3second_level.pem");
+ }
+ lOCSPCertificates.push_back(CertificatePtr(pCert0));
+
+ OCSP ocsp;
+ ocsp.setDigestAlgorithmForCertId(ValidationCore::OCSP::SHA1);
+ ocsp.setDigestAlgorithmForRequest(ValidationCore::OCSP::SHA1);
+
+ CertificateCollection collection;
+ collection.load(lOCSPCertificates);
+ RUNNER_ASSERT(collection.sort());
+ CertificateList sorted = collection.getChain();
+
+ ocsp.setTrustedStore(sorted);
+ VerificationStatusSet status = ocsp.validateCertificateList(sorted);
+
+ RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_CONNECTION_FAILED),
+ "Caught OCSP connection error - check if "
+ "wrt-tests-vcore-ocsp-server.sh is running!");
+ RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_GOOD),
+ "Caught OCSP verification error exception");
+ RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_VERIFICATION_ERROR),
+ "Caught OCSP verification error exception");
+
+ CertificateCacheDAO::clearCertificateCache();
+}
+
+RUNNER_TEST(test72_ocsp_local_validation_revoked)
+{
+ CertificateCacheDAO::clearCertificateCache();
+
+ CertificateList lOCSPCertificates;
+ CertificatePtr certificatePtr;
+ CertificatePtr pCert0;
+ CertificatePtr pRootCert;
+ std::string caRootPath(cert_store_path + "cacert.pem"),
+ certLevel0Path(cert_store_path + "2second_level.pem");
+
+ pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str());
+ if (!pRootCert) {
+ RUNNER_ASSERT_MSG(false, "Couldn't load cacert.pem");
+ }
+ lOCSPCertificates.push_back(pRootCert);
+
+ pCert0 = RevocationCheckerBase::loadPEMFile(certLevel0Path.c_str());
+ if (!pCert0) {
+ RUNNER_ASSERT_MSG(false, "Couldn't load 2second_level.pem");
+ }
+ lOCSPCertificates.push_back(CertificatePtr(pCert0));
+
+ OCSP ocsp;
+ ocsp.setDigestAlgorithmForCertId(ValidationCore::OCSP::SHA1);
+ ocsp.setDigestAlgorithmForRequest(ValidationCore::OCSP::SHA1);
+
+ CertificateCollection collection;
+ collection.load(lOCSPCertificates);
+ RUNNER_ASSERT(collection.sort());
+ CertificateList sorted = collection.getChain();
+
+ ocsp.setTrustedStore(sorted);
+ VerificationStatusSet status = ocsp.validateCertificateList(sorted);
+
+ RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_CONNECTION_FAILED),
+ "Caught OCSP connection error - check if "
+ "wrt-tests-vcore-ocsp-server.sh is running!");
+ RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_GOOD),
+ "Caught OCSP verification error exception");
+ RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_REVOKED),
+ "Caught OCSP verification error exception");
+ RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_UNKNOWN),
+ "Caught OCSP verification error exception");
+ RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_VERIFICATION_ERROR),
+ "Caught OCSP verification error exception");
+
+ CertificateCacheDAO::clearCertificateCache();
+}
+
+RUNNER_TEST(test73_ocsp_local_validation_error_unknown_cert)
+{
+ CertificateCacheDAO::clearCertificateCache();
+
+ CertificateList lOCSPCertificates;
+ CertificatePtr certificatePtr;
+ CertificatePtr pCert0;
+ CertificatePtr pCert1;
+ CertificatePtr pRootCert;
+ std::string caRootPath(cert_store_path + "cacert.pem"),
+ certLevel0Path(cert_store_path + "1second_level.pem"),
+ certLevel1Path(cert_store_path + "1third_level.pem");
+
+ pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str());
+ if (!pRootCert) {
+ RUNNER_ASSERT_MSG(false, "Couldn't load cacerr.pem");
+ }
+ lOCSPCertificates.push_back(pRootCert);
+
+ pCert0 = RevocationCheckerBase::loadPEMFile(certLevel0Path.c_str());
+ if (!pCert0) {
+ RUNNER_ASSERT_MSG(false, "Couldn't load 1second_level.pem");
+ }
+ lOCSPCertificates.push_back(CertificatePtr(pCert0));
+
+ pCert1 = RevocationCheckerBase::loadPEMFile(certLevel1Path.c_str());
+ if (!pCert1) {
+ RUNNER_ASSERT_MSG(false, "Couldn't load 1third_level.pem");
+ }
+ lOCSPCertificates.push_back(CertificatePtr(pCert1));
+
+ OCSP ocsp;
+ ocsp.setDigestAlgorithmForCertId(ValidationCore::OCSP::SHA1);
+ ocsp.setDigestAlgorithmForRequest(ValidationCore::OCSP::SHA1);
+
+ CertificateCollection collection;
+ collection.load(lOCSPCertificates);
+ RUNNER_ASSERT(collection.sort());
+ CertificateList sorted = collection.getChain();
+
+ ocsp.setTrustedStore(sorted);
+ VerificationStatusSet status = ocsp.validateCertificateList(sorted);
+
+ RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_CONNECTION_FAILED),
+ "Caught OCSP connection error - check if "
+ "wrt-tests-vcore-ocsp-server.sh is running!");
+ RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_GOOD),
+ "Caught OCSP verification error exception");
+ RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_REVOKED),
+ "Caught OCSP verification error exception");
+ RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_VERIFICATION_ERROR),
+ "Caught OCSP verification error exception");
+ RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_UNKNOWN),
+ "Caught OCSP verification error exception");
+
+ CertificateCacheDAO::clearCertificateCache();
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <string>
+#include <cstring>
+#include <dpl/log/log.h>
+
+#include <cert-service.h>
+
+#include "TestEnv.h"
+
+const char *storePath = "code-signing_wac";
+
+int addCertToStore(const char* name){
+ int result = cert_svc_add_certificate_to_store(name, storePath);
+
+ if (CERT_SVC_ERR_NO_ERROR != result) {
+ LogError("Error adding certificate: " << name << " To: " << storePath);
+ }
+ return result;
+}
+
+//long int removeCertFromStore(const char* subjectName, const char* issuerName)
+//{
+// long int result = OPERATION_SUCCESS;
+// /* Retrieve all the certificates from store */
+// certmgr_cert_id certId;
+// certmgr_mem_buff certRetrieved;
+// certmgr_ctx context;
+// char storeId[CERTMGR_MAX_PLUGIN_ID_SIZE];
+// char type[CERTMGR_MAX_CERT_TYPE_SIZE];
+// unsigned char certBuff[CERTMGR_MAX_BUFFER_SIZE * 2];
+//
+// certmgr_cert_descriptor descriptor;
+// certId.storeId = storeId;
+// certId.type = type;
+//
+// CERTMGR_INIT_CONTEXT((&context), (sizeof(certmgr_ctx)))
+// std::string storeName("Operator");
+// strncpy(context.storeId, storeName.c_str(), storeName.size());
+//
+// certRetrieved.data = certBuff;
+// certRetrieved.size = CERTMGR_MAX_BUFFER_SIZE * 2;
+//
+// certRetrieved.firstFree = 0;
+//
+// for(certRetrieved.firstFree = 0;
+// OPERATION_SUCCESS ==
+// (result = certmgr_retrieve_certificate_from_store( &context, &certRetrieved, &certId));
+// certRetrieved.firstFree = 0)
+// {
+// if(OPERATION_SUCCESS ==
+// certmgr_extract_certificate_data(&certRetrieved, &descriptor)){
+// LogDebug("The subject of this certificate is " << descriptor.mandatory.subject);
+// LogDebug("The issuer of this certificate is " << descriptor.mandatory.issuer);
+// }
+//
+// if(strcmp(descriptor.mandatory.subject, subjectName) == 0 &&
+// strcmp(descriptor.mandatory.issuer,issuerName) == 0 &&
+// OPERATION_SUCCESS == certmgr_remove_certificate_from_store(&certId))
+// {
+// LogDebug("***Certificate has been REMOVED***");
+// return OPERATION_SUCCESS;
+// }
+// }
+//
+// if(ERR_NO_MORE_CERTIFICATES == result){
+// LogDebug("***THIS CERT IS NOT IN STORE***");
+// return OPERATION_SUCCESS;
+// }
+//
+// return result;
+//}
+
+int removeCertGivenByFilename(const char* name){
+ int result = cert_svc_delete_certificate_from_store(name, storePath);
+
+ if (CERT_SVC_ERR_NO_ERROR != result) {
+ LogError("Error removing certificate: " << name << " From: " << storePath);
+ }
+
+ return result;
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _TESTENV_H_
+#define _TESTENV_H_
+
+int addCertToStore(const char *name);
+long int removeCertFromStore(const char *subjectName, const char *issuerName);
+int removeCertGivenByFilename(const char *name);
+
+#endif
--- /dev/null
+#!/bin/sh
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+pkill -9 openssl # if previously it was launched and openssl didn't close sockets
+
+OPENSSL_CONF=/opt/apps/widget/tests/vcore_certs/openssl.cnf openssl ocsp -nrequest 5 -index /opt/apps/widget/tests/vcore_certs/demoCA/index.txt -port 8881 -rsigner /opt/apps/widget/tests/vcore_certs/respcert.pem -rkey /opt/apps/widget/tests/vcore_certs/respcert.key -CA /opt/apps/widget/tests/vcore_certs/demoCA/cacert.pem
+
+echo "--- OCSP server shutdown..."
--- /dev/null
+1second_level.csr
+1second_level.key
+1second_level.pem
+1third_level.key
+1third_level.pem
+1third_level.request
+2second_level.csr
+2second_level.key
+2second_level.pem
+2third_level.key
+2third_level.pem
+2third_level.request
+3second_level.csr
+3second_level.key
+3second_level.pem
+3third_level.key
+3third_level.pem
+3third_level.request
+cacrl1.pem
+cacrl2.pem
+demoCA/index.txt
+demoCA/index.txt.attr
+demoCA/index.txt.attr.old
+demoCA/index.txt.old
+demoCA/newcerts/
+respcert.csr
+respcert.key
+respcert.pem
--- /dev/null
+#!/bin/bash
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#Prerequisite to run script is to
+#create root certificate and directory structure (demoCA) with command:
+#/usr/lib/ssl/misc/CA.sh -newca
+#for automated tests default structure is created in demoCA.init
+
+#make sure current dir has no files from previous generation
+rm -r 1* 2* 3* ca* respcert* demoCA
+cp -R demoCA.init demoCA
+echo "01" > ./demoCA/crlnumber
+
+for index in 1 2 3
+do
+ #create certificate A
+ openssl genrsa -out ${index}second_level.key 1024 -passin pass:1234 -config ./openssl.cnf
+ openssl req -new -key ${index}second_level.key -out ${index}second_level.csr -passin pass:1234 -config ./openssl.cnf <<CONTENT
+PL
+Masovian
+Warsaw
+priv
+priv
+second_level${index}
+
+
+
+CONTENT
+
+ openssl ca -in ${index}second_level.csr -out ${index}second_level.pem -passin pass:1234 -config ./openssl.cnf -extensions v3_ca <<CONTENT
+y
+y
+CONTENT
+
+ #create certificate B
+ openssl req -new -keyout ${index}third_level.key -out ${index}third_level.request -passin pass:1234 -passout pass:1234 -days 365 -config ./openssl.cnf <<CONTENT
+PL
+Masovian
+Warsaw
+priv
+priv
+third_level${index}
+
+
+
+CONTENT
+
+ openssl ca -config ./openssl.cnf -extensions v3_ca -policy policy_anything -keyfile ${index}second_level.key -cert ${index}second_level.pem -out ${index}third_level.pem -infiles ${index}third_level.request <<CONTENT
+y
+y
+CONTENT
+
+done
+
+#generate OCSP response signing certificate
+openssl genrsa -out respcert.key 1024 -passin pass:1234 -config ./openssl.cnf
+openssl req -new -key respcert.key -out respcert.csr -passin pass:1234 -config ./openssl.cnf <<CONTENT
+PL
+Masovian
+Warsaw
+priv
+priv
+responce_cert
+
+
+
+CONTENT
+
+openssl ca -in respcert.csr -out respcert.pem -passin pass:1234 -config ./openssl.cnf -extensions ocsp_cert <<CONTENT
+y
+y
+CONTENT
+
+#generate CRL
+openssl ca -passin pass:1234 -gencrl -keyfile ./demoCA/private/cakey.pem -cert ./demoCA/cacert.pem -out cacrl1.pem -crldays 30 -config ./openssl.cnf
+openssl ca -passin pass:1234 -revoke 1third_level.pem -keyfile ./demoCA/private/cakey.pem -cert ./demoCA/cacert.pem -config ./openssl.cnf
+openssl ca -passin pass:1234 -gencrl -keyfile ./demoCA/private/cakey.pem -cert ./demoCA/cacert.pem -out cacrl1.pem -crldays 30 -config ./openssl.cnf
+
+openssl ca -passin pass:1234 -gencrl -keyfile ./demoCA/private/cakey.pem -cert ./demoCA/cacert.pem -out cacrl2.pem -crldays 30 -config ./openssl.cnf
+openssl ca -passin pass:1234 -revoke 2second_level.pem -keyfile ./demoCA/private/cakey.pem -cert ./demoCA/cacert.pem -config ./openssl.cnf
+openssl ca -passin pass:1234 -gencrl -keyfile ./demoCA/private/cakey.pem -cert ./demoCA/cacert.pem -out cacrl2.pem -crldays 30 -config ./openssl.cnf
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=PL, ST=Masovian, O=priv, OU=priv, CN=priv
+ Validity
+ Not Before: Jul 29 14:32:12 2011 GMT
+ Not After : Jul 28 14:32:12 2014 GMT
+ Subject: C=PL, ST=Masovian, O=priv, OU=priv, CN=priv
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ab:68:cc:1a:41:78:50:0c:f4:43:3f:9e:8d:7b:
+ 90:3d:eb:d6:8b:ce:d9:c1:b5:f4:d3:2e:75:f3:e1:
+ b3:29:97:1b:38:c6:20:73:8d:a6:cd:61:3f:e1:1c:
+ 78:0f:fd:25:e2:a0:95:6d:a9:33:30:fe:24:76:3d:
+ e4:9d:23:b2:39:3c:98:a5:b2:20:2f:7d:c8:7d:d5:
+ 00:7c:11:2c:6e:58:a2:18:03:02:48:4a:81:c7:eb:
+ 7b:e9:e3:8d:b0:eb:3d:ee:21:19:7c:04:c2:ad:4f:
+ 45:b3:1a:13:d1:76:35:c4:38:7e:0c:6c:7c:e7:83:
+ 41:f0:78:1b:b4:16:d5:93:d9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ F6:6E:9E:36:6D:49:02:FC:91:1A:5A:9D:D3:FA:B4:9F:07:EE:A9:B3
+ X509v3 Authority Key Identifier:
+ keyid:F6:6E:9E:36:6D:49:02:FC:91:1A:5A:9D:D3:FA:B4:9F:07:EE:A9:B3
+ DirName:/C=PL/ST=Masovian/O=priv/OU=priv/CN=priv
+ serial:00
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 96:3c:f7:22:3d:32:c0:67:fc:3a:0a:3c:b7:62:38:7d:a6:d5:
+ 2d:86:c2:ce:6a:84:66:d4:56:b3:93:4e:4c:37:d1:49:b6:67:
+ 91:76:57:96:96:cc:5a:71:da:69:b7:52:9d:8f:17:f7:66:fa:
+ 6c:f1:98:28:44:af:60:df:ad:2a:8b:f5:f3:8c:27:c4:68:a5:
+ 2a:35:c1:6c:84:37:20:ee:c2:9c:58:98:a1:ff:ba:fd:38:36:
+ 45:c3:d7:38:5d:47:ad:c8:0d:26:2b:a9:9d:2e:39:73:b2:aa:
+ da:e5:19:b8:57:28:62:dd:94:2a:c9:50:5b:33:59:b0:56:cf:
+ eb:2f
+-----BEGIN CERTIFICATE-----
+MIICuDCCAiGgAwIBAgIBADANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJQTDER
+MA8GA1UECBMITWFzb3ZpYW4xDTALBgNVBAoTBHByaXYxDTALBgNVBAsTBHByaXYx
+DTALBgNVBAMTBHByaXYwHhcNMTEwNzI5MTQzMjEyWhcNMTQwNzI4MTQzMjEyWjBN
+MQswCQYDVQQGEwJQTDERMA8GA1UECBMITWFzb3ZpYW4xDTALBgNVBAoTBHByaXYx
+DTALBgNVBAsTBHByaXYxDTALBgNVBAMTBHByaXYwgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBAKtozBpBeFAM9EM/no17kD3r1ovO2cG19NMudfPhsymXGzjGIHON
+ps1hP+EceA/9JeKglW2pMzD+JHY95J0jsjk8mKWyIC99yH3VAHwRLG5YohgDAkhK
+gcfre+njjbDrPe4hGXwEwq1PRbMaE9F2NcQ4fgxsfOeDQfB4G7QW1ZPZAgMBAAGj
+gacwgaQwHQYDVR0OBBYEFPZunjZtSQL8kRpandP6tJ8H7qmzMHUGA1UdIwRuMGyA
+FPZunjZtSQL8kRpandP6tJ8H7qmzoVGkTzBNMQswCQYDVQQGEwJQTDERMA8GA1UE
+CBMITWFzb3ZpYW4xDTALBgNVBAoTBHByaXYxDTALBgNVBAsTBHByaXYxDTALBgNV
+BAMTBHByaXaCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCWPPci
+PTLAZ/w6Cjy3Yjh9ptUthsLOaoRm1Fazk05MN9FJtmeRdleWlsxacdppt1Kdjxf3
+Zvps8ZgoRK9g360qi/XzjCfEaKUqNcFshDcg7sKcWJih/7r9ODZFw9c4XUetyA0m
+K6mdLjlzsqra5Rm4Vyhi3ZQqyVBbM1mwVs/rLw==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBnjCCAQcCAQAwXjELMAkGA1UEBhMCUEwxETAPBgNVBAgTCE1hc292aWFuMQ8w
+DQYDVQQHEwZXYXJzYXcxDTALBgNVBAoTBHByaXYxDTALBgNVBAsTBHByaXYxDTAL
+BgNVBAMTBHByaXYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKtozBpBeFAM
+9EM/no17kD3r1ovO2cG19NMudfPhsymXGzjGIHONps1hP+EceA/9JeKglW2pMzD+
+JHY95J0jsjk8mKWyIC99yH3VAHwRLG5YohgDAkhKgcfre+njjbDrPe4hGXwEwq1P
+RbMaE9F2NcQ4fgxsfOeDQfB4G7QW1ZPZAgMBAAGgADANBgkqhkiG9w0BAQUFAAOB
+gQBfWbLoBMhFCjsTklaKNKIoF4WRNmGXPBQt+BWZhlVjnxh1ncL3QX2M4r/ys3ax
+bKGm24i5XvUvZ1uR8SxOHGbuTzjRALBOgfb9X5mma/8ZytammJmgjdYkVvvRNFXL
+O+WaOykOlw1zUEUVK0VAmdQ5STPQDypyYwGF5JYL24F84A==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+V 140728143212Z 00 unknown /C=PL/ST=Masovian/O=priv/OU=priv/CN=priv
--- /dev/null
+unique_subject = yes
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=PL, ST=Masovian, O=priv, OU=priv, CN=priv
+ Validity
+ Not Before: Jul 29 14:32:12 2011 GMT
+ Not After : Jul 28 14:32:12 2014 GMT
+ Subject: C=PL, ST=Masovian, O=priv, OU=priv, CN=priv
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ab:68:cc:1a:41:78:50:0c:f4:43:3f:9e:8d:7b:
+ 90:3d:eb:d6:8b:ce:d9:c1:b5:f4:d3:2e:75:f3:e1:
+ b3:29:97:1b:38:c6:20:73:8d:a6:cd:61:3f:e1:1c:
+ 78:0f:fd:25:e2:a0:95:6d:a9:33:30:fe:24:76:3d:
+ e4:9d:23:b2:39:3c:98:a5:b2:20:2f:7d:c8:7d:d5:
+ 00:7c:11:2c:6e:58:a2:18:03:02:48:4a:81:c7:eb:
+ 7b:e9:e3:8d:b0:eb:3d:ee:21:19:7c:04:c2:ad:4f:
+ 45:b3:1a:13:d1:76:35:c4:38:7e:0c:6c:7c:e7:83:
+ 41:f0:78:1b:b4:16:d5:93:d9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ F6:6E:9E:36:6D:49:02:FC:91:1A:5A:9D:D3:FA:B4:9F:07:EE:A9:B3
+ X509v3 Authority Key Identifier:
+ keyid:F6:6E:9E:36:6D:49:02:FC:91:1A:5A:9D:D3:FA:B4:9F:07:EE:A9:B3
+ DirName:/C=PL/ST=Masovian/O=priv/OU=priv/CN=priv
+ serial:00
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 96:3c:f7:22:3d:32:c0:67:fc:3a:0a:3c:b7:62:38:7d:a6:d5:
+ 2d:86:c2:ce:6a:84:66:d4:56:b3:93:4e:4c:37:d1:49:b6:67:
+ 91:76:57:96:96:cc:5a:71:da:69:b7:52:9d:8f:17:f7:66:fa:
+ 6c:f1:98:28:44:af:60:df:ad:2a:8b:f5:f3:8c:27:c4:68:a5:
+ 2a:35:c1:6c:84:37:20:ee:c2:9c:58:98:a1:ff:ba:fd:38:36:
+ 45:c3:d7:38:5d:47:ad:c8:0d:26:2b:a9:9d:2e:39:73:b2:aa:
+ da:e5:19:b8:57:28:62:dd:94:2a:c9:50:5b:33:59:b0:56:cf:
+ eb:2f
+-----BEGIN CERTIFICATE-----
+MIICuDCCAiGgAwIBAgIBADANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJQTDER
+MA8GA1UECBMITWFzb3ZpYW4xDTALBgNVBAoTBHByaXYxDTALBgNVBAsTBHByaXYx
+DTALBgNVBAMTBHByaXYwHhcNMTEwNzI5MTQzMjEyWhcNMTQwNzI4MTQzMjEyWjBN
+MQswCQYDVQQGEwJQTDERMA8GA1UECBMITWFzb3ZpYW4xDTALBgNVBAoTBHByaXYx
+DTALBgNVBAsTBHByaXYxDTALBgNVBAMTBHByaXYwgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBAKtozBpBeFAM9EM/no17kD3r1ovO2cG19NMudfPhsymXGzjGIHON
+ps1hP+EceA/9JeKglW2pMzD+JHY95J0jsjk8mKWyIC99yH3VAHwRLG5YohgDAkhK
+gcfre+njjbDrPe4hGXwEwq1PRbMaE9F2NcQ4fgxsfOeDQfB4G7QW1ZPZAgMBAAGj
+gacwgaQwHQYDVR0OBBYEFPZunjZtSQL8kRpandP6tJ8H7qmzMHUGA1UdIwRuMGyA
+FPZunjZtSQL8kRpandP6tJ8H7qmzoVGkTzBNMQswCQYDVQQGEwJQTDERMA8GA1UE
+CBMITWFzb3ZpYW4xDTALBgNVBAoTBHByaXYxDTALBgNVBAsTBHByaXYxDTALBgNV
+BAMTBHByaXaCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCWPPci
+PTLAZ/w6Cjy3Yjh9ptUthsLOaoRm1Fazk05MN9FJtmeRdleWlsxacdppt1Kdjxf3
+Zvps8ZgoRK9g360qi/XzjCfEaKUqNcFshDcg7sKcWJih/7r9ODZFw9c4XUetyA0m
+K6mdLjlzsqra5Rm4Vyhi3ZQqyVBbM1mwVs/rLw==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E653123E49750191
+
+OgQe9fnwRSQjEqAuqts2/up+mCfMyiZLwi/ZfhZjBxsRD0n34J5NrLptcWMDNvPT
+TueYJ24eUhE61RE6u9VpcdYd0d/7sbR6i8jiBYa8R15frtTUaD1XCbhz3Sn6REbL
+qDrKW7hHuSKKRfb/6bHVGNGMCR6eCSw9isYcqFDlmRpGiYC5m2nxr/W1JFq4K/te
+KgvZ0kwE9DPeCdLVyHbZ7AcK0aDzUeZOFxxyHvQRLIbprx2DoFi+erPVvPfehJp1
+n2CVa2CXwkY4vIoCKn3KbtRqR+vHbc9UmlSvd2AINPEgCYAr11AGvDl9O6fdLXRJ
+PXq6TMv3se//4qPcyKEiXRhR64a0dxIutyPvESLrnz4BZGsQN695ym3s96x1IEtK
+yb7AGws3kr/zMVFilFFtHZgsMse9kzsMmoQZ31VfyIM1CpmieCVyN2gYV+iQN04f
+1HaT498quauFvxezDe9UC4d9yaFKAM8lqeuMwoisTCu18LR5jA4ODzEJDENnny4O
+ejLVKkdPViJOW5UwGpjl2MQYtmRyN6/FHjFIx9FEIClaxLiYMFXNxIGSWdq85JUb
+/VpkmCiJqjy2eIW137ThbmN2GblLg6l9Hkz1wTBqhqhBK/uznwE7Mh0VL3QNTnys
+4Ib2WoApWS3b9a6UAeybZvZ1vvK/9hryG19iwZsqpmuJoTTSlwZQbBYpVHRiSmrw
+S26rP4kBnId4ftf3oIGCwUgFXhj1cQ7V/PC4EAOzo0opAMQkI6TR1DP8gv1ESmIN
+mdrHvKbzmrRe5enDjrk3G2HVhd2+fPwC0Go8mORvxRtRfDDYeySEPQ==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=PL, ST=Masovian, O=priv, OU=priv, CN=priv
+ Validity
+ Not Before: Jul 29 14:32:12 2011 GMT
+ Not After : Jul 28 14:32:12 2014 GMT
+ Subject: C=PL, ST=Masovian, O=priv, OU=priv, CN=priv
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ab:68:cc:1a:41:78:50:0c:f4:43:3f:9e:8d:7b:
+ 90:3d:eb:d6:8b:ce:d9:c1:b5:f4:d3:2e:75:f3:e1:
+ b3:29:97:1b:38:c6:20:73:8d:a6:cd:61:3f:e1:1c:
+ 78:0f:fd:25:e2:a0:95:6d:a9:33:30:fe:24:76:3d:
+ e4:9d:23:b2:39:3c:98:a5:b2:20:2f:7d:c8:7d:d5:
+ 00:7c:11:2c:6e:58:a2:18:03:02:48:4a:81:c7:eb:
+ 7b:e9:e3:8d:b0:eb:3d:ee:21:19:7c:04:c2:ad:4f:
+ 45:b3:1a:13:d1:76:35:c4:38:7e:0c:6c:7c:e7:83:
+ 41:f0:78:1b:b4:16:d5:93:d9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ F6:6E:9E:36:6D:49:02:FC:91:1A:5A:9D:D3:FA:B4:9F:07:EE:A9:B3
+ X509v3 Authority Key Identifier:
+ keyid:F6:6E:9E:36:6D:49:02:FC:91:1A:5A:9D:D3:FA:B4:9F:07:EE:A9:B3
+ DirName:/C=PL/ST=Masovian/O=priv/OU=priv/CN=priv
+ serial:00
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 96:3c:f7:22:3d:32:c0:67:fc:3a:0a:3c:b7:62:38:7d:a6:d5:
+ 2d:86:c2:ce:6a:84:66:d4:56:b3:93:4e:4c:37:d1:49:b6:67:
+ 91:76:57:96:96:cc:5a:71:da:69:b7:52:9d:8f:17:f7:66:fa:
+ 6c:f1:98:28:44:af:60:df:ad:2a:8b:f5:f3:8c:27:c4:68:a5:
+ 2a:35:c1:6c:84:37:20:ee:c2:9c:58:98:a1:ff:ba:fd:38:36:
+ 45:c3:d7:38:5d:47:ad:c8:0d:26:2b:a9:9d:2e:39:73:b2:aa:
+ da:e5:19:b8:57:28:62:dd:94:2a:c9:50:5b:33:59:b0:56:cf:
+ eb:2f
+-----BEGIN CERTIFICATE-----
+MIICuDCCAiGgAwIBAgIBADANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJQTDER
+MA8GA1UECBMITWFzb3ZpYW4xDTALBgNVBAoTBHByaXYxDTALBgNVBAsTBHByaXYx
+DTALBgNVBAMTBHByaXYwHhcNMTEwNzI5MTQzMjEyWhcNMTQwNzI4MTQzMjEyWjBN
+MQswCQYDVQQGEwJQTDERMA8GA1UECBMITWFzb3ZpYW4xDTALBgNVBAoTBHByaXYx
+DTALBgNVBAsTBHByaXYxDTALBgNVBAMTBHByaXYwgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBAKtozBpBeFAM9EM/no17kD3r1ovO2cG19NMudfPhsymXGzjGIHON
+ps1hP+EceA/9JeKglW2pMzD+JHY95J0jsjk8mKWyIC99yH3VAHwRLG5YohgDAkhK
+gcfre+njjbDrPe4hGXwEwq1PRbMaE9F2NcQ4fgxsfOeDQfB4G7QW1ZPZAgMBAAGj
+gacwgaQwHQYDVR0OBBYEFPZunjZtSQL8kRpandP6tJ8H7qmzMHUGA1UdIwRuMGyA
+FPZunjZtSQL8kRpandP6tJ8H7qmzoVGkTzBNMQswCQYDVQQGEwJQTDERMA8GA1UE
+CBMITWFzb3ZpYW4xDTALBgNVBAoTBHByaXYxDTALBgNVBAsTBHByaXYxDTALBgNV
+BAMTBHByaXaCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCWPPci
+PTLAZ/w6Cjy3Yjh9ptUthsLOaoRm1Fazk05MN9FJtmeRdleWlsxacdppt1Kdjxf3
+Zvps8ZgoRK9g360qi/XzjCfEaKUqNcFshDcg7sKcWJih/7r9ODZFw9c4XUetyA0m
+K6mdLjlzsqra5Rm4Vyhi3ZQqyVBbM1mwVs/rLw==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBnjCCAQcCAQAwXjELMAkGA1UEBhMCUEwxETAPBgNVBAgTCE1hc292aWFuMQ8w
+DQYDVQQHEwZXYXJzYXcxDTALBgNVBAoTBHByaXYxDTALBgNVBAsTBHByaXYxDTAL
+BgNVBAMTBHByaXYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKtozBpBeFAM
+9EM/no17kD3r1ovO2cG19NMudfPhsymXGzjGIHONps1hP+EceA/9JeKglW2pMzD+
+JHY95J0jsjk8mKWyIC99yH3VAHwRLG5YohgDAkhKgcfre+njjbDrPe4hGXwEwq1P
+RbMaE9F2NcQ4fgxsfOeDQfB4G7QW1ZPZAgMBAAGgADANBgkqhkiG9w0BAQUFAAOB
+gQBfWbLoBMhFCjsTklaKNKIoF4WRNmGXPBQt+BWZhlVjnxh1ncL3QX2M4r/ys3ax
+bKGm24i5XvUvZ1uR8SxOHGbuTzjRALBOgfb9X5mma/8ZytammJmgjdYkVvvRNFXL
+O+WaOykOlw1zUEUVK0VAmdQ5STPQDypyYwGF5JYL24F84A==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E653123E49750191
+
+OgQe9fnwRSQjEqAuqts2/up+mCfMyiZLwi/ZfhZjBxsRD0n34J5NrLptcWMDNvPT
+TueYJ24eUhE61RE6u9VpcdYd0d/7sbR6i8jiBYa8R15frtTUaD1XCbhz3Sn6REbL
+qDrKW7hHuSKKRfb/6bHVGNGMCR6eCSw9isYcqFDlmRpGiYC5m2nxr/W1JFq4K/te
+KgvZ0kwE9DPeCdLVyHbZ7AcK0aDzUeZOFxxyHvQRLIbprx2DoFi+erPVvPfehJp1
+n2CVa2CXwkY4vIoCKn3KbtRqR+vHbc9UmlSvd2AINPEgCYAr11AGvDl9O6fdLXRJ
+PXq6TMv3se//4qPcyKEiXRhR64a0dxIutyPvESLrnz4BZGsQN695ym3s96x1IEtK
+yb7AGws3kr/zMVFilFFtHZgsMse9kzsMmoQZ31VfyIM1CpmieCVyN2gYV+iQN04f
+1HaT498quauFvxezDe9UC4d9yaFKAM8lqeuMwoisTCu18LR5jA4ODzEJDENnny4O
+ejLVKkdPViJOW5UwGpjl2MQYtmRyN6/FHjFIx9FEIClaxLiYMFXNxIGSWdq85JUb
+/VpkmCiJqjy2eIW137ThbmN2GblLg6l9Hkz1wTBqhqhBK/uznwE7Mh0VL3QNTnys
+4Ib2WoApWS3b9a6UAeybZvZ1vvK/9hryG19iwZsqpmuJoTTSlwZQbBYpVHRiSmrw
+S26rP4kBnId4ftf3oIGCwUgFXhj1cQ7V/PC4EAOzo0opAMQkI6TR1DP8gv1ESmIN
+mdrHvKbzmrRe5enDjrk3G2HVhd2+fPwC0Go8mORvxRtRfDDYeySEPQ==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem# The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+
+#crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+crlDistributionPoints = URI:http://localhost/my.crl
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# OCSP and CRL local servers - for test certificates
+authorityInfoAccess=OCSP;URI:http://localhost:8881/
+crlDistributionPoints=URI:http://localhost/my.crl
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+crlDistributionPoints=crldp1_section
+URI=http://localhost/my.crl
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+[ my_v3_ext ]
+basicConstraints = CA:true
+
+[ ocsp_cert ]
+extendedKeyUsage = OCSP Signing
\ No newline at end of file
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file file_input_mapping.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of file input mapping
+ */
+#include <dpl/scoped_close.h>
+#include <dpl/log/log.h>
+#include <file_input_mapping.h>
+#include <iomanip>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <errno.h>
+
+FileInputMapping::FileInputMapping(const std::string &fileName)
+ : m_handle(-1),
+ m_size(0),
+ m_address(NULL)
+{
+ // Open device and map it to user space
+ int file = TEMP_FAILURE_RETRY(open(fileName.c_str(), O_RDONLY));
+
+ if (file == -1)
+ {
+ int error = errno;
+ ThrowMsg(FileInputMapping::Exception::OpenFailed,
+ "Failed to open file. errno = " << error);
+ }
+
+ // Scoped close on file
+ DPL::ScopedClose scopedClose(file);
+
+ // Calculate file size
+ off64_t size = lseek64(file, 0, SEEK_END);
+
+ if (size == static_cast<off64_t>(-1))
+ {
+ int error = errno;
+ ThrowMsg(FileInputMapping::Exception::OpenFailed,
+ "Failed to seek file. errno = " << error);
+ }
+
+ // Map file to usespace
+ void *address = mmap(0, static_cast<size_t>(size),
+ PROT_READ, MAP_SHARED, file, 0);
+
+ if (address == MAP_FAILED)
+ {
+ int error = errno;
+ ThrowMsg(FileInputMapping::Exception::OpenFailed,
+ "Failed to map file. errno = " << error);
+ }
+
+ // Release scoped close
+ m_handle = scopedClose.Release();
+
+ // Save mapped up address
+ m_size = size;
+ m_address = static_cast<unsigned char *>(address);
+
+ LogPedantic("Created file mapping: " << fileName <<
+ " of size: " << m_size <<
+ " at address: " << std::hex << static_cast<void *>(m_address));
+}
+
+FileInputMapping::~FileInputMapping()
+{
+ // Close mapping
+ if (munmap(m_address, static_cast<size_t>(m_size)) == -1)
+ {
+ int error = errno;
+ LogPedantic("Failed to munmap file. errno = " << error);
+ }
+
+ // Close file descriptor
+ if (TEMP_FAILURE_RETRY(close(m_handle)) == -1)
+ {
+ int error = errno;
+ LogPedantic("Failed to close file. errno = " << error);
+ }
+}
+
+off64_t FileInputMapping::GetSize() const
+{
+ return m_size;
+}
+
+const unsigned char *FileInputMapping::GetAddress() const
+{
+ return m_address;
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file file_input_mapping.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of file input mapping
+ */
+#ifndef DPL_FILE_INPUT_MAPPING_H
+#define DPL_FILE_INPUT_MAPPING_H
+
+#include <dpl/exception.h>
+#include <dpl/noncopyable.h>
+
+class FileInputMapping
+ : private DPL::Noncopyable
+{
+public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, OpenFailed)
+ };
+
+private:
+ int m_handle;
+ off64_t m_size;
+ unsigned char *m_address;
+
+public:
+ /**
+ * Constructor
+ */
+ explicit FileInputMapping(const std::string &fileName);
+
+ /**
+ * Destructor
+ */
+ ~FileInputMapping();
+
+ /**
+ * Get file mapping total size
+ *
+ * @return 64-bit size
+ */
+ off64_t GetSize() const;
+
+ /**
+ * Get file mapping base address
+ *
+ * @return Base address of file mapping
+ */
+ const unsigned char *GetAddress() const;
+};
+
+#endif // DPL_FILE_INPUT_MAPPING_H
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIEuDCCA6CgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBtDELMAkGA1UEBhMCQlIx
+EzARBgNVBAoTCklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25h
+bCBkZSBUZWNub2xvZ2lhIGRhIEluZm9ybWFjYW8gLSBJVEkxETAPBgNVBAcTCEJy
+YXNpbGlhMQswCQYDVQQIEwJERjExMC8GA1UEAxMoQXV0b3JpZGFkZSBDZXJ0aWZp
+Y2Fkb3JhIFJhaXogQnJhc2lsZWlyYTAeFw0wMTExMzAxMjU4MDBaFw0xMTExMzAy
+MzU5MDBaMIG0MQswCQYDVQQGEwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDE9MDsG
+A1UECxM0SW5zdGl0dXRvIE5hY2lvbmFsIGRlIFRlY25vbG9naWEgZGEgSW5mb3Jt
+YWNhbyAtIElUSTERMA8GA1UEBxMIQnJhc2lsaWExCzAJBgNVBAgTAkRGMTEwLwYD
+VQQDEyhBdXRvcmlkYWRlIENlcnRpZmljYWRvcmEgUmFpeiBCcmFzaWxlaXJhMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPMudwX/hvm+Uh2b/lQAcHVA
+isamaLkWdkwP9/S/tOKIgRrL6Oy+ZIGlOUdd6uYtk9Ma/3pUpgcfNAj0vYm5gsyj
+Qo9emsc+x6m4VWwk9iqMZSCK5EQkAq/Ut4n7KuLE1+gdftwdIgxfUsPt4CyNrY50
+QV57KM2UT8x5rrmzEjr7TICGpSUAl2gVqe6xaii+bmYR1QrmWaBSAG59LrkrjrYt
+bRhFboUDe1DK+6T8s5L6k8c8okpbHpa9veMztDVC9sPJ60MWXh6anVKo1UcLcbUR
+yEeNvZneVRKAAU6ouwdjDvwlsaKydFKwed0ToQ47bmUKgcm+wV3eTRk36UOnTwID
+AQABo4HSMIHPME4GA1UdIARHMEUwQwYFYEwBAQAwOjA4BggrBgEFBQcCARYsaHR0
+cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0RQQ2FjcmFpei5wZGYwPQYDVR0f
+BDYwNDAyoDCgLoYsaHR0cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0xDUmFj
+cmFpei5jcmwwHQYDVR0OBBYEFIr68VeEERM1kEL6V0lUaQ2kxPA3MA8GA1UdEwEB
+/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAZA5c1
+U/hgIh6OcgLAfiJgFWpvmDZWqlV30/bHFpj8iBobJSm5uDpt7TirYh1Uxe3fQaGl
+YjJe+9zd+izPRbBqXPVQA34EXcwk4qpWuf1hHriWfdrx8AcqSqr6CuQFwSr75Fos
+SzlwDADa70mT7wZjAmQhnZx2xJ6wfWlT9VQfS//JYeIc7Fue2JNLd00UOSMMaiK/
+t79enKNHEA2fupH3vEigf5Eh4bVAN5VohrTm6MY53x7XQZZr1ME7a55lFEnSeT0u
+mlOAjR2mAbvSM5X5oSZNrmetdzyTj2flCM8CC7MLab0kkdngRIlUBGHF1/S5nmPb
+K+9A46sd33oqK8n8
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
+ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
+gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
+MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
+IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
+dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
+czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
+dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
+aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
+AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
+b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
+ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
+nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
+18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
+gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
+Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
+sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
+SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
+CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
+GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
+zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
+omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS
+BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v
+cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9
+4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB
+Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J
+0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ
+FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx
+bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q
+SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb
+6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV
+m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g
+eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG
+kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7
+6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG
+CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc
+aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB
+gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w
+aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6
+tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0
+nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M
+77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV
+Bc/dLq4+gmF78CEQGPZE6lM5+dzQmiDgxrvgu1pPxJnIB721vaLbLmINQjRBvP+L
+ivVRIqqIMADisNS8vmW61QNXeZvo3MhN+FDtkaVSKKKs+zZYPumUK5FQhxvWXtaM
+zPcPEAxSTtAWYeXlCmy/F8dyRlecmPVsYGN6b165Ti/Iubm7aoW8mA3t+T6XhDSU
+rgCvoeXnkm5OvfPi2RSLXNLrAWygF6UtEOucekq9ve7O/e0iQKtwOIj1CodqwqsF
+YMlIBdpTwd5Ed2qz8zw87YC8pjhKKSRf/lk7myV6VmMAZLldpGJ9VzZPrYPvH5JT
+oI53V93lYRE9IwCQTDz6o2CTBKOvNfYOao9PSmCnhQVsRqGP9Md246FZV/dxssRu
+FFxtbUFm3xuTsdQAw+7Lzzw9IYCpX2Nl/N3gX6T0K/CFcUHUZyX7GrGXrtaZghNB
+0m6lG5kngOcLqagA
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIESzCCAzOgAwIBAgIJAJigUTEEXRQpMA0GCSqGSIb3DQEBBQUAMHYxCzAJBgNV
+BAYTAkRFMQ8wDQYDVQQIEwZIZXNzZW4xDjAMBgNVBAcTBUZ1bGRhMRAwDgYDVQQK
+EwdEZWJjb25mMRMwEQYDVQQDEwpEZWJjb25mIENBMR8wHQYJKoZIhvcNAQkBFhBq
+b2VyZ0BkZWJpYW4ub3JnMB4XDTA1MTEwNTE3NTUxNFoXDTE1MTEwMzE3NTUxNFow
+djELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEOMAwGA1UEBxMFRnVsZGEx
+EDAOBgNVBAoTB0RlYmNvbmYxEzARBgNVBAMTCkRlYmNvbmYgQ0ExHzAdBgkqhkiG
+9w0BCQEWEGpvZXJnQGRlYmlhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCvbOo0SrIwI5IMlsshH8WF3dHB9r9JlSKhMPaybawa1EyvZspMQ3wa
+F5qxNf3Sj+NElEmjseEqvCZiIIzqwerHu0Qw62cDYCdCd2+Wb5m0bPYB5CGHiyU1
+eNP0je42O0YeXG2BvUujN8AviocVo39X2YwNQ0ryy4OaqYgm2pRlbtT2ESbF+SfV
+Y2iqQj/f8ymF+lHo/pz8tbAqxWcqaSiHFAVQJrdqtFhtoodoNiE3q76zJoUkZTXB
+k60Yc3MJSnatZCpnsSBr/D7zpntl0THrUjjtdRWCjQVhqfhM1yZJV+ApbLdheFh0
+ZWlSxdnp25p0q0XYw/7G92ELyFDfBUUNAgMBAAGjgdswgdgwHQYDVR0OBBYEFMuV
+dFNb4mCWUFbcP5LOtxFLrEVTMIGoBgNVHSMEgaAwgZ2AFMuVdFNb4mCWUFbcP5LO
+txFLrEVToXqkeDB2MQswCQYDVQQGEwJERTEPMA0GA1UECBMGSGVzc2VuMQ4wDAYD
+VQQHEwVGdWxkYTEQMA4GA1UEChMHRGViY29uZjETMBEGA1UEAxMKRGViY29uZiBD
+QTEfMB0GCSqGSIb3DQEJARYQam9lcmdAZGViaWFuLm9yZ4IJAJigUTEEXRQpMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGZXxHg4mnkvilRIM1EQfGdY
+S5b/WcyF2MYSTeTvK4aIB6VHwpZoZCnDGj2m2D3CkHT0upAD9o0zM1tdsfncLzV+
+mDT/jNmBtYo4QXx5vEPwvEIcgrWjwk7SyaEUhZjtolTkHB7ACl0oD0r71St4iEPR
+qTUCEXk2E47bg1Fz58wNt/yo2+4iqiRjg1XCH4evkQuhpW+dTZnDyFNqwSYZapOE
+TBA+9zBb6xD1KM2DdY7r4GiyYItN0BKLfuWbh9LXGbl1C+f4P11g+m2MPiavIeCe
+1iazG5pcS3KoTLACsYlEX24TINtg4kcuS81XdllcnsV3Kdts0nIqPj6uhTTZD0k=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDvjCCA3ygAwIBAgIFJQaThoEwCwYHKoZIzjgEAwUAMIGFMQswCQYDVQQGEwJG
+UjEPMA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczEQMA4GA1UEChMHUE0v
+U0dETjEOMAwGA1UECxMFRENTU0kxDjAMBgNVBAMTBUlHQy9BMSMwIQYJKoZIhvcN
+AQkBFhRpZ2NhQHNnZG4ucG0uZ291di5mcjAeFw0wMjEyMTMxNDM5MTVaFw0yMDEw
+MTcxNDM5MTRaMIGFMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRnJhbmNlMQ4wDAYD
+VQQHEwVQYXJpczEQMA4GA1UEChMHUE0vU0dETjEOMAwGA1UECxMFRENTU0kxDjAM
+BgNVBAMTBUlHQy9BMSMwIQYJKoZIhvcNAQkBFhRpZ2NhQHNnZG4ucG0uZ291di5m
+cjCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQCFkMImdk9zDzJfTO4XPdAAmLbAdWws
+ZiEMZh19RyTo3CyhFqO77OIXrwY6vc1pcc3MgWJ0dgQpAgrDMtmFFxpUu4gmjVsx
+8GpxQC+4VOgLY8Cvmcd/UDzYg07EIRto8BwCpPJ/JfUxwzV2V3N713aAX+cEoKZ/
+s+kgxC6nZCA7oQIVALME/JYjkdW2uKIGngsEPbXAjdhDAoGADh/uqWJx94UBm31c
+9d8ZTBfRGRnmSSRVFDgPWgA69JD4BR5da8tKz+1HjfMhDXljbMH86ixpD5Ka1Z0V
+pRYUPbyAoB37tsmXMJY7kjyD19d5VdaZboUjVvhH6UJy5lpNNNGSvFl4fqkxyvw+
+pq1QV0N5RcvK120hlXdfHUX+YKYDgYQAAoGAQGr7IuKJcYIvJRMjxwl43KxXY2xC
+aoCiM/bv117MfI94aNf1UusGhp7CbYAY9CXuL60P0oPMAajbaTE5Z34AuITeHq3Y
+CNMHwxalip8BHqSSGmGiQsXeK7T+r1rPXsccZ1c5ikGDZ4xn5gUaCyy2rCmb+fOJ
+6VAfCbAbAjmNKwejdzB1MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgFGMBUG
+A1UdIAQOMAwwCgYIKoF6AXkBAQEwHQYDVR0OBBYEFPkeNRcUf8idzpKblYbLNxs0
+MQhSMB8GA1UdIwQYMBaAFPkeNRcUf8idzpKblYbLNxs0MQhSMAsGByqGSM44BAMF
+AAMvADAsAhRVh+CJA5eVyEYU5AO9Tm7GxX0rmQIUBCqsU5u1WxoZ5lEXicDX5/Ob
+sRQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEAjCCAuqgAwIBAgIFORFFEJQwDQYJKoZIhvcNAQEFBQAwgYUxCzAJBgNVBAYT
+AkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQ
+TS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEOMAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG
+9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMB4XDTAyMTIxMzE0MjkyM1oXDTIw
+MTAxNzE0MjkyMlowgYUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAM
+BgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEO
+MAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2
+LmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh/R0GLFMzvABIaI
+s9z4iPf930Pfeo2aSVz2TqrMHLmh6yeJ8kbpO0px1R2OLc/mratjUMdUC24SyZA2
+xtgv2pGqaMVy/hcKshd+ebUyiHDKcMCWSo7kVc0dJ5S/znIq7Fz5cyD+vfcuiWe4
+u0dzEvfRNWk68gq5rv9GQkaiv6GFGvm/5P9JhfejcIYyHF2fYPepraX/z9E0+X1b
+F8bc1g4oa8Ld8fUzaJ1O/Id8NhLWo4DoQw1VYZTqZDdH6nfK0LJYBcNdfrGoRpAx
+Vs5wKpayMLh35nnAvSk7/ZR3TL0gzUEl4C7HG7vupARB0l2tEmqKm0f7yd1GQOGd
+PDPQtQIDAQABo3cwdTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBRjAVBgNV
+HSAEDjAMMAoGCCqBegF5AQEBMB0GA1UdDgQWBBSjBS8YYFDCiQrdKyFP/45OqDAx
+NjAfBgNVHSMEGDAWgBSjBS8YYFDCiQrdKyFP/45OqDAxNjANBgkqhkiG9w0BAQUF
+AAOCAQEABdwm2Pp3FURo/C9mOnTgXeQp/wYHE4RKq89toB9RlPhJy3Q2FLwV3duJ
+L92PoF189RLrn544pEfMs5bZvpwlqwN+Mw+VgQ39FuCIvjfwbF3QMZsyK10XZZOY
+YLxuj7GoPB7ZHPOpJkL5ZB3C55L29B5aqhlSXa/oovdgoPaN8In1buAKBQGVyYsg
+Crpa/JosPL3Dt8ldeCUFP1YUmwza+zpI/pdpXsoQhvdOlgQITeywvl3cO45Pwf2a
+NjSaTFR+FwNIlQgRHAdvhQh+XU3Endv7rs6y0bO4g2wdsrN58dhwmX7wEwLOXt1R
+0982gaEbeC9xs/FZTEYYKKuF0mBWWg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIRANAeQJAAAEZSAAAAAQAAAAQwDQYJKoZIhvcNAQEFBQAw
+gYkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJEQzETMBEGA1UEBxMKV2FzaGluZ3Rv
+bjEXMBUGA1UEChMOQUJBLkVDT00sIElOQy4xGTAXBgNVBAMTEEFCQS5FQ09NIFJv
+b3QgQ0ExJDAiBgkqhkiG9w0BCQEWFWFkbWluQGRpZ3NpZ3RydXN0LmNvbTAeFw05
+OTA3MTIxNzMzNTNaFw0wOTA3MDkxNzMzNTNaMIGJMQswCQYDVQQGEwJVUzELMAkG
+A1UECBMCREMxEzARBgNVBAcTCldhc2hpbmd0b24xFzAVBgNVBAoTDkFCQS5FQ09N
+LCBJTkMuMRkwFwYDVQQDExBBQkEuRUNPTSBSb290IENBMSQwIgYJKoZIhvcNAQkB
+FhVhZG1pbkBkaWdzaWd0cnVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCx0xHgeVVDBwhMywVCAOINg0Y95JO6tgbTDVm9PsHOQ2cBiiGo77zM
+0KLMsFWWU4RmBQDaREmA2FQKpSWGlO1jVv9wbKOhGdJ4vmgqRF4vz8wYXke8OrFG
+PR7wuSw0X4x8TAgpnUBV6zx9g9618PeKgw6hTLQ6pbNfWiKX7BmbwQVo/ea3qZGU
+LOR4SCQaJRk665WcOQqKz0Ky8BzVX/tr7WhWezkscjiw7pOp03t3POtxA6k4ShZs
+iSrK2jMTecJVjO2cu/LLWxD4LmE1xilMKtAqY9FlWbT4zfn0AIS2V0KFnTKo+SpU
++/94Qby9cSj0u5C8/5Y0BONFnqFGKECBAgMBAAGjFjAUMBIGA1UdEwEB/wQIMAYB
+Af8CAQgwDQYJKoZIhvcNAQEFBQADggEBAARvJYbk5pYntNlCwNDJALF/VD6Hsm0k
+qS8Kfv2kRLD4VAe9G52dyntQJHsRW0mjpr8SdNWJt7cvmGQlFLdh6X9ggGvTZOir
+vRrWUfrAtF13Gn9kCF55xgVM8XrdTX3O5kh7VNJhkoHWG9YA8A6eKHegTYjHInYZ
+w8eeG6Z3ePhfm1bR8PIXrI6dWeYf/le22V7hXZ9F7GFoGUHhsiAm/lowdiT/QHI8
+eZ98IkirRs3bs4Ysj78FQdPB4xTjQRcm0HyncUwZ6EoPclgxfexgeqMiKL0ZJGA/
+O4dzwGvky663qyVDslUte6sGDnVdNOVdc22esnVApVnJTzFxiNmIf1Q=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
+HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh
+IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyOTA2MDAwMFoXDTM3MTEyMDE1
+MDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg
+SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M
+IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnej8Mlo2k06AX3dLm/WpcZuS+U
+0pPlLYnKhHw/EEMbjIt8hFj4JHxIzyr9wBXZGH6EGhfT257XyuTZ16pYUYfw8ItI
+TuLCxFlpMGK2MKKMCxGZYTVtfu/FsRkGIBKOQuHfD5YQUqjPnF+VFNivO3ULMSAf
+RC+iYkGzuxgh28pxPIzstrkNn+9R7017EvILDOGsQI93f7DKeHEMXRZxcKLXwjqF
+zQ6axOAAsNUl6twr5JQtOJyJQVdkKGUZHLZEtMgxa44Be3ZZJX8VHIQIfHNlIAqh
+BC4aMqiaILGcLCFZ5/vP7nAtCMpjPiybkxlqpMKX/7eGV4iFbJ4VFitNLLMCAwEA
+AaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoTYwFsuGkABFgFOxj8jY
+PXy+XxIwHwYDVR0jBBgwFoAUoTYwFsuGkABFgFOxj8jYPXy+XxIwDgYDVR0PAQH/
+BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQCKIBilvrMvtKaEAEAwKfq0FHNMeUWn
+9nDg6H5kHgqVfGphwu9OH77/yZkfB2FK4V1Mza3u0FIy2VkyvNp5ctZ7CegCgTXT
+Ct8RHcl5oIBN/lrXVtbtDyqvpxh1MwzqwWEFT2qaifKNuZ8u77BfWgDrvq2g+EQF
+Z7zLBO+eZMXpyD8Fv8YvBxzDNnGGyjhmSs3WuEvGbKeXO/oTLW4jYYehY0KswsuX
+n2Fozy1MBJ3XJU8KDk2QixhWqJNIV9xvrr2eZ1d3iVCzvhGbRWeDhhmH05i9CBoW
+H1iCC+GWaQVLjuyDUTEH1dSf/1l7qG6Fz9NLqUmwX7A5KGgOc90lmt4S
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF5jCCA86gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
+HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh
+IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyOTA2MDAwMFoXDTM3MDkyODIz
+NDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg
+SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M
+IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALQ3WggWmRToVbEbJGv8x4vmh6mJ
+7ouZzU9AhqS2TcnZsdw8TQ2FTBVsRotSeJ/4I/1n9SQ6aF3Q92RhQVSji6UI0ilb
+m2BPJoPRYxJWSXakFsKlnUWsi4SVqBax7J/qJBrvuVdcmiQhLE0OcR+mrF1FdAOY
+xFSMFkpBd4aVdQxHAWZg/BXxD+r1FHjHDtdugRxev17nOirYlxcwfACtCJ0zr7iZ
+YYCLqJV+FNwSbKTQ2O9ASQI2+W6p1h2WVgSysy0WVoaP2SBXgM1nEG2wTPDaRrbq
+JS5Gr42whTg0ixQmgiusrpkLjhTXUr2eacOGAgvqdnUxCc4zGSGFQ+aJLZ8lN2fx
+I2rSAG2X+Z/nKcrdH9cG6rjJuQkhn8g/BsXS6RJGAE57COtCPStIbp1n3UsC5ETz
+kxmlJ85per5n0/xQpCyrw2u544BMzwVhSyvcG7mm0tCq9Stz+86QNZ8MUhy/XCFh
+EVsVS6kkUfykXPcXnbDS+gfpj1bkGoxoigTTfFrjnqKhynFbotSg5ymFXQNoKk/S
+Btc9+cMDLz9l+WceR0DTYw/j1Y75hauXTLPXJuuWCpTehTacyH+BCQJJKg71ZDIM
+gtG6aoIbs0t0EfOMd9afv9w3pKdVBC/UMejTRrkDfNoSTllkt1ExMVCgyhwn2RAu
+rda9EGYrw7AiShJbAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FE9pbQN+nZ8HGEO8txBO1b+pxCAoMB8GA1UdIwQYMBaAFE9pbQN+nZ8HGEO8txBO
+1b+pxCAoMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAO/Ouyugu
+h4X7ZVnnrREUpVe8WJ8kEle7+z802u6teio0cnAxa8cZmIDJgt43d15Ui47y6mdP
+yXSEkVYJ1eV6moG2gcKtNuTxVBFT8zRFASbI5Rq8NEQh3q0l/HYWdyGQgJhXnU7q
+7C+qPBR7V8F+GBRn7iTGvboVsNIYvbdVgaxTwOjdaRITQrcCtQVBynlQboIOcXKT
+RuidDV29rs4prWPVVRaAMCf/drr3uNZK49m1+VLQTkCpx+XCMseqdiThawVQ68W/
+ClTluUI8JPu3B5wwn3la5uBAUhX0/Kr0VvlEl4ftDmVyXr4m+02kLQgH3thcoNyB
+M5kYJRF3p+v9WAksmWsbivNSPxpNSGDxoPYzAlOL7SUJuA0t7Zdz7NeWH45gDtoQ
+my8YJPamTQr5O8t1wswvziRpyQoijlmn94IM19drNZxDAGrElWe6nEXLuA4399xO
+AU++CrYD062KRffaJ00psUjf5BHklka9bAI+1lHIlRcBFanyqqryvy9lG2/QuRqT
+9Y41xICHPpQvZuTpqP9BnHAqTyo5GJUefvthATxRCC4oGKQWDzH9OmwjkyB24f0H
+hdFbP9IcczLd+rn4jM8Ch3qaluTtT4mNU0OrDhPAARW0eTjb/G49nlG2uBOLZ8/5
+fNkiHfZdxRwBL5joeiQYvITX+txyW/fBOmg=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
+IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
+MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
+FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
+bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
+H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
+uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
+mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
+a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
+E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
+WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
+VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
+Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
+cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
+IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
+AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
+YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
+6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
+Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
+c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
+mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
+b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw
+MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML
+QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD
+VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul
+CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n
+tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl
+dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch
+PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC
++Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O
+BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl
+MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk
+ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB
+IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X
+7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz
+43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY
+eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl
+pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA
+WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
+b3JrMSAwHgYDVQQDExdBZGRUcnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAx
+MDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtB
+ZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIDAeBgNV
+BAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV
+6tsfSlbunyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nX
+GCwwfQ56HmIexkvA/X1id9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnP
+dzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSGAa2Il+tmzV7R/9x98oTaunet3IAIx6eH
+1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAwHM+A+WD+eeSI8t0A65RF
+62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0GA1UdDgQW
+BBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUw
+AwEB/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDEL
+MAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU
+cnVzdCBUVFAgTmV0d29yazEgMB4GA1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJv
+b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4JNojVhaTdt02KLmuG7jD8WS6
+IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL+YPoRNWyQSW/
+iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao
+GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh
+4SINhwBk/ox9Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQm
+XiLsks3/QppEIW1cxeMiHV9HEufOX1362KqxMy3ZdvJOOjMMK7MtkAY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
+b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1
+MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYTAlNFMRQwEgYDVQQK
+EwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIzAh
+BgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwq
+xBb/4Oxx64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G
+87B4pfYOQnrjfxvM0PC3KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i
+2O+tCBGaKZnhqkRFmhJePp1tUvznoD1oL/BLcHwTOK28FSXx1s6rosAx1i+f4P8U
+WfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GRwVY18BTcZTYJbqukB8c1
+0cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HUMIHRMB0G
+A1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0T
+AQH/BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6Fr
+pGkwZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQL
+ExRBZGRUcnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlm
+aWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2VhlRO6aQTv
+hsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxGGuoYQ992zPlm
+hpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X
+dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3
+P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9Y
+iQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5no
+xqE=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
+bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2
+MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
+ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lk
+hsmj76CGv2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym
+1BW32J/X3HGrfpq/m44zDyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsW
+OqMFf6Dch9Wc/HKpoH145LcxVR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb
+2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQko
+O3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAU
+AK3Zo/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
+BQUAA4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF
+Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAb
+LjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTIdGcL+oir
+oQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43gKd8hdIaC2y+C
+MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds
+sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
+bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyODA2
+MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
+ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC
+206B89enfHG8dWOgXeMHDEjsJcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFci
+KtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2
+JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9
+BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCAOVIyD+OEsnpD8l7e
+Xz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0gBe4lL8B
+PeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67
+Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEq
+Z8A9W6Wa6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZ
+o2C7HK2JNDJiuEMhBnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3
++L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGj
+YzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3OpaaEg5+31IqEj
+FNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNeeMA4GA1UdDwEB/wQE
+AwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7PmG2tZTiLMubekJcmn
+xPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIylvfEWK5t2
+LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc
+obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8
+CNyRnqjQ1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMe
+IjzCpjbdGe+n/BLzJsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMA
+DjMSW7yV5TKQqLPGbIOtd+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2F
+AjgQ5ANh1NolNscIWC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUX
+Om/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPb
+AZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQl
+Zvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uRuMRUvAaw
+RY8mkaKO/qk=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
+RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
+VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
+DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
+ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
+VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
+mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
+IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
+mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
+XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
+dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
+jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
+BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
+DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
+9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
+jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
+Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
+ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
+R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB
+gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
+BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw
+MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
+YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
+RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3
+UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI
+2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8
+Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp
++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+
+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O
+nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW
+/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g
+PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u
+QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY
+SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv
+IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/
+RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4
+zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
+BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB
+ZQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL
+MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT
+IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw
+MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy
+ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N
+T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR
+FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J
+cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW
+BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
+BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm
+fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv
+GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn
+MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL
+ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg
+b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa
+MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB
+ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw
+IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B
+AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb
+unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d
+BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq
+7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3
+0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX
+roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG
+A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j
+aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p
+26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA
+BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud
+EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN
+BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz
+aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB
+AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd
+p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi
+1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc
+XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0
+eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu
+tGWaIZDgqtCYvDi1czyL+Nw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn
+MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL
+ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo
+YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9
+MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy
+NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G
+A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA
+A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0
+Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s
+QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV
+eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795
+B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh
+z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T
+AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i
+ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w
+TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH
+MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD
+VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE
+VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh
+bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B
+AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM
+bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi
+ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG
+VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c
+ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/
+AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw
+PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz
+cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9
+MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz
+IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ
+ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR
+VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL
+kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd
+EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas
+H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0
+HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud
+DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4
+QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu
+Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/
+AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8
+yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR
+FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA
+ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB
+kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7
+l7+ijrRU
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM
+MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD
+QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM
+MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD
+QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E
+jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo
+ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI
+ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu
+Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg
+AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7
+HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA
+uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa
+TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg
+xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q
+CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x
+O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs
+6GAqm4VKQPNriiTsBhYscw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
+YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
+MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
+GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
+BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
+3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
+YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
+rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
+ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
+oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
+MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
+QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
+b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
+AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
+GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
+Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
+G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
+l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
+smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRp
+ZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVow
+fjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAiBgNV
+BAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPM
+cm3ye5drswfxdySRXyWP9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3S
+HpR7LZQdqnXXs5jLrLxkU0C8j6ysNstcrbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996
+CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rCoznl2yY4rYsK7hljxxwk
+3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3Vp6ea5EQz
+6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNV
+HQ4EFgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
+EwEB/wQFMAMBAf8wgYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2Rv
+Y2EuY29tL1NlY3VyZUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRw
+Oi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmww
+DQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm4J4oqF7Tt/Q0
+5qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj
+Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtI
+gKvcnDe4IRRLDXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJ
+aD61JlfutuC23bkpgHl9j6PwpCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDl
+izeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1HRR3B7Hzs/Sk=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0
+aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTla
+MH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
+BgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUwIwYD
+VQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWW
+fnJSoBVC21ndZHoa0Lh73TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMt
+TGo87IvDktJTdyR0nAducPy9C1t2ul/y/9c3S0pgePfw+spwtOpZqqPOSC+pw7IL
+fhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6juljatEPmsbS9Is6FARW
+1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsSivnkBbA7
+kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0G
+A1UdDgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21v
+ZG9jYS5jb20vVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRo
+dHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMu
+Y3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8NtwuleGFTQQuS9/
+HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32
+pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxIS
+jBc/lDb+XbDABHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+
+xqFx7D+gIIxmOom0jtTYsU0lR+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/Atyjcn
+dBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O9y5Xt5hwXsjEeLBi
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBb
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3Qx
+ETAPBgNVBAsTCERTVCBBQ0VTMRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0w
+MzExMjAyMTE5NThaFw0xNzExMjAyMTE5NThaMFsxCzAJBgNVBAYTAlVTMSAwHgYD
+VQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UECxMIRFNUIEFDRVMx
+FzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPu
+ktKe1jzIDZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7
+gLFViYsx+tC3dr5BPTCapCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZH
+fAjIgrrep4c9oW24MFbCswKBXy314powGCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4a
+ahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPyMjwmR/onJALJfh1biEIT
+ajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rk
+c3QuY29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjto
+dHRwOi8vd3d3LnRydXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMt
+aW5kZXguaHRtbDAdBgNVHQ4EFgQUCXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZI
+hvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V25FYrnJmQ6AgwbN99Pe7lv7Uk
+QIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6tFr8hlxCBPeP/
+h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq
+nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpR
+rscL9yuwNwXsvFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf2
+9w4LTJxoeHtxMcfrHuBnQfO3oKfN5XozNmr6mis=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
+rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
+OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
+xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
+7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
+aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
+SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
+ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
+AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
+R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
+JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
+Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
+b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
+cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c
+JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP
+mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+
+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4
+VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/
+AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB
+AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun
+pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC
+dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf
+fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm
+NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx
+H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
+CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
+nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
+43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
+T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
+gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
+BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
+TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
+DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
+hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
+06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
+PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
+YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
+ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
+MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
+LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
+RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
+PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
+xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
+Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
+hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
+EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
+MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
+FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
+nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
+eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
+hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
+Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
+vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
++OkuE6N36B9K
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf
+MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp
+Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww
+HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES
+MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg
+MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B
+8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY
+tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl
+HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj
+zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU
+JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM
+ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv
+a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p
+K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi
+puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT
+yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO
+owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV
+HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC
+jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy
+fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo
+Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo
+M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM
+Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed
+2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH
+/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl
+nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE
+O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU
+9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9
+j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDKTCCApKgAwIBAgIENnAVljANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL
+EwhEU1RDQSBFMTAeFw05ODEyMTAxODEwMjNaFw0xODEyMTAxODQwMjNaMEYxCzAJ
+BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x
+ETAPBgNVBAsTCERTVENBIEUxMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCg
+bIGpzzQeJN3+hijM3oMv+V7UQtLodGBmE5gGHKlREmlvMVW5SXIACH7TpWJENySZ
+j9mDSI+ZbZUTu0M7LklOiDfBu1h//uG9+LthzfNHwJmm8fOR6Hh8AMthyUQncWlV
+Sn5JTe2io74CTADKAqjuAQIxZA9SLRN0dja1erQtcQIBA6OCASQwggEgMBEGCWCG
+SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx
+JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI
+RFNUQ0EgRTExDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMTAxODEw
+MjNagQ8yMDE4MTIxMDE4MTAyM1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFGp5
+fpFpRhgTCgJ3pVlbYJglDqL4MB0GA1UdDgQWBBRqeX6RaUYYEwoCd6VZW2CYJQ6i
++DAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
+SIb3DQEBBQUAA4GBACIS2Hod3IEGtgllsofIH160L+nEHvI8wbsEkBFKg05+k7lN
+QseSJqBcNJo4cvj9axY+IO6CizEqkzaFI4iKPANo08kJD038bKTaKHKTDomAsH3+
+gG9lbRgzl4vCa4nuYD3Im+9/KzJic5PLPON74nZ4RbyhkwS7hp86W0N6w4pl
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID2DCCAsACEQDQHkCLAAACfAAAAAIAAAABMA0GCSqGSIb3DQEBBQUAMIGpMQsw
+CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
+dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UE
+CxMIRFNUQ0EgWDExFjAUBgNVBAMTDURTVCBSb290Q0EgWDExITAfBgkqhkiG9w0B
+CQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05ODEyMDExODE4NTVaFw0wODExMjgx
+ODE4NTVaMIGpMQswCQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMO
+U2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0
+IENvLjERMA8GA1UECxMIRFNUQ0EgWDExFjAUBgNVBAMTDURTVCBSb290Q0EgWDEx
+ITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBANLGJrbnpT3BxGjVUG9TxW9JEwm4ryxIjRRqoxdf
+WvnTLnUv2Chi0ZMv/E3Uq4flCMeZ55I/db3rJbQVwZsZPdJEjdd0IG03Ao9pk1uK
+xBmd9LIO/BZsubEFkoPRhSxglD5FVaDZqwgh5mDoO3TymVBRaNADLbGAvqPYUrBE
+zUNKcI5YhZXhTizWLUFv1oTnyJhEykfbLCSlaSbPa7gnYsP0yXqSI+0TZ4KuRS5F
+5X5yP4WdlGIQ5jyRoa13AOAV7POEgHJ6jm5gl8ckWRA0g1vhpaRptlc1HHhZxtMv
+OnNn7pTKBBMFYgZwI7P0fO5F2WQLW0mqpEPOJsREEmy43XkCAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAojeyP2n714Z5VEkxlTMr89EJFEliYIalsBHiUMIdBlc+Legz
+ZL6bqq1fG03UmZWii5rJYnK1aerZWKs17RWiQ9a2vAd5ZWRzfdd5ynvVWlHG4VME
+lo04z6MXrDlxawHDi1M8Y+nuecDkvpIyZHqzH5eUYr3qsiAVlfuX8ngvYzZAOONG
+Dx3drJXK50uQe7FLqdTF65raqtWjlBRGjS0f8zrWkzr2Pnn86Oawde3uPclwx12q
+gUtGJRzHbBXjlU4PqjI3lAoXJJIThFjSY28r9+ZbYgsTF7ANUkz+/m9c4pFuHf2k
+Ytdo+o56T9II2pPc8JIRetDccpMMc5NihWjQ9A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDKTCCApKgAwIBAgIENm7TzjANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL
+EwhEU1RDQSBFMjAeFw05ODEyMDkxOTE3MjZaFw0xODEyMDkxOTQ3MjZaMEYxCzAJ
+BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x
+ETAPBgNVBAsTCERTVENBIEUyMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC/
+k48Xku8zExjrEH9OFr//Bo8qhbxe+SSmJIi2A7fBw18DW9Fvrn5C6mYjuGODVvso
+LeE4i7TuqAHhzhy2iCoiRoX7n6dwqUcUP87eZfCocfdPJmyMvMa1795JJ/9IKn3o
+TQPMx7JSxhcxEzu1TdvIxPbDDyQq2gyd55FbgM2UnQIBA6OCASQwggEgMBEGCWCG
+SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx
+JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI
+RFNUQ0EgRTIxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxOTE3
+MjZagQ8yMDE4MTIwOTE5MTcyNlowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFB6C
+TShlgDzJQW6sNS5ay97u+DlbMB0GA1UdDgQWBBQegk0oZYA8yUFurDUuWsve7vg5
+WzAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
+SIb3DQEBBQUAA4GBAEeNg61i8tuwnkUiBbmi1gMOOHLnnvx75pO2mqWilMg0HZHR
+xdf0CiUPPXiBng+xZ8SQTGPdXqfiup/1902lMXucKS1M/mQ+7LZT/uqb7YLbdHVL
+B3luHtgZg3Pe9T7Qtd7nS2h9Qy4qIOF+oHhEngj1mPnHfxsb1gYgAlihw6ID
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID2DCCAsACEQDQHkCLAAB3bQAAAAEAAAAEMA0GCSqGSIb3DQEBBQUAMIGpMQsw
+CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
+dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UE
+CxMIRFNUQ0EgWDIxFjAUBgNVBAMTDURTVCBSb290Q0EgWDIxITAfBgkqhkiG9w0B
+CQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05ODExMzAyMjQ2MTZaFw0wODExMjcy
+MjQ2MTZaMIGpMQswCQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMO
+U2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0
+IENvLjERMA8GA1UECxMIRFNUQ0EgWDIxFjAUBgNVBAMTDURTVCBSb290Q0EgWDIx
+ITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBANx18IzAdZaawGIfJvfE4Zrq4FZzW5nNAUSoCLbV
+p9oaBBg5kkp4o4HC9Xd6ULRw/5qrxsfKboNPQpj7Jgva3G3WqZlVUmfpKAOS3OWw
+BZoPFflrWXJW8vo5/Kpo7g8fEIMv/J36F5bdguPmRX3AS4BEH+0s4IT9kVySVGkl
+5WJp3OXuAFK9MwutdQKFp2RQLcUZGTDAJtvJ0/0uma1ZtQtN1EGuhUhDWdy3qOKi
+3sOP17ihYqZoUFLkzzGnlIXan0YyF1bl8utmPRL/Q9uY73fPy4GNNLHGUEom0eQ+
+QVCvbK4iNC7Va26Dunm4dmVI2gkpZGMiuftHdoWMhkTLCdsCAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAtTYOXeFhKFoRZcA/gwN5Tb4opgsHAlKFzfiR0BBstWogWxyQ
+2TA8xkieil5k+aFxd+8EJx8H6+Qm93N0yUQYGmbT4EOvkTvRyyzYdFQ6HE3K1GjN
+I3wdEJ5F6fYAbqbNGf9PLCmPV03Ed5K+4EwJ+11EhmYhqLkyolbV6YyDfFk/xPEL
+553snr2cGA4+wjl5KLcDDQjLxufZATdQEOzMYRZA1K8xdHv8PzGn0EdzMzkbzE5q
+10mDEQb+64JYMzJM8FasHpwvVpp7wUocpf1VNs78lk30sPDst2yC7S8xmUJMqbIN
+uBVd8d+6ybVK1GSYsyapMMj9puyrliGtf8J4tg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEgzCCA+ygAwIBAgIEOJ725DANBgkqhkiG9w0BAQQFADCBtDEUMBIGA1UEChML
+RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9HQ0NBX0NQUyBp
+bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAyMDAw
+IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENsaWVu
+dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMDAyMDcxNjE2NDBaFw0yMDAy
+MDcxNjQ2NDBaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3
+LmVudHJ1c3QubmV0L0dDQ0FfQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp
+YWIuKTElMCMGA1UECxMcKGMpIDIwMDAgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG
+A1UEAxMqRW50cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTdLS25MVL1qFof2LV7PdRV7Ny
+Spj10InJrWPNTTVRaoTUrcloeW+46xHbh65cJFET8VQlhK8pK5/jgOLZy93GRUk0
+iJBeAZfv6lOm3fzB3ksqJeTpNfpVBQbliXrqpBFXO/x8PTbNZzVtpKklWb1m9fkn
+5JVn1j+SgF7yNH0rhQIDAQABo4IBnjCCAZowEQYJYIZIAYb4QgEBBAQDAgAHMIHd
+BgNVHR8EgdUwgdIwgc+ggcyggcmkgcYwgcMxFDASBgNVBAoTC0VudHJ1c3QubmV0
+MUAwPgYDVQQLFDd3d3cuZW50cnVzdC5uZXQvR0NDQV9DUFMgaW5jb3JwLiBieSBy
+ZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMjAwMCBFbnRydXN0Lm5l
+dCBMaW1pdGVkMTMwMQYDVQQDEypFbnRydXN0Lm5ldCBDbGllbnQgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMjAwMDAy
+MDcxNjE2NDBagQ8yMDIwMDIwNzE2NDY0MFowCwYDVR0PBAQDAgEGMB8GA1UdIwQY
+MBaAFISLdP3FjcD/J20gN0V8/i3OutN9MB0GA1UdDgQWBBSEi3T9xY3A/ydtIDdF
+fP4tzrrTfTAMBgNVHRMEBTADAQH/MB0GCSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4w
+AwIEkDANBgkqhkiG9w0BAQQFAAOBgQBObzWAO9GK9Q6nIMstZVXQkvTnhLUGJoMS
+hAusO7JE7r3PQNsgDrpuFOow4DtifH+La3xKp9U1PL6oXOpLu5OOgGarDyn9TS2/
+GpsKkMWr2tGzhtQvJFJcem3G8v7lTRowjJDyutdKPkN+1MhQGof4T4HHdguEOnKd
+zmVml64mXg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIElTCCA/6gAwIBAgIEOJsRPDANBgkqhkiG9w0BAQQFADCBujEUMBIGA1UEChML
+RW50cnVzdC5uZXQxPzA9BgNVBAsUNnd3dy5lbnRydXN0Lm5ldC9TU0xfQ1BTIGlu
+Y29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMpIDIwMDAg
+RW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5uZXQgU2VjdXJl
+IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMDAyMDQxNzIwMDBa
+Fw0yMDAyMDQxNzUwMDBaMIG6MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDE/MD0GA1UE
+CxQ2d3d3LmVudHJ1c3QubmV0L1NTTF9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
+dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMjAwMCBFbnRydXN0Lm5ldCBMaW1pdGVk
+MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
+b24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHwV9OcfHO
+8GCGD9JYf9Mzly0XonUwtZZkJi9ow0SrqHXmAGc0V55lxyKbc+bT3QgON1WqJUaB
+bL3+qPZ1V1eMkGxKwz6LS0MKyRFWmponIpnPVZ5h2QLifLZ8OAfc439PmrkDQYC2
+dWcTC5/oVzbIXQA23mYU2m52H083jIITiQIDAQABo4IBpDCCAaAwEQYJYIZIAYb4
+QgEBBAQDAgAHMIHjBgNVHR8EgdswgdgwgdWggdKggc+kgcwwgckxFDASBgNVBAoT
+C0VudHJ1c3QubmV0MT8wPQYDVQQLFDZ3d3cuZW50cnVzdC5uZXQvU1NMX0NQUyBp
+bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAyMDAw
+IEVudHJ1c3QubmV0IExpbWl0ZWQxOjA4BgNVBAMTMUVudHJ1c3QubmV0IFNlY3Vy
+ZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEw
+KwYDVR0QBCQwIoAPMjAwMDAyMDQxNzIwMDBagQ8yMDIwMDIwNDE3NTAwMFowCwYD
+VR0PBAQDAgEGMB8GA1UdIwQYMBaAFMtswGvjuz7L/CKc/vuLkpyw8m4iMB0GA1Ud
+DgQWBBTLbMBr47s+y/winP77i5KcsPJuIjAMBgNVHRMEBTADAQH/MB0GCSqGSIb2
+fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQQFAAOBgQBi24GRzsia
+d0Iv7L0no1MPUBvqTpLwqa+poLpIYcvvyQbvH9X07t9WLebKahlzqlO+krNQAraF
+JnJj2HVQYnUUt7NQGj/KEQALhUVpbbalrlHhStyCP2yMNLJ3a9kC9n8O6mUE8c1U
+yrrJzOCE98g+EZfTYAkYvAX/bIkz8OwVDw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEXDCCA0SgAwIBAgIEOGO5ZjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
+RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
+bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5
+IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0xOTEy
+MjQxODIwNTFaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3
+LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp
+YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG
+A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq
+K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe
+sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX
+MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT
+XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/
+HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH
+4QIDAQABo3QwcjARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUVeSB0RGA
+vtiJuQijMfmhJAkWuXAwHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJFrlwMB0G
+CSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEA
+WUesIYSKF8mciVMeuoCFGsY8Tj6xnLZ8xpJdGGQC49MGCBFhfGPjK50xA3B20qMo
+oPS7mmNz7W3lKtvtFKkrxjYR0CvrB4ul2p5cGZ1WEvVUKcgF7bISKo30Axv/55IQ
+h7A6tcOdBTcSo8f0FbnVpDkWm1M6I5HxqIKiaohowXkCIryqptau37AUX7iH0N18
+f3v/rxzP5tsHrV7bhZ3QKw0z2wTR5klAEyt2+z7pnIkPFc4YsIV4IU9rTw76NmfN
+B/L/CNDi3tm/Kq+4h4YhPATKt5Rof8886ZjXOP/swNlQ8C5LWK5Gb9Auw2DaclVy
+vUxFnmG6v4SBkgPR0ml8xQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE7TCCBFagAwIBAgIEOAOR7jANBgkqhkiG9w0BAQQFADCByTELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MUgwRgYDVQQLFD93d3cuZW50cnVzdC5u
+ZXQvQ2xpZW50X0NBX0luZm8vQ1BTIGluY29ycC4gYnkgcmVmLiBsaW1pdHMgbGlh
+Yi4xJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV
+BAMTKkVudHJ1c3QubmV0IENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
+Fw05OTEwMTIxOTI0MzBaFw0xOTEwMTIxOTU0MzBaMIHJMQswCQYDVQQGEwJVUzEU
+MBIGA1UEChMLRW50cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9D
+bGllbnRfQ0FfSW5mby9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjEl
+MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMq
+RW50cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0G
+CSqGSIb3DQEBAQUAA4GLADCBhwKBgQDIOpleMRffrCdvkHvkGf9FozTC28GoT/Bo
+6oT9n3V5z8GKUZSvx1cDR2SerYIbWtp/N3hHuzeYEpbOxhN979IMMFGpOZ5V+Pux
+5zDeg7K6PvHViTs7hbqqdCz+PzFur5GVbgbUB01LLFZHGARS2g4Qk79jkJvh34zm
+AqTmT173iwIBA6OCAeAwggHcMBEGCWCGSAGG+EIBAQQEAwIABzCCASIGA1UdHwSC
+ARkwggEVMIHkoIHhoIHepIHbMIHYMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50
+cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0FfSW5m
+by9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UECxMcKGMp
+IDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQg
+Q2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCyg
+KqAohiZodHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9DbGllbnQxLmNybDArBgNV
+HRAEJDAigA8xOTk5MTAxMjE5MjQzMFqBDzIwMTkxMDEyMTkyNDMwWjALBgNVHQ8E
+BAMCAQYwHwYDVR0jBBgwFoAUxPucKXuXzUyW/O5bs8qZdIuV6kwwHQYDVR0OBBYE
+FMT7nCl7l81MlvzuW7PKmXSLlepMMAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EA
+BAwwChsEVjQuMAMCBJAwDQYJKoZIhvcNAQEEBQADgYEAP66K8ddmAwWePvrqHEa7
+pFuPeJoSSJn59DXeDDYHAmsQOokUgZwxpnyyQbJq5wcBoUv5nyU7lsqZwz6hURzz
+wy5E97BnRqqS5TvaHBkUODDV4qIxJS7x7EU47fgGWANzYrAQMY9Av2TgXD7FTx/a
+EkP/TOYGJqibGapEPHayXOw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
+ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
+KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
+ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1
+MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE
+ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j
+b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF
+bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg
+U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA
+A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/
+I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3
+wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC
+AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb
+oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5
+BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
+dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk
+MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
+b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu
+dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0
+MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi
+E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa
+MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI
+hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN
+95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd
+2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC
+VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
+Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
+KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl
+cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw
+NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw
+NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy
+ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV
+BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo
+Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4
+4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9
+KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI
+rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi
+94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB
+sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi
+gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo
+kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE
+vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA
+A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t
+O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua
+AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP
+9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/
+eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m
+0vdXcDazv/wor3ElhVsT/h5/WrQ8
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
+MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
+dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
+BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
+cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
+AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
+ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
+IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
+MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
+A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
+7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
+1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1aWZheCBT
+ZWN1cmUgR2xvYmFsIGVCdXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0MDAwMFoXDTIw
+MDYyMTA0MDAwMFowWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0VxdWlmYXggU2Vj
+dXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJlIEdsb2JhbCBlQnVzaW5l
+c3MgQ0EtMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuucXkAJlsTRVPEnC
+UdXfp9E3j9HngXNBUmCbnaEXJnitx7HoJpQytd4zjTov2/KaelpzmKNc6fuKcxtc
+58O/gGzNqfTWK8D3+ZmqY6KxRwIP1ORROhI8bIpaVIRw28HFkM9yRcuoWcDNM50/
+o5brhTMhHD4ePmBudpxnhcXIw2ECAwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgAH
+MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1dr
+aGwwHQYDVR0OBBYEFL6ooHRyUGtEt8kj2Puo/7NXa2hsMA0GCSqGSIb3DQEBBAUA
+A4GBADDiAVGqx+pf2rnQZQ8w1j7aDRRJbpGTJxQx78T3LUX47Me/okENI7SS+RkA
+Z70Br83gcfxaz2TE4JaY0KNA4gGK7ycH8WUBikQtBmV1UsCGECAhX2xrD2yuCRyv
+8qIYNMR1pHMc8Y3c7635s3a0kr/clRAevsvIO1qEYBlWlKlV
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQQFADBTMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1aWZheCBT
+ZWN1cmUgZUJ1c2luZXNzIENBLTEwHhcNOTkwNjIxMDQwMDAwWhcNMjAwNjIxMDQw
+MDAwWjBTMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5j
+LjEmMCQGA1UEAxMdRXF1aWZheCBTZWN1cmUgZUJ1c2luZXNzIENBLTEwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAM4vGbwXt3fek6lfWg0XTzQaDJj0ItlZ1MRo
+RvC0NcWFAyDGr0WlIVFFQesWWDYyb+JQYmT5/VGcqiTZ9J2DKocKIdMSODRsjQBu
+WqDZQu4aIZX5UkxVWsUPOE9G+m34LjXWHXzr4vCwdYDIqROsvojvOm6rXyo4YgKw
+Env+j6YDAgMBAAGjZjBkMBEGCWCGSAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTAD
+AQH/MB8GA1UdIwQYMBaAFEp4MlIR21kWNl7fwRQ2QGpHfEyhMB0GA1UdDgQWBBRK
+eDJSEdtZFjZe38EUNkBqR3xMoTANBgkqhkiG9w0BAQQFAAOBgQB1W6ibAxHm6VZM
+zfmpTMANmvPMZWnmJXbMWbfWVMMdzZmsGd20hdXgPfxiIKeES1hl8eL5lSE/9dR+
+WB5Hh1Q+WKG1tfgq73HnvMP2sUlG4tega+VWeponmHxGYhTnyfxuAxJ5gDgdSIKN
+/Bf+KpYrtWKmpj29f5JZzVoqgrI3eQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAomgAwIBAgIEN3DPtTANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEXMBUGA1UEChMORXF1aWZheCBTZWN1cmUxJjAkBgNVBAsTHUVxdWlmYXggU2Vj
+dXJlIGVCdXNpbmVzcyBDQS0yMB4XDTk5MDYyMzEyMTQ0NVoXDTE5MDYyMzEyMTQ0
+NVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkVxdWlmYXggU2VjdXJlMSYwJAYD
+VQQLEx1FcXVpZmF4IFNlY3VyZSBlQnVzaW5lc3MgQ0EtMjCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEA5Dk5kx5SBhsoNviyoynF7Y6yEb3+6+e0dMKP/wXn2Z0G
+vxLIPw7y1tEkshHe0XMJitSxLJgJDR5QRrKDpkWNYmi7hRsgcDKqQM2mll/EcTc/
+BPO3QSQ5BxoeLmFYoBIL5aXfxavqN3HMHMg3OrmXUqesxWoklE6ce8/AatbfIb0C
+AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEX
+MBUGA1UEChMORXF1aWZheCBTZWN1cmUxJjAkBgNVBAsTHUVxdWlmYXggU2VjdXJl
+IGVCdXNpbmVzcyBDQS0yMQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTkw
+NjIzMTIxNDQ1WjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUUJ4L6q9euSBIplBq
+y/3YIHqngnYwHQYDVR0OBBYEFFCeC+qvXrkgSKZQasv92CB6p4J2MAwGA1UdEwQF
+MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
+A4GBAAyGgq3oThr1jokn4jVYPSm0B482UJW/bsGe68SQsoWou7dC4A8HOd/7npCy
+0cE+U58DRLB+S/Rv5Hwf5+Kx5Lia78O9zt4LMjTZ3ijtM2vE1Nc9ElirfQkty3D1
+E4qUoSek1nDFbZS1yX2doNLGCEnZZpum0/QL3MUmV+GRMOrN
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAz+gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCRVMx
+IjAgBgNVBAcTGUMvIE11bnRhbmVyIDI0NCBCYXJjZWxvbmExQjBABgNVBAMTOUF1
+dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2
+MjYzNDA2ODEmMCQGCSqGSIb3DQEJARYXY2FAZmlybWFwcm9mZXNpb25hbC5jb20w
+HhcNMDExMDI0MjIwMDAwWhcNMTMxMDI0MjIwMDAwWjCBnTELMAkGA1UEBhMCRVMx
+IjAgBgNVBAcTGUMvIE11bnRhbmVyIDI0NCBCYXJjZWxvbmExQjBABgNVBAMTOUF1
+dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2
+MjYzNDA2ODEmMCQGCSqGSIb3DQEJARYXY2FAZmlybWFwcm9mZXNpb25hbC5jb20w
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnIwNvbyOlXnjOlSztlB5u
+Cp4Bx+ow0Syd3Tfom5h5VtP8c9/Qit5Vj1H5WuretXDE7aTt/6MNbg9kUDGvASdY
+rv5sp0ovFy3Tc9UTHI9ZpTQsHVQERc1ouKDAA6XPhUJHlShbz++AbOCQl4oBPB3z
+hxAwJkh91/zpnZFx/0GaqUC1N5wpIE8fUuOgfRNtVLcK3ulqTgesrBlf3H5idPay
+BQC6haD9HThuy1q7hryUZzM1gywfI834yJFxzJeL764P3CkDG8A563DtwW4O2GcL
+iam8NeTvtjS0pbbELaW+0MOUJEjb35bTALVmGotmBQ/dPz/LP6pemkr4tErvlTcb
+AgMBAAGjgZ8wgZwwKgYDVR0RBCMwIYYfaHR0cDovL3d3dy5maXJtYXByb2Zlc2lv
+bmFsLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEBMCsGA1UdEAQkMCKADzIwMDExMDI0
+MjIwMDAwWoEPMjAxMzEwMjQyMjAwMDBaMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4E
+FgQUMwugZtHq2s7eYpMEKFK1FH84aLcwDQYJKoZIhvcNAQEFBQADggEBAEdz/o0n
+VPD11HecJ3lXV7cVVuzH2Fi3AQL0M+2TUIiefEaxvT8Ub/GzR0iLjJcG1+p+o1wq
+u00vR+L4OQbJnC4xGgN49Lw4xiKLMzHwFgQEffl25EvXwOaD7FnMP97/T2u3Z36m
+hoEyIwOdyPdfwUpgpZKpsaSgYMN4h7Mi8yrrW6ntBas3D7Hi05V2Y1Z0jFhyGzfl
+ZKG+TQyTmAyX9odtsz/ny4Cm7YjHX1BiAuiZdBbQ5rQ58SfLyEDW44YQqSMSkuBp
+QWOnryULwMWSyx6Yo1q6xTMPoJcB3X/ge9YGVM+h4k0460tQtcsm9MracEpqoeJ5
+quGnM/b9Sh/22WA=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
+bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv
+b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
+cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds
+b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH
+iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS
+r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4
+04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r
+GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9
+3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P
+lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
+R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
+9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
+fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
+iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
+1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
+MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
+ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
+uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
+Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
+tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
+PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
+hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
+5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFs
+IENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMTkwMzA0MDUwMDAwWjBEMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg
+R2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvPE1A
+PRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6CsgncbzYEbYwbLVjDHZ3CB5JIG/NTL8
+Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96xPqfCfWbB9X5SJBri1WeR0IIQ13hL
+TytCOb1kLUCgsBDTOEhGiKEMuzozKmKY+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL
+5mkWRxHCJ1kDs6ZgwiFAVvqgx306E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7
+S4wMcoKK+xfNAGw6EzywhIdLFnopsk/bHdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe
+2HSPqht/XvT+RSIhAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FHE4NvICMVNHK266ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNHK266ZUap
+EBVYIAUJMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6td
+EPx7srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv
+/NgdRN3ggX+d6YvhZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywN
+A0ZF66D0f0hExghAzN4bcLUprbqLOzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0
+abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkCx1YAzUm5s2x7UwQa4qjJqhIF
+I8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqFH4z1Ir+rzoPz
+4iIprn2DQKi6bA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY
+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo
+R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx
+MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
+Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9
+AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA
+ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0
+7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W
+kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI
+mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ
+KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1
+6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl
+4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K
+oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj
+UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU
+AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy
+c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE
+BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0
+IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV
+VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8
+cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT
+QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh
+F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v
+c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w
+mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd
+VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX
+teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ
+f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe
+Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+
+nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB
+/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY
+MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG
+9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc
+aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX
+IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn
+ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z
+uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN
+Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja
+QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW
+koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9
+ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt
+DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm
+bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVy
+c2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYD
+VQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1
+c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0DE81
+WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUG
+FF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdq
+XbboW0W63MOhBW9Wjo8QJqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxL
+se4YuU6W3Nx2/zu+z18DwPw76L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwb
+KNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8Fd
+IgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73
+y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRt
+hAAnZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgoc
+QIgfksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4
+Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAfBgNV
+HSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8EBAMCAYYwDQYJ
+KoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z
+dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQ
+L1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgr
+Fg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSo
+ag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpqA1Ihn0CoZ1Dy81of398j9tx4TuaY
+T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz
+GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m
+1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV
+OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH
+6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX
+QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
+AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
+yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
+38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
+AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
+DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
+HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
+MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
+v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
+eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
+tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
+C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
+zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
+mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
+V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
+bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
+3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
+J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
+291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
+AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
+TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh
+MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE
+YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3
+MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo
+ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg
+MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN
+ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA
+PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w
+wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi
+EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY
+avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+
+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE
+sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h
+/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5
+IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy
+OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P
+TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
+HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER
+dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf
+ReYNnyicsbkqWletNw+vHX/bvZ8=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIH6jCCB1OgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARIxCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
+ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
+ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEuMCwGA1UECxMl
+SVBTIENBIENMQVNFMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMl
+SVBTIENBIENMQVNFMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3
+DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAxMTIyOTAwNTkzOFoXDTI1MTIyNzAw
+NTkzOFowggESMQswCQYDVQQGEwJFUzESMBAGA1UECBMJQmFyY2Vsb25hMRIwEAYD
+VQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJbnRlcm5ldCBwdWJsaXNoaW5n
+IFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0BtYWlsLmlwcy5lcyBDLkkuRi4g
+IEItNjA5Mjk0NTIxLjAsBgNVBAsTJUlQUyBDQSBDTEFTRTEgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxLjAsBgNVBAMTJUlQUyBDQSBDTEFTRTEgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxHjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4FEnpwvdr9G5Q1uCN0VWcu+atsIS7ywS
+zHb5BlmvXSHU0lq4oNTzav3KaY1mSPd05u42veiWkXWmcSjK5yISMmmwPh5r9FBS
+YmL9Yzt9fuzuOOpi9GyocY3h6YvJP8a1zZRCb92CRTzo3wno7wpVqVZHYUxJZHMQ
+KD/Kvwn/xi8CAwEAAaOCBEowggRGMB0GA1UdDgQWBBTrsxl588GlHKzcuh9morKb
+adB4CDCCAUQGA1UdIwSCATswggE3gBTrsxl588GlHKzcuh9morKbadB4CKGCARqk
+ggEWMIIBEjELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UE
+BxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQgcHVibGlzaGluZyBT
+ZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMuZXMgQy5JLkYuICBC
+LTYwOTI5NDUyMS4wLAYDVQQLEyVJUFMgQ0EgQ0xBU0UxIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MS4wLAYDVQQDEyVJUFMgQ0EgQ0xBU0UxIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYD
+VR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggr
+BgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIB
+FQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhC
+AQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGB
+D2lwc0BtYWlsLmlwcy5lczBBBglghkgBhvhCAQ0ENBYyQ0xBU0UxIENBIENlcnRp
+ZmljYXRlIGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgEC
+BBwWGmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMDoGCWCGSAGG+EIBBAQtFito
+dHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTEuY3JsMD8GCWCG
+SAGG+EIBAwQyFjBodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jldm9jYXRpb25D
+TEFTRTEuaHRtbD8wPAYJYIZIAYb4QgEHBC8WLWh0dHA6Ly93d3cuaXBzLmVzL2lw
+czIwMDIvcmVuZXdhbENMQVNFMS5odG1sPzA6BglghkgBhvhCAQgELRYraHR0cDov
+L3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lDTEFTRTEuaHRtbDBzBgNVHR8EbDBq
+MDGgL6AthitodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTEu
+Y3JsMDWgM6Axhi9odHRwOi8vd3d3YmFjay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAy
+Q0xBU0UxLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9v
+Y3NwLmlwcy5lcy8wDQYJKoZIhvcNAQEFBQADgYEAK9Dr/drIyllq2tPMMi7JVBuK
+Yn4VLenZMdMu9Ccj/1urxUq2ckCuU3T0vAW0xtnIyXf7t/k0f3gA+Nak5FI/LEpj
+V4F1Wo7ojPsCwJTGKbqz3Bzosq/SLmJbGqmODszFV0VRFOlOHIilkfSj945RyKm+
+hjM+5i9Ibq9UkE6tsSU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIH6jCCB1OgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARIxCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
+ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
+ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEuMCwGA1UECxMl
+SVBTIENBIENMQVNFMyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMl
+SVBTIENBIENMQVNFMyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3
+DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAxMTIyOTAxMDE0NFoXDTI1MTIyNzAx
+MDE0NFowggESMQswCQYDVQQGEwJFUzESMBAGA1UECBMJQmFyY2Vsb25hMRIwEAYD
+VQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJbnRlcm5ldCBwdWJsaXNoaW5n
+IFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0BtYWlsLmlwcy5lcyBDLkkuRi4g
+IEItNjA5Mjk0NTIxLjAsBgNVBAsTJUlQUyBDQSBDTEFTRTMgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxLjAsBgNVBAMTJUlQUyBDQSBDTEFTRTMgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxHjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqxf+DrDGaBtT8FK+n/ra+osTBLsBjzLZ
+H49NzjaY2uQARIwo2BNEKqRrThckQpzTiKRBgtYj+4vJhuW5qYIF3PHeH+AMmVWY
+8jjsbJ0gA8DvqqPGZARRLXgNo9KoOtYkTOmWehisEyMiG3zoMRGzXwmqMHBxRiVr
+SXGAK5UBsh8CAwEAAaOCBEowggRGMB0GA1UdDgQWBBS4k/8uy9wsjqLnev42USGj
+mFsMNDCCAUQGA1UdIwSCATswggE3gBS4k/8uy9wsjqLnev42USGjmFsMNKGCARqk
+ggEWMIIBEjELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UE
+BxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQgcHVibGlzaGluZyBT
+ZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMuZXMgQy5JLkYuICBC
+LTYwOTI5NDUyMS4wLAYDVQQLEyVJUFMgQ0EgQ0xBU0UzIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MS4wLAYDVQQDEyVJUFMgQ0EgQ0xBU0UzIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYD
+VR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggr
+BgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIB
+FQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhC
+AQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGB
+D2lwc0BtYWlsLmlwcy5lczBBBglghkgBhvhCAQ0ENBYyQ0xBU0UzIENBIENlcnRp
+ZmljYXRlIGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgEC
+BBwWGmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMDoGCWCGSAGG+EIBBAQtFito
+dHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTMuY3JsMD8GCWCG
+SAGG+EIBAwQyFjBodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jldm9jYXRpb25D
+TEFTRTMuaHRtbD8wPAYJYIZIAYb4QgEHBC8WLWh0dHA6Ly93d3cuaXBzLmVzL2lw
+czIwMDIvcmVuZXdhbENMQVNFMy5odG1sPzA6BglghkgBhvhCAQgELRYraHR0cDov
+L3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lDTEFTRTMuaHRtbDBzBgNVHR8EbDBq
+MDGgL6AthitodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTMu
+Y3JsMDWgM6Axhi9odHRwOi8vd3d3YmFjay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAy
+Q0xBU0UzLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9v
+Y3NwLmlwcy5lcy8wDQYJKoZIhvcNAQEFBQADgYEAF2VcmZVDAyevJuXr0LMXI/dD
+qsfwfewPxqmurpYPdikc4gYtfibFPPqhwYHOU7BC0ZdXGhd+pFFhxu7pXu8Fuuu9
+D6eSb9ijBmgpjnn1/7/5p6/ksc7C0YBCJwUENPjDfxZ4IwwHJPJGR607VNCv1TGy
+r33I6unUVtkOE7LFRVA=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARQxCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
+ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
+ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEvMC0GA1UECxMm
+SVBTIENBIENMQVNFQTEgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxLzAtBgNVBAMT
+JklQUyBDQSBDTEFTRUExIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZI
+hvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMwHhcNMDExMjI5MDEwNTMyWhcNMjUxMjI3
+MDEwNTMyWjCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ
+BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp
+bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G
+LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTEgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUExIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALsw19zQVL01Tp/FTILq0VA8R5j8
+m2mdd81u4D/u6zJfX5/S0HnllXNEITLgCtud186Nq1KLK3jgm1t99P1tCeWu4Wwd
+ByOgF9H5fahGRpEiqLJpxq339fWUoTCUvQDMRH/uxJ7JweaPCjbB/SQ9AaD1e+J8
+eGZDi09Z8pvZ+kmzAgMBAAGjggRTMIIETzAdBgNVHQ4EFgQUZyaW56G/2LUDnf47
+3P7yiuYV3TAwggFGBgNVHSMEggE9MIIBOYAUZyaW56G/2LUDnf473P7yiuYV3TCh
+ggEcpIIBGDCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ
+BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp
+bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G
+LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTEgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUExIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOC
+AQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUF
+BwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYB
+BAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglg
+hkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1Ud
+EgQTMBGBD2lwc0BtYWlsLmlwcy5lczBCBglghkgBhvhCAQ0ENRYzQ0xBU0VBMSBD
+QSBDZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkgaHR0cDovL3d3dy5pcHMuZXMvMCkGCWCG
+SAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyLzA7BglghkgBhvhC
+AQQELhYsaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xBU0VBMS5j
+cmwwQAYJYIZIAYb4QgEDBDMWMWh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcmV2
+b2NhdGlvbkNMQVNFQTEuaHRtbD8wPQYJYIZIAYb4QgEHBDAWLmh0dHA6Ly93d3cu
+aXBzLmVzL2lwczIwMDIvcmVuZXdhbENMQVNFQTEuaHRtbD8wOwYJYIZIAYb4QgEI
+BC4WLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcG9saWN5Q0xBU0VBMS5odG1s
+MHUGA1UdHwRuMGwwMqAwoC6GLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvaXBz
+MjAwMkNMQVNFQTEuY3JsMDagNKAyhjBodHRwOi8vd3d3YmFjay5pcHMuZXMvaXBz
+MjAwMi9pcHMyMDAyQ0xBU0VBMS5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUF
+BzABhhNodHRwOi8vb2NzcC5pcHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAH66iqyA
+AIQVCtWYUQxkxZwCWINmyq0eB81+atqAB98DNEock8RLWCA1NnHtogo1EqWmZaeF
+aQoO42Hu6r4okzPV7Oi+xNtff6j5YzHIa5biKcJboOeXNp13XjFr/tOn2yrb25aL
+H2betgPAK7N41lUH5Y85UN4HI3LmvSAUS7SG
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARQxCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
+ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
+ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEvMC0GA1UECxMm
+SVBTIENBIENMQVNFQTMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxLzAtBgNVBAMT
+JklQUyBDQSBDTEFTRUEzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZI
+hvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMwHhcNMDExMjI5MDEwNzUwWhcNMjUxMjI3
+MDEwNzUwWjCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ
+BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp
+bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G
+LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTMgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUEzIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO6AAPYaZC6tasiDsYun7o/ZttvN
+G7uGBiJ2MwwSbUhWYdLcgiViL5/SaTBlA0IjWLxH3GvWdV0XPOH/8lhneaDBgbHU
+VqLyjRGZ/fZ98cfEXgIqmuJKtROKAP2Md4bm15T1IHUuDky/dMQ/gT6DtKM4Ninn
+6Cr1jIhBqoCm42zvAgMBAAGjggRTMIIETzAdBgNVHQ4EFgQUHp9XUEe2YZM50yz8
+2l09BXW3mQIwggFGBgNVHSMEggE9MIIBOYAUHp9XUEe2YZM50yz82l09BXW3mQKh
+ggEcpIIBGDCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ
+BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp
+bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G
+LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTMgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUEzIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOC
+AQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUF
+BwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYB
+BAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglg
+hkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1Ud
+EgQTMBGBD2lwc0BtYWlsLmlwcy5lczBCBglghkgBhvhCAQ0ENRYzQ0xBU0VBMyBD
+QSBDZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkgaHR0cDovL3d3dy5pcHMuZXMvMCkGCWCG
+SAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyLzA7BglghkgBhvhC
+AQQELhYsaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xBU0VBMy5j
+cmwwQAYJYIZIAYb4QgEDBDMWMWh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcmV2
+b2NhdGlvbkNMQVNFQTMuaHRtbD8wPQYJYIZIAYb4QgEHBDAWLmh0dHA6Ly93d3cu
+aXBzLmVzL2lwczIwMDIvcmVuZXdhbENMQVNFQTMuaHRtbD8wOwYJYIZIAYb4QgEI
+BC4WLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcG9saWN5Q0xBU0VBMy5odG1s
+MHUGA1UdHwRuMGwwMqAwoC6GLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvaXBz
+MjAwMkNMQVNFQTMuY3JsMDagNKAyhjBodHRwOi8vd3d3YmFjay5pcHMuZXMvaXBz
+MjAwMi9pcHMyMDAyQ0xBU0VBMy5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUF
+BzABhhNodHRwOi8vb2NzcC5pcHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAEo9IEca
+2on0eisxeewBwMwB9dbB/MjD81ACUZBYKp/nNQlbMAqBACVHr9QPDp5gJqiVp4MI
+3y2s6Q73nMify5NF8bpqxmdRSmlPa/59Cy9SKcJQrSRE7SOzSMtEQMEDlQwKeAYS
+AfWRMS1Jjbs/RU4s4OjNtckUFQzjB4ObJnXv
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARwxCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
+ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
+ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEzMDEGA1UECxMq
+SVBTIENBIENoYWluZWQgQ0FzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTMwMQYD
+VQQDEypJUFMgQ0EgQ2hhaW5lZCBDQXMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx
+HjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczAeFw0wMTEyMjkwMDUzNTha
+Fw0yNTEyMjcwMDUzNThaMIIBHDELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNl
+bG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQg
+cHVibGlzaGluZyBTZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMu
+ZXMgQy5JLkYuICBCLTYwOTI5NDUyMTMwMQYDVQQLEypJUFMgQ0EgQ2hhaW5lZCBD
+QXMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxMzAxBgNVBAMTKklQUyBDQSBDaGFp
+bmVkIENBcyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3DQEJARYP
+aXBzQG1haWwuaXBzLmVzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcVpJJ
+spQgvJhPUOtopKdJC7/SMejHT8KGC/po/UNaivNgkjWZOLtNA1IhW/A3mTXhQSCB
+hYEFcYGdtJUZqV92NC5jNzVXjrQfQj8VXOF6wV8TGDIxya2+o8eDZh65nAQTy2nB
+Bt4wBrszo7Uf8I9vzv+W6FS+ZoCua9tBhDaiPQIDAQABo4IEQzCCBD8wHQYDVR0O
+BBYEFKGtMbH5PuEXpsirNPxShwkeYlJBMIIBTgYDVR0jBIIBRTCCAUGAFKGtMbH5
+PuEXpsirNPxShwkeYlJBoYIBJKSCASAwggEcMQswCQYDVQQGEwJFUzESMBAGA1UE
+CBMJQmFyY2Vsb25hMRIwEAYDVQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJ
+bnRlcm5ldCBwdWJsaXNoaW5nIFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0Bt
+YWlsLmlwcy5lcyBDLkkuRi4gIEItNjA5Mjk0NTIxMzAxBgNVBAsTKklQUyBDQSBD
+aGFpbmVkIENBcyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEzMDEGA1UEAxMqSVBT
+IENBIENoYWluZWQgQ0FzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZI
+hvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8E
+BQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG
+CCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYB
+BAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMw
+EYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGBD2lwc0BtYWlsLmlwcy5lczBC
+BglghkgBhvhCAQ0ENRYzQ2hhaW5lZCBDQSBDZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkg
+aHR0cDovL3d3dy5pcHMuZXMvMCkGCWCGSAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlw
+cy5lcy9pcHMyMDAyLzA3BglghkgBhvhCAQQEKhYoaHR0cDovL3d3dy5pcHMuZXMv
+aXBzMjAwMi9pcHMyMDAyQ0FDLmNybDA8BglghkgBhvhCAQMELxYtaHR0cDovL3d3
+dy5pcHMuZXMvaXBzMjAwMi9yZXZvY2F0aW9uQ0FDLmh0bWw/MDkGCWCGSAGG+EIB
+BwQsFipodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3JlbmV3YWxDQUMuaHRtbD8w
+NwYJYIZIAYb4QgEIBCoWKGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcG9saWN5
+Q0FDLmh0bWwwbQYDVR0fBGYwZDAuoCygKoYoaHR0cDovL3d3dy5pcHMuZXMvaXBz
+MjAwMi9pcHMyMDAyQ0FDLmNybDAyoDCgLoYsaHR0cDovL3d3d2JhY2suaXBzLmVz
+L2lwczIwMDIvaXBzMjAwMkNBQy5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUF
+BzABhhNodHRwOi8vb2NzcC5pcHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAERyMJ1W
+WKJBGyi3leGmGpVfp3hAK+/blkr8THFj2XOVvQLiogbHvpcqk4A0hgP63Ng9HgfN
+HnNDJGD1HWHc3JagvPsd4+cSACczAsDAK1M92GsDgaPb1pOVIO/Tln4mkImcJpvN
+b2ar7QMiRDjMWb2f2/YHogF/JsRj9SVCXmK9
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICtzCCAiACAQAwDQYJKoZIhvcNAQEEBQAwgaMxCzAJBgNVBAYTAkVTMRIwEAYD
+VQQIEwlCQVJDRUxPTkExEjAQBgNVBAcTCUJBUkNFTE9OQTEZMBcGA1UEChMQSVBT
+IFNlZ3VyaWRhZCBDQTEYMBYGA1UECxMPQ2VydGlmaWNhY2lvbmVzMRcwFQYDVQQD
+Ew5JUFMgU0VSVklET1JFUzEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwuaXBzLmVz
+MB4XDTk4MDEwMTIzMjEwN1oXDTA5MTIyOTIzMjEwN1owgaMxCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCQVJDRUxPTkExEjAQBgNVBAcTCUJBUkNFTE9OQTEZMBcGA1UE
+ChMQSVBTIFNlZ3VyaWRhZCBDQTEYMBYGA1UECxMPQ2VydGlmaWNhY2lvbmVzMRcw
+FQYDVQQDEw5JUFMgU0VSVklET1JFUzEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwu
+aXBzLmVzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsT1J0nznqjtwlxLyY
+XZhkJAk8IbPMGbWOlI6H0fg3PqHILVikgDVboXVsHUUMH2Fjal5vmwpMwci4YSM1
+gf/+rHhwLWjhOgeYlQJU3c0jt4BT18g3RXIGJBK6E2Ehim51KODFDzT9NthFf+G4
+Nu+z4cYgjui0OLzhPvYR3oydAQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBACzzw3lY
+JN7GO9HgQmm47mSzPWIBubOE3yN93ZjPEKn+ANgilgUTB1RXxafey9m4iEL2mdsU
+dx+2/iU94aI+A6mB0i1sR/WWRowiq8jMDQ6XXotBtDvECgZAHd1G9AHduoIuPD14
+cJ58GNCr+Lh3B0Zx8coLY1xq+XKU1QFPoNtC
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIIODCCB6GgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCAR4xCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
+ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
+ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjE0MDIGA1UECxMr
+SVBTIENBIFRpbWVzdGFtcGluZyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTE0MDIG
+A1UEAxMrSVBTIENBIFRpbWVzdGFtcGluZyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eTEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAxMTIyOTAxMTAx
+OFoXDTI1MTIyNzAxMTAxOFowggEeMQswCQYDVQQGEwJFUzESMBAGA1UECBMJQmFy
+Y2Vsb25hMRIwEAYDVQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJbnRlcm5l
+dCBwdWJsaXNoaW5nIFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0BtYWlsLmlw
+cy5lcyBDLkkuRi4gIEItNjA5Mjk0NTIxNDAyBgNVBAsTK0lQUyBDQSBUaW1lc3Rh
+bXBpbmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxNDAyBgNVBAMTK0lQUyBDQSBU
+aW1lc3RhbXBpbmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHjAcBgkqhkiG9w0B
+CQEWD2lwc0BtYWlsLmlwcy5lczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+vLjuVqWajOY2ycJioGaBjRrVetJznw6EZLqVtJCneK/K/lRhW86yIFcBrkSSQxA4
+Efdo/BdApWgnMjvEp+ZCccWZ73b/K5Uk9UmSGGjKALWkWi9uy9YbLA1UZ2t6KaFY
+q6JaANZbuxjC3/YeE1Z2m6Vo4pjOxgOKNNtMg0GmqaMCAwEAAaOCBIAwggR8MB0G
+A1UdDgQWBBSL0BBQCYHynQnVDmB4AyKiP8jKZjCCAVAGA1UdIwSCAUcwggFDgBSL
+0BBQCYHynQnVDmB4AyKiP8jKZqGCASakggEiMIIBHjELMAkGA1UEBhMCRVMxEjAQ
+BgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJ
+UFMgSW50ZXJuZXQgcHVibGlzaGluZyBTZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJp
+cHNAbWFpbC5pcHMuZXMgQy5JLkYuICBCLTYwOTI5NDUyMTQwMgYDVQQLEytJUFMg
+Q0EgVGltZXN0YW1waW5nIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTQwMgYDVQQD
+EytJUFMgQ0EgVGltZXN0YW1waW5nIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4w
+HAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAM
+BgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYB
+BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIB
+FgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAAcwGgYD
+VR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGBD2lwc0BtYWlsLmlw
+cy5lczBHBglghkgBhvhCAQ0EOhY4VGltZXN0YW1waW5nIENBIENlcnRpZmljYXRl
+IGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgECBBwWGmh0
+dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMEAGCWCGSAGG+EIBBAQzFjFodHRwOi8v
+d3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJUaW1lc3RhbXBpbmcuY3JsMEUGCWCG
+SAGG+EIBAwQ4FjZodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jldm9jYXRpb25U
+aW1lc3RhbXBpbmcuaHRtbD8wQgYJYIZIAYb4QgEHBDUWM2h0dHA6Ly93d3cuaXBz
+LmVzL2lwczIwMDIvcmVuZXdhbFRpbWVzdGFtcGluZy5odG1sPzBABglghkgBhvhC
+AQgEMxYxaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lUaW1lc3RhbXBp
+bmcuaHRtbDB/BgNVHR8EeDB2MDegNaAzhjFodHRwOi8vd3d3Lmlwcy5lcy9pcHMy
+MDAyL2lwczIwMDJUaW1lc3RhbXBpbmcuY3JsMDugOaA3hjVodHRwOi8vd3d3YmFj
+ay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyVGltZXN0YW1waW5nLmNybDAvBggrBgEF
+BQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9vY3NwLmlwcy5lcy8wDQYJKoZI
+hvcNAQEFBQADgYEAZbrBzAAalZHK6Ww6vzoeFAh8+4Pua2JR0zORtWB5fgTYXXk3
+6MNbsMRnLWhasl8OCvrNPzpFoeo2zyYepxEoxZSPhExTCMWTs/zif/WN87GphV+I
+3pGW7hdbrqXqcGV4LCFkAZXOzkw+UPS2Wctjjba9GNSHSl/c7+lW8AoM6HU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFSzCCBLSgAwIBAgIBaTANBgkqhkiG9w0BAQQFADCBmTELMAkGA1UEBhMCSFUx
+ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0
+b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMTIwMAYDVQQD
+EylOZXRMb2NrIFV6bGV0aSAoQ2xhc3MgQikgVGFudXNpdHZhbnlraWFkbzAeFw05
+OTAyMjUxNDEwMjJaFw0xOTAyMjAxNDEwMjJaMIGZMQswCQYDVQQGEwJIVTERMA8G
+A1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExvY2sgSGFsb3phdGJpenRvbnNh
+Z2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZhbnlraWFkb2sxMjAwBgNVBAMTKU5l
+dExvY2sgVXpsZXRpIChDbGFzcyBCKSBUYW51c2l0dmFueWtpYWRvMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQCx6gTsIKAjwo84YM/HRrPVG/77uZmeBNwcf4xK
+gZjupNTKihe5In+DCnVMm8Bp2GQ5o+2So/1bXHQawEfKOml2mrriRBf8TKPV/riX
+iK+IA4kfpPIEPsgHC+b5sy96YhQJRhTKZPWLgLViqNhr1nGTLbO/CVRY7QbrqHvc
+Q7GhaQIDAQABo4ICnzCCApswEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8E
+BAMCAAYwEQYJYIZIAYb4QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1G
+SUdZRUxFTSEgRXplbiB0YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFu
+b3MgU3pvbGdhbHRhdGFzaSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBh
+bGFwamFuIGtlc3p1bHQuIEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExv
+Y2sgS2Z0LiB0ZXJtZWtmZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEgZGln
+aXRhbGlzIGFsYWlyYXMgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXogZWxvaXJ0
+IGVsbGVub3J6ZXNpIGVsamFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJh
+c2EgbWVndGFsYWxoYXRvIGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGph
+biBhIGh0dHBzOi8vd3d3Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJo
+ZXRvIGF6IGVsbGVub3J6ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBP
+UlRBTlQhIFRoZSBpc3N1YW5jZSBhbmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmlj
+YXRlIGlzIHN1YmplY3QgdG8gdGhlIE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBo
+dHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNA
+bmV0bG9jay5uZXQuMA0GCSqGSIb3DQEBBAUAA4GBAATbrowXr/gOkDFOzT4JwG06
+sPgzTEdM43WIEJessDgVkcYplswhwG08pXTP2IKlOcNl40JwuyKQ433bNXbhoLXa
+n3BukxowOR0w2y7jfLKRstE3Kfq51hdcR0/jHTjrn9V7lagonhVK0dHQKwCXoOKS
+NitjrFgBazMpUIaD8QFI
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFTzCCBLigAwIBAgIBaDANBgkqhkiG9w0BAQQFADCBmzELMAkGA1UEBhMCSFUx
+ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0
+b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMTQwMgYDVQQD
+EytOZXRMb2NrIEV4cHJlc3N6IChDbGFzcyBDKSBUYW51c2l0dmFueWtpYWRvMB4X
+DTk5MDIyNTE0MDgxMVoXDTE5MDIyMDE0MDgxMVowgZsxCzAJBgNVBAYTAkhVMREw
+DwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9u
+c2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE0MDIGA1UEAxMr
+TmV0TG9jayBFeHByZXNzeiAoQ2xhc3MgQykgVGFudXNpdHZhbnlraWFkbzCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6+ywbGGKIyWvYCDj2Z/8kwvbXY2wobNA
+OoLO/XXgeDIDhlqGlZHtU/qdQPzm6N3ZW3oDvV3zOwzDUXmbrVWg6dADEK8KuhRC
+2VImESLH0iDMgqSaqf64gXadarfSNnU+sYYJ9m5tfk63euyucYT2BDMIJTLrdKwW
+RMbkQJMdf60CAwEAAaOCAp8wggKbMBIGA1UdEwEB/wQIMAYBAf8CAQQwDgYDVR0P
+AQH/BAQDAgAGMBEGCWCGSAGG+EIBAQQEAwIABzCCAmAGCWCGSAGG+EIBDQSCAlEW
+ggJNRklHWUVMRU0hIEV6ZW4gdGFudXNpdHZhbnkgYSBOZXRMb2NrIEtmdC4gQWx0
+YWxhbm9zIFN6b2xnYWx0YXRhc2kgRmVsdGV0ZWxlaWJlbiBsZWlydCBlbGphcmFz
+b2sgYWxhcGphbiBrZXN6dWx0LiBBIGhpdGVsZXNpdGVzIGZvbHlhbWF0YXQgYSBO
+ZXRMb2NrIEtmdC4gdGVybWVrZmVsZWxvc3NlZy1iaXp0b3NpdGFzYSB2ZWRpLiBB
+IGRpZ2l0YWxpcyBhbGFpcmFzIGVsZm9nYWRhc2FuYWsgZmVsdGV0ZWxlIGF6IGVs
+b2lydCBlbGxlbm9yemVzaSBlbGphcmFzIG1lZ3RldGVsZS4gQXogZWxqYXJhcyBs
+ZWlyYXNhIG1lZ3RhbGFsaGF0byBhIE5ldExvY2sgS2Z0LiBJbnRlcm5ldCBob25s
+YXBqYW4gYSBodHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIGNpbWVuIHZhZ3kg
+a2VyaGV0byBheiBlbGxlbm9yemVzQG5ldGxvY2submV0IGUtbWFpbCBjaW1lbi4g
+SU1QT1JUQU5UISBUaGUgaXNzdWFuY2UgYW5kIHRoZSB1c2Ugb2YgdGhpcyBjZXJ0
+aWZpY2F0ZSBpcyBzdWJqZWN0IHRvIHRoZSBOZXRMb2NrIENQUyBhdmFpbGFibGUg
+YXQgaHR0cHM6Ly93d3cubmV0bG9jay5uZXQvZG9jcyBvciBieSBlLW1haWwgYXQg
+Y3BzQG5ldGxvY2submV0LjANBgkqhkiG9w0BAQQFAAOBgQAQrX/XDDKACtiG8XmY
+ta3UzbM2xJZIwVzNmtkFLp++UOv0JhQQLdRmF/iewSf98e3ke0ugbLWrmldwpu2g
+pO0u9f38vf5NNwgMvOOWgyL1SRt/Syu0VMGAfJlOHdCM7tCs5ZL6dVb+ZKATj7i4
+Fp1hBWeAyNDYpQcCNJgEjTME1A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGfTCCBWWgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwga8xCzAJBgNVBAYTAkhV
+MRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMe
+TmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0
+dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBLb3pqZWd5em9pIChDbGFzcyBB
+KSBUYW51c2l0dmFueWtpYWRvMB4XDTk5MDIyNDIzMTQ0N1oXDTE5MDIxOTIzMTQ0
+N1owga8xCzAJBgNVBAYTAkhVMRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhC
+dWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQu
+MRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBL
+b3pqZWd5em9pIChDbGFzcyBBKSBUYW51c2l0dmFueWtpYWRvMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHSMD7tM9DceqQWC2ObhbHDqeLVu0ThEDaiD
+zl3S1tWBxdRL51uUcCbbO51qTGL3cfNk1mE7PetzozfZz+qMkjvN9wfcZnSX9EUi
+3fRc4L9t875lM+QVOr/bmJBVOMTtplVjC7B4BPTjbsE/jvxReB+SnoPC/tmwqcm8
+WgD/qaiYdPv2LD4VOQ22BFWoDpggQrOxJa1+mm9dU7GrDPzr4PN6s6iz/0b2Y6LY
+Oph7tqyF/7AlT3Rj5xMHpQqPBffAZG9+pyeAlt7ULoZgx2srXnN7F+eRP2QM2Esi
+NCubMvJIH5+hCoR64sKtlz2O1cH5VqNQ6ca0+pii7pXmKgOM3wIDAQABo4ICnzCC
+ApswDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB/wQIMAYBAf8CAQQwEQYJYIZIAYb4
+QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1GSUdZRUxFTSEgRXplbiB0
+YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3MgU3pvbGdhbHRhdGFz
+aSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBhbGFwamFuIGtlc3p1bHQu
+IEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExvY2sgS2Z0LiB0ZXJtZWtm
+ZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEgZGlnaXRhbGlzIGFsYWlyYXMg
+ZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXogZWxvaXJ0IGVsbGVub3J6ZXNpIGVs
+amFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJhc2EgbWVndGFsYWxoYXRv
+IGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGphbiBhIGh0dHBzOi8vd3d3
+Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVub3J6
+ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1
+YW5jZSBhbmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3Qg
+dG8gdGhlIE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRs
+b2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNAbmV0bG9jay5uZXQuMA0G
+CSqGSIb3DQEBBAUAA4IBAQBIJEb3ulZv+sgoA0BO5TE5ayZrU3/b39/zcT0mwBQO
+xmd7I6gMc90Bu8bKbjc5VdXHjFYgDigKDtIqpLBJUsY4B/6+CgmM0ZjPytoUMaFP
+0jn8DxEsQ8Pdq5PHVT5HfBgaANzze9jyf1JsIPQLX2lS9O74silg6+NJMSEN1rUQ
+QeJBCWziGppWS3cC9qCbmieH6FUpccKQn0V4GuEVZD3QDtigdp+uxdAu6tYPVuxk
+f1qbFFgBJ34TUMdrKuZoPL9coAob4Q566eKAw+np9v1sEZ7Q5SgnK1QyQhSCdeZK
+8CtmdWOMovsEPoMOmzbwGOQmIMOM8CgHrTwXZoi1/baI
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIG0TCCBbmgAwIBAgIBezANBgkqhkiG9w0BAQUFADCByTELMAkGA1UEBhMCSFUx
+ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0
+b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMUIwQAYDVQQD
+EzlOZXRMb2NrIE1pbm9zaXRldHQgS296amVneXpvaSAoQ2xhc3MgUUEpIFRhbnVz
+aXR2YW55a2lhZG8xHjAcBgkqhkiG9w0BCQEWD2luZm9AbmV0bG9jay5odTAeFw0w
+MzAzMzAwMTQ3MTFaFw0yMjEyMTUwMTQ3MTFaMIHJMQswCQYDVQQGEwJIVTERMA8G
+A1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExvY2sgSGFsb3phdGJpenRvbnNh
+Z2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZhbnlraWFkb2sxQjBABgNVBAMTOU5l
+dExvY2sgTWlub3NpdGV0dCBLb3pqZWd5em9pIChDbGFzcyBRQSkgVGFudXNpdHZh
+bnlraWFkbzEeMBwGCSqGSIb3DQEJARYPaW5mb0BuZXRsb2NrLmh1MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1Ilstg91IRVCacbvWy5FPSKAtt2/Goq
+eKvld/Bu4IwjZ9ulZJm53QE+b+8tmjwi8F3JV6BVQX/yQ15YglMxZc4e8ia6AFQe
+r7C8HORSjKAyr7c3sVNnaHRnUPYtLmTeriZ539+Zhqurf4XsoPuAzPS4DB6TRWO5
+3Lhbm+1bOdRfYrCnjnxmOCyqsQhjF2d9zL2z8cM/z1A57dEZgxXbhxInlrfa6uWd
+vLrqOU+L73Sa58XQ0uqGURzk/mQIKAR5BevKxXEOC++r6uwSEaEYBTJp0QwsGj0l
+mT+1fMptsK6ZmfoIYOcZwvK9UdPM0wKswREMgM6r3JSda6M5UzrWhQIDAMV9o4IC
+wDCCArwwEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8EBAMCAQYwggJ1Bglg
+hkgBhvhCAQ0EggJmFoICYkZJR1lFTEVNISBFemVuIHRhbnVzaXR2YW55IGEgTmV0
+TG9jayBLZnQuIE1pbm9zaXRldHQgU3pvbGdhbHRhdGFzaSBTemFiYWx5emF0YWJh
+biBsZWlydCBlbGphcmFzb2sgYWxhcGphbiBrZXN6dWx0LiBBIG1pbm9zaXRldHQg
+ZWxla3Ryb25pa3VzIGFsYWlyYXMgam9naGF0YXMgZXJ2ZW55ZXN1bGVzZW5laywg
+dmFsYW1pbnQgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYSBNaW5vc2l0ZXR0IFN6
+b2xnYWx0YXRhc2kgU3phYmFseXphdGJhbiwgYXogQWx0YWxhbm9zIFN6ZXJ6b2Rl
+c2kgRmVsdGV0ZWxla2JlbiBlbG9pcnQgZWxsZW5vcnplc2kgZWxqYXJhcyBtZWd0
+ZXRlbGUuIEEgZG9rdW1lbnR1bW9rIG1lZ3RhbGFsaGF0b2sgYSBodHRwczovL3d3
+dy5uZXRsb2NrLmh1L2RvY3MvIGNpbWVuIHZhZ3kga2VyaGV0b2sgYXogaW5mb0Bu
+ZXRsb2NrLm5ldCBlLW1haWwgY2ltZW4uIFdBUk5JTkchIFRoZSBpc3N1YW5jZSBh
+bmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGFyZSBzdWJqZWN0IHRvIHRo
+ZSBOZXRMb2NrIFF1YWxpZmllZCBDUFMgYXZhaWxhYmxlIGF0IGh0dHBzOi8vd3d3
+Lm5ldGxvY2suaHUvZG9jcy8gb3IgYnkgZS1tYWlsIGF0IGluZm9AbmV0bG9jay5u
+ZXQwHQYDVR0OBBYEFAlqYhaSsFq7VQ7LdTI6MuWyIckoMA0GCSqGSIb3DQEBBQUA
+A4IBAQCRalCc23iBmz+LQuM7/KbD7kPgz/PigDVJRXYC4uMvBcXxKufAQTPGtpvQ
+MznNwNuhrWw3AkxYQTvyl5LGSKjN5Yo5iWH5Upfpvfb5lHTocQ68d4bDBsxafEp+
+NFAwLvt/MpqNPfMgW/hqyobzMUwsWYACff44yTB1HLdV47yfuqhthCgFdbOLDcCR
+VCHnpgu0mfVRQdzNo0ci2ccBgcTcR08m6h/t280NmPSjnLRzMkqWmf68f8glWPhY
+83ZmiVSkpj7EUFy6iRiCdUgh0k8T6GB+B3bbELVR5qq5aKrN9p2QdRLqOBrKROi3
+macqaJVmlaut74nLYKkGEsaUR+ko
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi
+MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu
+MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp
+dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV
+UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO
+ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz
+c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP
+OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl
+mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF
+BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4
+qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw
+gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB
+BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu
+bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp
+dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8
+6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/
+h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH
+/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv
+wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN
+pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC
+TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz
+MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw
+IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR
+dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp
+li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D
+rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ
+WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug
+F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU
+xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC
+Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv
+dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw
+ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl
+IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh
+c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy
+ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh
+Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI
+KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T
+KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq
+y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p
+dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD
+VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL
+MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk
+fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8
+7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R
+cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y
+mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW
+xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK
+SnQ2+Q==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x
+GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv
+b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV
+BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W
+YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa
+GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg
+Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J
+WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB
+rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp
++ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1
+ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i
+Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz
+PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og
+/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH
+oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI
+yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud
+EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2
+A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL
+MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT
+ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f
+BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn
+g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl
+fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K
+WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha
+B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc
+hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR
+TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD
+mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z
+ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y
+4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza
+8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x
+GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv
+b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV
+BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W
+YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM
+V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB
+4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr
+H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd
+8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv
+vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT
+mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe
+btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc
+T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt
+WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ
+c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A
+4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD
+VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG
+CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0
+aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0
+aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu
+dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw
+czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G
+A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC
+TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg
+Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0
+7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem
+d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd
++LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B
+4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN
+t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x
+DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57
+k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s
+zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j
+Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT
+mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK
+4SVhM7JZG+Ju1zdXtg2pEto=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMjIzM1oXDTE5MDYy
+NjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfD
+cnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs
+2Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqY
+JJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliE
+Zwgs3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJ
+n0WuPIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A
+PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICXDCCAcWgAwIBAgIQCgEBAQAAAnwAAAALAAAAAjANBgkqhkiG9w0BAQUFADA6
+MRkwFwYDVQQKExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0EgU2VjdXJp
+dHkgMTAyNCBWMzAeFw0wMTAyMjIyMTAxNDlaFw0yNjAyMjIyMDAxNDlaMDoxGTAX
+BgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAbBgNVBAsTFFJTQSBTZWN1cml0eSAx
+MDI0IFYzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDV3f5mCc8kPD6ugU5O
+isRpgFtZO9+5TUzKtS3DJy08rwBCbbwoppbPf9dYrIMKo1W1exeQFYRMiu4mmdxY
+78c4pqqv0I5CyGLXq6yp+0p9v+r+Ek3d/yYtbzZUaMjShFbuklNhCbM/OZuoyZu9
+zp9+1BlqFikYvtc6adwlWzMaUQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBTEwBykB5T9zU0B1FTapQxf3q4FWjAd
+BgNVHQ4EFgQUxMAcpAeU/c1NAdRU2qUMX96uBVowDQYJKoZIhvcNAQEFBQADgYEA
+Py1q4yZDlX2Jl2X7deRyHUZXxGFraZ8SmyzVWujAovBDleMf6XbN3Ou8k6BlCsdN
+T1+nr6JGFLkM88y9am63nd4lQtBU/55oc2PcJOsiv6hy8l4A4Q1OOkNumU4/iXgD
+mMrzVcydro7BqkWY+o8aoI2II/EVQQ2lRj6RP4vr93E=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDYTCCAkmgAwIBAgIQCgEBAQAAAnwAAAAKAAAAAjANBgkqhkiG9w0BAQUFADA6
+MRkwFwYDVQQKExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0EgU2VjdXJp
+dHkgMjA0OCBWMzAeFw0wMTAyMjIyMDM5MjNaFw0yNjAyMjIyMDM5MjNaMDoxGTAX
+BgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAbBgNVBAsTFFJTQSBTZWN1cml0eSAy
+MDQ4IFYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt49VcdKA3Xtp
+eafwGFAyPGJn9gqVB93mG/Oe2dJBVGutn3y+Gc37RqtBaB4Y6lXIL5F4iSj7Jylg
+/9+PjDvJSZu1pJTOAeo+tWN7fyb9Gd3AIb2E0S1PRsNO3Ng3OTsor8udGuorryGl
+wSMiuLgbWhOHV4PR8CDn6E8jQrAApX2J6elhc5SYcSa8LWrg903w8bYqODGBDSnh
+AMFRD0xS+ARaqn1y07iHKrtjEAMqs6FPDVpeRrc9DvV07Jmf+T0kgYim3WBU6JU2
+PcYJk5qjEoAAVZkZR73QpXzDuvsf9/UP+Ky5tfQ3mBMY3oVbtwyCO4dvlTlYMNpu
+AWgXIszACwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAfBgNVHSMEGDAWgBQHw1EwpKrpRa41JPr/JCwz0LGdjDAdBgNVHQ4EFgQUB8NR
+MKSq6UWuNST6/yQsM9CxnYwwDQYJKoZIhvcNAQEFBQADggEBAF8+hnZuuDU8TjYc
+HnmYv/3VEhF5Ug7uMYm83X/50cYVIeiKAVQNOvtUudZj1LGqlk2iQk3UUx+LEN5/
+Zb5gEydxiKRz44Rj0aRV4VCT5hsOedBnvEbIvz8XDZXmxpBp3ue0L96VfdASPz0+
+f00/FGj1EVDVwfSQpQgdMWD/YIwjVAqv/qFuxdF6Kmh4zx6CCiC0H63lhbJqaHVO
+rSU3lIW+vaHU6rcMSzyd6BIA8F+sDeGscGNz9395nzIlQnQFgCi/vcEkllgVsRch
+6YlL2weIZ/QVrXA+L02FO8K32/6YaCOJ4XQP3vTFhGMpG8zLB8kApKnXwiJPZ9d3
+7CAFYd4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x
+FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz
+MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv
+cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz
+Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO
+0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao
+wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj
+7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS
+8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT
+BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg
+JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC
+NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3
+6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/
+3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm
+D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS
+CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR
+3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x
+GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx
+MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg
+Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ
+iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa
+/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ
+jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI
+HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7
+sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w
+gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF
+MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw
+KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG
+AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L
+URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO
+H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm
+I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY
+iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc
+f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY
+MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t
+dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5
+WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD
+VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8
+9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ
+DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9
+Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N
+QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ
+xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G
+A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG
+kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr
+Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5
+Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU
+JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot
+RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIBJDANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP
+MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MxIENBMB4XDTAx
+MDQwNjEwNDkxM1oXDTIxMDQwNjEwNDkxM1owOTELMAkGA1UEBhMCRkkxDzANBgNV
+BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMSBDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALWJHytPZwp5/8Ue+H887dF+2rDNbS82rDTG
+29lkFwhjMDMiikzujrsPDUJVyZ0upe/3p4zDq7mXy47vPxVnqIJyY1MPQYx9EJUk
+oVqlBvqSV536pQHydekfvFYmUk54GWVYVQNYwBSujHxVX3BbdyMGNpfzJLWaRpXk
+3w0LBUXl0fIdgrvGE+D+qnr9aTCU89JFhfzyMlsy3uhsXR/LpCJ0sICOXZT3BgBL
+qdReLjVQCfOAl/QMF6452F/NM8EcyonCIvdFEu1eEpOdY6uCLrnrQkFEy0oaAIIN
+nvmLVz5MxxftLItyM19yejhW1ebZrgUaHXVFsculJRwSVzb9IjcCAwEAAaMzMDEw
+DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIR+IMi/ZTiFIwCwYDVR0PBAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4IBAQCLGrLJXWG04bkruVPRsoWdd44W7hE928Jj2VuX
+ZfsSZ9gqXLar5V7DtxYvyOirHYr9qxp81V9jz9yw3Xe5qObSIjiHBxTZ/75Wtf0H
+DjxVyhbMp6Z3N/vbXB9OWQaHowND9Rart4S9Tu+fMTfwRvFAttEMpWT4Y14h21VO
+TzF2nBBhjrZTOqMRvq9tfB69ri3iDGnHhVNoomG6xT60eVR4ngrHAr5i0RGCS2Uv
+kVrCqIexVmiUefkl98HVrhq4uz2PqYo4Ffdz0Fpg0YCw8NzVUM1O7pJIae2yIx4w
+zMiUyLb1O4Z/P6Yun/Y+LLWSlj7fLJOK/4GMDw9ZIRlXvVWa
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP
+MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx
+MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV
+BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o
+Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt
+5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s
+3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej
+vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu
+8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw
+DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil
+zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/
+3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD
+FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6
+Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2
+ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIEAJiWijANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJO
+TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSYwJAYDVQQDEx1TdGFh
+dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQTAeFw0wMjEyMTcwOTIzNDlaFw0xNTEy
+MTYwOTE1MzhaMFUxCzAJBgNVBAYTAk5MMR4wHAYDVQQKExVTdGFhdCBkZXIgTmVk
+ZXJsYW5kZW4xJjAkBgNVBAMTHVN0YWF0IGRlciBOZWRlcmxhbmRlbiBSb290IENB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNK1URF6gaYUmHFtvszn
+ExvWJw56s2oYHLZhWtVhCb/ekBPHZ+7d89rFDBKeNVU+LCeIQGv33N0iYfXCxw71
+9tV2U02PjLwYdjeFnejKScfST5gTCaI+Ioicf9byEGW07l8Y1Rfj+MX94p2i71MO
+hXeiD+EwR+4A5zN9RGcaC1Hoi6CeUJhoNFIfLm0B8mBF8jHrqTFoKbt6QZ7GGX+U
+tFE5A3+y3qcym7RHjm+0Sq7lr7HcsBthvJly3uSJt3omXdozSVtSnA71iq3DuD3o
+BmrC1SoLbHuEvVYFy4ZlkuxEK7COudxwC0barbxjiDn622r+I/q85Ej0ZytqERAh
+SQIDAQABo4GRMIGOMAwGA1UdEwQFMAMBAf8wTwYDVR0gBEgwRjBEBgRVHSAAMDww
+OgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cucGtpb3ZlcmhlaWQubmwvcG9saWNpZXMv
+cm9vdC1wb2xpY3kwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSofeu8Y6R0E3QA
+7Jbg0zTBLL9s+DANBgkqhkiG9w0BAQUFAAOCAQEABYSHVXQ2YcG70dTGFagTtJ+k
+/rvuFbQvBgwp8qiSpGEN/KtcCFtREytNwiphyPgJWPwtArI5fZlmgb9uXJVFIGzm
+eafR2Bwp/MIgJ1HI8XxdNGdphREwxgDS1/PTfLbwMVcoEoJz6TMvplW0C5GUR5z6
+u3pCMuiufi3IvKwUv9kP2Vv8wfl6leF9fpb8cbDCTMjfRTTJzg3ynGQI0DvDKcWy
+7ZAEwbEpkcUwb8GpcjPM/l0WFywRaed+/sWDCN+83CI6LiBpIzlWYGeQiy52OfsR
+iJf2fL1LuCAWZwWN4jvBcj+UlTfHXbme2JOhF4//DGYVwSR8MnwDHTuhWEUykw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
+MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
+Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9
+MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
+U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
+cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk
+pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf
+OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C
+Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT
+Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi
+HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM
+Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w
++2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+
+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3
+Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B
+26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID
+AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE
+FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j
+ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js
+LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM
+BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0
+Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy
+dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh
+cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh
+YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg
+dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp
+bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ
+YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT
+TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ
+9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8
+jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW
+FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz
+ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1
+ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L
+EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu
+L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq
+yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC
+O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V
+um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh
+NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFFjCCBH+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBsDELMAkGA1UEBhMCSUwx
+DzANBgNVBAgTBklzcmFlbDEOMAwGA1UEBxMFRWlsYXQxFjAUBgNVBAoTDVN0YXJ0
+Q29tIEx0ZC4xGjAYBgNVBAsTEUNBIEF1dGhvcml0eSBEZXAuMSkwJwYDVQQDEyBG
+cmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
+YWRtaW5Ac3RhcnRjb20ub3JnMB4XDTA1MDMxNzE3Mzc0OFoXDTM1MDMxMDE3Mzc0
+OFowgbAxCzAJBgNVBAYTAklMMQ8wDQYDVQQIEwZJc3JhZWwxDjAMBgNVBAcTBUVp
+bGF0MRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMRowGAYDVQQLExFDQSBBdXRob3Jp
+dHkgRGVwLjEpMCcGA1UEAxMgRnJlZSBTU0wgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkxITAfBgkqhkiG9w0BCQEWEmFkbWluQHN0YXJ0Y29tLm9yZzCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEA7YRgACOeyEpRKSfeOqE5tWmrCbIvNP1h3D3TsM+x
+18LEwrHkllbEvqoUDufMOlDIOmKdw6OsWXuO7lUaHEe+o5c5s7XvIywI6Nivcy+5
+yYPo7QAPyHWlLzRMGOh2iCNJitu27Wjaw7ViKUylS7eYtAkUEKD4/mJ2IhULpNYI
+LzUCAwEAAaOCAjwwggI4MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgHmMB0G
+A1UdDgQWBBQcicOWzL3+MtUNjIExtpidjShkjTCB3QYDVR0jBIHVMIHSgBQcicOW
+zL3+MtUNjIExtpidjShkjaGBtqSBszCBsDELMAkGA1UEBhMCSUwxDzANBgNVBAgT
+BklzcmFlbDEOMAwGA1UEBxMFRWlsYXQxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4x
+GjAYBgNVBAsTEUNBIEF1dGhvcml0eSBEZXAuMSkwJwYDVQQDEyBGcmVlIFNTTCBD
+ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSYWRtaW5Ac3Rh
+cnRjb20ub3JnggEAMB0GA1UdEQQWMBSBEmFkbWluQHN0YXJ0Y29tLm9yZzAdBgNV
+HRIEFjAUgRJhZG1pbkBzdGFydGNvbS5vcmcwEQYJYIZIAYb4QgEBBAQDAgAHMC8G
+CWCGSAGG+EIBDQQiFiBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAy
+BglghkgBhvhCAQQEJRYjaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL2NhLWNybC5j
+cmwwKAYJYIZIAYb4QgECBBsWGWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy8wOQYJ
+YIZIAYb4QgEIBCwWKmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9pbmRleC5waHA/
+YXBwPTExMTANBgkqhkiG9w0BAQQFAAOBgQBscSXhnjSRIe/bbL0BCFaPiNhBOlP1
+ct8nV0t2hPdopP7rPwl+KLhX6h/BquL/lp9JmeaylXOWxkjHXo0Hclb4g4+fd68p
+00UOpO6wNnQt8M2YI3s3S9r+UZjEHjQ8iP2ZO1CnwYszx8JSFhKVU2Ui77qLzmLb
+cCOxgN8aIDjnfg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln
+biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF
+MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT
+d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8
+76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+
+bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c
+6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE
+emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd
+MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt
+MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y
+MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y
+FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi
+aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM
+gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB
+qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7
+lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn
+8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov
+L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6
+45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO
+UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5
+O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC
+bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv
+GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a
+77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC
+hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3
+92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp
+Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w
+ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt
+Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
+BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dpc3NTaWdu
+IFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYxMDI1MDgzNjAw
+WjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMSMwIQYDVQQD
+ExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZcZB/HL37PZ/pEQtZ2Y5Wu669y
+IIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeTIsBQnIJ71NUERFzLtMKfkr4k2Htn
+IuJpX+UFeNSH2XFwMyVTtIc7KZAoNppVRDBopIOXfw0enHb/FZ1glwCNioUD7IC+
+6ixuEFGSzH7VozPY1kneWCqv9hbrS3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5ob
+jM89o03Oy3z2u5yg+gnOI2Ky6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcw
+izSC+13gzJ2BbWLuCB4ELE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl
++zC8bBsQWJj3Gl/QKTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrY
+zt3oEBSa/m0jh26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaP
+pZjydomyExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtF
+KwH3HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW
+ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGePAgMB
+AAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
+BBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCvzAeHFUdvOMW0
+ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4wLAYIKwYBBQUHAgEW
+IGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUA
+A4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfFwUF1TglxeeVtlspLpYhg0DB0
+uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQXOHtYyvkv+8Bldo1bAbl93oI9ZLi+
+FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vlpqD4U99REJNi54Av4tHgvI42Rncz7Lj7
+jposiU0xEQ8mngS7twSNC/K5/FqdOxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/
+u0IdUt1O2BReEMYxB+9xJ/cbOQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8D
+YSjFyMsSoEJL+WuICI20MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1
+puEa+S1BaYEUtLS17Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXa
+icYwu+uPyyIIoK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbG
+DI8Zf0NebvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51x
+kcsymxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z
+Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE
+BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu
+IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow
+RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY
+U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv
+Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br
+YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF
+nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH
+6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt
+eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/
+c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ
+MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH
+HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf
+jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6
+5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB
+rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
+F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c
+wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0
+cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB
+AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp
+WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9
+xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ
+2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ
+IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8
+aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X
+em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR
+dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/
+OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+
+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy
+tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBk
+MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0
+YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg
+Q0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4MTgyMjA2MjBaMGQxCzAJBgNVBAYT
+AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp
+Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9
+m2BtRsiMMW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdih
+FvkcxC7mlSpnzNApbjyFNDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/
+TilftKaNXXsLmREDA/7n29uj/x2lzZAeAR81sH8A25Bvxn570e56eqeqDFdvpG3F
+EzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkCb6dJtDZd0KTeByy2dbco
+kdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn7uHbHaBu
+HYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNF
+vJbNcA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo
+19AOeCMgkckkKmUpWyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjC
+L3UcPX7ape8eYIVpQtPM+GP+HkM5haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJW
+bjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNYMUJDLXT5xp6mig/p/r+D5kNX
+JLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw
+FDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j
+BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzc
+K6FptWfUjNP9MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzf
+ky9NfEBWMXrrpA9gzXrzvsMnjgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7Ik
+Vh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQMbFamIp1TpBcahQq4FJHgmDmHtqB
+sfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4HVtA4oJVwIHaM190e
+3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtlvrsR
+ls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ip
+mXeascClOS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HH
+b6D0jqTsNFFbjCYDcKF31QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksf
+rK/7DZBaZmBwXarNeNQk7shBoJMBkpxqnvy5JMWzFYJ+vq6VK+uxwNrjAWALXmms
+hFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCyx/yP2FS1k2Kdzs9Z+z0Y
+zirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMWNY6E0F/6
+MBr1mmz0DlP5OlvRHA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAsWgAwIBAgICA+owDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYTAkRF
+MRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
+QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJI
+MSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMSkwJwYJKoZIhvcN
+AQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw05ODAzMDkxMTU5NTla
+Fw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVy
+ZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UEChMxVEMgVHJ1c3RDZW50ZXIgZm9y
+IFNlY3VyaXR5IGluIERhdGEgTmV0d29ya3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1
+c3RDZW50ZXIgQ2xhc3MgMiBDQTEpMCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVA
+dHJ1c3RjZW50ZXIuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANo46O0y
+AClxgwENv4wB3NrGrTmkqYov1YtcaF9QxmL1Zr3KkSLsqh1R1z2zUbKDTl3LSbDw
+TFXlay3HhQswHJJOgtTKAu33b77c4OMUuAVT8pr0VotanoWT0bSCVq5Nu6hLVxa8
+/vhYnvgpjbB7zXjJT6yLZwzxnPv8V5tXXE8NAgMBAAGjazBpMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3
+LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G
+CSqGSIb3DQEBBAUAA4GBAIRS+yjf/x91AbwBvgRWl2p0QiQxg/lGsQaKic+WLDO/
+jLVfenKhhQbOhvgFjuj5Jcrag4wGrOs2bYWRNAQ29ELw+HkuCkhcq8xRT3h2oNms
+Gb0q0WkEKJHKNhAngFdb0lz1wlurZIFjdFH0l7/NEij3TWZ/p/AcASZ4smZHcFFk
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAsWgAwIBAgICA+swDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYTAkRF
+MRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
+QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJI
+MSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcN
+AQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw05ODAzMDkxMTU5NTla
+Fw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVy
+ZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UEChMxVEMgVHJ1c3RDZW50ZXIgZm9y
+IFNlY3VyaXR5IGluIERhdGEgTmV0d29ya3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1
+c3RDZW50ZXIgQ2xhc3MgMyBDQTEpMCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVA
+dHJ1c3RjZW50ZXIuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALa0wTUF
+Lg2N7KBAahwOJ6ZQkmtQGwfeLud2zODa/ISoXoxjaitN2U4CdhHBC/KNecoAtvGw
+Dtf7pBc9r6tpepYnv68zoZoqWarEtTcI8hKlMbZD9TKWcSgoq40oht+77uMMfTDW
+w1Krj10nnGvAo+cFa1dJRLNu6mTP0o56UHd3AgMBAAGjazBpMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3
+LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G
+CSqGSIb3DQEBBAUAA4GBABY9xs3Bu4VxhUafPiCPUSiZ7C1FIWMjWwS7TJC4iJIE
+Tb19AaM/9uzO8d7+feXhPrvGq14L3T2WxMup1Pkm5gZOngylerpuw3yCGdHHsbHD
+2w2Om0B8NwvxXej9H5CIpQ5ON2QhqE6NtJ/x3kit1VYYUimLRzQSCdS7kjXvD9s0
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEKzCCAxOgAwIBAgIEOsylTDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJE
+SzEVMBMGA1UEChMMVERDIEludGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQg
+Um9vdCBDQTAeFw0wMTA0MDUxNjMzMTdaFw0yMTA0MDUxNzAzMTdaMEMxCzAJBgNV
+BAYTAkRLMRUwEwYDVQQKEwxUREMgSW50ZXJuZXQxHTAbBgNVBAsTFFREQyBJbnRl
+cm5ldCBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLhA
+vJHVYx/XmaCLDEAedLdInUaMArLgJF/wGROnN4NrXceO+YQwzho7+vvOi20jxsNu
+Zp+Jpd/gQlBn+h9sHvTQBda/ytZO5GhgbEaqHF1j4QeGDmUApy6mcca8uYGoOn0a
+0vnRrEvLznWv3Hv6gXPU/Lq9QYjUdLP5Xjg6PEOo0pVOd20TDJ2PeAG3WiAfAzc1
+4izbSysseLlJ28TQx5yc5IogCSEWVmb/Bexb4/DPqyQkXsN/cHoSxNK1EKC2IeGN
+eGlVRGn1ypYcNIUXJXfi9i8nmHj9eQY6otZaQ8H/7AQ77hPv01ha/5Lr7K7a8jcD
+R0G2l8ktCkEiu7vmpwIDAQABo4IBJTCCASEwEQYJYIZIAYb4QgEBBAQDAgAHMGUG
+A1UdHwReMFwwWqBYoFakVDBSMQswCQYDVQQGEwJESzEVMBMGA1UEChMMVERDIElu
+dGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQgUm9vdCBDQTENMAsGA1UEAxME
+Q1JMMTArBgNVHRAEJDAigA8yMDAxMDQwNTE2MzMxN1qBDzIwMjEwNDA1MTcwMzE3
+WjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUbGQBx/2FbazI2p5QCIUItTxWqFAw
+HQYDVR0OBBYEFGxkAcf9hW2syNqeUAiFCLU8VqhQMAwGA1UdEwQFMAMBAf8wHQYJ
+KoZIhvZ9B0EABBAwDhsIVjUuMDo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQBO
+Q8zR3R0QGwZ/t6T609lN+yOfI1Rb5osvBCiLtSdtiaHsmGnc540mgwV5dOy0uaOX
+wTUA/RXaOYE6lTGQ3pfphqiZdwzlWqCE/xIWrG64jcN7ksKsLtB9KOy282A4aW8+
+2ARVPp7MVdK6/rtHBNcK2RYKNCn1WBPVT8+PVkuzHu7TmHnaCB4Mb7j4Fifvwm89
+9qNLPg7kbWzbO0ESm70NRyN/PErQr8Cv9u8btRXE64PECV90i9kR+8JWsTz4cMo0
+jUNAE4z9mQNUecYu6oah9jrUCbz0vGbMPVjQV0kK7iXiQe4T+Zs4NNEA9X7nlB38
+aQNiuJkFBT1reBK9sG9l
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFGTCCBAGgAwIBAgIEPki9xDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJE
+SzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wMzAyMTEw
+ODM5MzBaFw0zNzAyMTEwOTA5MzBaMDExCzAJBgNVBAYTAkRLMQwwCgYDVQQKEwNU
+REMxFDASBgNVBAMTC1REQyBPQ0VTIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEArGL2YSCyz8DGhdfjeebM7fI5kqSXLmSjhFuHnEz9pPPEXyG9VhDr
+2y5h7JNp46PMvZnDBfwGuMo2HP6QjklMxFaaL1a8z3sM8W9Hpg1DTeLpHTk0zY0s
+2RKY+ePhwUp8hjjEqcRhiNJerxomTdXkoCJHhNlktxmW/OwZ5LKXJk5KTMuPJItU
+GBxIYXvViGjaXbXqzRowwYCDdlCqT9HU3Tjw7xb04QxQBr/q+3pJoSgrHPb8FTKj
+dGqPqcNiKXEx5TukYBdedObaE+3pHx8b0bJoc8YQNHVGEBDjkAB2QMuLt0MJIf+r
+TpPGWOmlgtt3xDqZsXKVSQTwtyv6e1mO3QIDAQABo4ICNzCCAjMwDwYDVR0TAQH/
+BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgewGA1UdIASB5DCB4TCB3gYIKoFQgSkB
+AQEwgdEwLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuY2VydGlmaWthdC5kay9yZXBv
+c2l0b3J5MIGdBggrBgEFBQcCAjCBkDAKFgNUREMwAwIBARqBgUNlcnRpZmlrYXRl
+ciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMi4yMDguMTY5LjEu
+MS4xLiBDZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIg
+T0lEIDEuMi4yMDguMTY5LjEuMS4xLjARBglghkgBhvhCAQEEBAMCAAcwgYEGA1Ud
+HwR6MHgwSKBGoESkQjBAMQswCQYDVQQGEwJESzEMMAoGA1UEChMDVERDMRQwEgYD
+VQQDEwtUREMgT0NFUyBDQTENMAsGA1UEAxMEQ1JMMTAsoCqgKIYmaHR0cDovL2Ny
+bC5vY2VzLmNlcnRpZmlrYXQuZGsvb2Nlcy5jcmwwKwYDVR0QBCQwIoAPMjAwMzAy
+MTEwODM5MzBagQ8yMDM3MDIxMTA5MDkzMFowHwYDVR0jBBgwFoAUYLWF7FZkfhIZ
+J2cdUBVLc647+RIwHQYDVR0OBBYEFGC1hexWZH4SGSdnHVAVS3OuO/kSMB0GCSqG
+SIb2fQdBAAQQMA4bCFY2LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEACrom
+JkbTc6gJ82sLMJn9iuFXehHTuJTXCRBuo7E4A9G28kNBKWKnctj7fAXmMXAnVBhO
+inxO5dHKjHiIzxvTkIvmI/gLDjNDfZziChmPyQE+dF10yYscA+UYyAFMP8uXBV2Y
+caaYb7Z8vTd/vuGTJW1v8AqtFxjhA7wHKcitJuj4YfD9IQl+mo6paH1IYnK9AOoB
+mbgGglGBTvH1tJFUuSN6AJqfXY3gPGS5GhKSKseCRHI53OI8xthV9RVOyAUO28bQ
+YqbsFbS1AoLbrIyigfCbmTH1ICCoiGEKB5+U/NDXG8wuF/MEJ3Zn61SD/aSQfgY9
+BKNDLdr8C2LqL19iUw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID+zCCAuOgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBtzE/MD0GA1UEAww2VMOc
+UktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx
+c8SxMQswCQYDVQQGDAJUUjEPMA0GA1UEBwwGQU5LQVJBMVYwVAYDVQQKDE0oYykg
+MjAwNSBUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8
+dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjAeFw0wNTA1MTMxMDI3MTdaFw0xNTAz
+MjIxMDI3MTdaMIG3MT8wPQYDVQQDDDZUw5xSS1RSVVNUIEVsZWt0cm9uaWsgU2Vy
+dGlmaWthIEhpem1ldCBTYcSfbGF5xLFjxLFzxLExCzAJBgNVBAYMAlRSMQ8wDQYD
+VQQHDAZBTktBUkExVjBUBgNVBAoMTShjKSAyMDA1IFTDnFJLVFJVU1QgQmlsZ2kg
+xLBsZXRpxZ9pbSB2ZSBCaWxpxZ9pbSBHw7x2ZW5sacSfaSBIaXptZXRsZXJpIEEu
+xZ4uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylIF1mMD2Bxf3dJ7
+XfIMYGFbazt0K3gNfUW9InTojAPBxhEqPZW8qZSwu5GXyGl8hMW0kWxsE2qkVa2k
+heiVfrMArwDCBRj1cJ02i67L5BuBf5OI+2pVu32Fks66WJ/bMsW9Xe8iSi9BB35J
+YbOG7E6mQW6EvAPs9TscyB/C7qju6hJKjRTP8wrgUDn5CDX4EVmt5yLqS8oUBt5C
+urKZ8y1UiBAG6uEaPj1nH/vO+3yC6BFdSsG5FOpU2WabfIl9BJpiyelSPJ6c79L1
+JuTm5Rh8i27fbMx4W09ysstcP4wFjdFMjK2Sx+F4f2VsSQZQLJ4ywtdKxnWKWU51
+b0dewQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAV
+9VX/N5aAWSGk/KEVTCD21F/aAyT8z5Aa9CEKmu46sWrv7/hg0Uw2ZkUd82YCdAR7
+kjCo3gp2D++Vbr3JN+YaDayJSFvMgzbC9UZcWYJWtNX+I7TYVBxEq8Sn5RTOPEFh
+fEPmzcSBCYsk+1Ql1haolgxnB2+zUEfjHCQo3SqYpGH+2+oSN7wBGjSFvW5P55Fy
+B0SFHljKVETd96y5y4khctuPwGkplyqjrhgjlxxBKot8KsF8kOipKMDTkcatKIdA
+aLX/7KfS0zgYnNN9aV3wxqUeJBujR/xpB2jn5Jq07Q+hh4cCzofSSE7hvP/L8XKS
+RGQDJereW26fyfJOrN3H
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEPDCCAySgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvjE/MD0GA1UEAww2VMOc
+UktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx
+c8SxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMV0wWwYDVQQKDFRUw5xS
+S1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kg
+SGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtIDIwMDUwHhcNMDUxMTA3MTAwNzU3
+WhcNMTUwOTE2MTAwNzU3WjCBvjE/MD0GA1UEAww2VMOcUktUUlVTVCBFbGVrdHJv
+bmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGEwJU
+UjEPMA0GA1UEBwwGQW5rYXJhMV0wWwYDVQQKDFRUw5xSS1RSVVNUIEJpbGdpIMSw
+bGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWe
+LiAoYykgS2FzxLFtIDIwMDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCpNn7DkUNMwxmYCMjHWHtPFoylzkkBH3MOrHUTpvqeLCDe2JAOCtFp0if7qnef
+J1Il4std2NiDUBd9irWCPwSOtNXwSadktx4uXyCcUHVPr+G1QRT0mJKIx+XlZEdh
+R3n9wFHxwZnn3M5q+6+1ATDcRhzviuyV79z/rxAc653YsKpqhRgNF8k+v/Gb0AmJ
+Qv2gQrSdiVFVKc8bcLyEVK3BEx+Y9C52YItdP5qtygy/p1Zbj3e41Z55SZI/4PGX
+JHpsmxcPbe9TmJEr5A++WXkHeLuXlfSfadRYhwqp48y2WBmfJiGxxFmNskF1wK1p
+zpwACPI2/z7woQ8arBT9pmAPAgMBAAGjQzBBMB0GA1UdDgQWBBTZN7NOBf3Zz58S
+Fq62iS/rJTqIHDAPBgNVHQ8BAf8EBQMDBwYAMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQEFBQADggEBAHJglrfJ3NgpXiOFX7KzLXb7iNcX/nttRbj2hWyfIvwq
+ECLsqrkw9qtY1jkQMZkpAL2JZkH7dN6RwRgLn7Vhy506vvWolKMiVW4XSf/SKfE4
+Jl3vpao6+XF75tpYHdN0wgH6PmlYX63LaL4ULptswLbcoCb6dxriJNoaN+BnrdFz
+gw2lGh1uEpJ+hGIAF728JRhX8tepb1mIvDS3LoV4nZbcFMMsilKbloxSZj2GFotH
+uFEJjOp9zYhys2AzsfAKRO8P9Qk3iCQOLGsgOqL6EfJANZxEaGM7rDNvY7wsu/LS
+y3Z9fYjYHcgFHW68lKlmjHdxx/qR+i9Rnuk5UrbnBEI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/
+MQswCQYDVQQGEwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MB4XDTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1ow
+PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qNw8XR
+IePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1q
+gQdW8or5BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKy
+yhwOeYHWtXBiCAEuTk8O1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAts
+F/tnyMKtsc2AtJfcdgEWFelq16TheEfOhtX7MfP6Mb40qij7cEwdScevLJ1tZqa2
+jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wovJ5pGfaENda1UhhXcSTvx
+ls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7Q3hub/FC
+VGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHK
+YS1tB6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoH
+EgKXTiCQ8P8NHuJBO9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThN
+Xo+EHWbNxWCWtFJaBYmOlXqYwZE8lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1Ud
+DgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNVHRMEBTADAQH/MDkGBGcqBwAE
+MTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg209yewDL7MTqK
+UWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ
+TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyf
+qzvS/3WXy6TjZwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaK
+ZEk9GhiHkASfQlK3T8v+R0F2Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFE
+JPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlUD7gsL0u8qV1bYH+Mh6XgUmMqvtg7
+hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6QzDxARvBMB1uUO07+1
+EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+HbkZ6Mm
+nD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WX
+udpVBrkk7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44Vbnz
+ssQwmSNOXfJIoRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDe
+LMDDav7v3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAl
+pYYsfPQS
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDITCCAoqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
+VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
+ZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFBlcnNvbmFsIEJhc2lj
+IENBMSgwJgYJKoZIhvcNAQkBFhlwZXJzb25hbC1iYXNpY0B0aGF3dGUuY29tMB4X
+DTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgcsxCzAJBgNVBAYTAlpBMRUw
+EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UE
+ChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQZXJzb25hbCBCYXNpYyBD
+QTEoMCYGCSqGSIb3DQEJARYZcGVyc29uYWwtYmFzaWNAdGhhd3RlLmNvbTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvLyTU23AUE+CFeZIlDWmWr5vQvoPR+53
+dXLdjUmbllegeNTKP1GzaQuRdhciB5dqxFGTS+CN7zeVoQxN2jSQHReJl+A1OFdK
+wPQIcOk8RHtQfmGakOMj04gRRif1CwcOu93RfyAKiLlWCy4cgNrx454p7xS9CkT7
+G1sY0b8jkyECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQF
+AAOBgQAt4plrsD16iddZopQBHyvdEktTwq1/qqcAXJFAVyVKOKqEcLnZgA+le1z7
+c8a914phXAPjLSeoF+CEhULcXpvGt7Jtu3Sv5D/Lp7ew4F2+eIMllNLbgQ95B21P
+9DkVWlIBe94y1k049hJcBlDfBVu9FEuh3ym6O0GN92NWod8isQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
+VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
+ZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVt
+YWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUu
+Y29tMB4XDTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgdExCzAJBgNVBAYT
+AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEa
+MBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp
+b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBG
+cmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhh
+d3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1GnX1LCUZFtx6UfY
+DFG26nKRsIRefS0Nj3sS34UldSh0OkIsYyeflXtL734Zhx2G6qPduc6WZBrCFG5E
+rHzmj+hND3EfQDimAKOHePb5lIZererAXnbr2RSjXW56fAylS1V/Bhkpf56aJtVq
+uzgkCGqYx7Hao5iR/Xnb5VrEHLkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zAN
+BgkqhkiG9w0BAQQFAAOBgQDH7JJ+Tvj1lqVnYiqk8E0RYNBvjWBYYawmu1I1XAjP
+MPuoSpaKH2JCI4wXD/S6ZJwXrEcp352YXtJsYHFcoqzceePnbgBHH7UNKOgCneSa
+/RP0ptl8sfjcXyMmCZGAc9AUG95DqYMl8uacLxXK/qarigd1iwzdUYRr5PjRznei
+gQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDKTCCApKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBzzELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
+VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
+ZXJ2aWNlcyBEaXZpc2lvbjEjMCEGA1UEAxMaVGhhd3RlIFBlcnNvbmFsIFByZW1p
+dW0gQ0ExKjAoBgkqhkiG9w0BCQEWG3BlcnNvbmFsLXByZW1pdW1AdGhhd3RlLmNv
+bTAeFw05NjAxMDEwMDAwMDBaFw0yMDEyMzEyMzU5NTlaMIHPMQswCQYDVQQGEwJa
+QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAY
+BgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9u
+IFNlcnZpY2VzIERpdmlzaW9uMSMwIQYDVQQDExpUaGF3dGUgUGVyc29uYWwgUHJl
+bWl1bSBDQTEqMCgGCSqGSIb3DQEJARYbcGVyc29uYWwtcHJlbWl1bUB0aGF3dGUu
+Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJZtn4B0TPuYwu8KHvE0Vs
+Bd/eJxZRNkERbGw77f4QfRKe5ZtCmv5gMcNmt3M6SK5O0DI3lIi1DbbZ8/JE2dWI
+Et12TfIa/G8jHnrx2JhFTgcQ7xZC0EN1bUre4qrJMf8fAHB8Zs8QJQi6+u4A6UYD
+ZicRFTuqW/KY3TZCstqIdQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBBAUAA4GBAGk2ifc0KjNyL2071CKyuG+axTZmDhs8obF1Wub9NdP4qPIH
+b4Vnjt4rueIXsDqg8A6iAJrf8xQVbrvIhVqYgPn/vnQdPfP+MCXRNzRn+qVxeTBh
+KXLA4CxM+1bkOqhv5TJZUtt1KFBZDPgLGeSs2a+WjS9Q2wfD6h+rM+D1KzGJ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
+dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
+MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
+MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
+A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
+b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
+cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
+VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
+ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
+uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
+hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
+pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
+MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
+MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
+DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
+dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
+cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
+DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
+yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
+L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
+EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
+7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
+QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
+qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICoTCCAgqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxDzAN
+BgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUVGhhd3RlIENlcnRpZmljYXRpb24xHzAd
+BgNVBAMTFlRoYXd0ZSBUaW1lc3RhbXBpbmcgQ0EwHhcNOTcwMTAxMDAwMDAwWhcN
+MjAxMjMxMjM1OTU5WjCBizELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4g
+Q2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxDzANBgNVBAoTBlRoYXd0ZTEdMBsG
+A1UECxMUVGhhd3RlIENlcnRpZmljYXRpb24xHzAdBgNVBAMTFlRoYXd0ZSBUaW1l
+c3RhbXBpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANYrWHhhRYZT
+6jR7UZztsOYuGA7+4F+oJ9O0yeB8WU4WDnNUYMF/9p8u6TqFJBU820cEY8OexJQa
+Wt9MevPZQx08EHp5JduQ/vBR5zDWQQD9nyjfeb6Uu522FOMjhdepQeBMpHmwKxqL
+8vg7ij5FrHGSALSQQZj7X+36ty6K+Ig3AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB
+Af8wDQYJKoZIhvcNAQEEBQADgYEAZ9viwuaHPUCDhjc1fR/OmsMMZiCouqoEiYbC
+9RAIDb/LogWK0E02PvTX72nGXuSwlG9KuefeW4i2e9vjJ+V2w/A1wcu1J5szedyQ
+pgCed/r8zSeUQhac0xxo7L9c3eWpexAKMnRUEzGLhQOEkbdYATAUOK8oyvyxUBkZ
+CayJSdM=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEZDCCA0ygAwIBAgIQRL4Mi1AAJLQR0zYwS8AzdzANBgkqhkiG9w0BAQUFADCB
+ozELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xKzApBgNVBAMTIlVUTi1VU0VSRmlyc3Qt
+TmV0d29yayBBcHBsaWNhdGlvbnMwHhcNOTkwNzA5MTg0ODM5WhcNMTkwNzA5MTg1
+NzQ5WjCBozELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0
+IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYD
+VQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xKzApBgNVBAMTIlVUTi1VU0VS
+Rmlyc3QtTmV0d29yayBBcHBsaWNhdGlvbnMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCz+5Gh5DZVhawGNFugmliy+LUPBXeDrjKxdpJo7CNKyXY/45y2
+N3kDuatpjQclthln5LAbGHNhSuh+zdMvZOOmfAz6F4CjDUeJT1FxL+78P/m4FoCH
+iZMlIJpDgmkkdihZNaEdwH+DBmQWICzTSaSFtMBhf1EI+GgVkYDLpdXuOzr0hARe
+YFmnjDRy7rh4xdE7EkpvfmUnuaRVxblvQ6TFHSyZwFKkeEwVs0CYCGtDxgGwenv1
+axwiP8vv/6jQOkt2FZ7S0cYu49tXGzKiuG/ohqY/cKvlcJKrRB5AUPuco2LkbG6g
+yN7igEL66S/ozjIEj3yNtxyjNTwV3Z7DrpelAgMBAAGjgZEwgY4wCwYDVR0PBAQD
+AgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPqGydvguul49Uuo1hXf8NPh
+ahQ8ME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9V
+VE4tVVNFUkZpcnN0LU5ldHdvcmtBcHBsaWNhdGlvbnMuY3JsMA0GCSqGSIb3DQEB
+BQUAA4IBAQCk8yXM0dSRgyLQzDKrm5ZONJFUICU0YV8qAhXhi6r/fWRRzwr/vH3Y
+IWp4yy9Rb/hCHTO967V7lMPDqaAt39EpHx3+jz+7qEUqf9FuVSTiuwL7MT++6Lzs
+QCv4AdRWOOTKRIK1YSAhZ2X28AvnNPilwpyjXEAfhZOVBt5P1CeptqX8Fs1zMT+4
+ZSfP1FMa8Kxun08FDAOBp4QpxFq9ZFdyrTvPNximmMatBrTcCKME1SmklpoSZ0qM
+YEWd8SOasACcaLWYUNPvji6SZbFIPiG+FTAqDbUMo2s/rn9X9R+WfN9v3YIwLGUb
+QErNaLly7HF27FSOH4UMAWr6pjisH8SE
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEXjCCA0agAwIBAgIQRL4Mi1AAIbQR0ypoBqmtaTANBgkqhkiG9w0BAQUFADCB
+kzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xGzAZBgNVBAMTElVUTiAtIERBVEFDb3Jw
+IFNHQzAeFw05OTA2MjQxODU3MjFaFw0xOTA2MjQxOTA2MzBaMIGTMQswCQYDVQQG
+EwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYD
+VQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cu
+dXNlcnRydXN0LmNvbTEbMBkGA1UEAxMSVVROIC0gREFUQUNvcnAgU0dDMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+5YEKIrblXEjr8uRgnn4AgPLit6
+E5Qbvfa2gI5lBZMAHryv4g+OGQ0SR+ysraP6LnD43m77VkIVni5c7yPeIbkFdicZ
+D0/Ww5y0vpQZY/KmEQrrU0icvvIpOxboGqBMpsn0GFlowHDyUwDAXlCCpVZvNvlK
+4ESGoE1O1kduSUrLZ9emxAW5jh70/P/N5zbgnAVssjMiFdC04MwXwLLA9P4yPykq
+lXvY8qdOD1R8oQ2AswkDwf9c3V6aPryuvEeKaq5xyh+xKrhfQgUL7EYw0XILyulW
+bfXv33i+Ybqypa4ETLyorGkVl73v67SMvzX41MPRKA5cOp9wGDMgd8SirwIDAQAB
+o4GrMIGoMAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRT
+MtGzz3/64PGgXYVOktKeRR20TzA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3Js
+LnVzZXJ0cnVzdC5jb20vVVROLURBVEFDb3JwU0dDLmNybDAqBgNVHSUEIzAhBggr
+BgEFBQcDAQYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GCSqGSIb3DQEBBQUAA4IB
+AQAnNZcAiosovcYzMB4p/OL31ZjUQLtgyr+rFywJNn9Q+kHcrpY6CiM+iVnJowft
+Gzet/Hy+UUla3joKVAgWRcKZsYfNjGjgaQPpxE6YsjuMFrMOoAyYUJuTqXAJyCyj
+j98C5OBxOvG0I3KgqgHf35g+FFCgMSa9KOlaMCZ1+XtgHI3zzVAmbQQnmt/VDUVH
+KWss5nbZqSl9Mt3JNjy9rjXxEZ4du5A/EkdOjtd+D2JzHVImOBwYSf0wdJrE5SIv
+2MCN7ZF6TACPcn9d2t0bi0Vr591pl6jFVkwPDPafepE39peC4N1xaf92P2BNPM/3
+mfnGV/TJVTl4uix5yaaIK/QI
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEojCCA4qgAwIBAgIQRL4Mi1AAJLQR0zYlJWfJiTANBgkqhkiG9w0BAQUFADCB
+rjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3Qt
+Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDAeFw05OTA3MDkxNzI4NTBa
+Fw0xOTA3MDkxNzM2NThaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAV
+BgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5l
+dHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UE
+AxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3B
+YHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJkxIW9
+hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6l
+L8/K2m2qL+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLm
+SGHGTPNpsaguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM
+1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu9mIwFIws
+6wIDAQABo4G5MIG2MAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTBYBgNVHR8EUTBPME2gS6BJhkdodHRw
+Oi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLVVTRVJGaXJzdC1DbGllbnRBdXRoZW50
+aWNhdGlvbmFuZEVtYWlsLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH
+AwQwDQYJKoZIhvcNAQEFBQADggEBALFtYV2mGn98q0rkMPxTbyUkxsrt4jFcKw7u
+7mFVbwQ+zznexRtJlOTrIEy05p5QLnLZjfWqo7NK2lYcYJeA3IKirUq9iiv/Cwm0
+xtcgBEXkzYABurorbs6q15L+5K/r9CYdFip/bDCVNy8zEqx/3cfREYxRmLLQo5HQ
+rfafnoOTHh1CuEava2bwm3/q4wMC5QJRwarVNZ1yQAOJujEdxRBoUp7fooXFXAim
+eOZTT7Hot9MUnpOmw2TjrH5xzbyf6QMbzPvprDHBr3wVdAKZw7JHpsIyYdfHb0gk
+USeh1YdV8nuPmD0Wnu51tvjQjvLzxq4oW6fw8zYX/MMF08oDSlQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB
+lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
+SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG
+A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe
+MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v
+d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh
+cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn
+0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ
+M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a
+MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd
+oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI
+DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy
+oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0
+dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy
+bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF
+BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM
+//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli
+CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE
+CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t
+3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS
+KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNTIyMjM0OFoXDTE5MDYy
+NTIyMjM0OFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYWYJ6ibiWuqYvaG9Y
+LqdUHAZu9OqNSLwxlBfw8068srg1knaw0KWlAdcAAxIiGQj4/xEjm84H9b9pGib+
+TunRf50sQB1ZaG6m+FiwnRqP0z/x3BkGgagO4DrdyFNFCQbmD3DD+kCmDuJWBQ8Y
+TfwggtFzVXSNdnKgHZ0dwN0/cQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFBoPUn0
+LBwGlN+VYH+Wexf+T3GtZMjdd9LvWVXoP+iOBSoh8gfStadS/pyxtuJbdxdA6nLW
+I8sogTLDAHkY7FkXicnGah5xyf23dKUlRWnFSKsZ4UWKJWsZ7uW7EvV/96aNUcPw
+nXS3qT6gpf+2SQMT2iLM7XGCK5nPOrf1LXLI
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
+NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY
+dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
+WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
+v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
+UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
+IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
+W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
+yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
+ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL
+MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
+ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln
+biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
+U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1
+nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex
+t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz
+SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG
+BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
+rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/
+NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
+BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH
+BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
+aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv
+MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
+p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
+5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
+WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
+4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
+hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICPTCCAaYCEQDNun9W8N/kvFT+IqyzcqpVMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0yODA4MDEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEA5Rm/baNWYS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0N
+H8xlbgyw0FaEGIeaBpsQoXPftFg5a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR
+4k5FVmkfeAKA2txHkSm7NsljXMXg1y2He6G3MrB7MLoqLzGq7qNn2tsCAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQBMP7iLxmjf7kMzDl3ppssHhE16M/+SG/Q2rdiVIjZo
+EWx8QszznC7EBz8UsA9P/5CSdvnivErpj82ggAr3xSnxgiJduLHdgSOjeyUVRjB5
+FvjqBUuUfx3CHMjjt/QQQDwTw18fU+hI5Ia0e6E1sHslurjTjqs/OJ0ANACY89Fx
+lA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmsCEEzH6qqYPnHTkxD4PTqJkZIwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCq0Lq+Fi24g9TK0g+8djHKlNgdk4xWArzZbxpvUjZudVYK
+VdPfQ4chEWWKfo+9Id5rMj8bhDSVBZ1BNeuS65bdqlk/AVNtmU/t5eIqWpDBucSm
+Fc/IReumXY6cPvBkJHalzasab7bYe1FhbqZ/h8jit+U03EGI6glAvnOSPWvndQID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAKlPww3HZ74sy9mozS11534Vnjty637rXC0J
+h9ZrbWB85a7FkCMMXErQr7Fd88e2CtvgFZMN3QO8x3aKtd1Pw5sTdbgBwObJW2ul
+uIncrKTdcu1OofdPvAbT6shkdHvClUGcZXNY8ZCaPGqxmMnEh7zPRW1F4m4iP/68
+DzFc6PLZ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4
+nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO
+8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV
+ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb
+PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2
+6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr
+n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a
+qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4
+wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3
+ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs
+pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4
+E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEC0b/EoXjaOR6+f/9YtFvgswDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAyIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC2WoujDWojg4BrzzmH9CETMwZMJaLtVRKXxaeAufqDwSCg+i8VDXyh
+YGt+eSz6Bg86rvYbb7HS/y8oUl+DfUvEerf4Zh+AVPy3wo5ZShRXRtGak75BkQO7
+FYCTXOvnzAhsPz6zSvz/S2wj1VCCJkQZjiPDceoZJEcEnnW/yKYAHwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBAIobK/o5wXTXXtgZZKJYSi034DNHD6zt96rbHuSLBlxg
+J8pFUs4W7z8GZOeUaHxgMxURaa+dYo2jA1Rrpr7l7gUYYAS/QoD90KioHgE796Nc
+r6Pc5iaAIzy4RHT3Cq5Ji2F4zCS/iIqnDupzGUH9TQPwiNHleI2lKk/2lw0Xd8rY
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDAzCCAmwCEQC5L2DMiJ+hekYJuFtwbIqvMA0GCSqGSIb3DQEBBQUAMIHBMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0Ns
+YXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
+MjE6MDgGA1UECxMxKGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9y
+aXplZCB1c2Ugb25seTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazAe
+Fw05ODA1MTgwMDAwMDBaFw0yODA4MDEyMzU5NTlaMIHBMQswCQYDVQQGEwJVUzEX
+MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0NsYXNzIDIgUHVibGlj
+IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjE6MDgGA1UECxMx
+KGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAp4gBIXQs5xoD8JjhlzwPIQjxnNuX6Zr8wgQGE75fUsjM
+HiwSViy4AWkszJkfrbCWrnkE8hM5wXuYuggs6MKEEyyqaekJ9MepAqRCwiNPStjw
+DqL7MWzJ5m+ZJwf15vRMeJ5t60aG+rmGyVTyssSv1EYcWskVMP8NbPUtDm3Of3cC
+AwEAATANBgkqhkiG9w0BAQUFAAOBgQByLvl/0fFx+8Se9sVeUYpAmLho+Jscg9ji
+nb3/7aHmZuovCfTK1+qlK5X2JGCGTUQug6XELaDTrnhpb3LabK4I8GOSN+a7xDAX
+rXfMSTWqz9iP0b63GJZHc2pUIjRkLbYWm1lbtFFZOrMLFPQS32eg9K0yZF6xRnIn
+jBJ7xUS0rg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy
+aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s
+IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp
+Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV
+BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp
+Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu
+Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g
+Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt
+IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU
+J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO
+JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY
+wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o
+koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN
+qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E
+Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe
+xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u
+7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU
+sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI
+sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP
+cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4
+pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0
+13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk
+U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i
+F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY
+oJ2daZH9
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b
+N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t
+KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu
+kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm
+CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ
+Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu
+imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te
+2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe
+DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC
+/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p
+F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt
+TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmsCEDKIjprS9esTR/h/xCA3JfgwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC68OTP+cSuhVS5B1f5j8V/aBH4xBewRNzjMHPVKmIquNDM
+HO0oW369atyzkSTKQWI8/AIBvxwWMZQFl3Zuoq29YRdsTjCG8FE3KlDHqGKB3FtK
+qsGgtG7rL+VXxbErQHDbWk2hjh+9Ax/YA9SPTJlxvOKCzFjomDqG04Y48wApHwID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAIWMEsGnuVAVess+rLhDityq3RS6iYF+ATwj
+cSGIL4LcY/oCRaxFWdcqWERbt5+BO5JoPeI3JPV7bI92NZYJqFmduc4jq3TWg/0y
+cyfYaT5DdPauxYma51N86Xv2S/PBZYPejYqcPIiNOVn8qj8ijaHBZlCBckztImRP
+T8qAkbYp
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3LpRFpxlmr8Y+1
+GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaStBO3IFsJ
++mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0Gbd
+U6LM8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLm
+NxdLMEYH5IBtptiWLugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XY
+ufTsgsbSPZUd5cBPhMnZo0QoBmrXRazwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/
+ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAj/ola09b5KROJ1WrIhVZPMq1
+CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXttmhwwjIDLk5Mq
+g6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm
+fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c
+2NU8Qh0XwRJdRTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/
+bLvSHgCwIe34QWKCudiyxLtGUPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDzTCCAzagAwIBAgIQU2GyYK7bcY6nlLMTM/QHCTANBgkqhkiG9w0BAQUFADCB
+wTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYDVQQL
+EzNDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+IC0gRzIxOjA4BgNVBAsTMShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1
+dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
+cmswHhcNMDAwOTI2MDAwMDAwWhcNMTAwOTI1MjM1OTU5WjCBpTEXMBUGA1UEChMO
+VmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsx
+OzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5j
+b20vcnBhIChjKTAwMSwwKgYDVQQDEyNWZXJpU2lnbiBUaW1lIFN0YW1waW5nIEF1
+dGhvcml0eSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0hmdZ8IAIVli
+zrQJIkRpivglWtvtDbc2fk7gu5Q+kCWHwmFHKdm9VLhjzCx9abQzNvQ3B5rB3UBU
+/OB4naCTuQk9I1F/RMIUdNsKvsvJMDRAmD7Q1yUQgZS9B0+c1lQn3y6ov8uQjI11
+S7zi6ESHzeZBCiVu6PQkAsVSD27smHUCAwEAAaOB3zCB3DAPBgNVHRMECDAGAQH/
+AgEAMEUGA1UdIAQ+MDwwOgYMYIZIAYb4RQEHFwEDMCowKAYIKwYBBQUHAgEWHGh0
+dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwMQYDVR0fBCowKDAmoCSgIoYgaHR0
+cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwCwYDVR0PBAQDAgEGMEIGCCsG
+AQUFBwEBBDYwNDAyBggrBgEFBQcwAaYmFiRodHRwOi8vb2NzcC52ZXJpc2lnbi5j
+b20vb2NzcC9zdGF0dXMwDQYJKoZIhvcNAQEFBQADgYEAgnBold+2DcIBcBlK0lRW
+HqzyRUyHuPU163hLBanInTsZIS5wNEqi9YngFXVF5yg3ADQnKeg3S/LvRJdrF1Ea
+w1adPBqK9kpGRjeM+sv1ZFo4aC4cw+9wzrhGBha/937ntag+RaypJXUie28/sJyU
+58dzq6wf7iWbwBbtt8pb8BQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgICAx4wDQYJKoZIhvcNAQEFBQAwYTELMAkGA1UEBhMCVVMx
+DTALBgNVBAoTBFZJU0ExLzAtBgNVBAsTJlZpc2EgSW50ZXJuYXRpb25hbCBTZXJ2
+aWNlIEFzc29jaWF0aW9uMRIwEAYDVQQDEwlHUCBSb290IDIwHhcNMDAwODE2MjI1
+MTAwWhcNMjAwODE1MjM1OTAwWjBhMQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklT
+QTEvMC0GA1UECxMmVmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRp
+b24xEjAQBgNVBAMTCUdQIFJvb3QgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKkBcLWqxEDwq2omYXkZAPy/mzdZDK9vZBv42pWUJGkzEXDK41Z0ohdX
+ZFwgBuHW73G3O/erwWnQSaSxBNf0V2KJXLB1LRckaeNCYOTudNargFbYiCjh+20i
+/SN8RnNPflRzHqgsVVh1t0zzWkWlAhr62p3DRcMiXvOL8WAp0sdftAw6UYPvMPjU
+58fy+pmjIlC++QU3o63tmsPm7IgbthknGziLgE3sucfFicv8GjLtI/C1AVj59o/g
+halMCXI5Etuz9c9OYmTaxhkVOmMd6RdVoUwiPDQyRvhlV7or7zaMavrZ2UT0qt2E
+1w0cslSsMoW0ZA3eQbuxNMYBhjJk1Z8CAwEAAaNCMEAwHQYDVR0OBBYEFJ59SzS/
+ca3CBfYDdYDOqU8axCRMMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4IBAQAhpXYUVfmtJ3CPPPTVbMjMCqujmAuKBiPFyWHb
+mQdpNSYx/scuhMKZYdQN6X0uEyt8joW2hcdLzzW2LEc9zikv2G+fiRxkk78IvXbQ
+kIqUs38oW26sTTMs7WXcFsziza6kPWKSBpUmv9+55CCmc2rBvveURNZNbyoLaxhN
+dBA2aGpawWqn3TYpjLgwi08hPwAuVDAHOrqK5MOeyti12HvOdUVmB/RtLdh6yumJ
+ivIj2C/LbgA2T/vwLwHMD8AiZfSr4k5hLQOCfZEWtTDVFN5ex5D8ofyrEK9ca3Cn
+B+8phuiyJccg/ybdd+95RBTEvd07xQObdyPsoOy7Wjm1zK0G
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr
+MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl
+cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv
+bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw
+CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h
+dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l
+cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h
+2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E
+lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV
+ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq
+299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t
+vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL
+dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF
+AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR
+zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3
+LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd
+7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw
+++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt
+398znM/jra6O1I7mT1GvFpLgXPYHDw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEvTCCA6WgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCVVMx
+IDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxs
+cyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9v
+dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMjEzMTcwNzU0WhcNMjIxMjE0
+MDAwNzU0WjCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdl
+bGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQD
+DC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDub7S9eeKPCCGeOARBJe+r
+WxxTkqxtnt3CxC5FlAM1iGd0V+PfjLindo8796jE2yljDpFoNoqXjopxaAkH5OjU
+Dk/41itMpBb570OYj7OeUt9tkTmPOL13i0Nj67eT/DBMHAGTthP796EfvyXhdDcs
+HqRePGj4S78NuR4uNuip5Kf4D8uCdXw1LSLWwr8L87T8bJVhHlfXBIEyg1J55oNj
+z7fLY4sR4r1e6/aN7ZVyKLSsEmLpSjPmgzKuBXWVvYSV2ypcm44uDLiBK0HmOFaf
+SZtsdvqKXfcBeYF8wYNABf5x/Qw/zE5gCQ5lRxAvAcAFP4/4s0HvWkJ+We/Slwxl
+AgMBAAGjggE0MIIBMDAPBgNVHRMBAf8EBTADAQH/MDkGA1UdHwQyMDAwLqAsoCqG
+KGh0dHA6Ly9jcmwucGtpLndlbGxzZmFyZ28uY29tL3dzcHJjYS5jcmwwDgYDVR0P
+AQH/BAQDAgHGMB0GA1UdDgQWBBQmlRkQ2eihl5H/3BnZtQQ+0nMKajCBsgYDVR0j
+BIGqMIGngBQmlRkQ2eihl5H/3BnZtQQ+0nMKaqGBi6SBiDCBhTELMAkGA1UEBhMC
+VVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNX
+ZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMg
+Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQEwDQYJKoZIhvcNAQEFBQADggEB
+ALkVsUSRzCPIK0134/iaeycNzXK7mQDKfGYZUMbVmO2rvwNa5U3lHshPcZeG1eMd
+/ZDJPHV3V3p9+N701NX3leZ0bh08rnyd2wIDBSxxSyU+B+NemvVmFymIGjifz6pB
+A4SXa5M4esowRBskRDPQ5NHcKDj0E0M1NSljqHyita04pO2t/caaH/+Xc/77szWn
+k4bGdpEA5qxRFsQnMlzbc9qlk1eOPm01JghZ1edE13YgY+esE2fDbbFwRnzVlhE9
+iW9dqKHrjQrawx0zbKPqZxmamX9LPYNRKh3KL4YMon4QLSvUFpULB6ouFJJJtylv
+2G0xffX8oRAHh84vWdw+WNs=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID5TCCAs2gAwIBAgIEOeSXnjANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBGYXJnbyBD
+ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMgRmFyZ28gUm9v
+dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDAxMDExMTY0MTI4WhcNMjEwMTE0
+MTY0MTI4WjCBgjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSww
+KgYDVQQLEyNXZWxscyBGYXJnbyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0G
+A1UEAxMmV2VsbHMgRmFyZ28gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVqDM7Jvk0/82bfuUER84A4n13
+5zHCLielTWi5MbqNQ1mXx3Oqfz1cQJ4F5aHiidlMuD+b+Qy0yGIZLEWukR5zcUHE
+SxP9cMIlrCL1dQu3U+SlK93OvRw6esP3E48mVJwWa2uv+9iWsWCaSOAlIiR5NM4O
+JgALTqv9i86C1y8IcGjBqAr5dE8Hq6T54oN+J3N0Prj5OEL8pahbSCOz6+MlsoCu
+ltQKnMJ4msZoGK43YjdeUXWoWGPAUe5AeH6orxqg4bB4nVCMe+ez/I4jsNtlAHCE
+AQgAFG5Uhpq6zPk3EPbg3oQtnaSFN9OH4xXQwReQfhkhahKpdv0SAulPIV4XAgMB
+AAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wTAYDVR0gBEUwQzBBBgtghkgBhvt7hwcB
+CzAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LndlbGxzZmFyZ28uY29tL2NlcnRw
+b2xpY3kwDQYJKoZIhvcNAQEFBQADggEBANIn3ZwKdyu7IvICtUpKkfnRLb7kuxpo
+7w6kAOnu5+/u9vnldKTC2FJYxHT7zmu1Oyl5GFrvm+0fazbuSCUlFLZWohDo7qd/
+0D+j0MNdJu4HzMPBJCGHHt8qElNvQRbn7a6U+oxy+hNH8Dx+rn0ROhPs7fpvcmR7
+nX1/Jv16+yWt6j4pf0zjAFcysLPp7VMX2YuyFA4w6OXVE8Zkr8QA1dhYJPz1j+zx
+x32l2w8n0cbyQIjmH/ZhqPRCyLk306m+LFZ4wnKbWV01QIroTmMatukgalHizqSQ
+33ZwmVxwQ023tqcZZE6St8WRPH9IFmV7Fv3L/PvZ1dZPIWU7Sn9Ho/s=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB
+gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk
+MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY
+UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx
+NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3
+dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy
+dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6
+38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP
+KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q
+DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4
+qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa
+JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi
+PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P
+BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs
+jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0
+eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD
+ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR
+vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt
+qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa
+IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy
+i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ
+O+7ETPTsJ3xCwnR8gooJybQDJbw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFajCCBFKgAwIBAgIEPLU9RjANBgkqhkiG9w0BAQUFADBmMRIwEAYDVQQKEwli
+ZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENBczEzMDEGA1UEAxMq
+YmVUUlVTVGVkIFJvb3QgQ0EtQmFsdGltb3JlIEltcGxlbWVudGF0aW9uMB4XDTAy
+MDQxMTA3Mzg1MVoXDTIyMDQxMTA3Mzg1MVowZjESMBAGA1UEChMJYmVUUlVTVGVk
+MRswGQYDVQQLExJiZVRSVVNUZWQgUm9vdCBDQXMxMzAxBgNVBAMTKmJlVFJVU1Rl
+ZCBSb290IENBLUJhbHRpbW9yZSBJbXBsZW1lbnRhdGlvbjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALx+xDmcjOPWHIb/ymKt4H8wRXqOGrO4x/nRNv8i
+805qX4QQ+2aBw5R5MdKR4XeOGCrDFN5R9U+jK7wYFuK13XneIviCfsuBH/0nLI/6
+l2Qijvj/YaOcGx6Sj8CoCd8JEey3fTGaGuqDIQY8n7pc/5TqarjDa1U0Tz0yH92B
+FODEPM2dMPgwqZfT7syj0B9fHBOB1BirlNFjw55/NZKeX0Tq7PQiXLfoPX2k+Ymp
+kbIq2eszh+6l/ePazIjmiSZuxyuC0F6dWdsU7JGDBcNeDsYq0ATdcT0gTlgn/FP7
+eHgZFLL8kFKJOGJgB7Sg7KxrUNb9uShr71ItOrL/8QFArDcCAwEAAaOCAh4wggIa
+MA8GA1UdEwEB/wQFMAMBAf8wggG1BgNVHSAEggGsMIIBqDCCAaQGDysGAQQBsT4A
+AAEJKIORMTCCAY8wggFIBggrBgEFBQcCAjCCAToaggE2UmVsaWFuY2Ugb24gb3Ig
+dXNlIG9mIHRoaXMgQ2VydGlmaWNhdGUgY3JlYXRlcyBhbiBhY2tub3dsZWRnbWVu
+dCBhbmQgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJk
+IHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgdGhlIENlcnRpZmljYXRpb24g
+UHJhY3RpY2UgU3RhdGVtZW50IGFuZCB0aGUgUmVseWluZyBQYXJ0eSBBZ3JlZW1l
+bnQsIHdoaWNoIGNhbiBiZSBmb3VuZCBhdCB0aGUgYmVUUlVTVGVkIHdlYiBzaXRl
+LCBodHRwOi8vd3d3LmJldHJ1c3RlZC5jb20vcHJvZHVjdHNfc2VydmljZXMvaW5k
+ZXguaHRtbDBBBggrBgEFBQcCARY1aHR0cDovL3d3dy5iZXRydXN0ZWQuY29tL3By
+b2R1Y3RzX3NlcnZpY2VzL2luZGV4Lmh0bWwwHQYDVR0OBBYEFEU9w6nR3D8kVpgc
+cxiIav+DR+22MB8GA1UdIwQYMBaAFEU9w6nR3D8kVpgccxiIav+DR+22MA4GA1Ud
+DwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEASZK8o+6svfoNyYt5hhwjdrCA
+WXf82n+0S9/DZEtqTg6t8n1ZdwWtColzsPq8y9yNAIiPpqCy6qxSJ7+hSHyXEHu6
+7RMdmgduyzFiEuhjA6p9beP4G3YheBufS0OM00mG9htc9i5gFdPp43t1P9ACg9AY
+gkHNZTfqjjJ+vWuZXTARyNtIVBw74acT02pIk/c9jH8F6M7ziCpjBLjqflh8AXtb
+4cV97yHgjQ5dUX2xZ/2jvTg2xvI4hocalmhgRvsoFEdV4aeADGvi6t9NfJBIoDa9
+CReJf8Py05yc493EG931t3GzUwWJBtDLSoDByFOQtTwxiBdQn8nEDovYqAJjDQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFLDCCBBSgAwIBAgIEOU99hzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJX
+VzESMBAGA1UEChMJYmVUUlVTVGVkMRswGQYDVQQDExJiZVRSVVNUZWQgUm9vdCBD
+QXMxGjAYBgNVBAMTEWJlVFJVU1RlZCBSb290IENBMB4XDTAwMDYyMDE0MjEwNFoX
+DTEwMDYyMDEzMjEwNFowWjELMAkGA1UEBhMCV1cxEjAQBgNVBAoTCWJlVFJVU1Rl
+ZDEbMBkGA1UEAxMSYmVUUlVTVGVkIFJvb3QgQ0FzMRowGAYDVQQDExFiZVRSVVNU
+ZWQgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANS0c3oT
+CjhVAb6JVuGUntS+WutKNHUbYSnE4a0IYCF4SP+00PpeQY1hRIfo7clY+vyTmt9P
+6j41ffgzeubx181vSUs9Ty1uDoM6GHh3o8/n9E1z2Jo7Gh2+lVPPIJfCzz4kUmwM
+jmVZxXH/YgmPqsWPzGCgc0rXOD8Vcr+il7dw6K/ifhYGTPWqZCZyByWtNfwYsSbX
+2P8ZDoMbjNx4RWc0PfSvHI3kbWvtILNnmrRhyxdviTX/507AMhLn7uzf/5cwdO2N
+R47rtMNE5qdMf1ZD6Li8tr76g5fmu/vEtpO+GRg+jIG5c4gW9JZDnGdzF5DYCW5j
+rEq2I8QBoa2k5MUCAwEAAaOCAfgwggH0MA8GA1UdEwEB/wQFMAMBAf8wggFZBgNV
+HSAEggFQMIIBTDCCAUgGCisGAQQBsT4BAAAwggE4MIIBAQYIKwYBBQUHAgIwgfQa
+gfFSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1
+bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0
+ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGFuZCBjZXJ0aWZpY2F0aW9uIHBy
+YWN0aWNlIHN0YXRlbWVudCwgd2hpY2ggY2FuIGJlIGZvdW5kIGF0IGJlVFJVU1Rl
+ZCdzIHdlYiBzaXRlLCBodHRwczovL3d3dy5iZVRSVVNUZWQuY29tL3ZhdWx0L3Rl
+cm1zMDEGCCsGAQUFBwIBFiVodHRwczovL3d3dy5iZVRSVVNUZWQuY29tL3ZhdWx0
+L3Rlcm1zMDQGA1UdHwQtMCswKaAnoCWkIzAhMRIwEAYDVQQKEwliZVRSVVNUZWQx
+CzAJBgNVBAYTAldXMB0GA1UdDgQWBBQquZtpLjub2M3eKjEENGvKBxirZzAfBgNV
+HSMEGDAWgBQquZtpLjub2M3eKjEENGvKBxirZzAOBgNVHQ8BAf8EBAMCAf4wDQYJ
+KoZIhvcNAQEFBQADggEBAHlh26Nebhax6nZR+csVm8tpvuaBa58oH2U+3RGFktTo
+Qb9+M70j5/Egv6S0phkBxoyNNXxlpE8JpNbYIxUFE6dDea/bow6be3ga8wSGWsb2
+jCBHOElQBp1yZzrwmAOtlmdE/D8QDYZN5AA7KXvOOzuZhmElQITcE2K3+spZ1gMe
+1lMBzW1MaFVA4e5rxyoAAEiCswoBw2AqDPeCNe5IhpbkdNQ96gFxugR1QKepfzk5
+mlWXKWWuGVUlBXJH0+gY3Ljpr0NzARJ0o+FcXxVdJPP55PS2Z2cS52QiivalQaYc
+tmBjRYoQtLpGEK5BV2VsPyMQPyEQWbfkQN0mDCP2qq4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGUTCCBTmgAwIBAgIEPLVPQDANBgkqhkiG9w0BAQUFADBmMRIwEAYDVQQKEwli
+ZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENBczEzMDEGA1UEAxMq
+YmVUUlVTVGVkIFJvb3QgQ0EgLSBFbnRydXN0IEltcGxlbWVudGF0aW9uMB4XDTAy
+MDQxMTA4MjQyN1oXDTIyMDQxMTA4NTQyN1owZjESMBAGA1UEChMJYmVUUlVTVGVk
+MRswGQYDVQQLExJiZVRSVVNUZWQgUm9vdCBDQXMxMzAxBgNVBAMTKmJlVFJVU1Rl
+ZCBSb290IENBIC0gRW50cnVzdCBJbXBsZW1lbnRhdGlvbjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALr0RAOqEmq1Q+xVkrYwfTVXDNvzDSduTPdQqJtO
+K2/b9a0cS12zqcH+e0TrW6MFDR/FNCswACnxeECypP869AGIF37m1CbTukzqMvtD
+d5eHI8XbQ6P1KqNRXuE70mVpflUVm3rnafdE4Fe1FehmYA8NA/uCjqPoEXtsvsdj
+DheT389Lrm5zdeDzqrmkwAkbhepxKYhBMvnwKg5sCfJ0a2ZsUhMfGLzUPvfYbiCe
+yv78IZTuEyhL11xeDGbu6bsPwTSxfwh28z0mcMmLJR1iJAzqHHVOwBLkuhMdMCkt
+VjMFu5dZfsZJT4nXLySotohAtWSSU1Yk5KKghbNekLQSM80CAwEAAaOCAwUwggMB
+MIIBtwYDVR0gBIIBrjCCAaowggGmBg8rBgEEAbE+AAACCSiDkTEwggGRMIIBSQYI
+KwYBBQUHAgIwggE7GoIBN1JlbGlhbmNlIG9uIG9yIHVzZSBvZiB0aGlzIENlcnRp
+ZmljYXRlIGNyZWF0ZXMgYW4gYWNrbm93bGVkZ21lbnQgYW5kIGFjY2VwdGFuY2Ug
+b2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0
+aW9ucyBvZiB1c2UsIHRoZSBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu
+dCBhbmQgdGhlIFJlbHlpbmcgUGFydHkgQWdyZWVtZW50LCB3aGljaCBjYW4gYmUg
+Zm91bmQgYXQgdGhlIGJlVFJVU1RlZCB3ZWIgc2l0ZSwgaHR0cHM6Ly93d3cuYmV0
+cnVzdGVkLmNvbS9wcm9kdWN0c19zZXJ2aWNlcy9pbmRleC5odG1sMEIGCCsGAQUF
+BwIBFjZodHRwczovL3d3dy5iZXRydXN0ZWQuY29tL3Byb2R1Y3RzX3NlcnZpY2Vz
+L2luZGV4Lmh0bWwwEQYJYIZIAYb4QgEBBAQDAgAHMIGJBgNVHR8EgYEwfzB9oHug
+eaR3MHUxEjAQBgNVBAoTCWJlVFJVU1RlZDEbMBkGA1UECxMSYmVUUlVTVGVkIFJv
+b3QgQ0FzMTMwMQYDVQQDEypiZVRSVVNUZWQgUm9vdCBDQSAtIEVudHJ1c3QgSW1w
+bGVtZW50YXRpb24xDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMjAwMjA0MTEw
+ODI0MjdagQ8yMDIyMDQxMTA4NTQyN1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaA
+FH1w5a44iwY/qhwaj/nPJDCqhIQWMB0GA1UdDgQWBBR9cOWuOIsGP6ocGo/5zyQw
+qoSEFjAMBgNVHRMEBTADAQH/MB0GCSqGSIb2fQdBAAQQMA4bCFY2LjA6NC4wAwIE
+kDANBgkqhkiG9w0BAQUFAAOCAQEAKrgXzh8QlOu4mre5X+za95IkrNySO8cgjfKZ
+5V04ocI07cUTWVwFtStPYZuR+0H8/NU8TZh2BvWBfevdkObRVlTa4y0MnxEylCIB
+evZsLHRnBMylj44ss0O1lKLQfelifwa+JwGDnjr9iu6YQ0pr17WXOzq/T220Y/oz
+ADQuLW2WyXvKmWO6vvT2MKAtmJbpVkQFqUSjYRDrgqFnXbxdJ3Wqiig2KjiS2d2k
+XgClzMx8KSreKJCrt+G2/30lC0DYqjSjLd4H61/OCt3Kfjp9JsFiaDrmLzfzgYYh
+xKlkqu9FNtEaZnz46TfW1mG+oq1I59/mdP7TbX3SJdysYlep9w==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFaDCCBFCgAwIBAgIQO1nHe81bV569N1KsdrSqGjANBgkqhkiG9w0BAQUFADBi
+MRIwEAYDVQQKEwliZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENB
+czEvMC0GA1UEAxMmYmVUUlVTVGVkIFJvb3QgQ0EgLSBSU0EgSW1wbGVtZW50YXRp
+b24wHhcNMDIwNDExMTExODEzWhcNMjIwNDEyMTEwNzI1WjBiMRIwEAYDVQQKEwli
+ZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENBczEvMC0GA1UEAxMm
+YmVUUlVTVGVkIFJvb3QgQ0EgLSBSU0EgSW1wbGVtZW50YXRpb24wggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkujQwCY5X0LkGLG9uJIAiv11DpvpPrILn
+HGhwhRujbrWqeNluB0s/6d/16uhUoWGKDi9pdRi3DOUUjXFumLhV/AyV0Jtu4S2I
+1DpAa5LxmZZk3tv/ePTulh1HiXzUvrmIdyM6CeYEnm2qXtLIvZpOGd+J6lsOfsPk
+tPDgaTuID0GQ+NRxQyTBjyZLO1bp/4xsN+lFrYWMU8NghpBKlsmzVLC7F/AcRdnU
+GxlkVgoZ98zh/4avflherHqQH8koOUV7orbHnB/ahdQhhlkwk75TMzf270HPM8er
+cmsl9fNTGwxMLvF1S++gh/f+ihXQbNXL+WhTuXAVE8L1LvtDNXUtAgMBAAGjggIY
+MIICFDAMBgNVHRMEBTADAQH/MIIBtQYDVR0gBIIBrDCCAagwggGkBg8rBgEEAbE+
+AAADCSiDkTEwggGPMEEGCCsGAQUFBwIBFjVodHRwOi8vd3d3LmJldHJ1c3RlZC5j
+b20vcHJvZHVjdHNfc2VydmljZXMvaW5kZXguaHRtbDCCAUgGCCsGAQUFBwICMIIB
+OhqCATZSZWxpYW5jZSBvbiBvciB1c2Ugb2YgdGhpcyBDZXJ0aWZpY2F0ZSBjcmVh
+dGVzIGFuIGFja25vd2xlZGdtZW50IGFuZCBhY2NlcHRhbmNlIG9mIHRoZSB0aGVu
+IGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNl
+LCB0aGUgQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQgYW5kIHRoZSBS
+ZWx5aW5nIFBhcnR5IEFncmVlbWVudCwgd2hpY2ggY2FuIGJlIGZvdW5kIGF0IHRo
+ZSBiZVRSVVNUZWQgd2ViIHNpdGUsIGh0dHA6Ly93d3cuYmV0cnVzdGVkLmNvbS9w
+cm9kdWN0c19zZXJ2aWNlcy9pbmRleC5odG1sMAsGA1UdDwQEAwIBBjAfBgNVHSME
+GDAWgBSp7BR++dlDzFMrFK3P9/BZiUHNGTAdBgNVHQ4EFgQUqewUfvnZQ8xTKxSt
+z/fwWYlBzRkwDQYJKoZIhvcNAQEFBQADggEBANuXsHXqDMTBmMpWBcCorSZIry0g
+6IHHtt9DwSwddUvUQo3neqh03GZCWYez9Wlt2ames30cMcH1VOJZJEnl7r05pmuK
+mET7m9cqg5c0Lcd9NUwtNLg+DcTsiCevnpL9UGGCqGAHFFPMZRPB9kdEadIxyKbd
+LrML3kqNWz2rDcI1UqJWN8wyiyiFQpyRQHpwKzg21eFzGh/l+n5f3NacOzDq28Bb
+J1zTcwfBwvNMm2+fG8oeqqg4MwlYsq78B+g23FW6L09A/nq9BqaBwZMifIYRCgZ3
+SK41ty8ymmFei74pnykkiFY5LKjSq5YDWtRIn7lAhAuYaPsBQ9Yb4gmxlxw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB
+qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
+Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
+MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
+BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw
+NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j
+LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG
+A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
+IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs
+W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta
+3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk
+6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6
+Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J
+NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP
+r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU
+DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz
+YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
+xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2
+/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/
+LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7
+jVaMaA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIETzCCAzegAwIBAgIEO63vKTANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJQTDEfMB0GA1UE
+ChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2Fjamkg
+U2lnbmV0MRswGQYDVQQDExJDQyBTaWduZXQgLSBSb290Q0EwHhcNMDEwOTIzMTQxODE3WhcNMTEw
+OTIzMTMxODE3WjB1MQswCQYDVQQGEwJQTDEfMB0GA1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5v
+LjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2FjamkgU2lnbmV0MR8wHQYDVQQDExZDQyBTaWdu
+ZXQgLSBDQSBLbGFzYSAxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4SRW9Q58g5DY1Hw7h
+gCRKBEdPdGn0MFHsfw7rlu/oQm7IChI/uWd9q5wwo77YojtTDjRnpgZsjqBeynX8T90vFILqsY2K
+5CF1OESalwvVr3sZiQX79lisuFKat92u6hBFikFIVxfHHB67Af+g7u0dEHdDW7lwy81MwFYxBTRy
+9wIDAQABo4IBbTCCAWkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwggEEBgNVHSAE
+gfwwgfkwgfYGDSsGAQQBvj8CAQoBAQAwgeQwgZoGCCsGAQUFBwICMIGNGoGKQ2VydHlmaWthdCB3
+eXN0YXdpb255IHpnb2RuaWUgeiBkb2t1bWVudGVtOiAiUG9saXR5a2EgQ2VydHlmaWthY2ppIGRs
+YSBSb290Q0EiLiBDZXJ0eWZpa2F0IHd5c3Rhd2lvbnkgcHJ6ZXogUm9vdENBIHcgaGllcmFyY2hp
+aSBDQyBTaWduZXQuMEUGCCsGAQUFBwIBFjlodHRwOi8vd3d3LnNpZ25ldC5wbC9yZXBvenl0b3Jp
+dW0vZG9rdW1lbnR5L3BjX3Jvb3RjYS50eHQwHwYDVR0jBBgwFoAUwJvFIw0C4aZOSGsfAOnjmhQb
+sa8wHQYDVR0OBBYEFMODHtVZd1T7TftXR/nEI1zR54njMA0GCSqGSIb3DQEBBQUAA4IBAQBRIHQB
+FIGh8Jpxt87AgSLwIEEk4+oGy769u3NtoaR0R3WNMdmt7fXTi0tyTQ9V4AIszxVjhnUPaKnF1KYy
+f8Tl+YTzk9ZfFkZ3kCdSaILZAOIrmqWNLPmjUQ5/JiMGho0e1YmWUcMci84+pIisTsytFzVP32/W
++sz2H4FQAvOIMmxB7EJX9AdbnXn9EXZ+4nCqi0ft5z96ZqOJJiCB3vSaoYg+wdkcvb6souMJzuc2
+uptXtR1Xf3ihlHaGW+hmnpcwFA6AoNrom6Vgzk6U1ienx0Cw28BhRSKqzKkyXkuK8gRflZUx84uf
+tXncwKJrMiE3lvgOOBITRzcahirLer4c
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE9zCCA9+gAwIBAgIEPL/xoTANBgkqhkiG9w0BAQUFADB2MQswCQYDVQQGEwJQTDEfMB0GA1UE
+ChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2Fjamkg
+U2lnbmV0MSAwHgYDVQQDExdDQyBTaWduZXQgLSBQQ0EgS2xhc2EgMjAeFw0wMjA0MTkxMDI5NTNa
+Fw0xNzA0MTgxMjUzMDdaMHUxCzAJBgNVBAYTAlBMMR8wHQYDVQQKExZUUCBJbnRlcm5ldCBTcC4g
+eiBvLm8uMSQwIgYDVQQLExtDZW50cnVtIENlcnR5ZmlrYWNqaSBTaWduZXQxHzAdBgNVBAMTFkND
+IFNpZ25ldCAtIENBIEtsYXNhIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqgLJu
+QqY4yavbSgHg8CyfKTx4BokNSDOVz4eD9vptUr11Kqd06ED1hlH7Sg0goBFAfntNU/QTKwSBaNui
+me7C4sSEdgsKrPoAhGb4Mq8y7Ty7RqZz7mkzNMqzL2L2U4yQ2QjvpH8MH0IBqOWEcpSkpwnrCDIm
+RoTfd+YlZWKi2JceQixUUYIQ45Ox8+x8hHbvvZdgqtcvo8PW27qoHkp/7hMuJ44kDAGrmxffBXl/
+OBRZp0uO1CSLcMcVJzyr2phKhy406MYdWrtNPEluGs0GFDzd0nrIctiWAO4cmct4S72S9Q6e//0G
+O9f3/Ca5Kb2I1xYLj/xE+HgjHX9aD2MhAgMBAAGjggGMMIIBiDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjCB4wYDVR0gBIHbMIHYMIHVBg0rBgEEAb4/AhQKAQEAMIHDMHUGCCsGAQUF
+BwICMGkaZ0NlcnR5ZmlrYXQgd3lzdGF3aW9ueSB6Z29kbmllIHogZG9rdW1lbnRlbTogIlBvbGl0
+eWthIENlcnR5ZmlrYWNqaSBQQ0EyIC0gQ2VydHlmaWthdHkgVXJ6ZWRvdyBLbGFzeSAyIi4wSgYI
+KwYBBQUHAgEWPmh0dHA6Ly93d3cuc2lnbmV0LnBsL3JlcG96eXRvcml1bS9kb2t1bWVudHkva2xh
+c2EyL3BjX3BjYTIudHh0MD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly93d3cuc2lnbmV0LnBsL3Jl
+cG96eXRvcml1bS9jcmwvcGNhMi5jcmwwHwYDVR0jBBgwFoAUwGxGyl2CfpYHRonE82AVXO08kMIw
+HQYDVR0OBBYEFLtFBlILy4HNKVSzvHxBTM0HDowlMA0GCSqGSIb3DQEBBQUAA4IBAQBWTsCbqXrX
+hBBev5v5cIuc6gJM8ww7oR0uMQRZoFSqvQUPWBYM2/TLI/f8UM9hSShUVj3zEsSj/vFHagUVmzuV
+Xo5u0WK8iaqATSyEVBhADHrPG6wYcLKJlagge/ILA0m+SieyP2sjYD9MUB9KZIEyBKv0429UuDTw
+6P7pslxMWJBSNyQxaLIs0SRKsqZZWkc7ZYAj2apSkBMX2Is1oHA+PwkF6jQMwCao/+CndXPUzfCF
+6caa9WwW31W26MlXCvSmJgfiTPwGvm4PkPmOnmWZ3CczzhHl4q7ztHFzshJH3sZWDnrWwBFjzz5e
+Pr3WHV1wA7EY6oT4zBx+2gT9XBTB
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEUzCCAzugAwIBAgIEPq+qjzANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQGEwJQTDE3MDUGA1UE
+ChMuQ1ppQyBDZW50cmFzdCBTQSB3IGltaWVuaXUgTWluaXN0cmEgR29zcG9kYXJraTEZMBcGA1UE
+AxMQQ1ppQyBDZW50cmFzdCBTQTAeFw0wMzA0MzAxMDUwNTVaFw0wODA0MjgxMDUwNTVaMGgxCzAJ
+BgNVBAYTAlBMMR8wHQYDVQQKExZUUCBJbnRlcm5ldCBTcC4geiBvLm8uMR8wHQYDVQQDExZDQyBT
+aWduZXQgLSBDQSBLbGFzYSAzMRcwFQYDVQQFEw5OdW1lciB3cGlzdTogNDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALVdeOM62cPH2NERFxbS5FIp/HSv3fgesdVsTUFxZbGtE+/E0RMl
+KZQJHH9emx7vRYubsi4EOLCjYsCOTFvgGRIpZzx7R7T5c0Di5XFkRU4gjBl7aHJoKb5SLzGlWdoX
+GsekVtl6keEACrizV2EafqjI8cnBWY7OxQ1ooLQp5AeFjXg+5PT0lO6TUZAubqjFbhVbxSWjqvdj
+93RGfyYE76MnNn4c2xWySD07n7uno06TC0IJe6+3WSX1h+76VsIFouWBXOoM7cxxiLjoqdBVu24+
+P8e81SukE7qEvOwDPmk9ZJFtt1nBNg8a1kaixcljrA/43XwOPz6qnJ+cIj/xywECAwEAAaOCAQow
+ggEGMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMDMGA1UdIAEB/wQpMCcwJQYEVR0g
+ADAdMBsGCCsGAQUFBwIBFg93d3cuY2VudHJhc3QucGwwgY4GA1UdIwSBhjCBg4AU2a7r85Cp1iJN
+W0Ca1LR6VG3996ShZaRjMGExCzAJBgNVBAYTAlBMMTcwNQYDVQQKEy5DWmlDIENlbnRyYXN0IFNB
+IHcgaW1pZW5pdSBNaW5pc3RyYSBHb3Nwb2RhcmtpMRkwFwYDVQQDExBDWmlDIENlbnRyYXN0IFNB
+ggQ9/0sQMB0GA1UdDgQWBBR7Y8wZkHq0zrY7nn1tFSdQ0PlJuTANBgkqhkiG9w0BAQUFAAOCAQEA
+ldt/svO5c1MU08FKgrOXCGEbEPbQxhpM0xcd6Iv3dCo6qugEgjEs9Qm5CwUNKMnFsvR27cJWUvZb
+MVcvwlwCwclOdwF6u/QRS8bC2HYErhYo9bp9yuxxzuow2A94c5fPqfVrjXy+vDouchAm6+A5Wjzv
+J8wxVFDCs+9iGACmyUWr/JGXCYiQIbQkwlkRKHHlan9ymKf1NvIej/3EpeT8fKr6ywxGuhAfqofW
+pg3WJY/RCB4lTzD8vZGNwfMFGkWhJkypad3i9w3lGmDVpsHaWtCgGfd0H7tUtWPkP+t7EjIRCD9J
+HYnTR+wbbewc5vOI+UobR15ynGfFIaSIiMTVtQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEejCCA2KgAwIBAgIEP4vk6TANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJQ
+TDEfMB0GA1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2Vu
+dHJ1bSBDZXJ0eWZpa2FjamkgU2lnbmV0MR8wHQYDVQQDExZDQyBTaWduZXQgLSBD
+QSBLbGFzYSAyMB4XDTAzMTAxNDExNTgyMloXDTE3MDQxODEyNTMwN1owdzELMAkG
+A1UEBhMCUEwxHzAdBgNVBAoTFlRQIEludGVybmV0IFNwLiB6IG8uby4xJDAiBgNV
+BAsTG0NlbnRydW0gQ2VydHlmaWthY2ppIFNpZ25ldDEhMB8GA1UEAxMYQ0MgU2ln
+bmV0IC0gT0NTUCBLbGFzYSAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCo
+VCsaBStblXQYVNthe3dvaCrfvKpPXngh4almm988iIlEv9CVTaAdCfaJNihvA+Vs
+Qw8++ix1VqteMQE474/MV/YaXigP0Zr0QB+g+/7PWVlv+5U9Gzp9+Xx4DJay8AoI
+iB7Iy5Qf9iZiHm5BiPRIuUXT4ZRbZRYPh0/76vgRsQIDAQABo4IBkjCCAY4wDgYD
+VR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMEEGA1UdHwQ6MDgwNqA0
+oDKGMGh0dHA6Ly93d3cuc2lnbmV0LnBsL3JlcG96eXRvcml1bS9jcmwva2xhc2Ey
+LmNybDCB2AYDVR0gBIHQMIHNMIHKBg4rBgEEAb4/AoFICgwBADCBtzBsBggrBgEF
+BQcCAjBgGl5DZXJ0eWZpa2F0IHd5ZGFueSB6Z29kbmllIHogZG9rdW1lbnRlbSAi
+UG9saXR5a2EgQ2VydHlmaWthY2ppIC0gQ2VydHlmaWthdHkgcmVzcG9uZGVyb3cg
+T0NTUCIuMEcGCCsGAQUFBwIBFjtodHRwOi8vd3d3LnNpZ25ldC5wbC9yZXBvenl0
+b3JpdW0vZG9rdW1lbnR5L3BjX29jc3BfMV8wLnBkZjAfBgNVHSMEGDAWgBS7RQZS
+C8uBzSlUs7x8QUzNBw6MJTAdBgNVHQ4EFgQUKEVrOY7cEHvsVgvoyZdytlbtgwEw
+CQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAQrRg5MV6dxr0HU2IsLInxhvt
+iUVmSFkIUsBCjzLoewOXA16d2oDyHhI/eE+VgAsp+2ANjZu4xRteHIHoYMsN218M
+eD2MLRsYS0U9xxAFK9gDj/KscPbrrdoqLvtPSMhUb4adJS9HLhvUe6BicvBf3A71
+iCNe431axGNDWKnpuj2KUpj4CFHYsWCXky847YtTXDjri9NIwJJauazsrSjK+oXp
+ngRS506mdQ7vWrtApkh8zhhWp7duCkjcCo1O8JxqYr2qEW1fXmgOISe010v2mmuv
+hHxPyVwoAU4KkOw0nbXZn53yak0is5+XmAjh0wWue44AssHrjC9nUh3mkLt6eQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEezCCA2OgAwIBAgIEP4vnLzANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJQ
+TDEfMB0GA1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEfMB0GA1UEAxMWQ0Mg
+U2lnbmV0IC0gQ0EgS2xhc2EgMzEXMBUGA1UEBRMOTnVtZXIgd3Bpc3U6IDQwHhcN
+MDMxMDE0MTIwODAwWhcNMDgwNDI4MTA1MDU1WjB3MQswCQYDVQQGEwJQTDEfMB0G
+A1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBD
+ZXJ0eWZpa2FjamkgU2lnbmV0MSEwHwYDVQQDExhDQyBTaWduZXQgLSBPQ1NQIEts
+YXNhIDMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM/9GwvARNuCVN+PqZmO
+4FqH8vTqhenUyqRkmAVT4YhLu0a9AXeLAYVDu+NTkYzsAUMAfu55rIKHNLlm6WbF
+KvLiKKz4p4pbUr+ToPcwl/TDotidloUdBAxDg0SL+PmQqACZDe3seJho2IYf2vDL
+/G4TLMbKmNB0mlWFuN0f4fJNAgMBAAGjggGgMIIBnDAOBgNVHQ8BAf8EBAMCB4Aw
+EwYDVR0lBAwwCgYIKwYBBQUHAwkwTwYDVR0fBEgwRjBEoEKgQIY+aHR0cDovL3d3
+dy5zaWduZXQucGwva3dhbGlmaWtvd2FuZS9yZXBvenl0b3JpdW0vY3JsL2tsYXNh
+My5jcmwwgdgGA1UdIASB0DCBzTCBygYOKwYBBAG+PwKCLAoCAQAwgbcwbAYIKwYB
+BQUHAgIwYBpeQ2VydHlmaWthdCB3eWRhbnkgemdvZG5pZSB6IGRva3VtZW50ZW0g
+IlBvbGl0eWthIENlcnR5ZmlrYWNqaSAtIENlcnR5ZmlrYXR5IHJlc3BvbmRlcm93
+IE9DU1AiLjBHBggrBgEFBQcCARY7aHR0cDovL3d3dy5zaWduZXQucGwvcmVwb3p5
+dG9yaXVtL2Rva3VtZW50eS9wY19vY3NwXzFfMC5wZGYwHwYDVR0jBBgwFoAUe2PM
+GZB6tM62O559bRUnUND5SbkwHQYDVR0OBBYEFG4jnCMvBALRQXtmDn9TyXQ/EKP+
+MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBACXrKG5Def5lpRwmZom3UEDq
+bl7y4U3qomG4B+ok2FVZGgPZti+ZgvrenPj7PtbYCUBPsCSTNrznKinoT3gD9lQQ
+xkEHwdc6VD1GlFp+qI64u0+wS9Epatrdf7aBnizrOIB4LJd4E2TWQ6trspetjMIU
+upyWls1BmYUxB91R7QkTiAUSNZ87s3auhZuG4f0V0JLVCcg2rn7AN1rfMkgxCbHk
+GxiQbYWFljl6aatxR3odnnzVUe1I8uoY2JXpmmUcOG4dNGuQYziyKG3mtXCQWvug
+5qi9Mf3KUh1oSTKx6HfLjjNl1+wMB5Mdb8LF0XyZLdJM9yIZh7SBRsYm9QiXevY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFGjCCBAKgAwIBAgIEPL7eEDANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJQTDEfMB0GA1UE
+ChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2Fjamkg
+U2lnbmV0MRswGQYDVQQDExJDQyBTaWduZXQgLSBSb290Q0EwHhcNMDIwNDE4MTQ1NDA4WhcNMjYw
+OTIxMTU0MjE5WjB2MQswCQYDVQQGEwJQTDEfMB0GA1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5v
+LjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2FjamkgU2lnbmV0MSAwHgYDVQQDExdDQyBTaWdu
+ZXQgLSBQQ0EgS2xhc2EgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM7BrBlbN5ma
+M5eg0BOTqoZ+9NBDvU8Lm5rTdrMswFTCathzpVVLK/JD4K3+4oCZ9SRAspEXE4gvwb08ASY6w5s+
+HpRkeJw8YzMFR5kDZD5adgnCAy4vDfIXYZgppXPaTQ8wnfUZ7BZ7Zfa7QBemUIcJIzJBB0UqgtxW
+Ceol9IekpBRVmuuSA6QG0Jkm+pGDJ05yj2eQG8jTcBENM7sVA8rGRMyFA4skSZ+D0OG6FS2xC1i9
+JyN0ag1yII/LPx8HK5J4W9MaPRNjAEeaa2qI9EpchwrOxnyVbQfSedCG1VRJfAsE/9tT9CMUPZ3x
+W20QjQcSZJqVcmGW9gVsXKQOVLsCAwEAAaOCAbMwggGvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgEGMIIBBAYDVR0gBIH8MIH5MIH2Bg0rBgEEAb4/AgEKAQEBMIHkMIGaBggrBgEFBQcC
+AjCBjRqBikNlcnR5ZmlrYXQgd3lzdGF3aW9ueSB6Z29kbmllIHogZG9rdW1lbnRlbTogIlBvbGl0
+eWthIENlcnR5ZmlrYWNqaSBkbGEgUm9vdENBIi4gQ2VydHlmaWthdCB3eXN0YXdpb255IHByemV6
+IFJvb3RDQSB3IGhpZXJhcmNoaWkgQ0MgU2lnbmV0LjBFBggrBgEFBQcCARY5aHR0cDovL3d3dy5z
+aWduZXQucGwvcmVwb3p5dG9yaXVtL2Rva3VtZW50eS9wY19yb290Y2EudHh0MEQGA1UdHwQ9MDsw
+OaA3oDWGM2h0dHA6Ly93d3cuc2lnbmV0LnBsL3JlcG96eXRvcml1bS9yb290Y2Evcm9vdGNhLmNy
+bDAfBgNVHSMEGDAWgBTAm8UjDQLhpk5Iax8A6eOaFBuxrzAdBgNVHQ4EFgQUwGxGyl2CfpYHRonE
+82AVXO08kMIwDQYJKoZIhvcNAQEFBQADggEBABp1TAUsa+BeVWg4cjowc8yTJ5XN3GvN96GObMkx
+UGY7U9kVrLI71xBgoNVyzXTiMNDBvjh7vdPWjpl5SDiRpnnKiOFXA43HvNWzUaOkTu1mxjJsZsan
+ot1Xt6j0ZDC+03FjLHdYMyM9kSWp6afb4980EPYZCcSzgM5TOGfJmNii5Tq468VFKrX+52Aou1G2
+2Ohu+EEOlOrG7ylKv1hHUJJCjwN0ZVEIn1nDbrU9FeGCz8J9ihVUvnENEBbBkU37PWqWuHitKQDV
+tcwTwJJdR8cmKq3NmkwAm9fPacidQLpaw0WkuGrS+fEDhu1Nhy9xELP6NA9GRTCNxm/dXlcwnmY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFGjCCBAKgAwIBAgIEPV0tNDANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJQTDEfMB0GA1UE
+ChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2Fjamkg
+U2lnbmV0MRswGQYDVQQDExJDQyBTaWduZXQgLSBSb290Q0EwHhcNMDIwODE2MTY0OTU2WhcNMjYw
+OTIxMTU0MjE5WjB2MQswCQYDVQQGEwJQTDEfMB0GA1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5v
+LjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2FjamkgU2lnbmV0MSAwHgYDVQQDExdDQyBTaWdu
+ZXQgLSBQQ0EgS2xhc2EgMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALN3LanJtdue
+Ne6geWUTFENa+lEuzqELcoqhYB+a/tJcPEkc6TX/bYPzalRRjqs+quMP6KZTU0DixOrV+K7iWaqA
+iQ913HX5IBLmKDCrTVW/ZvSDpiBKbxlHfSNuJxAuVT6HdbzK7yAW38ssX+yS2tZYHZ5FhZcfqzPE
+OpO94mAKcBUhk6T/ki0evXX/ZvvktwmF3hKattzwtM4JMLurAEl8SInyEYULw5JdlfcBez2Tg6Db
+w34hA1A+ckTwhxzecrB8TUe2BnQKOs9vr2cCACpFFcOmPkM0Drtjctr1QHm1tYSqRFRf9VcV5tfC
+3P8QqoK4ONjtLPHc9x5NE1uK/FMCAwEAAaOCAbMwggGvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgEGMIIBBAYDVR0gBIH8MIH5MIH2Bg0rBgEEAb4/AgEKAQECMIHkMIGaBggrBgEFBQcC
+AjCBjRqBikNlcnR5ZmlrYXQgd3lzdGF3aW9ueSB6Z29kbmllIHogZG9rdW1lbnRlbTogIlBvbGl0
+eWthIENlcnR5ZmlrYWNqaSBkbGEgUm9vdENBIi4gQ2VydHlmaWthdCB3eXN0YXdpb255IHByemV6
+IFJvb3RDQSB3IGhpZXJhcmNoaWkgQ0MgU2lnbmV0LjBFBggrBgEFBQcCARY5aHR0cDovL3d3dy5z
+aWduZXQucGwvcmVwb3p5dG9yaXVtL2Rva3VtZW50eS9wY19yb290Y2EudHh0MEQGA1UdHwQ9MDsw
+OaA3oDWGM2h0dHA6Ly93d3cuc2lnbmV0LnBsL3JlcG96eXRvcml1bS9yb290Y2Evcm9vdGNhLmNy
+bDAfBgNVHSMEGDAWgBTAm8UjDQLhpk5Iax8A6eOaFBuxrzAdBgNVHQ4EFgQUXvthcPHlH5BgGhlM
+ErJNXWlhlgAwDQYJKoZIhvcNAQEFBQADggEBACIce95Mvn710KCAISA0CuHD4aznTU6pLoCDShW4
+7OR+GTpJUm1coTcUqlBHV9mra4VFrBcBuOkHZoBLq/jmE0QJWnpSEULDcH9J3mF0nqO9SM+mWyJG
+dsJF/XU/7smummgjMNQXwzQTtWORF+6v5KUbWX85anO2wR+M6YTBWC55zWpWi4RG3vkHFs5Ze2oF
+JTlpuxw9ZgxTnWlwI9QR2MvEhYIUMKMOWxw1nt0kKj+5TCNQQGh/VJJ1dsiroGh/io1DOcePEhKz
+1Ag52y6Wf0nJJB9yk0sFakqZH18F7eQecQImgZyyeRtsG95leNugB3BXWCW+KxwiBrtQTXv4dTE=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEzzCCA7egAwIBAgIEO6ocGTANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJQTDEfMB0GA1UE
+ChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2Fjamkg
+U2lnbmV0MRswGQYDVQQDExJDQyBTaWduZXQgLSBSb290Q0EwHhcNMDEwOTIwMTY0MjE5WhcNMjYw
+OTIxMTU0MjE5WjBxMQswCQYDVQQGEwJQTDEfMB0GA1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5v
+LjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2FjamkgU2lnbmV0MRswGQYDVQQDExJDQyBTaWdu
+ZXQgLSBSb290Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrr2vydnNpELfGW3Ks
+ARiDhJvwDtUe4AbWev+OfMc3+vA29nX8ZmIwno3gmItjo5DbUCCRiCMq5c9epcGu+kg4a3BJChVX
+REl8gVh0ST15rr3RKrSc4VgsvQzl0ZUraeQLl8JoRT5PLsUj3qwF78jUCQVckiiLVcnGfZtFCm+D
+CJXliQBDMB9XFAUEiO/DtEBs0B7wJGx7lgJeJpQUcGiaOPjcJDYOk7rNAYmmD2gWeSlepufO8luU
+YG/YDxTC4mqhRqfa4MnVO5dqy+ICj2UvUpHbZDB0KfGRibgBYeQP1kuqgIzJN4UqknVAJb0aMBSP
+l+9k2fAUdchx1njlbdcbAgMBAAGjggFtMIIBaTAPBgNVHRMBAf8EBTADAQH/MIIBBAYDVR0gBIH8
+MIH5MIH2Bg0rBgEEAb4/AgEKAQEAMIHkMIGaBggrBgEFBQcCAjCBjRqBikNlcnR5ZmlrYXQgd3lz
+dGF3aW9ueSB6Z29kbmllIHogZG9rdW1lbnRlbTogIlBvbGl0eWthIENlcnR5ZmlrYWNqaSBkbGEg
+Um9vdENBIi4gQ2VydHlmaWthdCB3eXN0YXdpb255IHByemV6IFJvb3RDQSB3IGhpZXJhcmNoaWkg
+Q0MgU2lnbmV0LjBFBggrBgEFBQcCARY5aHR0cDovL3d3dy5zaWduZXQucGwvcmVwb3p5dG9yaXVt
+L2Rva3VtZW50eS9wY19yb290Y2EudHh0MB0GA1UdDgQWBBTAm8UjDQLhpk5Iax8A6eOaFBuxrzAf
+BgNVHSMEGDAWgBTAm8UjDQLhpk5Iax8A6eOaFBuxrzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcN
+AQEFBQADggEBAGnY5QmYqnnO9OqFOWZxxb25UHRnaRF6IV9aaGit5BZufZj2Tq3v8L3SgE34GOoI
+cdRMMG5JEpEU4mN/Ef3oY6Eo+7HfqaPHI4KFmbDSPiK5s+wmf+bQSm0Yq5/h4ZOdcAESlLQeLSt1
+CQk2JoKQJ6pyAf6xJBgWEIlm4RXE4J3324PUiOp83kW6MDvaa1xY976WyInr4rwoLgxVl11LZeKW
+ha0RJJxJgw/NyWpKG7LWCm1fglF8JH51vZNndGYq1iKtfnrIOvLZq6bzaCiZm1EurD8HE6P7pmAB
+KK6o3C2OXlNfNIgwkDN/cDqk5TYsTkrpfriJPdxXBH8hQOkW89g=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID/TCCA2agAwIBAgIEP4/gkTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJQTDEfMB0GA1UE
+ChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2Fjamkg
+U2lnbmV0MR8wHQYDVQQDExZDQyBTaWduZXQgLSBDQSBLbGFzYSAxMB4XDTAzMTAxNzEyMjkwMloX
+DTExMDkyMzExMTgxN1owdjELMAkGA1UEBhMCUEwxHzAdBgNVBAoTFlRQIEludGVybmV0IFNwLiB6
+IG8uby4xJDAiBgNVBAsTG0NlbnRydW0gQ2VydHlmaWthY2ppIFNpZ25ldDEgMB4GA1UEAxMXQ0Mg
+U2lnbmV0IC0gVFNBIEtsYXNhIDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOJYrISEtSsd
+uHajROh5/n7NGrkpYTT9NEaPe9+ucuQ37KxIbfJwXJjgUc1dw4wCkcQ12FJarD1X6mSQ4cfN/60v
+LfKI5ZD4nhJTMKlAj1pX9ScQ/MuyvKStCbn5WTkjPhjRAM0tdwXSnzuTEunfw0Oup559y3Iqxg1c
+ExflB6cfAgMBAAGjggGXMIIBkzBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vd3d3LnNpZ25ldC5w
+bC9yZXBvenl0b3JpdW0vY3JsL2tsYXNhMS5jcmwwDgYDVR0PAQH/BAQDAgeAMBYGA1UdJQEB/wQM
+MAoGCCsGAQUFBwMIMIHaBgNVHSAEgdIwgc8wgcwGDSsGAQQBvj8CZAoRAgEwgbowbwYIKwYBBQUH
+AgIwYxphQ2VydHlmaWthdCB3eXN0YXdpb255IHpnb2RuaWUgeiBkb2t1bWVudGVtICJQb2xpdHlr
+YSBDZXJ0eWZpa2FjamkgQ0MgU2lnbmV0IC0gWm5ha293YW5pZSBjemFzZW0iLjBHBggrBgEFBQcC
+ARY7aHR0cDovL3d3dy5zaWduZXQucGwvcmVwb3p5dG9yaXVtL2Rva3VtZW50eS9wY190c2ExXzJf
+MS5wZGYwHwYDVR0jBBgwFoAUw4Me1Vl3VPtN+1dH+cQjXNHnieMwHQYDVR0OBBYEFJdDwEqtcavO
+Yd9u9tej53vWXwNBMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADgYEAnpiQkqLCJQYXUrqMHUEz
++z3rOqS0XzSFnVVLhkVssvXc8S3FkJIiQTUrkScjI4CToCzujj3EyfNxH6yiLlMbskF8I31JxIeB
+vueqV+s+o76CZm3ycu9hb0I4lswuxoT+q5ZzPR8Irrb51rZXlolR+7KtwMg4sFDJZ8RNgOf7tbA=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEFTCCA36gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBvjELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0luZGlhbmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UE
+ChMfU29mdHdhcmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9z
+dG1hc3RlcjEgMB4GA1UEAxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJTAjBgkq
+hkiG9w0BCQEWFmhvc3RtYXN0ZXJAc3BpLWluYy5vcmcwHhcNMDMwMTE1MTYyOTE3
+WhcNMDcwMTE0MTYyOTE3WjCBvjELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0luZGlh
+bmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UEChMfU29mdHdhcmUgaW4g
+dGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9zdG1hc3RlcjEgMB4GA1UE
+AxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJTAjBgkqhkiG9w0BCQEWFmhvc3Rt
+YXN0ZXJAc3BpLWluYy5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPB6
+rdoiLR3RodtM22LMcfwfqb5OrJNl7fwmvskgF7yP6sdD2bOfDIXhg9852jhY8/kL
+VOFe1ELAL2OyN4RAxk0rliZQVgeTgqvgkOVIBbNwgnjN6mqtuWzFiPL+NXQExq40
+I3whM+4lEiwSHaV+MYxWanMdhc+kImT50LKfkxcdAgMBAAGjggEfMIIBGzAdBgNV
+HQ4EFgQUB63oQR1/vda/G4F6P4xLiN4E0vowgesGA1UdIwSB4zCB4IAUB63oQR1/
+vda/G4F6P4xLiN4E0vqhgcSkgcEwgb4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdJ
+bmRpYW5hMRUwEwYDVQQHEwxJbmRpYW5hcG9saXMxKDAmBgNVBAoTH1NvZnR3YXJl
+IGluIHRoZSBQdWJsaWMgSW50ZXJlc3QxEzARBgNVBAsTCmhvc3RtYXN0ZXIxIDAe
+BgNVBAMTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MSUwIwYJKoZIhvcNAQkBFhZo
+b3N0bWFzdGVyQHNwaS1pbmMub3JnggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
+AQEEBQADgYEAm/Abn8c2y1nO3fgpAIslxvi9iNBZDhQtJ0VQZY6wgSfANyDOR4DW
+iexO/AlorB49KnkFS7TjCAoLOZhcg5FaNiKnlstMI5krQmau1Qnb/vGSNsE/UGms
+1ts+QYPUs0KmGEAFUri2XzLy+aQo9Kw74VBvqnxvaaMeY5yMcKNOieY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIIDjCCBfagAwIBAgIJAOiOtsn4KhQoMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzEQMA4GA1UECBMHSW5kaWFuYTEVMBMGA1UEBxMMSW5kaWFuYXBvbGlz
+MSgwJgYDVQQKEx9Tb2Z0d2FyZSBpbiB0aGUgUHVibGljIEludGVyZXN0MRMwEQYD
+VQQLEwpob3N0bWFzdGVyMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkx
+JTAjBgkqhkiG9w0BCQEWFmhvc3RtYXN0ZXJAc3BpLWluYy5vcmcwHhcNMDgwNTEz
+MDgwNzU2WhcNMTgwNTExMDgwNzU2WjCBvDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0luZGlhbmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UEChMfU29mdHdh
+cmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9zdG1hc3RlcjEe
+MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSUwIwYJKoZIhvcNAQkBFhZo
+b3N0bWFzdGVyQHNwaS1pbmMub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEA3DbmR0LCxFF1KYdAw9iOIQbSGE7r7yC9kDyFEBOMKVuUY/b0LfEGQpG5
+GcRCaQi/izZF6igFM0lIoCdDkzWKQdh4s/Dvs24t3dHLfer0dSbTPpA67tfnLAS1
+fOH1fMVO73e9XKKTM5LOfYFIz2u1IiwIg/3T1c87Lf21SZBb9q1NE8re06adU1Fx
+Y0b4ShZcmO4tbZoWoXaQ4mBDmdaJ1mwuepiyCwMs43pPx93jzONKao15Uvr0wa8u
+jyoIyxspgpJyQ7zOiKmqp4pRQ1WFmjcDeJPI8L20QcgHQprLNZd6ioFl3h1UCAHx
+ZFy3FxpRvB7DWYd2GBaY7r/2Z4GLBjXFS21ZGcfSxki+bhQog0oQnBv1b7ypjvVp
+/rLBVcznFMn5WxRTUQfqzj3kTygfPGEJ1zPSbqdu1McTCW9rXRTunYkbpWry9vjQ
+co7qch8vNGopCsUK7BxAhRL3pqXTT63AhYxMfHMgzFMY8bJYTAH1v+pk1Vw5xc5s
+zFNaVrpBDyXfa1C2x4qgvQLCxTtVpbJkIoRRKFauMe5e+wsWTUYFkYBE7axt8Feo
++uthSKDLG7Mfjs3FIXcDhB78rKNDCGOM7fkn77SwXWfWT+3Qiz5dW8mRvZYChD3F
+TbxCP3T9PF2sXEg2XocxLxhsxGjuoYvJWdAY4wCAs1QnLpnwFVMCAwEAAaOCAg8w
+ggILMB0GA1UdDgQWBBQ0cdE41xU2g0dr1zdkQjuOjVKdqzCB8QYDVR0jBIHpMIHm
+gBQ0cdE41xU2g0dr1zdkQjuOjVKdq6GBwqSBvzCBvDELMAkGA1UEBhMCVVMxEDAO
+BgNVBAgTB0luZGlhbmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UEChMf
+U29mdHdhcmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9zdG1h
+c3RlcjEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSUwIwYJKoZIhvcN
+AQkBFhZob3N0bWFzdGVyQHNwaS1pbmMub3JnggkA6I62yfgqFCgwDwYDVR0TAQH/
+BAUwAwEB/zARBglghkgBhvhCAQEEBAMCAAcwCQYDVR0SBAIwADAuBglghkgBhvhC
+AQ0EIRYfU29mdHdhcmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDAwBglghkgBhvhC
+AQQEIxYhaHR0cHM6Ly9jYS5zcGktaW5jLm9yZy9jYS1jcmwucGVtMDIGCWCGSAGG
++EIBAwQlFiNodHRwczovL2NhLnNwaS1pbmMub3JnL2NlcnQtY3JsLnBlbTAhBgNV
+HREEGjAYgRZob3N0bWFzdGVyQHNwaS1pbmMub3JnMA4GA1UdDwEB/wQEAwIBBjAN
+BgkqhkiG9w0BAQUFAAOCAgEAtM294LnqsgMrfjLp3nI/yUuCXp3ir1UJogxU6M8Y
+PCggHam7AwIvUjki+RfPrWeQswN/2BXja367m1YBrzXU2rnHZxeb1NUON7MgQS4M
+AcRb+WU+wmHo0vBqlXDDxm/VNaSsWXLhid+hoJ0kvSl56WEq2dMeyUakCHhBknIP
+qxR17QnwovBc78MKYiC3wihmrkwvLo9FYyaW8O4x5otVm6o6+YI5HYg84gd1GuEP
+sTC8cTLSOv76oYnzQyzWcsR5pxVIBcDYLXIC48s9Fmq6ybgREOJJhcyWR2AFJS7v
+dVkz9UcZFu/abF8HyKZQth3LZjQl/GaD68W2MEH4RkRiqMEMVObqTFoo5q7Gt/5/
+O5aoLu7HaD7dAD0prypjq1/uSSotxdz70cbT0ZdWUoa2lOvUYFG3/B6bzAKb1B+P
++UqPti4oOxfMxaYF49LTtcYDyeFIQpvLP+QX4P4NAZUJurgNceQJcHdC2E3hQqlg
+g9cXiUPS1N2nGLar1CQlh7XU4vwuImm9rWgs/3K1mKoGnOcqarihk3bOsPN/nOHg
+T7jYhkalMwIsJWE3KpLIrIF0aGOHM3a9BX9e1dUCbb2v/ypaqknsmHlHU5H2DjRa
+yaXG67Ljxay2oHA1u8hRadDytaIybrw/oDc5fHE2pgXfDBLkFqfF1stjo5VwP+YE
+o2A=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc
+MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj
+IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB
+IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE
+RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl
+U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290
+IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU
+ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC
+QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr
+rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S
+NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc
+QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH
+txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP
+BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
+AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp
+tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa
+IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl
+6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+
+xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU
+Cm26OWMohpLzGITY+9HPBVZkVw==
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx
+ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g
+RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw
+MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH
+QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j
+b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j
+b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H
+KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm
+VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR
+SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT
+cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ
+6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu
+MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS
+kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB
+BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f
+BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv
+c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH
+AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO
+BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG
+OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU
+A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o
+0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX
+RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH
+qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV
+U+4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh
+bGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu
+Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24g
+QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAe
+BgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTA0MDYyOTE3MDYyMFoX
+DTI0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBE
+YWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgC
+ggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv
+2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+q
+N1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiO
+r18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lN
+f4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEH
+U1jPEX44dMX4/7VpkI+EdOqXG68CAQOjggHhMIIB3TAdBgNVHQ4EFgQU0sSw0pHU
+TBFxs2HLPaH+3ahq1OMwgdIGA1UdIwSByjCBx6GBwaSBvjCBuzEkMCIGA1UEBxMb
+VmFsaUNlcnQgVmFsaWRhdGlvbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwg
+SW5jLjE1MDMGA1UECxMsVmFsaUNlcnQgQ2xhc3MgMiBQb2xpY3kgVmFsaWRhdGlv
+biBBdXRob3JpdHkxITAfBgNVBAMTGGh0dHA6Ly93d3cudmFsaWNlcnQuY29tLzEg
+MB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5jb22CAQEwDwYDVR0TAQH/BAUw
+AwEB/zAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmdv
+ZGFkZHkuY29tMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jZXJ0aWZpY2F0ZXMu
+Z29kYWRkeS5jb20vcmVwb3NpdG9yeS9yb290LmNybDBLBgNVHSAERDBCMEAGBFUd
+IAAwODA2BggrBgEFBQcCARYqaHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv
+bS9yZXBvc2l0b3J5MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQC1
+QPmnHfbq/qQaQlpE9xXUhUaJwL6e4+PrxeNYiY+Sn1eocSxI0YGyeR+sBjUZsE4O
+WBsUs5iB0QQeyAfJg594RAoYC5jcdnplDQ1tgMQLARzLrUc+cb53S8wGd9D0Vmsf
+SxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----\r
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0\r
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz\r
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y\r
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG\r
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy\r
+NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y\r
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs\r
+YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw\r
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl\r
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY\r
+dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9\r
+WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS\r
+v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v\r
+UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu\r
+IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC\r
+W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd\r
+-----END CERTIFICATE-----\r
--- /dev/null
+This directory contains certificate/public keys/private keys used to create unittests.
+Passwort to private keys is "1234" or "secret".
\ No newline at end of file
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ c7:4a:82:f6:9d:1b:f6:7e
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=PL, ST=Maz, O=Samsung, OU=SPRC, CN=Samsung/emailAddress=samsung@samsung.com
+ Validity
+ Not Before: Oct 5 12:00:51 2011 GMT
+ Not After : Oct 2 12:00:51 2021 GMT
+ Subject: C=PL, ST=MAZ, L=Leg, O=Sam, OU=SPRC, CN=Filip/emailAddress=filip@samsung.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d2:fe:c4:b4:c1:74:82:6f:7e:28:8c:df:1b:58:
+ 57:78:3e:5f:5e:4c:b1:e1:d7:c5:0d:1a:c3:e9:2e:
+ 9a:78:8a:d7:5f:b9:cf:ce:83:2a:9a:4a:80:f0:07:
+ 35:61:11:60:15:2c:24:f1:7b:15:1a:e0:d7:2f:6b:
+ ee:35:35:b9:16:e1:10:ac:17:37:86:b3:49:2d:a6:
+ ed:7e:f1:0f:af:d1:01:0e:1a:a5:45:da:b4:24:82:
+ 29:73:0c:5f:e8:3b:9e:85:c7:0f:6f:1b:53:80:fa:
+ a7:50:77:7c:8e:01:5d:84:a8:b3:41:3e:b1:18:07:
+ d2:b9:18:5c:9f:7e:b6:a4:49
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 7B:2C:B7:89:5E:F9:2A:D3:A4:A4:F1:5D:EA:69:D1:F5:D1:46:64:CC
+ X509v3 Authority Key Identifier:
+ keyid:82:08:7F:DB:00:02:86:E8:53:2A:A5:FA:58:AE:67:7F:14:38:C8:60
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 0e:db:f4:08:1a:d0:d5:00:8c:1f:d8:ca:16:3a:52:a6:ae:f3:
+ 14:a3:17:41:e5:6d:6f:f6:62:7b:cd:b7:ff:fc:28:89:c8:3c:
+ 93:19:cf:e6:c4:b8:74:95:8d:5c:d6:f5:88:c2:dd:86:05:7c:
+ d2:0d:72:b7:78:13:58:fc:53:b4:5c:e9:ad:0c:8d:88:91:d3:
+ 9a:b6:cd:59:72:d7:d6:ba:11:54:65:04:fc:8f:10:e3:17:b1:
+ aa:96:cd:94:92:16:d8:98:e6:fe:4a:a8:29:f9:ca:c4:e4:46:
+ e8:73:4f:5d:95:76:f4:d6:36:7c:34:4f:3c:e2:18:a0:54:33:
+ ad:72
+-----BEGIN CERTIFICATE-----
+MIIC4zCCAkygAwIBAgIJAMdKgvadG/Z+MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV
+BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT
+BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA
+c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIwMDUxWhcNMjExMDAyMTIwMDUxWjB4MQsw
+CQYDVQQGEwJQTDEMMAoGA1UECBMDTUFaMQwwCgYDVQQHEwNMZWcxDDAKBgNVBAoT
+A1NhbTENMAsGA1UECxMEU1BSQzEOMAwGA1UEAxMFRmlsaXAxIDAeBgkqhkiG9w0B
+CQEWEWZpbGlwQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDS/sS0wXSCb34ojN8bWFd4Pl9eTLHh18UNGsPpLpp4itdfuc/OgyqaSoDwBzVh
+EWAVLCTxexUa4Ncva+41NbkW4RCsFzeGs0ktpu1+8Q+v0QEOGqVF2rQkgilzDF/o
+O56Fxw9vG1OA+qdQd3yOAV2EqLNBPrEYB9K5GFyffrakSQIDAQABo3sweTAJBgNV
+HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
+Y2F0ZTAdBgNVHQ4EFgQUeyy3iV75KtOkpPFd6mnR9dFGZMwwHwYDVR0jBBgwFoAU
+ggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQADgYEADtv0CBrQ1QCM
+H9jKFjpSpq7zFKMXQeVtb/Zie823//woicg8kxnP5sS4dJWNXNb1iMLdhgV80g1y
+t3gTWPxTtFzprQyNiJHTmrbNWXLX1roRVGUE/I8Q4xexqpbNlJIW2Jjm/kqoKfnK
+xORG6HNPXZV29NY2fDRPPOIYoFQzrXI=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FDE9F633EA955697
+
+ASWLPmOFfKlo46nJXTJLCkhvD/q1MsHXPaaSByVzaavXxwMxOc2g7VkIR2D0yViQ
+mxQFhJLVeq/1UI9pXL2+zk0awptHogwjTw81r2I+R6qkHsSjGjl4Ds6hOX3J211K
+UqO4+3kf6JJOizXbH/y6WWbj9jEJeE7zzmhuyq8k6Kp47leZsle5y13usii323tz
+OgAzZGsQBSkrlBNKKM58O7TkCO6UbZLjVEoBqcJU+p+UiKoGKdUV/MxkbGEKTEPN
+wrFiqIxSk9KuV5iDAjnYCPz6iQIE+Q3NOW+MTw0yjWoMb7uXJexGM6VYkYFZUffe
+16nAzJpYbG+CsJ5XTiGoiodazloVYdnDFnbDLDGS2kLgiuuHzF/DL1lFlbXwgpGj
+sXFp6CemJ+KnMz4aIfC63Wuav+jvAVw26pl/cYxbhboSkl+H9ZKbk+KcIeMN1Rb7
+LD35tsjO5rnQ1QlG0WP6qT6O1SPG/4GgJTyzTwuw6i8jQw62ahKB5hTri/Z8Fmrn
+kFh8F7gTJ+YnxrQuTK8r9QrZrXsE/YqUbHtVEI/m/6uydWdFHNWzJxe6oavuwks2
+3mumh1101mBEuEClzOzHP925oeXW+N8R+jFnA/7NkIjeOo+J9Z+QzBiq6DVJcuEY
+5aqXcCIS9AciUoh3/ovtT637r25nhYwCruZLZ+4+Vkpv9n/gPSipHXgHt2cynaID
+6O7xyoADa+zY1zTRd+A4aA+SWd/bxvKe+6sc/6iBlKA8bKwfPJcwg7il4bX4g5dk
+dI8gTyM9puDoHrdTaLwY8+JL0MCguEvkk7LDttNfN0gxYvxXTpZ+Tg==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ c7:4a:82:f6:9d:1b:f6:7f
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=PL, ST=Maz, O=Samsung, OU=SPRC, CN=Samsung/emailAddress=samsung@samsung.com
+ Validity
+ Not Before: Oct 5 12:11:33 2011 GMT
+ Not After : Oct 2 12:11:33 2021 GMT
+ Subject: C=PL, ST=Mazowieckie, L=legionowo, O=samsung, OU=sprc, CN=magda/emailAddress=magda@samsung.com
+ Subject Public Key Info:
+ Public Key Algorithm: dsaEncryption
+ DSA Public Key:
+ pub:
+ 00:ac:40:42:0e:cc:a8:28:24:0b:43:09:7e:d6:23:
+ 35:a2:8c:e6:7d:62:66:fe:23:d6:58:b8:f7:32:9f:
+ 63:99:d3:2c:ff:af:60:0b:e0:d2:8c:0b:35:8b:c9:
+ e6:77:0a:7d:8d:43:00:23:d4:e3:ff:ad:0b:b4:d3:
+ b9:af:79:c2:08:f9:af:0b:c0:5e:7c:e0:4b:23:86:
+ b9:2a:f4:7c:af:43:ca:b1:fa:13:42:df:5d:3f:96:
+ b8:84:07:6a:19:b6:89:26:f1:a8:fa:c2:86:59:e9:
+ e7:f1:17:0d:30:5a:3b:a4:1f:76:9a:b4:04:fe:3c:
+ 0a:56:5e:6f:17:00:f9:36:05
+ P:
+ 00:b5:3c:23:9a:b0:58:65:7c:c7:35:ca:37:5c:a7:
+ bc:e4:cd:71:a2:5b:e3:29:56:e1:65:b1:d6:30:90:
+ 06:bd:b0:8b:cd:ad:02:e2:da:e9:71:72:73:41:78:
+ 21:ca:0d:b9:3b:53:e2:77:fd:0c:0e:d9:76:a7:6a:
+ 94:0c:52:ab:df:8d:f8:cb:d5:04:39:55:fe:c4:35:
+ 45:8f:34:fe:dc:12:fc:7c:d8:d6:f9:8d:67:47:c9:
+ 17:d5:ff:f4:dc:88:16:4d:f0:62:cd:11:b7:e1:b5:
+ 69:61:23:a0:9b:0d:6d:40:69:8d:27:3d:9f:3b:f6:
+ b4:88:93:bf:da:34:a6:77:15
+ Q:
+ 00:b7:2b:f2:e4:00:9a:75:7e:dc:32:c8:03:99:d3:
+ a3:40:60:d1:b8:cb
+ G:
+ 24:6e:e6:79:4b:50:6c:cb:a5:44:c7:63:cd:e0:a8:
+ c9:ad:85:5d:d9:be:e1:a7:2f:22:71:3d:ff:e3:32:
+ 6d:74:c1:dd:b1:40:34:cc:b0:e9:64:ef:93:82:bd:
+ 44:af:2d:9b:9d:8d:f7:97:32:91:38:e9:01:bc:6a:
+ 4c:c6:97:c2:47:56:6c:e1:5d:54:a0:0a:9f:2c:62:
+ fd:42:ad:63:d4:3a:36:6c:09:07:68:5b:03:51:94:
+ ce:13:e4:a3:ca:c4:75:ae:ba:08:69:74:55:bc:8c:
+ d6:52:8c:26:30:3e:c2:9f:69:1b:5d:74:2f:4a:2f:
+ d7:d4:3d:7e:fa:8a:a7:95
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 99:2A:52:86:CC:2F:5A:D1:00:05:DF:A5:DD:6C:5C:71:17:02:C9:D5
+ X509v3 Authority Key Identifier:
+ keyid:82:08:7F:DB:00:02:86:E8:53:2A:A5:FA:58:AE:67:7F:14:38:C8:60
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 81:f9:c0:bb:f8:0c:25:10:bf:04:5c:24:82:fa:c7:2f:44:d5:
+ e1:f7:cf:54:07:fb:45:29:d9:4b:a8:9b:e0:81:c6:82:bb:d7:
+ 26:f2:fe:42:1e:ef:1f:29:2f:64:8a:83:d8:bf:7a:9d:8d:84:
+ 69:23:6b:d3:25:eb:4f:cd:58:44:e9:dd:39:05:09:37:1e:18:
+ fd:6f:26:e9:ab:2e:e2:1c:c0:34:d6:6a:58:26:c0:a4:f0:c8:
+ 30:ae:95:70:f0:35:c2:b2:a0:66:a6:d6:a7:6d:7c:58:1a:88:
+ da:ff:69:5d:5d:0e:fa:3a:73:c6:ad:7e:19:e4:15:d9:4b:1b:
+ 47:07
+-----BEGIN CERTIFICATE-----
+MIIEDzCCA3igAwIBAgIJAMdKgvadG/Z/MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV
+BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT
+BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA
+c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIxMTMzWhcNMjExMDAyMTIxMTMzWjCBijEL
+MAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMRIwEAYDVQQHEwlsZWdp
+b25vd28xEDAOBgNVBAoTB3NhbXN1bmcxDTALBgNVBAsTBHNwcmMxDjAMBgNVBAMT
+BW1hZ2RhMSAwHgYJKoZIhvcNAQkBFhFtYWdkYUBzYW1zdW5nLmNvbTCCAbcwggEr
+BgcqhkjOOAQBMIIBHgKBgQC1PCOasFhlfMc1yjdcp7zkzXGiW+MpVuFlsdYwkAa9
+sIvNrQLi2ulxcnNBeCHKDbk7U+J3/QwO2XanapQMUqvfjfjL1QQ5Vf7ENUWPNP7c
+Evx82Nb5jWdHyRfV//TciBZN8GLNEbfhtWlhI6CbDW1AaY0nPZ879rSIk7/aNKZ3
+FQIVALcr8uQAmnV+3DLIA5nTo0Bg0bjLAoGAJG7meUtQbMulRMdjzeCoya2FXdm+
+4acvInE9/+MybXTB3bFANMyw6WTvk4K9RK8tm52N95cykTjpAbxqTMaXwkdWbOFd
+VKAKnyxi/UKtY9Q6NmwJB2hbA1GUzhPko8rEda66CGl0VbyM1lKMJjA+wp9pG110
+L0ov19Q9fvqKp5UDgYUAAoGBAKxAQg7MqCgkC0MJftYjNaKM5n1iZv4j1li49zKf
+Y5nTLP+vYAvg0owLNYvJ5ncKfY1DACPU4/+tC7TTua95wgj5rwvAXnzgSyOGuSr0
+fK9DyrH6E0LfXT+WuIQHahm2iSbxqPrChlnp5/EXDTBaO6Qfdpq0BP48ClZebxcA
++TYFo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmSpShswvWtEABd+l3WxccRcCydUw
+HwYDVR0jBBgwFoAUggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQAD
+gYEAgfnAu/gMJRC/BFwkgvrHL0TV4ffPVAf7RSnZS6ib4IHGgrvXJvL+Qh7vHykv
+ZIqD2L96nY2EaSNr0yXrT81YROndOQUJNx4Y/W8m6asu4hzANNZqWCbApPDIMK6V
+cPA1wrKgZqbWp218WBqI2v9pXV0O+jpzxq1+GeQV2UsbRwc=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQC1PCOasFhlfMc1yjdcp7zkzXGiW+MpVuFlsdYwkAa9sIvNrQLi
+2ulxcnNBeCHKDbk7U+J3/QwO2XanapQMUqvfjfjL1QQ5Vf7ENUWPNP7cEvx82Nb5
+jWdHyRfV//TciBZN8GLNEbfhtWlhI6CbDW1AaY0nPZ879rSIk7/aNKZ3FQIVALcr
+8uQAmnV+3DLIA5nTo0Bg0bjLAoGAJG7meUtQbMulRMdjzeCoya2FXdm+4acvInE9
+/+MybXTB3bFANMyw6WTvk4K9RK8tm52N95cykTjpAbxqTMaXwkdWbOFdVKAKnyxi
+/UKtY9Q6NmwJB2hbA1GUzhPko8rEda66CGl0VbyM1lKMJjA+wp9pG110L0ov19Q9
+fvqKp5UCgYEArEBCDsyoKCQLQwl+1iM1oozmfWJm/iPWWLj3Mp9jmdMs/69gC+DS
+jAs1i8nmdwp9jUMAI9Tj/60LtNO5r3nCCPmvC8BefOBLI4a5KvR8r0PKsfoTQt9d
+P5a4hAdqGbaJJvGo+sKGWenn8RcNMFo7pB92mrQE/jwKVl5vFwD5NgUCFC0583uX
+PgTY5e9pOTVpCwebt50S
+-----END DSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFVTCCBD2gAwIBAgIHBBrt1FojCzANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE
+BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAY
+BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlm
+aWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5
+IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMDc5Njky
+ODcwHhcNMTAwNjA5MDIwNzU3WhcNMTEwNjE5MTEwNDM2WjBRMRUwEwYDVQQKEwwq
+LnVidW50dS5jb20xITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEV
+MBMGA1UEAxMMKi51YnVudHUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAu8VcCeGdREV3PYYQukyrfUAay8Ic3fMhA+YUKzqbH8UuPhcjjS3izxaT
+vHLh7v80HS4DXYu6CqoQugZndV4R9KqJN1HVK5acar91VOeQgTSoowTSFtyg6aXJ
+JVdEETyftGHSpS4WjyQZ9FazTfC47c5lJr+3wCZ90UaxaWpNERpMc2L4ZxG1wGCw
+XYWVONtV817NecZVAiytvNPSmcnFm/OC/5GtzxNhfYmsNt1+MiC3IUFe2XnQwFhG
+rvn9IcG2RhEKOOu55pHM08FcnDbfyegBkEDAmQbFIUM+tFUI7nkDNQWy/Mgzuqtg
+DjydGu8h7BObEFrqXtUpm9CbTFZgzwIDAQABo4IBtjCCAbIwDwYDVR0TAQH/BAUw
+AwEBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQD
+AgWgMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2Rz
+MS0xOS5jcmwwUwYDVR0gBEwwSjBIBgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIB
+FitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMIGA
+BggrBgEFBQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHku
+Y29tLzBKBggrBgEFBQcwAoY+aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv
+bS9yZXBvc2l0b3J5L2dkX2ludGVybWVkaWF0ZS5jcnQwHwYDVR0jBBgwFoAU/axh
+MpNsRdbi7oVfmrrndplozOcwIwYDVR0RBBwwGoIMKi51YnVudHUuY29tggp1YnVu
+dHUuY29tMB0GA1UdDgQWBBTUVPFNlBiCNfPjhD8O8mDUv7MLUjANBgkqhkiG9w0B
+AQUFAAOCAQEAUjuOqqu+vS0StsxVXj44hvPye1MC/MkanIrdce5BgYMc5a+8UJba
+ay8h34vtsvfDsTifNY8ijDx79Hprh9V2LwfWWAiWK2SdrceIdGrxDvzmDHllO5YT
+ig2XhAA7ll4toSnrUfsZmi/bgb1V6VNoq36xvK+riDGnPhc7tNDZZb1fBKE+nA1p
+CZq80Liv1xri4Nj1YQ0kMQQnSHkUgEGg7bvtf+cNkIp3OXTNW8f7VFoaWVZNKW8c
+cxNljypjJM+h7xXCG/YRKws8eCi+xpO1Oc41tnSvbCbc0B6+xwFjRx5tfja309QI
+R2+uBFsmWtBCtn31o4CFNytEnwBOPVbZBA==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx
+ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g
+RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw
+MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH
+QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j
+b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j
+b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H
+KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm
+VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR
+SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT
+cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ
+6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu
+MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS
+kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB
+BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f
+BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv
+c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH
+AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO
+BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG
+OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU
+A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o
+0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX
+RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH
+qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV
+U+4=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh
+bGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu
+Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24g
+QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAe
+BgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTA0MDYyOTE3MDYyMFoX
+DTI0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBE
+YWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgC
+ggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv
+2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+q
+N1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiO
+r18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lN
+f4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEH
+U1jPEX44dMX4/7VpkI+EdOqXG68CAQOjggHhMIIB3TAdBgNVHQ4EFgQU0sSw0pHU
+TBFxs2HLPaH+3ahq1OMwgdIGA1UdIwSByjCBx6GBwaSBvjCBuzEkMCIGA1UEBxMb
+VmFsaUNlcnQgVmFsaWRhdGlvbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwg
+SW5jLjE1MDMGA1UECxMsVmFsaUNlcnQgQ2xhc3MgMiBQb2xpY3kgVmFsaWRhdGlv
+biBBdXRob3JpdHkxITAfBgNVBAMTGGh0dHA6Ly93d3cudmFsaWNlcnQuY29tLzEg
+MB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5jb22CAQEwDwYDVR0TAQH/BAUw
+AwEB/zAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmdv
+ZGFkZHkuY29tMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jZXJ0aWZpY2F0ZXMu
+Z29kYWRkeS5jb20vcmVwb3NpdG9yeS9yb290LmNybDBLBgNVHSAERDBCMEAGBFUd
+IAAwODA2BggrBgEFBQcCARYqaHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv
+bS9yZXBvc2l0b3J5MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQC1
+QPmnHfbq/qQaQlpE9xXUhUaJwL6e4+PrxeNYiY+Sn1eocSxI0YGyeR+sBjUZsE4O
+WBsUs5iB0QQeyAfJg594RAoYC5jcdnplDQ1tgMQLARzLrUc+cb53S8wGd9D0Vmsf
+SxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----\r
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0\r
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz\r
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y\r
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG\r
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy\r
+NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y\r
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs\r
+YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw\r
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl\r
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY\r
+dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9\r
+WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS\r
+v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v\r
+UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu\r
+IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC\r
+W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd\r
+-----END CERTIFICATE-----\r
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 85:7d:e1:c5:d9:de:7a:1f
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=PL, ST=Mazowieckie, O=Samsung, OU=SPRC, CN=Operator Test Root Certificate/emailAddress=operator@samsung.com
+ Validity
+ Not Before: Jan 4 17:27:08 2011 GMT
+ Not After : Jan 3 17:27:08 2014 GMT
+ Subject: C=PL, ST=Mazowieckie, O=Samsung, OU=SPRC, CN=Operator Test Root Certificate/emailAddress=operator@samsung.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c3:39:17:a8:f9:d0:69:37:9a:56:44:39:67:10:
+ 14:a9:4b:a2:0b:c7:fc:a1:e8:e8:f7:1c:06:f4:9c:
+ 83:f7:37:07:9d:9c:2c:1b:46:43:5f:f1:7b:91:a8:
+ cd:c0:76:00:d5:9c:c9:28:f7:91:28:b6:97:ec:85:
+ b1:10:0f:58:2e:f6:6f:98:b6:ab:7b:ca:08:10:7f:
+ 55:32:bf:32:db:a7:c2:86:83:03:ee:41:0a:24:de:
+ 17:e3:9d:8f:5b:fa:46:70:78:98:b4:c1:14:77:44:
+ ab:59:7c:4c:d3:4a:f7:54:f2:30:0d:38:73:95:9f:
+ 21:0e:a9:86:3e:fc:82:4e:0b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 25:A5:90:9F:4D:3A:A4:19:0A:80:46:5E:F3:FB:20:CE:56:30:33:DA
+ X509v3 Authority Key Identifier:
+ keyid:25:A5:90:9F:4D:3A:A4:19:0A:80:46:5E:F3:FB:20:CE:56:30:33:DA
+ DirName:/C=PL/ST=Mazowieckie/O=Samsung/OU=SPRC/CN=Operator Test Root Certificate/emailAddress=operator@samsung.com
+ serial:85:7D:E1:C5:D9:DE:7A:1F
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ b9:d7:72:49:09:d8:6f:61:94:51:40:9d:c3:d3:23:53:97:b8:
+ 12:ee:cb:dd:57:e6:1f:a2:76:38:5d:42:51:bd:a9:30:19:f7:
+ 67:5b:a8:67:4a:9e:a1:f0:a9:22:14:94:77:32:27:79:37:9c:
+ 0a:0f:52:80:14:62:00:94:45:85:3b:fd:ad:b4:c3:20:45:ba:
+ b7:91:1a:9e:38:51:0f:9b:d5:ce:74:c7:bd:4a:21:9a:2d:b5:
+ 71:0b:42:d2:95:72:66:fe:eb:11:ad:62:44:6c:32:4e:b4:00:
+ 37:d7:b8:d5:4b:f6:74:36:78:d6:ae:66:b3:ca:6e:42:ff:cb:
+ c2:e6
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAwigAwIBAgIJAIV94cXZ3nofMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
+VQQGEwJQTDEUMBIGA1UECBMLTWF6b3dpZWNraWUxEDAOBgNVBAoTB1NhbXN1bmcx
+DTALBgNVBAsTBFNQUkMxJzAlBgNVBAMTHk9wZXJhdG9yIFRlc3QgUm9vdCBDZXJ0
+aWZpY2F0ZTEjMCEGCSqGSIb3DQEJARYUb3BlcmF0b3JAc2Ftc3VuZy5jb20wHhcN
+MTEwMTA0MTcyNzA4WhcNMTQwMTAzMTcyNzA4WjCBkjELMAkGA1UEBhMCUEwxFDAS
+BgNVBAgTC01hem93aWVja2llMRAwDgYDVQQKEwdTYW1zdW5nMQ0wCwYDVQQLEwRT
+UFJDMScwJQYDVQQDEx5PcGVyYXRvciBUZXN0IFJvb3QgQ2VydGlmaWNhdGUxIzAh
+BgkqhkiG9w0BCQEWFG9wZXJhdG9yQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDDOReo+dBpN5pWRDlnEBSpS6ILx/yh6Oj3HAb0nIP3Nwed
+nCwbRkNf8XuRqM3AdgDVnMko95EotpfshbEQD1gu9m+Ytqt7yggQf1UyvzLbp8KG
+gwPuQQok3hfjnY9b+kZweJi0wRR3RKtZfEzTSvdU8jANOHOVnyEOqYY+/IJOCwID
+AQABo4H6MIH3MB0GA1UdDgQWBBQlpZCfTTqkGQqARl7z+yDOVjAz2jCBxwYDVR0j
+BIG/MIG8gBQlpZCfTTqkGQqARl7z+yDOVjAz2qGBmKSBlTCBkjELMAkGA1UEBhMC
+UEwxFDASBgNVBAgTC01hem93aWVja2llMRAwDgYDVQQKEwdTYW1zdW5nMQ0wCwYD
+VQQLEwRTUFJDMScwJQYDVQQDEx5PcGVyYXRvciBUZXN0IFJvb3QgQ2VydGlmaWNh
+dGUxIzAhBgkqhkiG9w0BCQEWFG9wZXJhdG9yQHNhbXN1bmcuY29tggkAhX3hxdne
+eh8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQC513JJCdhvYZRRQJ3D
+0yNTl7gS7svdV+YfonY4XUJRvakwGfdnW6hnSp6h8KkiFJR3Mid5N5wKD1KAFGIA
+lEWFO/2ttMMgRbq3kRqeOFEPm9XOdMe9SiGaLbVxC0LSlXJm/usRrWJEbDJOtAA3
+17jVS/Z0NnjWrmazym5C/8vC5g==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 85:7d:e1:c5:d9:de:7a:20
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=PL, ST=Mazowieckie, O=Samsung, OU=SPRC, CN=Operator Test Root Certificate/emailAddress=operator@samsung.com
+ Validity
+ Not Before: Jan 4 17:34:31 2011 GMT
+ Not After : Jan 4 17:34:31 2012 GMT
+ Subject: C=PL, ST=Malopolskie, L=Krakow, O=Samsung, OU=N/A, CN=Operator Test Second Level Certificate/emailAddress=second.operator@samsung.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ba:3c:58:ca:87:1e:59:68:54:8a:54:34:43:61:
+ f1:81:e6:35:c1:46:74:16:c7:ff:f9:15:9e:0c:5a:
+ 6a:89:c1:13:0c:61:2e:ba:00:e0:71:ea:7e:31:ae:
+ 4e:ef:93:58:51:98:97:f3:bf:8a:9b:b2:c1:b7:0c:
+ 5f:3f:56:b3:13:3b:d0:80:be:04:66:89:84:50:ca:
+ fe:f6:f7:6b:05:3b:30:4e:96:9c:5b:c5:80:bc:d6:
+ be:6e:69:f4:b9:9b:4c:06:7a:ed:37:67:b2:fe:45:
+ 69:57:62:54:cb:69:69:48:b9:7d:a0:42:f1:b6:dc:
+ f2:7f:eb:75:2a:d4:83:69:b9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ D9:F3:11:BF:98:5A:60:12:7A:85:B5:E7:A7:38:4F:CF:51:1D:C6:B2
+ X509v3 Authority Key Identifier:
+ keyid:25:A5:90:9F:4D:3A:A4:19:0A:80:46:5E:F3:FB:20:CE:56:30:33:DA
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 69:6c:26:81:51:91:a6:e6:11:dc:81:35:03:73:85:4f:2f:29:
+ 1f:20:f2:23:54:82:ca:8f:b8:a6:e3:3f:cd:72:5e:d7:e7:f5:
+ 84:8a:33:e2:51:9f:36:4b:30:85:f4:4f:87:c7:9a:69:0b:15:
+ 6e:92:c7:1f:2f:58:a4:57:f8:c2:cd:59:6c:d2:11:63:ae:bb:
+ b0:32:3f:09:e7:2e:ad:db:1b:fe:e7:a4:21:43:47:76:e1:de:
+ 36:bb:26:3f:16:76:20:ed:a4:68:c1:48:ae:2b:95:fb:f6:d2:
+ f2:7f:74:f6:83:e2:89:06:b5:89:54:6e:7f:cf:88:94:66:e8:
+ da:32
+-----BEGIN CERTIFICATE-----
+MIIDPjCCAqegAwIBAgIJAIV94cXZ3nogMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
+VQQGEwJQTDEUMBIGA1UECBMLTWF6b3dpZWNraWUxEDAOBgNVBAoTB1NhbXN1bmcx
+DTALBgNVBAsTBFNQUkMxJzAlBgNVBAMTHk9wZXJhdG9yIFRlc3QgUm9vdCBDZXJ0
+aWZpY2F0ZTEjMCEGCSqGSIb3DQEJARYUb3BlcmF0b3JAc2Ftc3VuZy5jb20wHhcN
+MTEwMTA0MTczNDMxWhcNMTIwMTA0MTczNDMxWjCBsTELMAkGA1UEBhMCUEwxFDAS
+BgNVBAgTC01hbG9wb2xza2llMQ8wDQYDVQQHEwZLcmFrb3cxEDAOBgNVBAoTB1Nh
+bXN1bmcxDDAKBgNVBAsTA04vQTEvMC0GA1UEAxMmT3BlcmF0b3IgVGVzdCBTZWNv
+bmQgTGV2ZWwgQ2VydGlmaWNhdGUxKjAoBgkqhkiG9w0BCQEWG3NlY29uZC5vcGVy
+YXRvckBzYW1zdW5nLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAujxY
+yoceWWhUilQ0Q2HxgeY1wUZ0Fsf/+RWeDFpqicETDGEuugDgcep+Ma5O75NYUZiX
+87+Km7LBtwxfP1azEzvQgL4EZomEUMr+9vdrBTswTpacW8WAvNa+bmn0uZtMBnrt
+N2ey/kVpV2JUy2lpSLl9oELxttzyf+t1KtSDabkCAwEAAaN7MHkwCQYDVR0TBAIw
+ADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
+HQYDVR0OBBYEFNnzEb+YWmASeoW156c4T89RHcayMB8GA1UdIwQYMBaAFCWlkJ9N
+OqQZCoBGXvP7IM5WMDPaMA0GCSqGSIb3DQEBBQUAA4GBAGlsJoFRkabmEdyBNQNz
+hU8vKR8g8iNUgsqPuKbjP81yXtfn9YSKM+JRnzZLMIX0T4fHmmkLFW6Sxx8vWKRX
++MLNWWzSEWOuu7AyPwnnLq3bG/7npCFDR3bh3ja7Jj8WdiDtpGjBSK4rlfv20vJ/
+dPaD4okGtYlUbn/PiJRm6Noy
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,44C051D8935528BB
+
+iISuf9ELdyP5M0vlWOK4msH09HRAhN+43qRu/RDznpsTs2lX2sJITXXEmJC4EJzS
+Zk4jf3ScTj1JsMGlg5k0mZWLmDb4kUxTRVUqJX2W4uUYEmWav7LQHRAsPwNUSMs3
+DzZabSf1vplnKKoL9mMtX4E0mj79AkJp7tARQu4Zn2FDMg/UnCErzhGeoFysztmM
+v0Biyrf8yTbatMMr7Ea6rIsKS8KbkEeYDk4LpxBXkMeOutnnUUdhUEXZ/mwgJq2e
++8LLPiWdFsrGxPdub7iuLXidXSpOd9VaC9LN/ORKF+EiJtF+twWSBotxYOtwmtgj
+xUHfXBcbaFoPnLKNS0nxwsOHF07LUfsCHzfVm1uGyWFkkLrPfcSjb6PahFlfO6w5
+fv8HnUOgeAjlhK6X+xhmw1tpwMUlmcYmq31eC8rwxP59jNQbhH6GVr5+rEMRHNgp
+loC1WqthoRtBEC0bi99VpIHVIepe9G+p40sIropoUWftfDSLl3RtONg5GyyZWQ4a
+ROxsiLHDZ7+q8eKkJuYPkiZ61/5MHuOsH5k57PG7ppG6/0p+ED4bTwxxDb6PU4pA
+08xUTZQ0CUn1x80o/lKw+1E9TJOTbCvrEJAnMksfOkNkNyedgDJaxfV63wYvnL4+
+BLzCqa6djpe0Mg2olQieV/piRUt7JaGA7bnaMAn+bJ56PzUnMl0/WlxzGTMtHjkf
+zUqgLLdxZpJP7zl4XleSfRWlPgL1iN1s84x48ej+MGgOGi7xTgX/sfCLkN4No/8k
+c5Po+lQU261XAYNuAjtjUFQP/FgIMM9CnJrDWp8xHZXUJBo0c5lOKg==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ c7:4a:82:f6:9d:1b:f6:7d
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=PL, ST=Maz, O=Samsung, OU=SPRC, CN=Samsung/emailAddress=samsung@samsung.com
+ Validity
+ Not Before: Oct 5 11:52:36 2011 GMT
+ Not After : Oct 4 11:52:36 2014 GMT
+ Subject: C=PL, ST=Maz, O=Samsung, OU=SPRC, CN=Samsung/emailAddress=samsung@samsung.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:93:c2:12:8b:3e:b1:69:fe:c8:7e:f1:fa:b0:03:
+ d7:bd:25:03:bb:14:70:ab:65:ff:8f:e9:38:14:2b:
+ 92:02:d9:e7:b4:78:60:a0:ce:b1:b8:b6:78:c5:af:
+ b3:83:3c:47:58:3d:1e:a0:78:69:4d:56:dd:8c:d8:
+ 20:27:b2:0d:9f:bf:f1:d4:e1:39:0f:1b:6f:b8:cd:
+ ca:f4:0b:fd:d7:cb:64:09:c7:6d:1e:e8:dd:89:43:
+ 7f:72:85:3d:9a:54:6e:7c:55:a0:da:f5:e9:28:01:
+ ec:3a:da:5a:18:45:fc:28:b1:0e:43:2c:4c:26:5c:
+ ca:bc:44:d9:ce:7d:5a:f2:f3
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 82:08:7F:DB:00:02:86:E8:53:2A:A5:FA:58:AE:67:7F:14:38:C8:60
+ X509v3 Authority Key Identifier:
+ keyid:82:08:7F:DB:00:02:86:E8:53:2A:A5:FA:58:AE:67:7F:14:38:C8:60
+ DirName:/C=PL/ST=Maz/O=Samsung/OU=SPRC/CN=Samsung/emailAddress=samsung@samsung.com
+ serial:C7:4A:82:F6:9D:1B:F6:7D
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 0f:cb:a3:cd:25:02:00:17:a9:c5:21:4a:6e:bb:ce:d9:14:74:
+ 23:29:c5:47:ff:02:91:5a:ee:a1:53:a7:e4:69:6f:f2:00:bc:
+ 09:87:80:f8:3b:a5:51:59:e9:20:1f:1d:5d:cb:91:eb:91:1e:
+ f4:79:bf:35:68:a5:ed:24:e5:28:dd:c9:1f:bf:53:f7:75:77:
+ 6c:fe:94:0c:de:9c:d9:8e:42:c6:7d:61:6b:5d:5d:ad:a7:6a:
+ e4:9b:53:2a:f7:85:9c:51:1d:72:5d:5c:2f:eb:f9:ff:80:4c:
+ 6d:46:e8:a0:2c:8a:6f:94:13:b2:00:47:2c:b0:b0:1c:12:fc:
+ a0:65
+-----BEGIN CERTIFICATE-----
+MIIDOjCCAqOgAwIBAgIJAMdKgvadG/Z9MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV
+BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT
+BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA
+c2Ftc3VuZy5jb20wHhcNMTExMDA1MTE1MjM2WhcNMTQxMDA0MTE1MjM2WjByMQsw
+CQYDVQQGEwJQTDEMMAoGA1UECBMDTWF6MRAwDgYDVQQKEwdTYW1zdW5nMQ0wCwYD
+VQQLEwRTUFJDMRAwDgYDVQQDEwdTYW1zdW5nMSIwIAYJKoZIhvcNAQkBFhNzYW1z
+dW5nQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTwhKL
+PrFp/sh+8fqwA9e9JQO7FHCrZf+P6TgUK5IC2ee0eGCgzrG4tnjFr7ODPEdYPR6g
+eGlNVt2M2CAnsg2fv/HU4TkPG2+4zcr0C/3Xy2QJx20e6N2JQ39yhT2aVG58VaDa
+9ekoAew62loYRfwosQ5DLEwmXMq8RNnOfVry8wIDAQABo4HXMIHUMB0GA1UdDgQW
+BBSCCH/bAAKG6FMqpfpYrmd/FDjIYDCBpAYDVR0jBIGcMIGZgBSCCH/bAAKG6FMq
+pfpYrmd/FDjIYKF2pHQwcjELMAkGA1UEBhMCUEwxDDAKBgNVBAgTA01hejEQMA4G
+A1UEChMHU2Ftc3VuZzENMAsGA1UECxMEU1BSQzEQMA4GA1UEAxMHU2Ftc3VuZzEi
+MCAGCSqGSIb3DQEJARYTc2Ftc3VuZ0BzYW1zdW5nLmNvbYIJAMdKgvadG/Z9MAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAD8ujzSUCABepxSFKbrvO2RR0
+IynFR/8CkVruoVOn5Glv8gC8CYeA+DulUVnpIB8dXcuR65Ee9Hm/NWil7STlKN3J
+H79T93V3bP6UDN6c2Y5Cxn1ha11dradq5JtTKveFnFEdcl1cL+v5/4BMbUbooCyK
+b5QTsgBHLLCwHBL8oGU=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D2942E015452A445
+
+0M/tC+qVDqyhNsxZZB/dGLuNxsStSUA7TRDRiSBee9JsvcFZjq03D/VjBakNIeET
+6efmKfAngomfvrWtxhped3RI4vasX05swfnr4qiUKjLPyftmNEepbNGeI8MaiD7a
+fEOZuAacstyS5RMHRBXrktq+jtXW2meQTuvEMBJf1AeAIuaFNvr3OvvpCtDwRffi
+1ijUVuG0ZQ6MpP7cGeqLYUZ9StTMxeiEesAPM4YrG7HIY13KaHwMr1ZRtENe7qZ8
+R8vwgW188FYkSSrcQjCVEuj/ztTg9eVuSKdTNgjfKzTWnlrjAzi8CKBsrkYoarwS
+6Rv3TqVVnx4HHdo9RIUKZPeLOdcMD1OPK7aOUedPTAcht3Y7SQQphBQypLf6PLKB
+DCo79B4TUA1W9MijT2d2GN7oJHqHax8zO2j+yCLkEcHF32JZsEFE63Bwss72FXMg
+mTmpCwyzR+oN93687JDUBAP9zNVd76ZnpzwlMZirB6QTY/lrH+iXLH3R3PO6cl2R
+0Jei4IQ1oB+SX6GOPt4tKGTqktUFhsJYbXyifj4O1ZyDVYTp0JafOLxJfU33oYTm
+278yshFdyHRgfKIHvqctZ1xJN2ioVcWf+9DprHc5kGb6wUKRVfQpipTS2hgbMBz+
+UWRZWq+CUD5QkTz4cSQfhPWQF6TNWpTQc0dvAlo3Cmxrro1PriDItsCOeydeNWvn
+Dyynx7ODp/F1rX5ekaXkVxsdGgD/HuNF+c7tEytD7U4/CmevytuXRIrFM0alj2OE
+aBFTqKicBoKgDV9VUOTKwuFeNV7MSuVDUnngEBeYrinwGa7wuV7tzA==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="AuthorSignature">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+ <Reference URI="config.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue>
+ </Reference>
+ <Reference URI="index.html">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue>
+ </Reference>
+ <Reference URI="#prop">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>MH34nIMXxv0fMQQ8bTV1wZUNLOrXTmpnxpADlNzmQ/4=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>fhh+VQq76Uodq4upHhvcC2tgbVY8bL9DiiSe9wn1O4YrIFKMnEEYqYmpQbL1puWU
+Zbht0hXpvEFXg1010q5kOZQxknqcyFg3hyVUpFDPARkJs1XhRNbFWJJF7qNXVgt5
+NyFrdXFv4lVFjkv+chSykaWu6V22z43E8kJcg+zGVU8=</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD
+ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ
+ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT
+b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx
+kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w
+DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV
+HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5
+IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE
+CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu
+MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN
+BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F
+08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT
+T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg
+6A==</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="prop">
+ <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties">
+ <SignatureProperty Id="profile" Target="#AuthorSignature">
+ <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/>
+ </SignatureProperty>
+ <SignatureProperty Id="role" Target="#AuthorSignature">
+ <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-author"/>
+ </SignatureProperty>
+ <SignatureProperty Id="identifier" Target="#AuthorSignature">
+ <dsp:Identifier/>
+ </SignatureProperty>
+ </SignatureProperties>
+ </Object>
+</Signature>
--- /dev/null
+<widget xmlns="http://www.w3.org/ns/widgets" id="Test Widget">
+ <name shortname="ShortName">Widget Name OK</name>
+ <version>1.2.3.4</version>
+ <description>A short description of widget</description>
+ <author>Author Name</author>
+</widget>
--- /dev/null
+<!doctype html>
+<title>Not tested</title>
+<body style="background-color:#666">
+<h1>None</h1>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="DistributorSignature">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+ <Reference URI="author-signature.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>ZLhd8X2rzCIDGHkIvpDbCXq+dwq+DK7ZZaDD/fII8RU=</DigestValue>
+ </Reference>
+ <Reference URI="config.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue>
+ </Reference>
+ <Reference URI="index.html">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue>
+ </Reference>
+ <Reference URI="#prop">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>ZxnfFPi1rAoxfpN98xSP3lv5tZg9ymJElAFdg3ejrXE=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>Dwm15jQbvUxe7fa7p4RVRAUzYY6eGQmDJSWXnv2LBbouch163OMaXgjKXWOLU+ZA
+MwwuUUXG44QvOIv5M3Kd/Pc6kwvyb9+xm8zqmFF/mhttmAHc7VjY5sfB+bYFt9/3
+8+upSqxiUGLXYzMD/9u4W9ociwAcLiOQytBF1/TCv/4=</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>MIIC4zCCAkygAwIBAgIJAMdKgvadG/Z+MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV
+BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT
+BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA
+c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIwMDUxWhcNMjExMDAyMTIwMDUxWjB4MQsw
+CQYDVQQGEwJQTDEMMAoGA1UECBMDTUFaMQwwCgYDVQQHEwNMZWcxDDAKBgNVBAoT
+A1NhbTENMAsGA1UECxMEU1BSQzEOMAwGA1UEAxMFRmlsaXAxIDAeBgkqhkiG9w0B
+CQEWEWZpbGlwQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDS/sS0wXSCb34ojN8bWFd4Pl9eTLHh18UNGsPpLpp4itdfuc/OgyqaSoDwBzVh
+EWAVLCTxexUa4Ncva+41NbkW4RCsFzeGs0ktpu1+8Q+v0QEOGqVF2rQkgilzDF/o
+O56Fxw9vG1OA+qdQd3yOAV2EqLNBPrEYB9K5GFyffrakSQIDAQABo3sweTAJBgNV
+HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
+Y2F0ZTAdBgNVHQ4EFgQUeyy3iV75KtOkpPFd6mnR9dFGZMwwHwYDVR0jBBgwFoAU
+ggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQADgYEADtv0CBrQ1QCM
+H9jKFjpSpq7zFKMXQeVtb/Zie823//woicg8kxnP5sS4dJWNXNb1iMLdhgV80g1y
+t3gTWPxTtFzprQyNiJHTmrbNWXLX1roRVGUE/I8Q4xexqpbNlJIW2Jjm/kqoKfnK
+xORG6HNPXZV29NY2fDRPPOIYoFQzrXI=</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="prop">
+ <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties">
+ <SignatureProperty Id="profile" Target="#DistributorSignature">
+ <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/>
+ </SignatureProperty>
+ <SignatureProperty Id="role" Target="#DistributorSignature">
+ <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"/>
+ </SignatureProperty>
+ <SignatureProperty Id="identifier" Target="#DistributorSignature">
+ <dsp:Identifier/>
+ </SignatureProperty>
+ </SignatureProperties>
+ </Object>
+</Signature>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="DistributorSignature">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
+ <Reference URI="author-signature.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>ZLhd8X2rzCIDGHkIvpDbCXq+dwq+DK7ZZaDD/fII8RU=</DigestValue>
+ </Reference>
+ <Reference URI="config.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue>
+ </Reference>
+ <Reference URI="index.html">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue>
+ </Reference>
+ <Reference URI="#prop">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>ZxnfFPi1rAoxfpN98xSP3lv5tZg9ymJElAFdg3ejrXE=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>fV1J/120GG5L7qsxEkyH6fBvQh2atlpiGMbVM1+pb8Q6pHib5beV6A==</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>MIIEDzCCA3igAwIBAgIJAMdKgvadG/Z/MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV
+BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT
+BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA
+c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIxMTMzWhcNMjExMDAyMTIxMTMzWjCBijEL
+MAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMRIwEAYDVQQHEwlsZWdp
+b25vd28xEDAOBgNVBAoTB3NhbXN1bmcxDTALBgNVBAsTBHNwcmMxDjAMBgNVBAMT
+BW1hZ2RhMSAwHgYJKoZIhvcNAQkBFhFtYWdkYUBzYW1zdW5nLmNvbTCCAbcwggEr
+BgcqhkjOOAQBMIIBHgKBgQC1PCOasFhlfMc1yjdcp7zkzXGiW+MpVuFlsdYwkAa9
+sIvNrQLi2ulxcnNBeCHKDbk7U+J3/QwO2XanapQMUqvfjfjL1QQ5Vf7ENUWPNP7c
+Evx82Nb5jWdHyRfV//TciBZN8GLNEbfhtWlhI6CbDW1AaY0nPZ879rSIk7/aNKZ3
+FQIVALcr8uQAmnV+3DLIA5nTo0Bg0bjLAoGAJG7meUtQbMulRMdjzeCoya2FXdm+
+4acvInE9/+MybXTB3bFANMyw6WTvk4K9RK8tm52N95cykTjpAbxqTMaXwkdWbOFd
+VKAKnyxi/UKtY9Q6NmwJB2hbA1GUzhPko8rEda66CGl0VbyM1lKMJjA+wp9pG110
+L0ov19Q9fvqKp5UDgYUAAoGBAKxAQg7MqCgkC0MJftYjNaKM5n1iZv4j1li49zKf
+Y5nTLP+vYAvg0owLNYvJ5ncKfY1DACPU4/+tC7TTua95wgj5rwvAXnzgSyOGuSr0
+fK9DyrH6E0LfXT+WuIQHahm2iSbxqPrChlnp5/EXDTBaO6Qfdpq0BP48ClZebxcA
++TYFo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmSpShswvWtEABd+l3WxccRcCydUw
+HwYDVR0jBBgwFoAUggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQAD
+gYEAgfnAu/gMJRC/BFwkgvrHL0TV4ffPVAf7RSnZS6ib4IHGgrvXJvL+Qh7vHykv
+ZIqD2L96nY2EaSNr0yXrT81YROndOQUJNx4Y/W8m6asu4hzANNZqWCbApPDIMK6V
+cPA1wrKgZqbWp218WBqI2v9pXV0O+jpzxq1+GeQV2UsbRwc=</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="prop">
+ <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties">
+ <SignatureProperty Id="profile" Target="#DistributorSignature">
+ <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/>
+ </SignatureProperty>
+ <SignatureProperty Id="role" Target="#DistributorSignature">
+ <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"/>
+ </SignatureProperty>
+ <SignatureProperty Id="identifier" Target="#DistributorSignature">
+ <dsp:Identifier/>
+ </SignatureProperty>
+ </SignatureProperties>
+ </Object>
+</Signature>
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file main.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of main
+ */
+#include <dpl/test/test_runner.h>
+#include <vcore/VCore.h>
+
+#include <libsoup/soup.h> // includes headers with g_type_init
+
+int main (int argc, char *argv[])
+{
+ g_type_init();
+// g_thread_init(NULL);
+ ValidationCore::VCoreInit(
+ "/usr/share/wrt-engine/fingerprint_list.xml",
+ "/usr/share/wrt-engine/fingerprint_list.xsd",
+ "/opt/dbspace/.vcore.db");
+ ValidationCore::AttachToThreadRW();
+ int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+ ValidationCore::DetachFromThread();
+ ValidationCore::VCoreDeinit();
+
+ return status;
+}
+
--- /dev/null
+#DB vcore
+PKG_CHECK_MODULES(VCORE_DB_DEP
+ dpl-efl
+ REQUIRED)
+
+ADD_CUSTOM_COMMAND(
+ OUTPUT ${CMAKE_BINARY_DIR}/vcore/src/database_checksum_vcore.h
+ COMMAND ${CMAKE_SOURCE_DIR}/vcore/src/orm/gen_db_md5.sh
+ ARGS ${CMAKE_BINARY_DIR}/vcore/src/database_checksum_vcore.h
+ ${CMAKE_SOURCE_DIR}/vcore/src/orm/vcore_db
+ DEPENDS ${CMAKE_SOURCE_DIR}/vcore/src/orm/vcore_db
+ ${CMAKE_SOURCE_DIR}/vcore/src/orm/gen_db_md5.sh
+ COMMENT "Generating VCORE database checksum"
+ )
+
+STRING(REPLACE ";" ":" DEPENDENCIES "${VCORE_DB_DEP_INCLUDE_DIRS}")
+
+ADD_CUSTOM_COMMAND( OUTPUT .cert_svc_vcore.db
+ COMMAND rm -f ${CMAKE_CURRENT_BINARY_DIR}/.cert_svc_vcore.db
+ COMMAND CPATH=${DEPENDENCIES} gcc -Wall -include ${CMAKE_BINARY_DIR}/vcore/src/database_checksum_vcore.h -I${PROJECT_SOURCE_DIR}/vcore/src/orm -E ${PROJECT_SOURCE_DIR}/vcore/src/orm/vcore_db_sql_generator.h | grep --invert-match "^#" > ${CMAKE_CURRENT_BINARY_DIR}/cert_svc_vcore_db.sql
+ COMMAND sqlite3 ${CMAKE_CURRENT_BINARY_DIR}/.cert_svc_vcore.db ".read ${CMAKE_CURRENT_BINARY_DIR}/cert_svc_vcore_db.sql" || rm -f ${CMAKE_CURRENT_BINARY_DIR}/.cert_svc_vcore.db
+ DEPENDS ${CMAKE_BINARY_DIR}/vcore/src/database_checksum_vcore.h ${PROJECT_SOURCE_DIR}/vcore/src/orm/vcore_db_sql_generator.h ${PROJECT_SOURCE_DIR}/vcore/src/orm/vcore_db
+ )
+
+ADD_CUSTOM_COMMAND( OUTPUT .cert_svc_vcore.db-journal
+ COMMAND touch
+ ARGS ${CMAKE_CURRENT_BINARY_DIR}/.cert_svc_vcore.db-journal
+ )
+
+ADD_CUSTOM_TARGET(Sqlite3DbVCORE ALL DEPENDS .cert_svc_vcore.db .cert_svc_vcore.db-journal)
+
+INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/cert_svc_vcore_db.sql
+ DESTINATION /usr/share/cert-svc/
+ )
+
+ADD_SUBDIRECTORY(src)
--- /dev/null
+
+
+
+PRAGMA foreign_keys = ON; BEGIN TRANSACTION;
+
+
+
+CREATE TABLE OCSPResponseStorage (
+ cert_chain TEXT not null,
+ end_entity_check INT ,
+ ocsp_status INT ,
+ next_update_time BIGINT ,
+ PRIMARY KEY(cert_chain, end_entity_check) ,
+
+
+CHECK(1) );
+
+CREATE TABLE CRLResponseStorage (
+ distribution_point TEXT primary key not null,
+ crl_body TEXT not null,
+ next_update_time BIGINT ,
+CHECK(1) );
+
+COMMIT;
+BEGIN TRANSACTION; CREATE TABLE DB_VERSION_6d8092083d41289ab1c349aeaad617bc (version INT); COMMIT;
+
+
--- /dev/null
+# == customized for cert-svc build script ==
+SET(API_VERSION ${VERSION_MAJOR})
+# ==========================================
+
+INCLUDE(FindPkgConfig)
+
+PKG_CHECK_MODULES(VCORE_DEPS
+ dpl-efl
+ dpl-db-efl
+ ecore
+ appcore-efl
+ libxml-2.0
+ libsoup-2.4
+ libpcre
+ libpcrecpp
+ openssl
+ xmlsec1
+ secure-storage
+ REQUIRED)
+
+SET(VCORE_DIR
+ ${PROJECT_SOURCE_DIR}/vcore
+ )
+
+SET(VCORE_SRC_DIR
+ ${VCORE_DIR}/src/vcore
+ )
+
+SET(VCORE_SOURCES
+ ${VCORE_SRC_DIR}/api.cpp
+ ${VCORE_SRC_DIR}/Base64.cpp
+ ${VCORE_SRC_DIR}/CachedCRL.cpp
+ ${VCORE_SRC_DIR}/CachedOCSP.cpp
+ ${VCORE_SRC_DIR}/Certificate.cpp
+ ${VCORE_SRC_DIR}/CertificateCacheDAO.cpp
+ ${VCORE_SRC_DIR}/CertificateCollection.cpp
+ ${VCORE_SRC_DIR}/CertificateConfigReader.cpp
+ ${VCORE_SRC_DIR}/CertificateLoader.cpp
+ ${VCORE_SRC_DIR}/CertificateVerifier.cpp
+ ${VCORE_SRC_DIR}/Config.cpp
+ ${VCORE_SRC_DIR}/CRL.cpp
+ ${VCORE_SRC_DIR}/CRLCacheDAO.cpp
+ ${VCORE_SRC_DIR}/Database.cpp
+ ${VCORE_SRC_DIR}/DeveloperModeValidator.cpp
+ ${VCORE_SRC_DIR}/OCSP.cpp
+ ${VCORE_SRC_DIR}/OCSPCertMgrUtil.cpp
+ ${VCORE_SRC_DIR}/OCSPUtil.c
+ ${VCORE_SRC_DIR}/ReferenceValidator.cpp
+ ${VCORE_SRC_DIR}/RevocationCheckerBase.cpp
+ ${VCORE_SRC_DIR}/SaxReader.cpp
+ ${VCORE_SRC_DIR}/SignatureFinder.cpp
+ ${VCORE_SRC_DIR}/SignatureReader.cpp
+ ${VCORE_SRC_DIR}/SignatureValidator.cpp
+ ${VCORE_SRC_DIR}/SoupMessageSendBase.cpp
+ ${VCORE_SRC_DIR}/SoupMessageSendSync.cpp
+ ${VCORE_SRC_DIR}/SoupMessageSendAsync.cpp
+ ${VCORE_SRC_DIR}/VerificationStatus.cpp
+ ${VCORE_SRC_DIR}/ValidatorFactories.cpp
+ ${VCORE_SRC_DIR}/VCore.cpp
+ ${VCORE_SRC_DIR}/XmlsecAdapter.cpp
+ ${VCORE_SRC_DIR}/pkcs12.c
+ )
+
+SET(VCORE_INCLUDES
+ ${VCORE_DEPS_INCLUDE_DIRS}
+ ${VCORE_SRC_DIR}
+ ${VCORE_DIR}/src
+ ${VCORE_DIR}/src/orm
+ ${VCORE_DIR}/src/legacy
+ ${CMAKE_BINARY_DIR}/vcore/src
+ )
+
+ADD_DEFINITIONS(${VCORE_DEPS_CFLAGS})
+ADD_DEFINITIONS(${VCORE_DEPS_CFLAGS_OTHER})
+ADD_DEFINITIONS("-DSEPARATED_SINGLETON_IMPLEMENTATION")
+ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
+
+INCLUDE_DIRECTORIES(${VCORE_INCLUDES})
+
+# cert-svc headers
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/include)
+
+ADD_LIBRARY(${TARGET_VCORE_LIB} SHARED ${VCORE_SOURCES})
+SET_TARGET_PROPERTIES(${TARGET_VCORE_LIB} PROPERTIES
+ SOVERSION ${API_VERSION}
+ VERSION ${VERSION})
+
+ADD_DEPENDENCIES(${TARGET_VCORE_LIB} Sqlite3DbWTF)
+
+SET_TARGET_PROPERTIES(${TARGET_VCORE_LIB} PROPERTIES
+ COMPILE_FLAGS -fPIC)
+
+TARGET_LINK_LIBRARIES(${TARGET_VCORE_LIB}
+ ${VCORE_DEPS_LIBRARIES}
+ cert-svc
+ )
+
+INSTALL(TARGETS ${TARGET_VCORE_LIB}
+ DESTINATION /usr/lib
+ PERMISSIONS OWNER_READ GROUP_READ WORLD_READ
+ )
+
+INSTALL(FILES
+ ${VCORE_SRC_DIR}/Base64.h
+ ${VCORE_SRC_DIR}/CachedCRL.h
+ ${VCORE_SRC_DIR}/CachedOCSP.h
+ ${VCORE_SRC_DIR}/Certificate.h
+ ${VCORE_SRC_DIR}/CertificateCacheDAO.h
+ ${VCORE_SRC_DIR}/CertificateCollection.h
+ ${VCORE_SRC_DIR}/CertificateConfigReader.h
+ ${VCORE_SRC_DIR}/CertificateLoader.h
+ ${VCORE_SRC_DIR}/CertificateStorage.h
+ ${VCORE_SRC_DIR}/CertificateVerifier.h
+ ${VCORE_SRC_DIR}/CertStoreType.h
+ ${VCORE_SRC_DIR}/Config.h
+ ${VCORE_SRC_DIR}/CRL.h
+ ${VCORE_SRC_DIR}/Database.h
+ ${VCORE_SRC_DIR}/DeveloperModeValidator.h
+ ${VCORE_SRC_DIR}/IAbstractResponseCache.h
+ ${VCORE_SRC_DIR}/OCSP.h
+ ${VCORE_SRC_DIR}/OCSPCertMgrUtil.h
+ ${VCORE_SRC_DIR}/ParserSchema.h
+ ${VCORE_SRC_DIR}/ReferenceValidator.h
+ ${VCORE_SRC_DIR}/RevocationCheckerBase.h
+ ${VCORE_SRC_DIR}/SaxReader.h
+ ${VCORE_SRC_DIR}/scoped_gpointer.h
+ ${VCORE_SRC_DIR}/SignatureData.h
+ ${VCORE_SRC_DIR}/SignatureFinder.h
+ ${VCORE_SRC_DIR}/SignatureReader.h
+ ${VCORE_SRC_DIR}/SignatureValidator.h
+ ${VCORE_SRC_DIR}/SoupMessageSendBase.h
+ ${VCORE_SRC_DIR}/SoupMessageSendSync.h
+ ${VCORE_SRC_DIR}/SoupMessageSendAsync.h
+ ${VCORE_SRC_DIR}/SSLContainers.h
+ ${VCORE_SRC_DIR}/VerificationStatus.h
+ ${VCORE_SRC_DIR}/ValidatorCommon.h
+ ${VCORE_SRC_DIR}/ValidatorFactories.h
+ ${VCORE_SRC_DIR}/VCore.h
+ ${VCORE_SRC_DIR}/XmlsecAdapter.h
+ DESTINATION /usr/include/cert-svc/vcore
+ PERMISSIONS OWNER_READ GROUP_READ WORLD_READ
+ )
+
+INSTALL(FILES
+ ${VCORE_DIR}/src/cert-svc/ccert.h
+ ${VCORE_DIR}/src/cert-svc/ccrl.h
+ ${VCORE_DIR}/src/cert-svc/cinstance.h
+ ${VCORE_DIR}/src/cert-svc/cerror.h
+ ${VCORE_DIR}/src/cert-svc/cocsp.h
+ ${VCORE_DIR}/src/cert-svc/cpkcs12.h
+ ${VCORE_DIR}/src/cert-svc/cprimitives.h
+ ${VCORE_DIR}/src/cert-svc/cstring.h
+ DESTINATION /usr/include/cert-svc/cert-svc
+ PERMISSIONS OWNER_READ GROUP_READ WORLD_READ
+ )
+
+#FILE(MAKE_DIRECTORY /opt/share/cert-svc/pkcs12)
--- /dev/null
+/**
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ccert.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief This is part of C api for ValidationCore.
+ */
+#ifndef _CERTSVC_CCERT_H_
+#define _CERTSVC_CCERT_H_
+
+#include <time.h>
+
+#include <cert-svc/cinstance.h>
+#include <cert-svc/cstring.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct CertSvcCertificate_t {
+ int privateHandler;
+ CertSvcInstance privateInstance;
+} CertSvcCertificate;
+
+typedef struct CertSvcCertificateList_t {
+ int privateHandler;
+ CertSvcInstance privateInstance;
+} CertSvcCertificateList;
+
+typedef enum CertSvcCertificateForm_t {
+/* CERTSVC_FORM_PEM, */
+ CERTSVC_FORM_DER,
+ CERTSVC_FORM_DER_BASE64
+} CertSvcCertificateForm;
+
+typedef enum CertSvcCertificateField_t {
+ CERTSVC_SUBJECT,
+ CERTSVC_SUBJECT_COMMON_NAME,
+ CERTSVC_SUBJECT_COUNTRY_NAME,
+ CERTSVC_SUBJECT_STATE_NAME,
+ CERTSVC_SUBJECT_ORGANIZATION_NAME,
+ CERTSVC_SUBJECT_ORGANIZATION_UNIT_NAME,
+ CERTSVC_ISSUER,
+ CERTSVC_ISSUER_COMMON_NAME,
+ CERTSVC_ISSUER_COUNTRY_NAME,
+ CERTSVC_ISSUER_STATE_NAME,
+ CERTSVC_ISSUER_ORGANIZATION_NAME,
+ CERTSVC_ISSUER_ORGANIZATION_UNIT_NAME,
+ CERTSVC_VERSION,
+ CERTSVC_SERIAL_NUMBER,
+ CERTSVC_KEY_USAGE,
+ CERTSVC_KEY,
+ CERTSVC_SIGNATURE_ALGORITHM
+} CertSvcCertificateField;
+
+/**
+ * Read certificate from file. Certificate must be in PEM/CER/DER format.
+ *
+ * @param[in] instance CertSvcInstance object.
+ * @param[in] location Path to file with certificate file.
+ * @param[out] certificate Certificate id assigned to loaded certificate.
+ * @return CERTSVC_SUCCESS, CERTSVC_BAD_ALLOC, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_certificate_new_from_file(CertSvcInstance instance,
+ const char *location,
+ CertSvcCertificate *certificate);
+
+/**
+ * Read certificate stored in memory.
+ *
+ * @param[in] instance CertSvcInstance object.
+ * @param[in] memory Pointer to memory with certificate data.
+ * @param[in] len Size of certificate.
+ * @param[in] form Certificate format.
+ * @param[out] certificate Certificate id assigned to loaded certificate.
+ * @return CERTSVC_SUCCESS, CERTSVC_BAD_ALLOC, CERTSVC_FAIL
+ */
+int certsvc_certificate_new_from_memory(CertSvcInstance instance,
+ const unsigned char *memory,
+ int len,
+ CertSvcCertificateForm form,
+ CertSvcCertificate *certificate);
+
+/**
+ * Free structures connected with certificate.
+ *
+ * @param[in] certificate Certificate id.
+ */
+void certsvc_certificate_free(CertSvcCertificate certificate);
+
+/**
+ * Save certificate to file. It saves certificate in DER format.
+ *
+ * @param[in] certificate Certificate id.
+ * @param[in] location Path to file.
+ * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_certificate_save_file(CertSvcCertificate certificate, const char *location);
+
+/**
+ * Search certificate with specific data. Result is stored in CertSvcInstance.
+ * This function will erase all preverious results stored in CertSvcInstance but
+ * it will not erase any CertSvcCertificate.
+ *
+ * You can search by fields: CERTSVC_SUBJECT, CERTSVC_ISSUER, CERTSVC_SUBJECT_COMMON_NAME
+ *
+ * @param[in] instance CertSvcInstance object.
+ * @param[in] field Certificate filed name.
+ * @param[in] value Value to search for.
+ * @param[out] handler Handler to search result.
+ * @return CERTSVC_SUCCESS, CERTSVC_BAD_ALLOC, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_certificate_search(CertSvcInstance instance,
+ CertSvcCertificateField field,
+ const char *value,
+ CertSvcCertificateList *handler);
+
+/**
+ * This function will return certificate id founded by certsvc_certificate_search.
+ * You can call this function multiple times to get all results.
+ *
+ * @param[in] hadler Hander to search results.
+ * @param[in] position
+ * @param[out] certificate Certficate id.
+ * @return CERTSVC_SUCCESS, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_certificate_list_get_one(CertSvcCertificateList handler,
+ int position,
+ CertSvcCertificate *certificate);
+
+/**
+ * Return number of elements on the list.
+ *
+ * @param[in] handler Handler to certifiacte list.
+ * @param[out] length Size of list.
+ * @return CERTSVC_SUCCESS, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_certificate_list_get_length(CertSvcCertificateList handler,
+ int *size);
+
+/**
+ * This function will free list. It will not free certificates on the list.
+ * You may free each certificate with certsvc_certificate_free.
+ *
+ * @param[in] handler Handler to search result.
+ */
+void certsvc_certificate_list_free(CertSvcCertificateList handler);
+
+/**
+ * Compare parent certificate subject with child issuer field.
+ *
+ * @param[in] child
+ * @param[in] parent
+ * @param[out] status CERTSVC_TRUE if "signer" was used to sign "child" certificate in other cases it will return CERTSVC_FALSE.
+ * @return CERTSVC_SUCCESS, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_certificate_is_signed_by(CertSvcCertificate child,
+ CertSvcCertificate parent,
+ int *status);
+
+/**
+ * Extract specific data from certificate. Data in buffer could be free
+ * by certsvc_free_string function or by
+ * certsvc_instance_free or vcore_instance_reset.
+ *
+ * @param[in] certificate Certificate id.
+ * @param[in] field Type of data to extract.
+ * @param[out] buffer Extracted data.
+ * return CERTSVC_SUCCESS, CERTSVC_BAD_ALLOC, CERTSVC_FAIL
+ */
+int certsvc_certificate_get_string_field(CertSvcCertificate certificate,
+ CertSvcCertificateField field,
+ CertSvcString *buffer);
+
+/**
+ * Extract NOT AFTER data from certificate.
+ *
+ * @param[in] certificate Certificate id.
+ * @param[out] result date
+ * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_certificate_get_not_after(CertSvcCertificate certificate, time_t *result);
+
+/**
+ * Extract NOT AFTER data from certificate.
+ *
+ * @param[in] certificate Certificate id.
+ * @param[out] result date
+ * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_certificate_get_not_before(CertSvcCertificate certificate, time_t *result);
+
+/**
+ * Check certificate. This fuction compares SUBJECT and ISSUER fields.
+ * TODO: This fuction should also check ROOTCA field in certificate.
+ *
+ * @param[in] certificate Certificate id.
+ * @param[out] status CERTSVC_TRUE or CERTSVC_FALSE
+ * @return CERTSVC_SUCCESS, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_certificate_is_root_ca(CertSvcCertificate certificate, int *status);
+
+/**
+ * Extract all distribution point from certificate.
+ *
+ * @param[in] certificate Certificate with distribution points.
+ * @param[out] hander Handler to set of string.
+ * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
+ *
+ * Usage example:
+ *
+ * int max;
+ * CertSvcStringList handler;
+ * certsvc_certificate_get_crl_distribution_points(instance, some_certificate, &handler);
+ * certsvc_certificate_list_get_length(handler, &max);
+ * for(int i=0; i<max; ++i)
+ * char *buffer;
+ * int len;
+ * CertSvcString string;
+ * certsvc_string_list_get_one(handler, i, &string);
+ * printf("%s\n", buffer);
+ * certsvc_string_free(buffer); // optional
+ * }
+ * certsvc_string_list_free(handler); // optional
+ */
+int certsvc_certificate_get_crl_distribution_points(CertSvcCertificate certificate,
+ CertSvcStringList *handler);
+
+/**
+ * Sort certificates chain. This fuction modifies certificate_array.
+ *
+ * If function success:
+ * * certificate array will contain end entity certificate as first element
+ * * last element on the certificate_array will contain Root CA certificate or
+ * CA certificate (if Root CA is not present).
+ *
+ * @param[in/out] certificate_array
+ * @param[in] size Size of certificate_array
+ * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT, CERTSVC_BAD_ALLOC
+ */
+int certsvc_certificate_chain_sort(CertSvcCertificate *unsortedChain, int size);
+
+/**
+ * Base64 string will be connected with same instance as message.
+ * You can free base64 string with certsvc_string_free (or certsvc_instance_reset).
+ *
+ * @param[in] message Buffer with input data.
+ * @param[out] base64 Buffer with output data.
+ * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_base64_encode(CertSvcString message, CertSvcString *base64);
+
+/**
+ * Message string will be connected with same certsvc instance as base64.
+ * You can free base64 string with certsvc_string_free (or certsvc_instance_reset).
+ *
+ * @param[in] base64 Buffer with input data.
+ * @param[out] message Buffer with output data.
+ * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_base64_decode(CertSvcString base64, CertSvcString *message);
+
+/**
+ * Use certificate to verify message.
+ *
+ * @param[in] certificate
+ * @param[in] message
+ * @param[in] algorithm May be set to NULL.
+ * @param[out] status Will be set only if function return CERTSVC_SUCCESS.
+ * It could be set to: CERTSVC_SUCCESS, CERTSVC_INVALID_SIGNATURE
+ * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT, CERTSVC_INVALID_ALGORITHM
+ */
+int certsvc_message_verify(
+ CertSvcCertificate certificate,
+ CertSvcString message,
+ CertSvcString signature,
+ const char *algorithm,
+ int *status);
+
+/**
+ * This function will create full chain and verify in.
+ *
+ * First argument of function will be treatet as endentity certificate.
+ *
+ * This function will success if root CA certificate is stored in
+ * trusted array.
+ *
+ * @param[in] certificate Certificate to verify.
+ * @param[in] trusted Array with trusted certificates.
+ * @param[in] trustedSize Number of trusted certificates in array.
+ * @param[in] untrusted Array with untrusted certificates.
+ * @param[in] untrustedSize Number of untrusted certificate in array.
+ * @param[out] status Will be set only if function return CERTSVC_SUCCESS.
+ * It could be set to: CERTSVC_SUCCESS, CERTSVC_FAIL
+ * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_certificate_verify(
+ CertSvcCertificate certificate,
+ CertSvcCertificate *trusted,
+ int trustedSize,
+ CertSvcCertificate *untrusted,
+ int untrustedSize,
+ int *status);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
--- /dev/null
+/**
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ccrl.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief This is part of C api for ValidationCore.
+ */
+#ifndef _CERTSVC_CCRL_H_
+#define _CERTSVC_CCRL_H_
+
+#include <time.h>
+
+#include <cert-svc/ccert.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define CERTSVC_CRL_GOOD (1<<0)
+#define CERTSVC_CRL_REVOKED (1<<1)
+#define CERTSVC_CRL_VERIFICATION_ERROR (1<<3)
+#define CERTSVC_CRL_NO_SUPPORT (1<<4)
+
+typedef void (*CertSvcCrlCacheWrite)(
+ const char *distributionPoint,
+ const char *body,
+ int bodySize,
+ time_t nextUpdateTime,
+ void *userParam);
+
+typedef int (*CertSvcCrlCacheRead)(
+ const char *distributionPoint,
+ char **body,
+ int *bodySize,
+ time_t *nextUpdateTime,
+ void *userParam);
+
+typedef void (*CertSvcCrlFree)(
+ char *buffer,
+ void *userParam);
+
+void certsvc_crl_cache_functions(
+ CertSvcInstance instance,
+ CertSvcCrlCacheWrite writePtr,
+ CertSvcCrlCacheRead readPtr,
+ CertSvcCrlFree freePtr);
+
+int certsvc_crl_check(
+ CertSvcCertificate certificate,
+ CertSvcCertificate *trustedStore,
+ int storeSize,
+ int force,
+ int *status,
+ void *userParam);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
--- /dev/null
+/**
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file cerror.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief This is part of C api for ValidationCore.
+ */
+
+#ifndef _CERTSVC_CERROR_H_
+#define _CERTSVC_CERROR_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define CERTSVC_TRUE (1)
+#define CERTSVC_FALSE (0)
+
+#define CERTSVC_SUCCESS (1)
+#define CERTSVC_FAIL (0) /* Openssl internal error. */
+#define CERTSVC_BAD_ALLOC (-2) /* Memmory allcation error. */
+//#define CERTSVC_FILE_NOT_FOUND (-3) /* Certificate file does not exists. */
+#define CERTSVC_WRONG_ARGUMENT (-4) /* Function argumnet is wrong. */
+#define CERTSVC_INVALID_ALGORITHM (-5) /* Algorithm is not supported. */
+#define CERTSVC_INVALID_SIGNATURE (-6) /* Signature and message does not match. */
+#define CERTSVC_IO_ERROR (-7) /* Certificate file IO error. */
+#define CERTSVC_INVALID_PASSWORD (-8) /* Certificate container password mismatch. */
+#define CERTSVC_DUPLICATED_ALIAS (-9) /* User-provided alias is aleady taken. */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // _CERTSVC_CERROR_H_
--- /dev/null
+/**
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file cinstance.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief This is part of C api for ValidationCore.
+ */
+#ifndef _CERTSVC_CINSTANCE_H_
+#define _CERTSVC_CINSTANCE_H_
+
+#include <cert-svc/cerror.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct CertSvcInstance_t {
+ void *privatePtr;
+} CertSvcInstance;
+
+/**
+ * Allocate internal data of CertSvc library and put it in the CertSvcInstance structure.
+ * Initialize Openssl interanal structures, initialize all structures required by libsoup
+ * (libsoup is used by ocps and crl functions).
+ *
+ * @param[out] instance Pointer to CertSvcInstance.
+ * @return CERTSVC_SUCCESS or CERTSVC_FAIL.
+ */
+int certsvc_instance_new(CertSvcInstance *instance);
+
+/**
+ * This function will free all allocated data. All certificate identificator will
+ * be released and all strings allocated by certsvc_certificate_get_string field will be
+ * released also.
+ *
+ * This fucntion does not release CertSvcInstnace!
+ *
+ * Plese note: It is safe to use this function after use certsvc_string_free.
+ *
+ * @param[in] instance CertSvcInstance object.
+ */
+void certsvc_instance_reset(CertSvcInstance instance);
+
+/**
+ * This function will free all allocated data. All certificate identificator will
+ * be released and all strings allocated by certsvc_certificate_get_string field will be
+ * released also.
+ *
+ * This fucntion also release CertSvcInstnace!
+ *
+ * Please note: It is safe use this function after use certsvc_string_free.
+ *
+ * @param[in] instance CertSvcInstance object
+ */
+void certsvc_instance_free(CertSvcInstance instance);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // _CERTSVC_CINSTANCE_H_
+
--- /dev/null
+/**
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file cocsp.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief This is C api for ValidationCore.
+ */
+#ifndef _CERTSVC_OCSP_C_API_H_
+#define _CERTSVC_OCSP_C_API_H_
+
+#include <time.h>
+
+#include <cert-svc/ccert.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define CERTSVC_OCSP_GOOD (1<<0)
+#define CERTSVC_OCSP_REVOKED (1<<1)
+#define CERTSVC_OCSP_UNKNOWN (1<<2)
+#define CERTSVC_OCSP_VERIFICATION_ERROR (1<<3)
+#define CERTSVC_OCSP_NO_SUPPORT (1<<4)
+#define CERTSVC_OCSP_ERROR (1<<5)
+
+/**
+ * Implementation of ocsp call.
+ *
+ * Please note: to verify certificate you need certificate and his parrent.
+ * This function will always verify chain_size-1 certificates from the chain.
+ *
+ * @param[in] chain Certificate to check.
+ * @param[in] chain_size Size of certificate_array
+ * @param[in] trusted Store with trusted certificates (additional certificates
+ * that may by reqired during verification process).
+ * @param[in] trusted_size Size of trusted certificate store.
+ * @param[in] url Force OCSP to use specific server. Pass NULL to use OCSP server defined in certificate.
+ * @param[out] status Bit field with description of chain validation.
+ * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_ocsp_check(CertSvcCertificate *chain,
+ int chainSize,
+ CertSvcCertificate *trusted,
+ int truestedSize,
+ const char *url,
+ int *status);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/**
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file cpkcs12.h
+ * @author Jacek Migacz (j.migacz@samsung.com)
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @brief This is part of C api for PKCS#12/PFX storage routines.
+ */
+#ifndef _CERTSVC_CPKCS12_H_
+#define _CERTSVC_CPKCS12_H_
+
+#include <cert-svc/cinstance.h>
+#include <cert-svc/cstring.h>
+#include <cert-svc/ccert.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Query PKCS#12 storage to find out whenever new alias proposal is unique.
+ *
+ * @param[in] instance CertSvcInstance object.
+ * @param[in] proposal Desired alias name.
+ * @param[out] is_unique CERTSVC_TRUE (if there isn't such alias already) or CERTSVC_FALSE.
+ * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_pkcs12_alias_exists(CertSvcInstance instance,
+ CertSvcString alias,
+ int *is_unique);
+
+/**
+ * Import PKCS#12 container from file.
+ *
+ * @param[in] instance CertSvcInstance object.
+ * @param[in] path Path to container file.
+ * @param[in] password Container password (can be empty or NULL).
+ * @param[in] alias Logical name for certificate bundle idenification (can't be empty).
+ * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_INVALID_PASSWORD, CERTSVC_WRONG_ARGUMENT, CERTSVC_DUPLICATED_ALIAS
+ */
+int certsvc_pkcs12_import_from_file(CertSvcInstance instance,
+ CertSvcString path,
+ CertSvcString password,
+ CertSvcString alias);
+
+/**
+ * Get a list of PKCS#12 bundles from storage. This list could be freed by:
+ * certsvc_string_list_free, certsvc_instance_reset, certsvc_instance_free.
+ *
+ * @param[in] instance CertSvcInstance object.
+ * @param[out] pfxIdStringList List of PKCS#12 aliases.
+ * @return CERTSVC_SUCCESS, CERTSVC_BAD_ALLOC, CERTSVC_FAIL
+ */
+int certsvc_pkcs12_get_id_list(CertSvcInstance instance,
+ CertSvcStringList *pfxIdStringList);
+
+/**
+ * Check whenever PKCS#12 container is password protected.
+ *
+ * @param[in] instance CertSvcInstance object.
+ * @param[in] path Path to container file.
+ * @param[out] has_password CERTSVC_TRUE (if container is password protected) or CERTSVC_FALSE.
+ * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_pkcs12_has_password(CertSvcInstance instance,
+ CertSvcString filepath,
+ int *has_password);
+
+/**
+ * Get a list of certificates from PKCS#12 bundle. You may free this list by:
+ * certsvc_certificate_list_free. You may free certificates from list with:
+ * certsvc_certificate_free.
+ *
+ * @param[in] instance CertSvcInstance object.
+ * @param[in] pfxIdString Identification of pfx/pkcs file.
+ * @param[out] certificateList List of certificates.
+ * @return CERTSVC_SUCCESS, CERTSVC_BAD_ALLOC, CERTSVC_FAIL, CERTSVC_IO_ERROR
+ */
+int certsvc_pkcs12_load_certificate_list(CertSvcInstance instance,
+ CertSvcString alias,
+ CertSvcCertificateList* certificateList);
+
+/**
+ * This function will load to memory private file content. This functin will
+ * not parse it in any way.
+ * This memory must be freed by certsvc_private_key_free.
+ *
+ * @param[in] instance CertSvcInstance object.
+ * @param[in] prfIdString Container bundle identifier.
+ * @param[out] buffer Poiner to newly-allocated memory with private key data.
+ * @param[out] size Size of the newly-allocated buffer.
+ * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_pkcs12_private_key_dup(CertSvcInstance instance,
+ CertSvcString alias,
+ char **buffer,
+ int *size);
+
+/**
+ * Couter-routine for certsvc_pkcs12_private_key_dup.
+ *
+ * @param[in] pointer Memory claimed by private key.
+ */
+void certsvc_pkcs12_private_key_free(char *buffer);
+
+/**
+ * Remove logical PKCS#12 container with associated certificates and private key.
+ *
+ * @param[in] instance CertSvcInstance object.
+ * @param[in] alias Container bundle identifier.
+ * @return CERTSVC_SUCCESS, CERTSVC_IO_ERROR, CERTSVC_BAD_ALLOC
+ */
+int certsvc_pkcs12_delete(CertSvcInstance instance,
+ CertSvcString alias);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/**
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file vcore_api_extension.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief This is C api for ValidationCore.
+ */
+#ifndef _CERTSVC_C_API_EXTENDED_H_
+#define _CERTSVC_C_API_EXTENDED_H_
+
+#include <openssl/x509.h>
+
+#include <cert-svc/ccert.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * This will return X509 struct(openssl base struct). This struct must be release by function
+ * certsvc_certificate_free_x509.
+ *
+ * vcore_instance_free or vcore_instance_reset will not free memory allocated by this function!
+ *
+ * @param[in] certificate Pointer to certificate.
+ * @param[out] cert Duplicate of certificate.
+ * @return X509 CERTSVC_SUCCESS, CERTSVC_WRONG_ARGUMENT, CERTSVC_FAIL
+ */
+int certsvc_certificate_dup_x509(CertSvcCertificate certificate, X509** cert);
+
+/**
+ * Release X509 struct allocated by certsvc_certificate_new_x509_copy function.
+ *
+ * @param[in] x509_copy Pointer to openssl struct.
+ */
+void certsvc_certificate_free_x509(X509 *x509_copy);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/**
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file cstring.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief This is part of C api for ValidationCore.
+ */
+#ifndef _CERTSVC_CSTRING_H_
+#define _CERTSVC_CSTRING_H_
+
+#include <cert-svc/cinstance.h>
+#include <cert-svc/cstring.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+typedef struct CertSvcStringList_t {
+ int privateHandler;
+ CertSvcInstance privateInstance;
+} CertSvcStringList;
+
+typedef struct CertSvcString_t {
+ char* privateHandler;
+ int privateLength;
+ CertSvcInstance privateInstance;
+} CertSvcString;
+
+/**
+ * This function will duplicate input data. Data in ouput string will be managed by certsvc.
+ *
+ * @param[in] instance CertSvcString will be conected with this instance.
+ * @param[in] input Input data.
+ * @param[in] size Input buffer size.
+ * @param[out] output Buffer with output data.
+ * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_string_new(
+ CertSvcInstance instance,
+ const char *input,
+ int size,
+ CertSvcString *output);
+
+/**
+ * This function wont duplicate input data. Output param will contain pointer to input
+ * so input could not be free as long as ouput param is used.
+ *
+ * @param[in] instance CertSvcString will be conected with this instance.
+ * @param[in] input Input data.
+ * @param[in] size Input buffer size.
+ * @param[out] output Buffer with output data.
+ * @return CERTSVC_SUCCESS, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_string_not_managed(
+ CertSvcInstance instance,
+ const char *input,
+ int size,
+ CertSvcString *output);
+
+/**
+ * Extract next result from result set. Function certsvc_string_list_free
+ * does not free results returned by this function. CertSvcString is valid
+ * until certsvc_string_free or vcore_instance_reset or vcore_instance_free
+ * is called.
+ *
+ * @param[in] handler Handler to set of strings.
+ * @param[out] buffer The buffer will be pointing to string with distrubution point url or will be set to NULL if error occures.
+ * @param[out] size Size of data pointed by buffer or 0 if error occures.
+ * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT, CERTSVC_BAD_ALLOC
+ */
+int certsvc_string_list_get_one(CertSvcStringList hander,
+ int position,
+ CertSvcString *buffer);
+
+/**
+ * Extract CertSvcStringList size.
+ *
+ * @param[in] handler Handler to string list.
+ * @param[out] size Number of elements on the list.
+ * @return CERTSVC_SUCCESS, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_string_list_get_length(CertSvcStringList hander,int *size);
+
+/**
+ * Free data.
+ *
+ * @param[in] string Data allocated by certsvc_certificate_get_string_field
+ */
+void certsvc_string_free(CertSvcString string);
+
+/**
+ * Free string list.
+ *
+ * Note: This function does not free strings returned by certsvc_string_list_get_one_result.
+ *
+ * @param[in] handler String set handler.
+ */
+void certsvc_string_list_free(CertSvcStringList handler);
+
+/**
+ * Convert CertSvcStringPtr into pure c pointer. Please note that this pointer is valid as long as CertSvcString is valid.
+ *
+ * @param[in] string CertSvcStringPtr.
+ * @param[out] buffer cstring
+ * @param[out] len Length of cstring
+ */
+void certsvc_string_to_cstring(CertSvcString string, const char **buffer, int *len);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
--- /dev/null
+Scripts required to create vcoredatabase.
--- /dev/null
+#!/bin/sh
+CHECKSUM=`cat ${2} ${3} 2>/dev/null | md5sum 2>/dev/null | cut -d\ -f1 2>/dev/null`
+echo "#define DB_CHECKSUM DB_VERSION_${CHECKSUM}" > ${1}
+echo "#define DB_CHECKSUM_STR \"DB_VERSION_${CHECKSUM}\"" >> ${1}
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ORM_GENERATOR_VCORE_H
+#define ORM_GENERATOR_VCORE_H
+
+#define ORM_GENERATOR_DATABASE_NAME vcore_db_definitions
+#include <dpl/db/orm_generator.h>
+#undef ORM_GENERATOR_DATABASE_NAME
+
+#endif // ORM_GENERATOR_VCORE_H
--- /dev/null
+SQL(
+ PRAGMA foreign_keys = ON;
+ BEGIN TRANSACTION;
+)
+CREATE_TABLE(OCSPResponseStorage)
+ COLUMN_NOT_NULL(cert_chain, TEXT,)
+ COLUMN(end_entity_check, INT,)
+ COLUMN(ocsp_status, INT,)
+ COLUMN(next_update_time, BIGINT,)
+ TABLE_CONSTRAINTS(
+ PRIMARY KEY(cert_chain, end_entity_check)
+ )
+CREATE_TABLE_END()
+
+CREATE_TABLE(CRLResponseStorage)
+ COLUMN_NOT_NULL(distribution_point,TEXT, primary key)
+ COLUMN_NOT_NULL(crl_body, TEXT,)
+ COLUMN(next_update_time, BIGINT,)
+CREATE_TABLE_END()
+
+SQL(
+ COMMIT;
+)
--- /dev/null
+DATABASE_START(vcore)
+
+#include "vcore_db"
+#include "version_db"
+
+DATABASE_END()
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//Do not include this file directly! It is used only for SQL code generation.
+
+#include <dpl/db/orm_macros.h>
+
+#include "vcore_db_definitions"
--- /dev/null
+SQL(
+ BEGIN TRANSACTION;
+ CREATE TABLE DB_CHECKSUM (version INT);
+ COMMIT;
+)
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <algorithm>
+#include <string>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+
+#include <dpl/log/log.h>
+#include <dpl/scoped_free.h>
+
+#include "Base64.h"
+
+namespace ValidationCore {
+Base64Encoder::Base64Encoder() :
+ m_b64(0),
+ m_bmem(0),
+ m_finalized(false)
+{
+}
+
+void Base64Encoder::append(const std::string &data)
+{
+ if (m_finalized) {
+ LogWarning("Already finalized.");
+ ThrowMsg(Exception::AlreadyFinalized, "Already finalized");
+ }
+
+ if (!m_b64) {
+ reset();
+ }
+ BIO_write(m_b64, data.c_str(), data.size());
+}
+
+void Base64Encoder::finalize()
+{
+ if (m_finalized) {
+ LogWarning("Already finalized.");
+ ThrowMsg(Exception::AlreadyFinalized, "Already finalized.");
+ }
+ m_finalized = true;
+ BIO_flush(m_b64);
+}
+
+std::string Base64Encoder::get()
+{
+ if (!m_finalized) {
+ LogWarning("Not finalized");
+ ThrowMsg(Exception::NotFinalized, "Not finalized");
+ }
+ BUF_MEM *bptr = 0;
+ BIO_get_mem_ptr(m_b64, &bptr);
+ if (bptr == 0) {
+ LogError("Bio internal error");
+ ThrowMsg(Exception::InternalError, "Bio internal error");
+ }
+
+ if (bptr->length > 0) {
+ return std::string(bptr->data, bptr->length - 1);
+ }
+ return std::string();
+}
+
+void Base64Encoder::reset()
+{
+ m_finalized = false;
+ BIO_free_all(m_b64);
+ m_b64 = BIO_new(BIO_f_base64());
+ m_bmem = BIO_new(BIO_s_mem());
+ if (!m_b64 || !m_bmem) {
+ LogError("Error during allocation memory in BIO");
+ ThrowMsg(Exception::InternalError,
+ "Error during allocation memory in BIO");
+ }
+ m_b64 = BIO_push(m_b64, m_bmem);
+}
+
+Base64Encoder::~Base64Encoder()
+{
+ BIO_free_all(m_b64);
+}
+
+Base64Decoder::Base64Decoder() :
+ m_finalized(false)
+{
+}
+
+void Base64Decoder::append(const std::string &data)
+{
+ if (m_finalized) {
+ LogWarning("Already finalized.");
+ ThrowMsg(Exception::AlreadyFinalized, "Already finalized.");
+ }
+ m_input.append(data);
+}
+
+static bool whiteCharacter(char a)
+{
+ if (a == '\n') { return true; }
+ return false;
+}
+
+bool Base64Decoder::finalize()
+{
+ if (m_finalized) {
+ LogWarning("Already finalized.");
+ ThrowMsg(Exception::AlreadyFinalized, "Already finalized.");
+ }
+
+ m_finalized = true;
+
+ m_input.erase(std::remove_if(m_input.begin(),
+ m_input.end(),
+ whiteCharacter),
+ m_input.end());
+
+ for (size_t i = 0; i<m_input.size(); ++i) {
+ if (isalnum(m_input[i])
+ || m_input[i] == '+'
+ || m_input[i] == '/'
+ || m_input[i] == '=')
+ {
+ continue;
+ }
+ LogError("Base64 input contains illegal chars: " << m_input[i]);
+ return false;
+ }
+
+ BIO *b64, *bmem;
+ size_t len = m_input.size();
+
+ DPL::ScopedFree<char> buffer(static_cast<char*>(malloc(len)));
+
+ if (!buffer) {
+ LogError("Error in malloc.");
+ ThrowMsg(Exception::InternalError, "Error in malloc.");
+ }
+
+ memset(buffer.Get(), 0, len);
+ b64 = BIO_new(BIO_f_base64());
+ if (!b64) {
+ LogError("Couldn't create BIO object.");
+ ThrowMsg(Exception::InternalError, "Couldn't create BIO object.");
+ }
+ BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+ DPL::ScopedFree<char> tmp(strdup(m_input.c_str()));
+ m_input.clear();
+
+ bmem = BIO_new_mem_buf(tmp.Get(), len);
+
+ if (!bmem) {
+ BIO_free(b64);
+ LogError("Internal error in BIO");
+ ThrowMsg(Exception::InternalError, "Internal error in BIO");
+ }
+
+ bmem = BIO_push(b64, bmem);
+
+ if (!bmem) {
+ BIO_free(b64);
+ LogError("Internal error in BIO");
+ ThrowMsg(Exception::InternalError, "Internal error in BIO");
+ }
+
+ int readlen = BIO_read(bmem, buffer.Get(), len);
+ m_output.clear();
+
+ bool status = true;
+
+ if (readlen > 0) {
+ m_output.append(buffer.Get(), readlen);
+ } else {
+ status = false;
+ }
+
+ BIO_free_all(bmem);
+ return status;
+}
+
+std::string Base64Decoder::get() const
+{
+ if (!m_finalized) {
+ LogWarning("Not finalized.");
+ ThrowMsg(Exception::NotFinalized, "Not finalized");
+ }
+ return m_output;
+}
+
+void Base64Decoder::reset()
+{
+ m_finalized = false;
+ m_input.clear();
+ m_output.clear();
+}
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _BASE64_H_
+#define _BASE64_H_
+
+#include <string>
+#include <dpl/noncopyable.h>
+#include <dpl/exception.h>
+
+struct bio_st;
+typedef bio_st BIO;
+
+namespace ValidationCore {
+class Base64Encoder : public DPL::Noncopyable
+{
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, InternalError)
+ DECLARE_EXCEPTION_TYPE(Base, NotFinalized)
+ DECLARE_EXCEPTION_TYPE(Base, AlreadyFinalized)
+ };
+ Base64Encoder();
+ void append(const std::string &data);
+ void finalize();
+ std::string get();
+ void reset();
+ ~Base64Encoder();
+
+ private:
+ BIO *m_b64;
+ BIO *m_bmem;
+ bool m_finalized;
+};
+
+class Base64Decoder : public DPL::Noncopyable
+{
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, InternalError)
+ DECLARE_EXCEPTION_TYPE(Base, NotFinalized)
+ DECLARE_EXCEPTION_TYPE(Base, AlreadyFinalized)
+ };
+ Base64Decoder();
+ void append(const std::string &data);
+
+ /*
+ * Function will return false when BIO_read fails
+ * (for example: when string was not in base64 format).
+ */
+ bool finalize();
+ std::string get() const;
+ void reset();
+ ~Base64Decoder()
+ {
+ }
+
+ private:
+ std::string m_input;
+ std::string m_output;
+ bool m_finalized;
+};
+} // namespace ValidationCore
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @author Piotr Marcinkiewicz(p.marcinkiew@samsung.com)
+ * @version 0.1
+ * @file CRL.h
+ * @brief Routines for certificate validation over CRL
+ */
+
+#include "CRL.h"
+
+#include <set>
+#include <algorithm>
+
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/ocsp.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+
+#include <dpl/log/log.h>
+#include <dpl/assert.h>
+#include <dpl/exception.h>
+#include <dpl/scoped_ptr.h>
+#include <dpl/scoped_array.h>
+#include <dpl/db/orm.h>
+#include <dpl/foreach.h>
+
+#include "Base64.h"
+#include "Certificate.h"
+#include "SoupMessageSendSync.h"
+#include "CRLCacheInterface.h"
+
+namespace {
+const char *CRL_LOOKUP_DIR_1 = "/usr/share/cert-svc/ca-certs/code-signing/wac";
+const char *CRL_LOOKUP_DIR_2 = "/opt/share/cert-svc/certs/code-signing/wac";
+} //anonymous namespace
+
+namespace ValidationCore {
+
+CRL::StringList CRL::getCrlUris(const CertificatePtr &argCert)
+{
+ StringList result = argCert->getCrlUris();
+
+ if (!result.empty()) {
+ return result;
+ }
+ LogInfo("No distribution points found. Getting from CA cert.");
+ X509_STORE_CTX *ctx = createContext(argCert);
+ X509_OBJECT obj;
+
+ //Try to get distribution points from CA certificate
+ int retVal = X509_STORE_get_by_subject(ctx, X509_LU_X509,
+ X509_get_issuer_name(argCert->
+ getX509()),
+ &obj);
+ X509_STORE_CTX_free(ctx);
+ if (0 >= retVal) {
+ LogError("No dedicated CA certificate available");
+ return result;
+ }
+ CertificatePtr caCert(new Certificate(obj.data.x509));
+ X509_OBJECT_free_contents(&obj);
+ return caCert->getCrlUris();
+}
+
+CRL::CRL(CRLCacheInterface *ptr)
+ : m_crlCache(ptr)
+{
+ Assert(m_crlCache != NULL);
+
+ LogInfo("CRL storage initialization.");
+ m_store = X509_STORE_new();
+ if (!m_store) {
+ LogError("Failed to create new store.");
+ ThrowMsg(CRLException::StorageError,
+ "Not possible to create new store.");
+ }
+ m_lookup = X509_STORE_add_lookup(m_store, X509_LOOKUP_hash_dir());
+ if (!m_lookup) {
+ cleanup();
+ LogError("Failed to add hash dir lookup");
+ ThrowMsg(CRLException::StorageError,
+ "Not possible to add hash dir lookup.");
+ }
+ // Add hash dir pathname for CRL checks
+ bool retVal = X509_LOOKUP_add_dir(m_lookup,
+ CRL_LOOKUP_DIR_1, X509_FILETYPE_PEM) == 1;
+ retVal &= retVal && (X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR_1,
+ X509_FILETYPE_ASN1) == 1);
+ retVal &= retVal && (X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR_2,
+ X509_FILETYPE_PEM) == 1);
+ retVal &= retVal && (X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR_2,
+ X509_FILETYPE_ASN1) == 1);
+ if (!retVal) {
+ LogError("Failed to add lookup dir for PEM files.");
+ cleanup();
+ ThrowMsg(CRLException::StorageError,
+ "Failed to add lookup dir for PEM files.");
+ }
+ LogInfo("CRL storage initialization complete.");
+}
+
+CRL::~CRL()
+{
+ cleanup();
+ delete m_crlCache;
+}
+
+void CRL::cleanup()
+{
+ LogInfo("Free CRL storage");
+ // STORE is responsible for LOOKUP release
+ // X509_LOOKUP_free(m_lookup);
+ X509_STORE_free(m_store);
+}
+
+CRL::RevocationStatus CRL::checkCertificate(const CertificatePtr &argCert)
+{
+ RevocationStatus retStatus = {false, false};
+ int retVal = 0;
+ StringList crlUris = getCrlUris(argCert);
+ FOREACH(it, crlUris) {
+ CRLDataPtr crl = getCRL(*it);
+ if (!crl) {
+ LogDebug("CRL not found for URI: " << *it);
+ continue;
+ }
+ X509_CRL *crlInternal = convertToInternal(crl);
+
+ //Check date
+ if (X509_CRL_get_nextUpdate(crlInternal)) {
+ retVal = X509_cmp_current_time(
+ X509_CRL_get_nextUpdate(crlInternal));
+ retStatus.isCRLValid = retVal > 0;
+ } else {
+ // If nextUpdate is not set assume it is actual.
+ retStatus.isCRLValid = true;
+ }
+ LogInfo("CRL valid: " << retStatus.isCRLValid);
+ X509_REVOKED rev;
+ rev.serialNumber = X509_get_serialNumber(argCert->getX509());
+ // sk_X509_REVOKED_find returns index if serial number is found on list
+ retVal = sk_X509_REVOKED_find(crlInternal->crl->revoked, &rev);
+ X509_CRL_free(crlInternal);
+ retStatus.isRevoked = retVal != -1;
+ LogInfo("CRL revoked: " << retStatus.isRevoked);
+
+ if (!retStatus.isRevoked && isOutOfDate(crl)) {
+ LogDebug("Certificate is not Revoked, but CRL is outOfDate.");
+ continue;
+ }
+
+ return retStatus;
+ }
+ // If there is no CRL for any of URIs it means it's not possible to
+ // tell anything about revocation status but it's is not an error.
+ return retStatus;
+}
+
+CRL::RevocationStatus CRL::checkCertificateChain(CertificateCollection
+ certChain)
+{
+ if (!certChain.sort()) {
+ LogError("Certificate list doesn't create chain.");
+ ThrowMsg(CRLException::InvalidParameter,
+ "Certificate list doesn't create chain.");
+ }
+
+ RevocationStatus ret;
+ ret.isCRLValid = true;
+ ret.isRevoked = false;
+ const CertificateList &certList = certChain.getChain();
+ FOREACH(it, certList) {
+ if (!(*it)->isRootCert()) {
+ LogInfo("Certificate common name: " << *((*it)->getCommonName()));
+ RevocationStatus certResult = checkCertificate(*it);
+ ret.isCRLValid &= certResult.isCRLValid;
+ ret.isRevoked |= certResult.isRevoked;
+ if (ret.isCRLValid && !ret.isRevoked) {
+ addToStore(*it);
+ }
+ if (ret.isRevoked) {
+ return ret;
+ }
+ }
+ }
+ return ret;
+}
+
+VerificationStatus CRL::checkEndEntity(CertificateCollection &chain)
+{
+ if (!chain.sort() && !chain.empty()) {
+ LogInfo("Could not find End Entity certificate. "
+ "Collection does not form chain.");
+ return VERIFICATION_STATUS_ERROR;
+ }
+ CertificateList::const_iterator iter = chain.begin();
+ RevocationStatus stat = checkCertificate(*iter);
+ if (stat.isRevoked) {
+ return VERIFICATION_STATUS_REVOKED;
+ }
+ if (stat.isCRLValid) {
+ return VERIFICATION_STATUS_GOOD;
+ }
+ return VERIFICATION_STATUS_ERROR;
+}
+
+void CRL::addToStore(const CertificatePtr &argCert)
+{
+ X509_STORE_add_cert(m_store, argCert->getX509());
+}
+
+bool CRL::isOutOfDate(const CRLDataPtr &crl) const {
+ X509_CRL *crlInternal = convertToInternal(crl);
+
+ bool result = false;
+ if (X509_CRL_get_nextUpdate(crlInternal)) {
+ if (0 > X509_cmp_current_time(X509_CRL_get_nextUpdate(crlInternal))) {
+ result = true;
+ } else {
+ result = false;
+ }
+ } else {
+ result = true;
+ }
+ X509_CRL_free(crlInternal);
+ return result;
+}
+
+bool CRL::updateList(const CertificatePtr &argCert,
+ const UpdatePolicy updatePolicy)
+{
+ LogInfo("Update CRL for certificate");
+
+ // Retrieve distribution points
+ StringList crlUris = getCrlUris(argCert);
+ FOREACH(it, crlUris) {
+ // Try to get CRL from database
+ LogInfo("Getting CRL for URI: " << *it);
+
+ bool downloaded = false;
+
+ CRLDataPtr crl;
+
+ // If updatePolicy == UPDATE_ON_DEMAND we dont care
+ // about data in cache. New crl must be downloaded.
+ if (updatePolicy == UPDATE_ON_EXPIRED) {
+ crl = getCRL(*it);
+ }
+
+ if (!!crl && isOutOfDate(crl)) {
+ LogDebug("Crl out of date - downloading.");
+ crl = downloadCRL(*it);
+ downloaded = true;
+ }
+
+ if (!crl) {
+ LogDebug("Crl not found in cache - downloading.");
+ crl = downloadCRL(*it);
+ downloaded = true;
+ }
+
+ if (!crl) {
+ LogDebug("Failed to obtain CRL. URL: " << *it);
+ continue;
+ }
+
+ if (!!crl && isOutOfDate(crl)) {
+ LogError("CRL out of date. Broken URL: " << *it);
+ }
+
+ // Make X509 internal structure
+ X509_CRL *crlInternal = convertToInternal(crl);
+
+ //Check if CRL is signed
+ if (!verifyCRL(crlInternal, argCert)) {
+ LogError("Failed to verify CRL. URI: " << crl->uri);
+ X509_CRL_free(crlInternal);
+ return false;
+ }
+ X509_CRL_free(crlInternal);
+
+ if (downloaded) {
+ updateCRL(crl);
+ }
+ return true;
+ }
+
+ return false;
+}
+
+void CRL::addToStore(const CertificateCollection &collection)
+{
+ FOREACH(it, collection){
+ addToStore(*it);
+ }
+}
+
+bool CRL::updateList(const CertificateCollection &collection,
+ UpdatePolicy updatePolicy)
+{
+ bool failed = false;
+
+ FOREACH(it, collection){
+ failed |= !updateList(*it, updatePolicy);
+ }
+
+ return !failed;
+}
+
+bool CRL::verifyCRL(X509_CRL *crl,
+ const CertificatePtr &cert)
+{
+ X509_OBJECT obj;
+ X509_STORE_CTX *ctx = createContext(cert);
+
+ /* get issuer certificate */
+ int retVal = X509_STORE_get_by_subject(ctx, X509_LU_X509,
+ X509_CRL_get_issuer(crl), &obj);
+ X509_STORE_CTX_free(ctx);
+ if (0 >= retVal) {
+ LogError("Unknown CRL issuer certificate!");
+ return false;
+ }
+
+ /* extract public key and verify signature */
+ EVP_PKEY *pkey = X509_get_pubkey(obj.data.x509);
+ X509_OBJECT_free_contents(&obj);
+ if (!pkey) {
+ LogError("Failed to get issuer's public key.");
+ return false;
+ }
+ retVal = X509_CRL_verify(crl, pkey);
+ EVP_PKEY_free(pkey);
+ if (0 > retVal) {
+ LogError("Failed to verify CRL.");
+ return false;
+ } else if (0 == retVal) {
+ LogError("CRL is invalid");
+ return false;
+ }
+ LogInfo("CRL is valid.");
+ return true;
+}
+
+bool CRL::isPEMFormat(const CRLDataPtr &crl) const
+{
+ const char *pattern = "-----BEGIN X509 CRL-----";
+ std::string content(crl->buffer, crl->length);
+ if (content.find(pattern) != std::string::npos) {
+ LogInfo("CRL is in PEM format.");
+ return true;
+ }
+ LogInfo("CRL is in DER format.");
+ return false;
+}
+
+X509_CRL *CRL::convertToInternal(const CRLDataPtr &crl) const
+{
+ //At this point it's not clear does crl have DER or PEM format
+ X509_CRL *ret = NULL;
+ if (isPEMFormat(crl)) {
+ BIO *bmem = BIO_new_mem_buf(crl->buffer, crl->length);
+ if (!bmem) {
+ LogError("Failed to allocate memory in BIO");
+ ThrowMsg(CRLException::InternalError,
+ "Failed to allocate memory in BIO");
+ }
+ ret = PEM_read_bio_X509_CRL(bmem, NULL, NULL, NULL);
+ BIO_free_all(bmem);
+ } else {
+ //If it's not PEM it must be DER format
+ std::string content(crl->buffer, crl->length);
+ const unsigned char *buffer =
+ reinterpret_cast<unsigned char*>(crl->buffer);
+ ret = d2i_X509_CRL(NULL, &buffer, crl->length);
+ }
+ if (!ret) {
+ LogError("Failed to convert to internal structure");
+ ThrowMsg(CRLException::InternalError,
+ "Failed to convert to internal structure");
+ }
+ return ret;
+}
+
+X509_STORE_CTX *CRL::createContext(const CertificatePtr &argCert)
+{
+ X509_STORE_CTX *ctx;
+ ctx = X509_STORE_CTX_new();
+ if (!ctx) {
+ ThrowMsg(CRLException::StorageError, "Failed to create new context.");
+ }
+ X509_STORE_CTX_init(ctx, m_store, argCert->getX509(), NULL);
+ return ctx;
+}
+
+CRL::CRLDataPtr CRL::downloadCRL(const std::string &uri)
+{
+ using namespace SoupWrapper;
+
+ char *cport = 0, *chost = 0,*cpath = 0;
+ int use_ssl = 0;
+
+ if (!OCSP_parse_url(const_cast<char*>(uri.c_str()),
+ &chost,
+ &cport,
+ &cpath,
+ &use_ssl))
+ {
+ LogWarning("Error in OCSP_parse_url");
+ return CRLDataPtr();
+ }
+
+ std::string host = chost;
+ if (cport) {
+ host += ":";
+ host += cport;
+ }
+
+ free(cport);
+ free(chost);
+ free(cpath);
+
+ SoupMessageSendSync message;
+ message.setHost(uri);
+ message.setHeader("Host", host);
+
+ if (SoupMessageSendSync::REQUEST_STATUS_OK != message.sendSync()) {
+ LogWarning("Error in sending network request.");
+ return CRLDataPtr();
+ }
+
+ SoupMessageSendBase::MessageBuffer mBuffer = message.getResponse();
+ return CRLDataPtr(new CRLData(mBuffer,uri));
+}
+
+CRL::CRLDataPtr CRL::getCRL(const std::string &uri) const
+{
+ CRLCachedData cachedCrl;
+ cachedCrl.distribution_point = uri;
+ if (!(m_crlCache->getCRLResponse(&cachedCrl))) {
+ LogInfo("CRL not present in database. URI: " << uri);
+ return CRLDataPtr();
+ }
+
+ std::string body = cachedCrl.crl_body;
+
+ LogInfo("CRL found in database.");
+ //TODO: remove when ORM::blob available
+ //Encode buffer to base64 format to store in database
+
+ Base64Decoder decoder;
+ decoder.append(body);
+ if (!decoder.finalize()) {
+ LogError("Failed to decode base64 format.");
+ ThrowMsg(CRLException::StorageError, "Failed to decode base64 format.");
+ }
+ std::string crlBody = decoder.get();
+
+ DPL::ScopedArray<char> bodyBuffer(new char[crlBody.length()]);
+ crlBody.copy(bodyBuffer.Get(), crlBody.length());
+ return CRLDataPtr(new CRLData(bodyBuffer.Release(), crlBody.length(),
+ uri));
+}
+
+void CRL::updateCRL(const CRLDataPtr &crl)
+{
+ //TODO: remove when ORM::blob available
+ //Encode buffer to base64 format to store in database
+ Base64Encoder encoder;
+ if (!crl || !crl->buffer) {
+ ThrowMsg(CRLException::InternalError, "CRL buffer is empty");
+ }
+ encoder.append(std::string(crl->buffer, crl->length));
+ encoder.finalize();
+ std::string b64CRLBody = encoder.get();
+
+ time_t nextUpdateTime = 0;
+ X509_CRL *crlInternal = convertToInternal(crl);
+
+ if (X509_CRL_get_nextUpdate(crlInternal)) {
+ asn1TimeToTimeT(X509_CRL_get_nextUpdate(crlInternal),
+ &nextUpdateTime);
+ }
+
+ X509_CRL_free(crlInternal);
+ //Update/insert crl body
+ CRLCachedData data;
+ data.distribution_point = crl->uri;
+ data.crl_body = b64CRLBody;
+ data.next_update_time = nextUpdateTime;
+
+ m_crlCache->setCRLResponse(&data);
+}
+} // ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @author Piotr Marcinkiewicz(p.marcinkiew@samsung.com)
+ * @version 0.4
+ * @file CRL.h
+ * @brief Routines for certificate validation over CRL
+ */
+
+#ifndef WRT_ENGINE_SRC_VALIDATION_CORE_ENGINE_CRL_H_
+#define WRT_ENGINE_SRC_VALIDATION_CORE_ENGINE_CRL_H_
+
+#include <dpl/exception.h>
+#include <dpl/shared_ptr.h>
+#include <dpl/noncopyable.h>
+#include <dpl/log/log.h>
+
+#include "Certificate.h"
+#include "CertificateCollection.h"
+#include "SoupMessageSendBase.h"
+#include "VerificationStatus.h"
+#include "CRLCacheInterface.h"
+
+namespace ValidationCore {
+namespace CRLException {
+DECLARE_EXCEPTION_TYPE(DPL::Exception, CRLException)
+DECLARE_EXCEPTION_TYPE(CRLException, StorageError)
+DECLARE_EXCEPTION_TYPE(CRLException, DownloadFailed)
+DECLARE_EXCEPTION_TYPE(CRLException, InternalError)
+DECLARE_EXCEPTION_TYPE(CRLException, InvalidParameter)
+}
+
+class CRL : DPL::Noncopyable
+{
+ protected:
+ X509_STORE *m_store;
+ X509_LOOKUP *m_lookup;
+ CRLCacheInterface *m_crlCache;
+
+ class CRLData : DPL::Noncopyable
+ {
+ public:
+ //TODO: change to SharedArray when available
+ char *buffer;
+ size_t length;
+ std::string uri;
+
+ CRLData(char* _buffer,
+ size_t _length,
+ const std::string &_uri) :
+ buffer(_buffer),
+ length(_length),
+ uri(_uri)
+ {
+ }
+
+ CRLData(const SoupWrapper::SoupMessageSendBase::MessageBuffer &mBuff,
+ const std::string &mUri)
+ : uri(mUri)
+ {
+ buffer = new char[mBuff.size()];
+ length = mBuff.size();
+ memcpy(buffer, &mBuff[0], mBuff.size());
+ }
+
+ ~CRLData()
+ {
+ LogInfo("Delete buffer");
+ delete[] buffer;
+ }
+ };
+ typedef DPL::SharedPtr<CRLData> CRLDataPtr;
+ typedef std::list<std::string> StringList;
+
+ CRLDataPtr getCRL(const std::string &uri) const;
+ CRLDataPtr downloadCRL(const std::string &uri);
+ X509_STORE_CTX *createContext(const CertificatePtr &argCert);
+ void updateCRL(const CRLDataPtr &crl);
+ X509_CRL *convertToInternal(const CRLDataPtr &crl) const;
+ StringList getCrlUris(const CertificatePtr &argCert);
+ bool isPEMFormat(const CRLDataPtr &crl) const;
+ bool verifyCRL(X509_CRL *crl,
+ const CertificatePtr &cert);
+ void cleanup();
+ bool isOutOfDate(const CRLDataPtr &crl) const;
+
+ friend class CachedCRL;
+ public:
+ enum UpdatePolicy
+ {
+ UPDATE_ON_EXPIRED, /**< Download and update CRL only when next update
+ date has expired */
+ UPDATE_ON_DEMAND /**< Download and update CRL regardless next update
+ date */
+ };
+
+ struct RevocationStatus
+ {
+ bool isCRLValid; /**< True when CRL was valid during
+ certificate validation */
+ bool isRevoked; /**< True when certificate is revoked */
+ };
+
+ CRL(CRLCacheInterface *ptr);
+ ~CRL();
+
+ /**
+ * @brief Checks if given certificate is revoked.
+ *
+ * @details This function doesn't update CRL list. If related CRL
+ * is out of date the #isCRLValid return parameter is set to false.
+ *
+ * @param[in] argCert The certificate to check against revocation.
+ * @return RevocationStatus.isRevoked True when certificate is revoked,
+ * false otherwise.
+ * RevocationStatus.isCRLValid True if related CRL has not expired,
+ * false otherwise.
+ */
+ RevocationStatus checkCertificate(const CertificatePtr &argCert);
+
+ /**
+ * @brief Checks if any certificate from certificate chain is revoked.
+ *
+ * @details This function doesn't update CRL lists. If any of related
+ * CRL is out of date the #isCRLValid parameter is set to true.
+ * This function adds valid certificates from the chain to internal storage
+ * map so they'll be available in further check operations for current
+ * CRL object.
+ *
+ * @param[in] argCert The certificate chain to check against revocation.
+ * @return RevocationStatus.isRevoked True when any from certificate chain
+ * is revoked, false otherwise.
+ * RevocationStatus.isCRLValid True if all of related CRLs has
+ * not expired, false otherwise.
+ */
+ RevocationStatus checkCertificateChain(CertificateCollection certChain);
+
+ VerificationStatus checkEndEntity(CertificateCollection &chain);
+
+ /**
+ * @brief Updates CRL related with given certificate.
+ *
+ * @details This function updates CRL list related with given certificate.
+ * If CRL related with given certificate is not stored in database
+ * then this function will download CRL and store it in database.
+ *
+ * @param[in] argCert The certificate for which the CRL will be updated
+ * @param[in] updatePolicy Determine when CRL will be downloaded and updated
+ * @return True when CRL for given certificate was updated successfully,
+ * false otherwise.
+ */
+ bool updateList(const CertificatePtr &argCert,
+ const UpdatePolicy updatePolicy);
+
+ /**
+ * @brief Updates CRL related with given certificates.
+ *
+ * @details This function updates CRL lists related with given certificates.
+ * If CRL related with given certificate is not stored in database
+ * then this function will download CRL and store it in database.
+ *
+ * @param[in] collection The certificate collection for which the CRL will
+ * be updated
+ * @param[in] updatePolicy Determine when CRL will be downloaded and updated
+ * @return True when CRL for given certificate was updated successfully,
+ * false otherwise.
+ */
+ bool updateList(const CertificateCollection &collection,
+ const UpdatePolicy updatePolisy);
+
+ /**
+ * @brief Add certificates to trusted certificates store.
+ *
+ * @param[in] collection The certificate collection which will be
+ * added to known certificate store.
+ */
+ void addToStore(const CertificateCollection &collection);
+
+ /**
+ * @brief Add one certificate to trusted certificates store.
+ *
+ * @param[in] collection The certificate collection which will be
+ * added to known certificate store.
+ */
+ void addToStore(const CertificatePtr &argCert);
+};
+} // ValidationCore
+
+#endif //ifndef WRT_ENGINE_SRC_VALIDATION_CORE_ENGINE_CRL_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @author Bartlomiej Grzelewski(b.grzelewski@samsung.com)
+ * @version 0.1
+ * @file CRLCacheDAO.cpp
+ * @brief CRLCacheInterface implementation.
+ */
+
+#include <vcore/CRLCacheDAO.h>
+#include <vcore/CertificateCacheDAO.h>
+
+namespace ValidationCore {
+
+bool CRLCacheDAO::getCRLResponse(CRLCachedData *ptr){
+ return CertificateCacheDAO::getCRLResponse(ptr);
+}
+
+void CRLCacheDAO::setCRLResponse(CRLCachedData *ptr){
+ CertificateCacheDAO::setCRLResponse(ptr);
+}
+
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 0.1
+ * @file CRLCacheDAO.h
+ * @brief CRLCacheInterface implementation.
+ */
+#ifndef _CRLCACHEDAO_H_
+#define _CRLCACHEDAO_H_
+
+#include <vcore/CRLCacheInterface.h>
+
+namespace ValidationCore {
+
+class CRLCacheDAO : public CRLCacheInterface {
+public:
+ virtual bool getCRLResponse(CRLCachedData *ptr);
+ virtual void setCRLResponse(CRLCachedData *ptr);
+};
+
+} // namespace ValidationCore
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @author Bartlomiej Grzelewski(b.grzelewski@samsung.com)
+ * @version 0.1
+ * @file CRLCacheInterface.h
+ * @brief CRLCacheInterface definition.
+ */
+#ifndef _CRLCACHEINTERFACE_H_
+#define _CRLCACHEINTERFACE_H_
+
+#include <string>
+
+namespace ValidationCore {
+
+struct CRLCachedData
+{
+ std::string distribution_point;
+ std::string crl_body;
+ time_t next_update_time;
+};
+
+class CRLCacheInterface {
+public:
+ virtual bool getCRLResponse(CRLCachedData *ptr) = 0;
+ virtual void setCRLResponse(CRLCachedData *ptr) = 0;
+};
+
+} // namespace ValidationCore
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ * @file CachedCRL.cpp
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 0.1
+ * @brief Cached CRL class implementation
+ */
+
+#include <string>
+#include <time.h>
+
+#include <dpl/foreach.h>
+#include <dpl/log/log.h>
+#include <dpl/foreach.h>
+
+#include "CRL.h"
+#include "CachedCRL.h"
+#include "Certificate.h"
+#include "CertificateCacheDAO.h"
+#include "CRLCacheDAO.h"
+
+namespace ValidationCore {
+
+const time_t CachedCRL::CRL_minTimeValid = 3600; // one hour in seconds
+
+const time_t CachedCRL::CRL_maxTimeValid = 3600 * 24 * 7; // one week in seconds
+
+const time_t CachedCRL::CRL_refreshBefore = 3600; // one hour in seconds
+
+VerificationStatus CachedCRL::check(const CertificateCollection &certs)
+{
+ CRL crl(new CRLCacheDAO);
+ bool allValid = true;
+ // we dont check CRL validity since
+ // we may use crl for longer time
+ // in smart cache than in regular CRL class (time clamping)
+ crl.addToStore(certs);
+ FOREACH(cert, certs){
+ CRL::StringList crlUris = crl.getCrlUris(*cert);
+ FOREACH(uri, crlUris) {
+ allValid = allValid && updateCRLForUri(*uri,false);
+ }
+ }
+ if (!allValid) {
+ // problems with CRL validity
+ LogDebug("Some CRLs not valid");
+ }
+ CRL::RevocationStatus stat;
+ Try {
+ stat = crl.checkCertificateChain(certs);
+ } Catch(CRLException::InvalidParameter) {
+ // List does not form a chain
+ return VERIFICATION_STATUS_ERROR;
+ }
+ if (stat.isRevoked) {
+ LogDebug("Status REVOKED");
+ return VERIFICATION_STATUS_REVOKED;
+ }
+ LogDebug("Status GOOD");
+ return VERIFICATION_STATUS_GOOD;
+}
+
+VerificationStatus CachedCRL::checkEndEntity(CertificateCollection &certs)
+{
+ if (certs.empty()) {
+ LogError("Collection empty. This should never happen.");
+ LogDebug("Status ERROR");
+ return VERIFICATION_STATUS_ERROR;
+ }
+ if (!certs.sort()) {
+ LogError("Could not find End Entity certificate. "
+ "Collection does not form chain.");
+ LogDebug("Status ERROR");
+ return VERIFICATION_STATUS_ERROR;
+ }
+ CRL crl(new CRLCacheDAO);
+ bool allValid = true;
+ // we dont check CRL validity since
+ // we may use crl for longer time
+ // in smart cache than in regular CRL class (time clamping)
+ crl.addToStore(certs);
+ CertificateList::const_iterator icert = certs.begin();
+ if (icert != certs.end()) {
+ CRL::StringList crlUris = crl.getCrlUris(*icert);
+ FOREACH(uri, crlUris) {
+ allValid = allValid && updateCRLForUri(*uri,false);
+ }
+ }
+ if (!allValid) {
+ // problems with CRL validity
+ LogDebug("Some CRLs not valid");
+ }
+ CertificateList::const_iterator iter = certs.begin();
+ CRL::RevocationStatus stat = crl.checkCertificate(*iter);
+ if (stat.isRevoked) {
+ LogDebug("Status REVOKED");
+ return VERIFICATION_STATUS_REVOKED;
+ }
+ LogDebug("Status GOOD");
+ return VERIFICATION_STATUS_GOOD;
+}
+
+void CachedCRL::updateCache()
+{
+ CRLCachedDataList list;
+ CertificateCacheDAO::getCRLResponseList(&list);
+ FOREACH(db_crl, list) {
+ updateCRLForUri(db_crl->distribution_point, true);
+ }
+}
+
+bool CachedCRL::updateCRLForUri(const std::string & uri, bool useExpiredShift)
+{
+ CRLCachedData cachedCRL;
+ cachedCRL.distribution_point = uri;
+ time_t now;
+ time(&now);
+ if (useExpiredShift) {
+ now += CRL_refreshBefore;
+ }
+ if (CertificateCacheDAO::getCRLResponse(&cachedCRL)) {
+ if (now < cachedCRL.next_update_time) {
+ LogDebug("Cached CRL still valid for: " << uri);
+ return true;
+ }
+ }
+ // need to download new CRL
+ CRL crl(new CRLCacheDAO);
+ CRL::CRLDataPtr list = crl.downloadCRL(uri);
+ if (!list) {
+ LogWarning("Could not retreive CRL from " << uri);
+ return false;
+ }
+ crl.updateCRL(list);
+ CertificateCacheDAO::getCRLResponse(&cachedCRL); // save it the way CRL does
+ cachedCRL.next_update_time =
+ getNextUpdateTime(now,cachedCRL.next_update_time);
+ CertificateCacheDAO::setCRLResponse(cachedCRL.distribution_point,
+ cachedCRL.crl_body,
+ cachedCRL.next_update_time);
+ return true;
+}
+
+time_t CachedCRL::getNextUpdateTime(time_t now, time_t response_validity)
+{
+ time_t min = now + CRL_minTimeValid;
+ time_t max = now + CRL_maxTimeValid;
+ if (response_validity < min) {
+ return min;
+ }
+ if (response_validity > max) {
+ return max;
+ }
+ return response_validity;
+}
+
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ * @file CachedCRL.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 0.1
+ * @brief Header file for smart cached CRL class
+ */
+
+#ifndef _SRC_VALIDATION_CORE_CACHED_CRL_
+#define _SRC_VALIDATION_CORE_CACHED_CRL_
+
+#include "CRL.h"
+#include "IAbstractResponseCache.h"
+
+namespace ValidationCore {
+
+class CachedCRL : public IAbstractResponseCache {
+ public:
+ // cache can't be refreshed more frequently than CRL_minTimeValid
+ static const time_t CRL_minTimeValid;
+
+ // to be even more secure, cache will be refreshed for certificate at least
+ // after CRL_maxTimeValid from last response
+ static const time_t CRL_maxTimeValid;
+
+ // upon cache refresh, responses that will be invalid in CRL_refreshBefore
+ // seconds will be refreshed
+ static const time_t CRL_refreshBefore;
+
+ VerificationStatus check(const CertificateCollection &certs);
+ VerificationStatus checkEndEntity(CertificateCollection &certs);
+ void updateCache();
+
+ CachedCRL()
+ {
+ }
+ virtual ~CachedCRL()
+ {
+ }
+
+ private:
+
+ // updates CRL cache for distributor URI
+ // useExpiredShift ==true should be used in cron/global cache update
+ // since it updates all CRLs that will be out of date in next
+ // CRL_refreshBefore seconds
+ bool updateCRLForUri(const std::string & uri,
+ bool useExpiredShift);
+ time_t getNextUpdateTime(time_t now, time_t response_validity);
+};
+
+} // namespace ValidationCore
+
+#endif /* _SRC_VALIDATION_CORE_CACHED_CRL_ */
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ * @file CachedOCSP.cpp
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 0.1
+ * @brief Cached OCSP class implementation
+ */
+
+#include <string>
+#include <time.h>
+
+#include <dpl/foreach.h>
+#include <dpl/log/log.h>
+#include <dpl/foreach.h>
+
+#include "OCSP.h"
+#include "CachedOCSP.h"
+#include "Certificate.h"
+#include "CertificateCacheDAO.h"
+
+namespace ValidationCore {
+
+const time_t CachedOCSP::OCSP_minTimeValid = 3600; // one hour in seconds
+
+const time_t CachedOCSP::OCSP_maxTimeValid =
+ 3600 * 24 * 7; // one week in seconds
+
+const time_t CachedOCSP::OCSP_refreshBefore = 3600; // one hour in seconds
+
+VerificationStatus CachedOCSP::check(const CertificateCollection &certs)
+{
+ OCSPCachedStatus db_status;
+ time_t now;
+ time(&now);
+
+ db_status.cert_chain = certs.toBase64String();
+ db_status.end_entity_check = false;
+
+ if (CertificateCacheDAO::getOCSPStatus(&db_status)) {
+ LogDebug("Found cache entry for OCSP");
+ if (now < db_status.next_update_time) {
+ LogDebug("Cache response valid");
+ return db_status.ocsp_status;
+ }
+ }
+
+ // here we need to get OCSP result and add/update cache
+ OCSP ocsp;
+ CertificateList list = certs.getChain();
+ ocsp.setTrustedStore(list);
+
+ VerificationStatusSet statusSet = ocsp.validateCertificateList(list);
+ db_status.ocsp_status = statusSet.convertToStatus();
+ db_status.next_update_time = ocsp.getResponseValidity();
+ CertificateCacheDAO::setOCSPStatus(db_status.cert_chain,
+ db_status.ocsp_status,
+ db_status.end_entity_check,
+ getNextUpdateTime(
+ now,
+ db_status.next_update_time));
+ return db_status.ocsp_status;
+}
+
+VerificationStatus CachedOCSP::checkEndEntity(CertificateCollection &certs)
+{
+ OCSPCachedStatus db_status;
+ time_t now;
+ time(&now);
+
+ db_status.cert_chain = certs.toBase64String();
+ db_status.end_entity_check = true;
+
+ if (CertificateCacheDAO::getOCSPStatus(&db_status)) {
+ LogDebug("Found cache entry for OCSP");
+ if (now < db_status.next_update_time) {
+ LogDebug("Cache response valid");
+ return db_status.ocsp_status;
+ }
+ }
+
+ // here we need to send request via OCSP and add/update cache
+ CertificateList clst;
+ getCertsForEndEntity(certs, &clst);
+
+ OCSP ocsp;
+ ocsp.setTrustedStore(certs.getCertificateList());
+
+ const char *defResponderURI = getenv(OCSP::DEFAULT_RESPONDER_URI_ENV);
+
+ if (defResponderURI) {
+ ocsp.setUseDefaultResponder(true);
+ ocsp.setDefaultResponder(defResponderURI);
+ }
+
+ VerificationStatusSet statusSet = ocsp.validateCertificateList(clst);
+ db_status.ocsp_status = statusSet.convertToStatus();
+ db_status.next_update_time = ocsp.getResponseValidity();
+
+ CertificateCacheDAO::setOCSPStatus(db_status.cert_chain,
+ db_status.ocsp_status,
+ db_status.end_entity_check,
+ getNextUpdateTime(
+ now,
+ db_status.next_update_time));
+
+ return db_status.ocsp_status;
+}
+
+void CachedOCSP::updateCache()
+{
+ time_t now;
+ time(&now);
+ now += OCSP_refreshBefore;
+ OCSPCachedStatusList list;
+ CertificateCacheDAO::getOCSPStatusList(&list);
+ FOREACH(db_status, list) {
+ if (now >= db_status->next_update_time) {
+ // this response needs to be refreshed
+ CertificateCollection col;
+ col.load(db_status->cert_chain);
+ if (!col.sort()) {
+ LogError("Certificate collection does not create chain.");
+ continue;
+ }
+
+ OCSP ocsp;
+ CertificateList chain = col.getChain();
+ ocsp.setTrustedStore(chain);
+
+ VerificationStatusSet statusSet;
+
+ if (db_status->end_entity_check) {
+ CertificateList clst;
+ getCertsForEndEntity(col, &clst);
+ statusSet = ocsp.validateCertificateList(clst);
+ } else {
+ statusSet = ocsp.validateCertificateList(chain);
+ }
+
+ db_status->ocsp_status = statusSet.convertToStatus();
+ db_status->next_update_time = ocsp.getResponseValidity();
+
+ CertificateCacheDAO::setOCSPStatus(db_status->cert_chain,
+ db_status->ocsp_status,
+ db_status->end_entity_check,
+ db_status->next_update_time);
+ }
+ }
+}
+
+void CachedOCSP::getCertsForEndEntity(
+ const CertificateCollection &certs, CertificateList* clst)
+{
+ if (NULL == clst) {
+ LogError("NULL pointer");
+ return;
+ }
+
+ if (certs.isChain() && certs.size() >= 2) {
+ CertificateList::const_iterator icert = certs.begin();
+ clst->push_back(*icert);
+ ++icert;
+ clst->push_back(*icert);
+ }
+}
+
+time_t CachedOCSP::getNextUpdateTime(time_t now, time_t response_validity)
+{
+ long min = now + OCSP_minTimeValid;
+ long max = now + OCSP_maxTimeValid;
+ if (response_validity < min) {
+ return min;
+ }
+ if (response_validity > max) {
+ return max;
+ }
+ return response_validity;
+}
+
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ * @file CachedOCSP.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 0.1
+ * @brief Header file for smart cached OCSP class
+ */
+
+#ifndef _SRC_VALIDATION_CORE_CACHED_OCSP_
+#define _SRC_VALIDATION_CORE_CACHED_OCSP_
+
+#include "OCSP.h"
+#include "IAbstractResponseCache.h"
+
+namespace ValidationCore {
+
+class CachedOCSP : public IAbstractResponseCache {
+ public:
+ // cache can't be refreshed more frequently than OCSP_minTimeValid
+ static const time_t OCSP_minTimeValid;
+
+ // to be even more secure, cache will be refreshed for certificate at least
+ // after OCSP_minTimeValid from last response
+ static const time_t OCSP_maxTimeValid;
+
+ // upon cache refresh, responses that will be invalid in OCSP_refreshBefore
+ // seconds will be refreshed
+ static const time_t OCSP_refreshBefore;
+
+ VerificationStatus check(const CertificateCollection &certs);
+ VerificationStatus checkEndEntity(CertificateCollection &certs);
+ void updateCache();
+
+ CachedOCSP()
+ {
+ }
+ virtual ~CachedOCSP()
+ {
+ }
+
+ private:
+
+ void getCertsForEndEntity(const CertificateCollection &certs,
+ CertificateList* clst);
+ time_t getNextUpdateTime(time_t now, time_t response_validity);
+};
+
+} // namespace ValidationCore
+
+#endif /* _SRC_VALIDATION_CORE_CACHED_OCSP_ */
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#ifndef _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTSTORETYPE_H_
+#define _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTSTORETYPE_H_
+
+namespace ValidationCore {
+namespace CertStoreId {
+typedef unsigned int Type;
+
+// RootCA certificates for developer mode.
+const Type DEVELOPER = 1;
+// RootCA certificates for author signatures.
+const Type WAC_PUBLISHER = 1 << 1;
+// RootCA certificates for wac-signed widgets.
+const Type WAC_ROOT = 1 << 2;
+// RootCA certificates for wac-members ie. operators, manufacturers.
+const Type WAC_MEMBER = 1 << 3;
+
+class Set
+{
+ public:
+ Set() :
+ m_certificateStorage(0)
+ {
+ }
+
+ void add(Type second)
+ {
+ m_certificateStorage |= second;
+ }
+
+ bool contains(Type second) const
+ {
+ return static_cast<bool>(m_certificateStorage & second);
+ }
+
+ bool isEmpty() const
+ {
+ return m_certificateStorage == 0;
+ }
+
+ private:
+ Type m_certificateStorage;
+};
+} // namespace CertStoreId
+} // namespace ValidationCore
+
+#endif // _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTSTORETYPE_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file Certificate.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#include "Certificate.h"
+
+#include <memory>
+#include <sstream>
+#include <iomanip>
+
+#include <openssl/x509v3.h>
+#include <openssl/bn.h>
+
+#include <dpl/assert.h>
+#include <dpl/log/log.h>
+
+#include <Base64.h>
+
+namespace ValidationCore {
+
+int asn1TimeToTimeT(ASN1_TIME *t,
+ time_t *res)
+{
+ struct tm tm;
+ int offset;
+
+ (*res) = 0;
+ if (!ASN1_TIME_check(t)) {
+ return -1;
+ }
+
+ memset(&tm, 0, sizeof(tm));
+
+#define g2(p) (((p)[0] - '0') * 10 + (p)[1] - '0')
+ if (t->type == V_ASN1_UTCTIME) {
+ Assert(t->length > 12);
+
+ /* this code is copied from OpenSSL asn1/a_utctm.c file */
+ tm.tm_year = g2(t->data);
+ if (tm.tm_year < 50) {
+ tm.tm_year += 100;
+ }
+ tm.tm_mon = g2(t->data + 2) - 1;
+ tm.tm_mday = g2(t->data + 4);
+ tm.tm_hour = g2(t->data + 6);
+ tm.tm_min = g2(t->data + 8);
+ tm.tm_sec = g2(t->data + 10);
+ if (t->data[12] == 'Z') {
+ offset = 0;
+ } else {
+ Assert(t->length > 16);
+
+ offset = g2(t->data + 13) * 60 + g2(t->data + 15);
+ if (t->data[12] == '-') {
+ offset = -offset;
+ }
+ }
+ tm.tm_isdst = -1;
+ } else {
+ Assert(t->length > 14);
+
+ tm.tm_year = g2(t->data) * 100 + g2(t->data + 2);
+ tm.tm_mon = g2(t->data + 4) - 1;
+ tm.tm_mday = g2(t->data + 6);
+ tm.tm_hour = g2(t->data + 8);
+ tm.tm_min = g2(t->data + 10);
+ tm.tm_sec = g2(t->data + 12);
+ if (t->data[14] == 'Z') {
+ offset = 0;
+ } else {
+ Assert(t->length > 18);
+
+ offset = g2(t->data + 15) * 60 + g2(t->data + 17);
+ if (t->data[14] == '-') {
+ offset = -offset;
+ }
+ }
+ tm.tm_isdst = -1;
+ }
+#undef g2
+ (*res) = timegm(&tm) - offset * 60;
+ return 0;
+}
+
+int asn1GeneralizedTimeToTimeT(ASN1_GENERALIZEDTIME *tm,
+ time_t *res)
+{
+ /*
+ * This code is based on following assumption:
+ * from openssl/a_gentm.c:
+ * GENERALIZEDTIME is similar to UTCTIME except the year is
+ * represented as YYYY. This stuff treats everything as a two digit
+ * field so make first two fields 00 to 99
+ */
+ const int DATE_BUFFER_LENGTH = 15; // YYYYMMDDHHMMSSZ
+
+ if (NULL == res || NULL == tm) {
+ LogError("NULL pointer");
+ return -1;
+ }
+
+ if (DATE_BUFFER_LENGTH != tm->length || NULL == tm->data) {
+ LogError("Invalid ASN1_GENERALIZEDTIME");
+ return -1;
+ }
+
+ struct tm time_s;
+ if (sscanf ((char*)tm->data,
+ "%4d%2d%2d%2d%2d%2d",
+ &time_s.tm_year,
+ &time_s.tm_mon,
+ &time_s.tm_mday,
+ &time_s.tm_hour,
+ &time_s.tm_min,
+ &time_s.tm_sec) < 6)
+ {
+ LogError("Could not extract time data from ASN1_GENERALIZEDTIME");
+ return -1;
+ }
+
+ time_s.tm_year -= 1900;
+ time_s.tm_mon -= 1;
+ time_s.tm_isdst = 0; // UTC
+ time_s.tm_gmtoff = 0; // UTC
+ time_s.tm_zone = NULL; // UTC
+
+ *res = mktime(&time_s);
+
+ return 0;
+}
+
+Certificate::Certificate(X509 *cert)
+{
+ Assert(cert);
+ m_x509 = X509_dup(cert);
+ if (!m_x509) {
+ LogWarning("Internal Openssl error in d2i_X509 function.");
+ ThrowMsg(Exception::OpensslInternalError,
+ "Internal Openssl error in d2i_X509 function.");
+ }
+}
+
+Certificate::Certificate(cert_svc_mem_buff &buffer)
+{
+ Assert(buffer.data);
+ const unsigned char *ptr = buffer.data;
+ m_x509 = d2i_X509(NULL, &ptr, buffer.size);
+ if (!m_x509) {
+ LogWarning("Internal Openssl error in d2i_X509 function.");
+ ThrowMsg(Exception::OpensslInternalError,
+ "Internal Openssl error in d2i_X509 function.");
+ }
+}
+
+Certificate::Certificate(const std::string &der,
+ Certificate::FormType form)
+{
+ Assert(der.size());
+
+ int size;
+ const unsigned char *ptr;
+ std::string tmp;
+
+ if (FORM_BASE64 == form) {
+ Base64Decoder base64;
+ base64.reset();
+ base64.append(der);
+ base64.finalize();
+ tmp = base64.get();
+ ptr = reinterpret_cast<const unsigned char*>(tmp.c_str());
+ size = static_cast<int>(tmp.size());
+ } else {
+ ptr = reinterpret_cast<const unsigned char*>(der.c_str());
+ size = static_cast<int>(der.size());
+ }
+
+ m_x509 = d2i_X509(NULL, &ptr, size);
+ if (!m_x509) {
+ LogError("Internal Openssl error in d2i_X509 function.");
+ ThrowMsg(Exception::OpensslInternalError,
+ "Internal Openssl error in d2i_X509 function.");
+ }
+}
+
+Certificate::~Certificate()
+{
+ X509_free(m_x509);
+}
+
+X509* Certificate::getX509(void) const
+{
+ return m_x509;
+}
+
+std::string Certificate::getDER(void) const
+{
+ unsigned char *rawDer = NULL;
+ int size = i2d_X509(m_x509, &rawDer);
+ if (!rawDer || size <= 0) {
+ LogError("i2d_X509 failed");
+ ThrowMsg(Exception::OpensslInternalError,
+ "i2d_X509 failed");
+ }
+
+ std::string output(reinterpret_cast<char*>(rawDer), size);
+ OPENSSL_free(rawDer);
+ return output;
+}
+
+std::string Certificate::getBase64(void) const
+{
+ Base64Encoder base64;
+ base64.reset();
+ base64.append(getDER());
+ base64.finalize();
+ return base64.get();
+}
+
+bool Certificate::isSignedBy(const CertificatePtr &parent) const
+{
+ if (!parent) {
+ LogDebug("Invalid certificate parameter.");
+ return false;
+ }
+ return 0 == X509_NAME_cmp(X509_get_subject_name(parent->m_x509),
+ X509_get_issuer_name(m_x509));
+}
+
+Certificate::Fingerprint Certificate::getFingerprint(
+ Certificate::FingerprintType type) const
+{
+ size_t fingerprintlength = EVP_MAX_MD_SIZE;
+ unsigned char fingerprint[EVP_MAX_MD_SIZE];
+ Fingerprint raw;
+
+ if (type == FINGERPRINT_MD5) {
+ if (!X509_digest(m_x509, EVP_md5(), fingerprint, &fingerprintlength)) {
+ LogError("MD5 digest counting failed!");
+ ThrowMsg(Exception::OpensslInternalError,
+ "MD5 digest counting failed!");
+ }
+ }
+
+ if (type == FINGERPRINT_SHA1) {
+ if (!X509_digest(m_x509, EVP_sha1(), fingerprint,
+ &fingerprintlength))
+ {
+ LogError("SHA1 digest counting failed");
+ ThrowMsg(Exception::OpensslInternalError,
+ "SHA1 digest counting failed!");
+ }
+ }
+
+ raw.resize(fingerprintlength); // improve performance
+ std::copy(fingerprint, fingerprint + fingerprintlength, raw.begin());
+
+ return raw;
+}
+
+X509_NAME *Certificate::getX509Name(FieldType type) const
+{
+ X509_NAME *name = NULL;
+
+ switch (type) {
+ case FIELD_ISSUER:
+ name = X509_get_issuer_name(m_x509);
+ break;
+ case FIELD_SUBJECT:
+ name = X509_get_subject_name(m_x509);
+ break;
+ default:
+ Assert("Invalid field type.");
+ }
+
+ if (!name) {
+ LogError("Error during x509 name extraction.");
+ ThrowMsg(Exception::OpensslInternalError,
+ "Error during x509 name extraction.");
+ }
+
+ return name;
+}
+
+DPL::String Certificate::getOneLine(FieldType type) const
+{
+ X509_NAME *name = getX509Name(type);
+ static const int MAXB = 1024;
+ char buffer[MAXB];
+ X509_NAME_oneline(name, buffer, MAXB);
+ return DPL::FromUTF8String(buffer);
+}
+
+DPL::OptionalString Certificate::getField(FieldType type,
+ int fieldNid) const
+{
+ X509_NAME *subjectName = getX509Name(type);
+ X509_NAME_ENTRY *subjectEntry = NULL;
+ DPL::Optional < DPL::String > output;
+ int entryCount = X509_NAME_entry_count(subjectName);
+
+ for (int i = 0; i < entryCount; ++i) {
+ subjectEntry = X509_NAME_get_entry(subjectName,
+ i);
+
+ if (!subjectEntry) {
+ continue;
+ }
+
+ int nid = OBJ_obj2nid(
+ static_cast<ASN1_OBJECT*>(
+ X509_NAME_ENTRY_get_object(subjectEntry)));
+
+ if (nid != fieldNid) {
+ continue;
+ }
+
+ ASN1_STRING* pASN1Str = subjectEntry->value;
+
+ unsigned char* pData = NULL;
+ int nLength = ASN1_STRING_to_UTF8(&pData,
+ pASN1Str);
+
+ if (nLength < 0) {
+ LogError("Reading field error.");
+ ThrowMsg(Exception::OpensslInternalError,
+ "Reading field error.");
+ }
+
+ std::string strEntry(reinterpret_cast<char*>(pData),
+ nLength);
+ output = DPL::FromUTF8String(strEntry);
+ OPENSSL_free(pData);
+ }
+ return output;
+}
+
+DPL::OptionalString Certificate::getCommonName(FieldType type) const
+{
+ return getField(type, NID_commonName);
+}
+
+DPL::OptionalString Certificate::getCountryName(FieldType type) const
+{
+ return getField(type, NID_countryName);
+}
+
+DPL::OptionalString Certificate::getStateOrProvinceName(FieldType type) const
+{
+ return getField(type, NID_stateOrProvinceName);
+}
+
+DPL::OptionalString Certificate::getLocalityName(FieldType type) const
+{
+ return getField(type, NID_localityName);
+}
+
+DPL::OptionalString Certificate::getOrganizationName(FieldType type) const
+{
+ return getField(type, NID_organizationName);
+}
+
+DPL::OptionalString Certificate::getOrganizationalUnitName(FieldType type) const
+{
+ return getField(type, NID_organizationalUnitName);
+}
+
+DPL::OptionalString Certificate::getOCSPURL() const
+{
+ // TODO verify this code
+ DPL::OptionalString retValue;
+ AUTHORITY_INFO_ACCESS *aia = static_cast<AUTHORITY_INFO_ACCESS*>(
+ X509_get_ext_d2i(m_x509,
+ NID_info_access,
+ NULL,
+ NULL));
+
+ // no AIA extension in the cert
+ if (NULL == aia) {
+ return retValue;
+ }
+
+ int count = sk_ACCESS_DESCRIPTION_num(aia);
+
+ for (int i = 0; i < count; ++i) {
+ ACCESS_DESCRIPTION* ad = sk_ACCESS_DESCRIPTION_value(aia, i);
+
+ if (OBJ_obj2nid(ad->method) == NID_ad_OCSP &&
+ ad->location->type == GEN_URI)
+ {
+ void* data = ASN1_STRING_data(ad->location->d.ia5);
+ retValue = DPL::OptionalString(DPL::FromUTF8String(
+ static_cast<char*>(data)));
+
+ break;
+ }
+ }
+ sk_ACCESS_DESCRIPTION_free(aia);
+ return retValue;
+}
+
+Certificate::AltNameSet Certificate::getAlternativeNameDNS() const
+{
+ AltNameSet set;
+
+ GENERAL_NAME *namePart = NULL;
+
+ STACK_OF(GENERAL_NAME)* san =
+ static_cast<STACK_OF(GENERAL_NAME)*>(
+ X509_get_ext_d2i(m_x509,NID_subject_alt_name,NULL,NULL));
+
+ while (sk_GENERAL_NAME_num(san) > 0) {
+ namePart = sk_GENERAL_NAME_pop(san);
+ if (GEN_DNS == namePart->type) {
+ std::string temp =
+ reinterpret_cast<char*>(ASN1_STRING_data(namePart->d.dNSName));
+ DPL::String altDNSName = DPL::FromASCIIString(temp);
+ set.insert(altDNSName);
+ LogDebug("FOUND GEN_DNS: " << temp);
+ } else {
+ LogDebug("FOUND GEN TYPE ID: " << namePart->type);
+ }
+ }
+ return set;
+}
+
+time_t Certificate::getNotAfter() const
+{
+ ASN1_TIME *time = X509_get_notAfter(m_x509);
+ if (!time) {
+ LogError("Reading Not After error.");
+ ThrowMsg(Exception::OpensslInternalError, "Reading Not After error.");
+ }
+ time_t output;
+ if (asn1TimeToTimeT(time, &output)) {
+ LogError("Converting ASN1_time to time_t error.");
+ ThrowMsg(Exception::OpensslInternalError,
+ "Converting ASN1_time to time_t error.");
+ }
+ return output;
+}
+
+time_t Certificate::getNotBefore() const
+{
+ ASN1_TIME *time = X509_get_notBefore(m_x509);
+ if (!time) {
+ LogError("Reading Not Before error.");
+ ThrowMsg(Exception::OpensslInternalError, "Reading Not Before error.");
+ }
+ time_t output;
+ if (asn1TimeToTimeT(time, &output)) {
+ LogError("Converting ASN1_time to time_t error.");
+ ThrowMsg(Exception::OpensslInternalError,
+ "Converting ASN1_time to time_t error.");
+ }
+ return output;
+}
+
+bool Certificate::isRootCert()
+{
+ // based on that root certificate has the same subject as issuer name
+ return isSignedBy(this->SharedFromThis());
+}
+
+std::list<std::string>
+Certificate::getCrlUris() const
+{
+ std::list<std::string> result;
+
+ STACK_OF(DIST_POINT)* distPoints =
+ static_cast<STACK_OF(DIST_POINT)*>(
+ X509_get_ext_d2i(
+ getX509(),
+ NID_crl_distribution_points,
+ NULL,
+ NULL));
+ if (!distPoints) {
+ LogDebug("No distribution points in certificate.");
+ return result;
+ }
+
+ int count = sk_DIST_POINT_num(distPoints);
+ for (int i = 0; i < count; ++i) {
+ DIST_POINT* point = sk_DIST_POINT_value(distPoints, i);
+ if (!point) {
+ LogError("Failed to get distribution point.");
+ continue;
+ }
+ if (point->distpoint != NULL &&
+ point->distpoint->name.fullname != NULL)
+ {
+ int countName =
+ sk_GENERAL_NAME_num(point->distpoint->name.fullname);
+ for (int j = 0; j < countName; ++j) {
+ GENERAL_NAME* name = sk_GENERAL_NAME_value(
+ point->distpoint->name.fullname, j);
+ if (name != NULL && GEN_URI == name->type) {
+ char *crlUri =
+ reinterpret_cast<char*>(name->d.ia5->data);
+ if (!crlUri) {
+ LogError("Failed to get URI.");
+ continue;
+ }
+ result.push_back(crlUri);
+ }
+ }
+ }
+ }
+ sk_DIST_POINT_pop_free(distPoints, DIST_POINT_free);
+ return result;
+}
+
+long Certificate::getVersion() const
+{
+ return X509_get_version(m_x509);
+}
+
+DPL::String Certificate::getSerialNumberString() const
+{
+ ASN1_INTEGER *ai = X509_get_serialNumber(m_x509);
+ if (NULL == ai) {
+ LogError("Error in X509_get_serialNumber");
+ ThrowMsg(Exception::OpensslInternalError,
+ "Error in X509_get_serialNumber");
+ }
+ std::stringstream stream;
+ stream << std::hex << std::setfill('0');
+ if (ai->type == V_ASN1_NEG_INTEGER) {
+ stream << "(Negetive) ";
+ }
+ for (int i=0; i<ai->length; ++i) {
+ stream << std::setw(2) << (int)ai->data[i] << ":";
+ }
+ std::string data = stream.str();
+ if (!data.empty()) {
+ data.erase(--data.end());
+ }
+ return DPL::FromUTF8String(data);
+}
+
+DPL::String Certificate::getKeyUsageString() const
+{
+ // Extensions were defined in RFC 3280
+ const char *usage[] = {
+ "digitalSignature",
+ "nonRepudiation",
+ "keyEncipherment",
+ "dataEncipherment",
+ "keyAgreement",
+ "keyCertSign",
+ "cRLSign",
+ "encipherOnly",
+ "decipherOnly"
+ };
+ int crit = -1;
+ int idx = -1;
+ ASN1_BIT_STRING *keyUsage = (ASN1_BIT_STRING*)
+ X509_get_ext_d2i(m_x509, NID_key_usage, &crit, &idx);
+
+ std::stringstream stream;
+ for(int i=0; i<9; ++i) {
+ if (ASN1_BIT_STRING_get_bit(keyUsage, i)) {
+ stream << usage[i] << ",";
+ }
+ }
+ std::string result = stream.str();
+ if (!result.empty()) {
+ result.erase(--result.end());
+ }
+ return DPL::FromUTF8String(result);
+}
+
+DPL::String Certificate::getSignatureAlgorithmString() const
+{
+ std::unique_ptr<BIO, std::function<int(BIO*)>>
+ b(BIO_new(BIO_s_mem()),BIO_free);
+
+ if (b.get() == NULL) {
+ LogError("Error in BIO_new");
+ ThrowMsg(Exception::OpensslInternalError,
+ "Error in BIO_new");
+ }
+ if (i2a_ASN1_OBJECT(b.get(), m_x509->cert_info->signature->algorithm) < 0) {
+ LogError("Error in i2a_ASN1_OBJECT");
+ ThrowMsg(Exception::OpensslInternalError,
+ "Error in i2a_ASN1_OBJECT");
+ }
+ BUF_MEM *bptr = 0;
+ BIO_get_mem_ptr(b.get(), &bptr);
+ if (bptr == 0) {
+ LogError("Error in BIO_get_mem_ptr");
+ ThrowMsg(Exception::OpensslInternalError,
+ "Error in BIO_get_mem_ptr");
+ }
+ std::string result(bptr->data, bptr->length);
+ return DPL::FromUTF8String(result);
+}
+
+DPL::String Certificate::getPublicKeyString() const
+{
+ std::unique_ptr<BIO, std::function<int(BIO*)>>
+ b(BIO_new(BIO_s_mem()),BIO_free);
+
+ if (b.get() == NULL) {
+ LogError("Error in BIO_new");
+ ThrowMsg(Exception::OpensslInternalError,
+ "Error in BIO_new");
+ }
+ EVP_PKEY *pkey = X509_get_pubkey(m_x509);
+ if (pkey == NULL) {
+ LogError("Error in X509_get_pubkey");
+ ThrowMsg(Exception::OpensslInternalError,
+ "Error in X509_get_pubkey");
+ }
+ EVP_PKEY_print_public(b.get(), pkey, 16, NULL);
+ EVP_PKEY_free(pkey);
+
+ BUF_MEM *bptr = 0;
+ BIO_get_mem_ptr(b.get(), &bptr);
+ if (bptr == 0) {
+ LogError("Error in BIO_get_mem_ptr");
+ ThrowMsg(Exception::OpensslInternalError,
+ "Error in BIO_get_mem_ptr");
+ }
+ std::string result(bptr->data, bptr->length);
+ return DPL::FromUTF8String(result);
+}
+
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file Certificate.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.1
+ * @brief
+ */
+#ifndef _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTIFICATE_H_
+#define _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTIFICATE_H_
+
+#include <list>
+#include <set>
+#include <string>
+#include <vector>
+#include <ctime>
+
+#include <openssl/x509.h>
+
+#include <dpl/exception.h>
+#include <dpl/noncopyable.h>
+#include <dpl/shared_ptr.h>
+#include <dpl/enable_shared_from_this.h>
+#include <dpl/optional.h>
+#include <dpl/optional_typedefs.h>
+#include <dpl/string.h>
+
+#include <cert-service.h>
+
+namespace ValidationCore {
+
+// from OpenSSL asn1/a_utctm.c code
+int asn1TimeToTimeT(ASN1_TIME *t,
+ time_t *res);
+
+
+int asn1GeneralizedTimeToTimeT(ASN1_GENERALIZEDTIME *tm,
+ time_t *res);
+
+class Certificate;
+
+typedef DPL::SharedPtr<Certificate> CertificatePtr;
+typedef std::list<CertificatePtr> CertificateList;
+
+class Certificate : public DPL::EnableSharedFromThis<Certificate>
+{
+ public:
+ typedef std::vector<unsigned char> Fingerprint;
+ typedef DPL::String AltName;
+ typedef std::set<AltName> AltNameSet;
+
+ enum FingerprintType
+ {
+ FINGERPRINT_MD5,
+ FINGERPRINT_SHA1
+ };
+ enum FieldType
+ {
+ FIELD_ISSUER,
+ FIELD_SUBJECT
+ };
+
+ enum FormType
+ {
+ FORM_DER,
+ FORM_BASE64
+ };
+
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, OpensslInternalError)
+ };
+
+ explicit Certificate(X509 *cert);
+
+ explicit Certificate(cert_svc_mem_buff &buffer);
+
+ explicit Certificate(const std::string &der,
+ FormType form = FORM_DER);
+
+ ~Certificate();
+
+ // It returns pointer to internal structure!
+ // Do not free this pointer!
+ X509 *getX509(void) const;
+
+ std::string getDER(void) const;
+
+ std::string getBase64(void) const;
+
+ // This const is cheating here because you have no
+ // guarantee that X509_get_subject_name will not
+ // change X509 object.
+ bool isSignedBy(const CertificatePtr &parent) const;
+
+ Fingerprint getFingerprint(FingerprintType type) const;
+
+ // getName uses deprecated functions. Usage is strongly discouraged.
+ DPL::String getOneLine(FieldType type = FIELD_SUBJECT) const;
+ DPL::OptionalString getCommonName(FieldType type = FIELD_SUBJECT) const;
+ DPL::OptionalString getCountryName(FieldType type = FIELD_SUBJECT) const;
+ DPL::OptionalString getStateOrProvinceName(
+ FieldType type = FIELD_SUBJECT) const;
+ DPL::OptionalString getLocalityName(FieldType type = FIELD_SUBJECT) const;
+ DPL::OptionalString getOrganizationName(
+ FieldType type = FIELD_SUBJECT) const;
+ DPL::OptionalString getOrganizationalUnitName(
+ FieldType type = FIELD_SUBJECT) const;
+ DPL::OptionalString getOCSPURL() const;
+
+ // Openssl supports 9 types of alternative name filed.
+ // 4 of them are "string similar" types so it is possible
+ // to create more generic function.
+ AltNameSet getAlternativeNameDNS() const;
+
+ time_t getNotAfter() const;
+
+ time_t getNotBefore() const;
+
+ /**
+ * @brief This is convenient function.
+ *
+ * @details It can't be const function (however it doesn't change internal
+ * object). For details see #isSignedBy() function description.
+ */
+ bool isRootCert();
+
+ /**
+ * @brief Gets list of CRL distribution's points URIs
+ */
+ std::list<std::string> getCrlUris() const;
+
+ long getVersion() const;
+
+ DPL::String getSerialNumberString() const;
+
+ DPL::String getKeyUsageString() const;
+
+ DPL::String getSignatureAlgorithmString() const;
+
+ DPL::String getPublicKeyString() const;
+
+ protected:
+ X509_NAME *getX509Name(FieldType type) const;
+
+ DPL::OptionalString getField(FieldType type,
+ int fieldNid) const;
+
+ X509 *m_x509;
+};
+} // namespace ValidationCore
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file CertificateCacheDAO.cpp
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 0.1
+ * @brief CertificateCacheDAO implementation
+ */
+
+#include "CertificateCacheDAO.h"
+#include "VCorePrivate.h"
+
+#include <dpl/foreach.h>
+#include <dpl/log/log.h>
+#include <dpl/db/orm.h>
+#include <orm_generator_vcore.h>
+#include <vcore/Database.h>
+
+using namespace DPL::DB::ORM;
+using namespace DPL::DB::ORM::vcore;
+
+namespace ValidationCore {
+
+void CertificateCacheDAO::setOCSPStatus(const std::string& cert_chain,
+ VerificationStatus ocsp_status,
+ bool end_entity_check,
+ time_t next_update_time)
+{
+ Try {
+ ScopedTransaction transaction(&ThreadInterface());
+ OCSPCachedStatus status;
+ status.cert_chain = cert_chain;
+ status.end_entity_check = end_entity_check;
+ if (getOCSPStatus(&status)) {
+ // only need to update data in DB
+ Equals<OCSPResponseStorage::cert_chain> e1(
+ DPL::FromUTF8String(cert_chain));
+ Equals<OCSPResponseStorage::end_entity_check> e2(
+ end_entity_check ? 1 : 0);
+
+ OCSPResponseStorage::Row row;
+
+ row.Set_ocsp_status(ocsp_status);
+ row.Set_next_update_time(next_update_time);
+
+ VCORE_DB_UPDATE(update, OCSPResponseStorage, &ThreadInterface())
+ update->Where(And(e1,e2));
+ update->Values(row);
+ update->Execute();
+ } else {
+ // need to insert data
+ OCSPResponseStorage::Row row;
+
+ row.Set_cert_chain(DPL::FromUTF8String(cert_chain));
+ row.Set_ocsp_status(ocsp_status);
+ row.Set_next_update_time(next_update_time);
+ row.Set_end_entity_check(end_entity_check ? 1 : 0);
+
+ VCORE_DB_INSERT(insert, OCSPResponseStorage, &ThreadInterface())
+ insert->Values(row);
+ insert->Execute();
+ }
+ transaction.Commit();
+ } Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to setOCSPStatus");
+ }
+}
+
+bool CertificateCacheDAO::getOCSPStatus(OCSPCachedStatus* cached_status)
+{
+ if (NULL == cached_status) {
+ LogError("NULL pointer");
+ return false;
+ }
+ Try {
+ Equals<OCSPResponseStorage::cert_chain> e1(
+ DPL::FromUTF8String(cached_status->cert_chain));
+ Equals<OCSPResponseStorage::end_entity_check> e2(
+ cached_status->end_entity_check ? 1 : 0);
+
+ VCORE_DB_SELECT(select, OCSPResponseStorage, &ThreadInterface())
+
+ select->Where(And(e1,e2));
+ std::list<OCSPResponseStorage::Row> rows = select->GetRowList();
+ if (1 == rows.size()) {
+ OCSPResponseStorage::Row row = rows.front();
+ cached_status->ocsp_status = intToVerificationStatus(
+ *(row.Get_ocsp_status()));
+ cached_status->next_update_time = *(row.Get_next_update_time());
+ return true;
+ }
+
+ LogDebug("Cached OCSP status not found");
+ return false;
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to getOCSPStatus");
+ }
+}
+
+void CertificateCacheDAO::getOCSPStatusList(
+ OCSPCachedStatusList* cached_status_list)
+{
+ if (NULL == cached_status_list) {
+ LogError("NULL pointer");
+ return;
+ }
+ Try {
+ VCORE_DB_SELECT(select, OCSPResponseStorage, &ThreadInterface())
+ typedef std::list<OCSPResponseStorage::Row> RowList;
+ RowList list = select->GetRowList();
+
+ FOREACH(i, list) {
+ OCSPCachedStatus status;
+ status.cert_chain = DPL::ToUTF8String(i->Get_cert_chain());
+ status.ocsp_status = intToVerificationStatus(
+ *(i->Get_ocsp_status()));
+ status.end_entity_check =
+ *(i->Get_end_entity_check()) == 1 ? true : false;
+ status.next_update_time = *(i->Get_next_update_time());
+ cached_status_list->push_back(status);
+ }
+
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to getOCSPStatusList");
+ }
+}
+
+
+void CertificateCacheDAO::setCRLResponse(const std::string& distribution_point,
+ const std::string& crl_body,
+ time_t next_update_time)
+{
+ Try {
+ ScopedTransaction transaction(&ThreadInterface());
+ CRLCachedData data;
+ data.distribution_point = distribution_point;
+ if (getCRLResponse(&data)) {
+ // only need to update data in DB
+ VCORE_DB_UPDATE(update, CRLResponseStorage, &ThreadInterface())
+ Equals<CRLResponseStorage::distribution_point> e1(
+ DPL::FromUTF8String(distribution_point));
+ CRLResponseStorage::Row row;
+
+ update->Where(e1);
+ row.Set_crl_body(DPL::FromUTF8String(crl_body));
+ row.Set_next_update_time(next_update_time);
+ update->Values(row);
+ update->Execute();
+ } else {
+ // need to insert data
+ VCORE_DB_INSERT(insert, CRLResponseStorage, &ThreadInterface())
+ CRLResponseStorage::Row row;
+
+ row.Set_distribution_point(DPL::FromUTF8String(distribution_point));
+ row.Set_crl_body(DPL::FromUTF8String(crl_body));
+ row.Set_next_update_time(next_update_time);
+ insert->Values(row);
+ insert->Execute();
+ }
+ transaction.Commit();
+ } Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to setOCSPStatus");
+ }
+}
+
+bool CertificateCacheDAO::getCRLResponse(CRLCachedData* cached_data)
+{
+ if (NULL == cached_data) {
+ LogError("NULL pointer");
+ return false;
+ }
+ Try {
+ VCORE_DB_SELECT(select, CRLResponseStorage, &ThreadInterface())
+ Equals<CRLResponseStorage::distribution_point> e1(
+ DPL::FromUTF8String(cached_data->distribution_point));
+
+ select->Where(e1);
+ std::list<CRLResponseStorage::Row> rows = select->GetRowList();
+ if (1 == rows.size()) {
+ CRLResponseStorage::Row row = rows.front();
+ cached_data->crl_body = DPL::ToUTF8String(row.Get_crl_body());
+ cached_data->next_update_time = *(row.Get_next_update_time());
+ return true;
+ }
+
+ LogDebug("Cached CRL not found");
+ return false;
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to getCRLResponse");
+ }
+}
+
+void CertificateCacheDAO::getCRLResponseList(
+ CRLCachedDataList* cached_data_list)
+{
+ if (NULL == cached_data_list) {
+ LogError("NULL pointer");
+ return;
+ }
+ Try {
+ VCORE_DB_SELECT(select, CRLResponseStorage, &ThreadInterface())
+ typedef std::list<CRLResponseStorage::Row> RowList;
+ RowList list = select->GetRowList();
+
+ FOREACH(i, list) {
+ CRLCachedData response;
+ response.distribution_point = DPL::ToUTF8String(
+ i->Get_distribution_point());
+ response.crl_body = DPL::ToUTF8String(i->Get_crl_body());
+ response.next_update_time = *(i->Get_next_update_time());
+ cached_data_list->push_back(response);
+ }
+
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to getCRLResponses");
+ }
+}
+
+void CertificateCacheDAO::clearCertificateCache()
+{
+ Try {
+ ScopedTransaction transaction(&ThreadInterface());
+ VCORE_DB_DELETE(del1, OCSPResponseStorage, &ThreadInterface())
+ del1->Execute();
+ VCORE_DB_DELETE(del2, CRLResponseStorage, &ThreadInterface())
+ del2->Execute();
+ transaction.Commit();
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to clearUserSettings");
+ }
+}
+
+VerificationStatus CertificateCacheDAO::intToVerificationStatus(int p)
+{
+ switch (p) {
+ case 1:
+ return VERIFICATION_STATUS_GOOD;
+ case 1 << 1:
+ return VERIFICATION_STATUS_REVOKED;
+ case 1 << 2:
+ return VERIFICATION_STATUS_UNKNOWN;
+ case 1 << 3:
+ return VERIFICATION_STATUS_VERIFICATION_ERROR;
+ case 1 << 4:
+ return VERIFICATION_STATUS_NOT_SUPPORT;
+ case 1 << 5:
+ return VERIFICATION_STATUS_CONNECTION_FAILED;
+ case 1 << 6:
+ return VERIFICATION_STATUS_ERROR;
+ default:
+ return VERIFICATION_STATUS_ERROR;
+ }
+}
+
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file CertificateCacheDAO.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 0.1
+ * @brief Header file for class managing CRL and OCSP cached responses
+ */
+
+#ifndef _WRT_SRC_CONFIGURATION_CERTIFICATE_CACHE_DAO_H_
+#define _WRT_SRC_CONFIGURATION_CERTIFICATE_CACHE_DAO_H_
+
+#include <string>
+#include <list>
+
+#include <dpl/exception.h>
+
+#include "VerificationStatus.h"
+#include "CRLCacheInterface.h"
+
+namespace ValidationCore {
+
+struct OCSPCachedStatus
+{
+ std::string cert_chain;
+ VerificationStatus ocsp_status;
+ bool end_entity_check;
+ time_t next_update_time;
+};
+
+typedef std::list<OCSPCachedStatus> OCSPCachedStatusList;
+
+typedef std::list<CRLCachedData> CRLCachedDataList;
+
+class CertificateCacheDAO {
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, DatabaseError)
+ };
+
+ // OCSP statuses
+
+ static void setOCSPStatus(const std::string& cert_chain,
+ VerificationStatus ocsp_status,
+ bool end_entity_check,
+ time_t next_update_time);
+
+ /*
+ * fill cert_chain and end_entity_check in cached_status
+ * returns true iff cached status found without errors
+ */
+ static bool getOCSPStatus(OCSPCachedStatus* cached_status);
+ static void getOCSPStatusList(OCSPCachedStatusList* cached_status_list);
+
+ // CRL responses
+
+ static void setCRLResponse(const std::string& distribution_point,
+ const std::string& crl_body,
+ time_t next_update_time);
+ static void setCRLResponse(CRLCachedData *ptr) {
+ setCRLResponse(
+ ptr->distribution_point,
+ ptr->crl_body,
+ ptr->next_update_time);
+ }
+ /*
+ * fill distribution_point
+ * returns true iff cached list for dist. point found without errors
+ */
+ static bool getCRLResponse(CRLCachedData* cached_data);
+ static void getCRLResponseList(CRLCachedDataList* cached_data_list);
+
+
+ // clears CRL and OCSP cached data
+ static void clearCertificateCache();
+
+ private:
+
+ static VerificationStatus intToVerificationStatus(int p);
+
+ CertificateCacheDAO()
+ {
+ }
+};
+
+} // namespace ValidationCore
+
+#endif /* _WRT_SRC_CONFIGURATION_CERTIFICATE_CACHE_DAO_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <vcore/CertificateCollection.h>
+
+#include <algorithm>
+
+#include <dpl/binary_queue.h>
+#include <dpl/foreach.h>
+#include <dpl/log/log.h>
+
+#include <vcore/Base64.h>
+
+namespace {
+using namespace ValidationCore;
+
+inline std::string toBinaryString(int data)
+{
+ char buffer[sizeof(int)];
+ memcpy(buffer, &data, sizeof(int));
+ return std::string(buffer, buffer + sizeof(int));
+}
+} // namespace
+
+namespace ValidationCore {
+CertificateCollection::CertificateCollection() :
+ m_collectionStatus(COLLECTION_UNSORTED)
+{
+}
+
+void CertificateCollection::clear(void)
+{
+ m_collectionStatus = COLLECTION_UNSORTED;
+ m_certList.clear();
+}
+
+void CertificateCollection::load(const CertificateList &certList)
+{
+ m_collectionStatus = COLLECTION_UNSORTED;
+ std::copy(certList.begin(),
+ certList.end(),
+ std::back_inserter(m_certList));
+}
+
+bool CertificateCollection::load(const std::string &buffer)
+{
+ Base64Decoder base64;
+ base64.reset();
+ base64.append(buffer);
+ if (!base64.finalize()) {
+ LogWarning("Error during chain decoding");
+ return false;
+ }
+ std::string binaryData = base64.get();
+
+ DPL::BinaryQueue queue;
+ queue.AppendCopy(binaryData.c_str(), binaryData.size());
+
+ int certNum;
+ queue.FlattenConsume(&certNum, sizeof(int));
+
+ CertificateList list;
+
+ for (int i = 0; i < certNum; ++i) {
+ int certSize;
+ queue.FlattenConsume(&certSize, sizeof(int));
+ std::vector<char> rawDERCert;
+ rawDERCert.resize(certSize);
+ queue.FlattenConsume(&rawDERCert[0], certSize);
+ Try {
+ list.push_back(CertificatePtr(
+ new Certificate(std::string(rawDERCert.begin(),
+ rawDERCert.end()))));
+ } Catch(Certificate::Exception::Base) {
+ LogWarning("Error during certificate creation.");
+ return false;
+ }
+ LogDebug("Loading certificate. Certificate common name: " <<
+ list.back()->getCommonName());
+ }
+ load(list);
+ return true;
+}
+
+std::string CertificateCollection::toBase64String() const
+{
+ std::ostringstream output;
+ int certNum = m_certList.size();
+ output << toBinaryString(certNum);
+ FOREACH(i, m_certList){
+ std::string derCert = (*i)->getDER();
+ output << toBinaryString(derCert.size());
+ output << derCert;
+ }
+ Base64Encoder base64;
+ base64.reset();
+ base64.append(output.str());
+ base64.finalize();
+ return base64.get();
+}
+
+CertificateList CertificateCollection::getCertificateList() const
+{
+ return m_certList;
+}
+
+bool CertificateCollection::isChain() const
+{
+ if (COLLECTION_SORTED != m_collectionStatus) {
+ LogError("You must sort certificates first");
+ ThrowMsg(Exception::WrongUsage,
+ "You must sort certificates first");
+ }
+ return (COLLECTION_SORTED == m_collectionStatus) ? true : false;
+}
+
+bool CertificateCollection::sort()
+{
+ if (COLLECTION_UNSORTED == m_collectionStatus) {
+ sortCollection();
+ }
+ return (COLLECTION_SORTED == m_collectionStatus) ? true : false;
+}
+
+CertificateList CertificateCollection::getChain() const
+{
+ if (COLLECTION_SORTED != m_collectionStatus) {
+ LogError("You must sort certificates first");
+ ThrowMsg(Exception::WrongUsage,
+ "You must sort certificates first");
+ }
+ return m_certList;
+}
+
+void CertificateCollection::sortCollection()
+{
+ // sorting is not necessary
+ if (m_certList.empty()) {
+ m_collectionStatus = COLLECTION_SORTED;
+ return;
+ }
+
+ CertificateList sorted;
+ std::map<std::string, CertificatePtr> subTransl;
+ std::map<std::string, CertificatePtr> issTransl;
+
+ // Sort all certificate by subject
+ for (auto it = m_certList.begin(); it != m_certList.end(); ++it) {
+ subTransl.insert(std::make_pair(DPL::ToUTF8String((*it)->getOneLine()),(*it)));
+ }
+ // We need one start certificate
+ sorted.push_back(subTransl.begin()->second);
+ subTransl.erase(subTransl.begin());
+
+ // Get the issuer from front certificate and find certificate with this subject in subTransl.
+ // Add this certificate to the front.
+ while (!subTransl.empty()) {
+ std::string issuer = DPL::ToUTF8String(sorted.back()->getOneLine(Certificate::FIELD_ISSUER));
+ auto it = subTransl.find(issuer);
+ if (it == subTransl.end()) {
+ break;
+ }
+ sorted.push_back(it->second);
+ subTransl.erase(it);
+ }
+
+ // Sort all certificates by issuer
+ for (auto it = subTransl.begin(); it != subTransl.end(); ++it) {
+ issTransl.insert(std::make_pair(DPL::ToUTF8String((it->second->getOneLine(Certificate::FIELD_ISSUER))),it->second));
+ }
+
+ // Get the subject from last certificate and find certificate with such issuer in issTransl.
+ // Add this certificate at end.
+ while (!issTransl.empty()) {
+ std::string sub = DPL::ToUTF8String(sorted.front()->getOneLine());
+ auto it = issTransl.find(sub);
+ if (it == issTransl.end()) {
+ break;
+ }
+ sorted.push_front(it->second);
+ issTransl.erase(it);
+ }
+
+ if (!issTransl.empty()) {
+ LogWarning("Certificates don't form a valid chain.");
+ m_collectionStatus = COLLECTION_CHAIN_BROKEN;
+ return;
+ }
+
+ m_collectionStatus = COLLECTION_SORTED;
+ m_certList = sorted;
+}
+
+} // namespace ValidationCore
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _WRT_ENGINE_SRC_VALIDATION_CORE_CERTIFICATECOLLECTION_H_
+#define _WRT_ENGINE_SRC_VALIDATION_CORE_CERTIFICATECOLLECTION_H_
+
+#include <list>
+#include <string>
+
+#include <dpl/exception.h>
+
+#include <vcore/Certificate.h>
+
+namespace ValidationCore {
+/*
+ * This class is used to store Certificate Chain.
+ * It could serialize chain to std::string in base64 form.
+ * It could read chain written in base64 form.
+ * It could check if collection creates certificate chain.
+ */
+
+class CertificateCollection
+{
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, WrongUsage)
+ };
+
+ CertificateCollection();
+
+ typedef CertificateList::const_iterator const_iterator;
+
+ /*
+ * Remove all certificates from collection.
+ */
+ void clear();
+
+ /*
+ * In current implemenation this function MUST success.
+ *
+ * This function will add new certificate to collection.
+ * This function DOES NOT clean collection.
+ */
+ void load(const CertificateList &certList);
+
+ /*
+ * This function will return false if base64 string is broken
+ * (is not encoded in base64 format) or one from certificate
+ * is broken (is not encoded in der format).
+ *
+ * This function will add new certificate to collection.
+ * This function DOES NOT clean collection.
+ */
+ bool load(const std::string &base64);
+
+ /*
+ * This function will return all certificates from
+ * collection encoded in base64 format.
+ */
+ std::string toBase64String() const;
+
+ /*
+ * This will return all certificate from collection.
+ */
+ CertificateList getCertificateList() const;
+
+ /*
+ * This function will return true if certificates
+ * in in this structure were sorted and create
+ * certificate chain.
+
+ * Note: You MUST sort certificates first.
+ */
+ bool isChain() const;
+
+ /*
+ * This function will return true if all certificate are
+ * able to create certificate chain.
+ *
+ * This function will sort certificates if collection
+ * is not sorted.
+ *
+ * Note: This function will make all iterators invalid.
+ */
+ bool sort();
+
+ /*
+ * This function will return Certificate chain.
+ *
+ * First certificate on the list is EndEntity certificate.
+ *
+ * Last certificate on the list is RootCA certificate or
+ * CA certificate if RootCA is not present.
+ *
+ * Note: You MUST sort certificates first and
+ * check if certificates creates proper chain.
+ */
+ CertificateList getChain() const;
+
+ /*
+ * It returns size of certificate collection.
+ */
+ inline size_t size() const
+ {
+ return m_certList.size();
+ }
+
+ /*
+ * Return true if collection is empty.
+ */
+ inline bool empty() const
+ {
+ return m_certList.empty();
+ }
+
+ /*
+ * This will return end iterator to internal collection.
+ *
+ * Note: this iterator will lose validity if you call non const
+ * method on CertificateCollection class.
+ */
+ inline const_iterator begin() const
+ {
+ return m_certList.begin();
+ }
+
+ /*
+ * This will return end iterator to internal collection.
+ *
+ * Note: this iterator will lose validity if you call non const
+ * method on CertificateCollection class.
+ */
+ inline const_iterator end() const
+ {
+ return m_certList.end();
+ }
+
+ /*
+ * This function will return the last certificate from collection.
+ *
+ * Note: There is no point to call this function if certificate
+ * collection is not sorted!
+ */
+ inline CertificatePtr back() const
+ {
+ return m_certList.back();
+ }
+
+ protected:
+ void sortCollection(void);
+
+ enum CollectionStatus
+ {
+ // Certificate collection are not sorted in any way
+ COLLECTION_UNSORTED,
+ // Certificate collection creates certificate chain
+ COLLECTION_SORTED,
+ // Cerfificate collection is not able to create certificate chain
+ COLLECTION_CHAIN_BROKEN,
+ };
+
+ CollectionStatus m_collectionStatus;
+ CertificateList m_certList;
+};
+
+typedef std::list<CertificateCollection> CertificateCollectionList;
+} // namespace ValidationCore
+
+#endif // _WRT_ENGINE_SRC_VALIDATION_CORE_CERTIFICATECHAIN_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#include "CertificateConfigReader.h"
+
+#include <cstdlib>
+
+#include <dpl/assert.h>
+
+namespace {
+const std::string XML_EMPTY_NAMESPACE = "";
+
+const std::string TOKEN_CERTIFICATE_SET = "CertificateSet";
+const std::string TOKEN_CERTIFICATE_DOMAIN = "CertificateDomain";
+const std::string TOKEN_FINGERPRINT_SHA1 = "FingerprintSHA1";
+
+const std::string TOKEN_ATTR_NAME = "name";
+const std::string TOKEN_VALUE_WAC_ROOT = "wacroot";
+const std::string TOKEN_VALUE_WAC_PUBLISHER = "wacpublisher";
+const std::string TOKEN_VALUE_WAC_MEMBER = "wacmember";
+const std::string TOKEN_VALUE_DEVELOPER = "developer";
+
+int hexCharToInt(char c)
+{
+ if (c >= 'a' && c <= 'f') {
+ return 10 + static_cast<int>(c) - 'a';
+ }
+ if (c >= 'A' && c <= 'F') {
+ return 10 + static_cast<int>(c) - 'A';
+ }
+ if (c >= '0' && c <= '9') {
+ return static_cast<int>(c) - '0';
+ }
+ return c;
+}
+} // anonymous namespace
+
+namespace ValidationCore {
+CertificateConfigReader::CertificateConfigReader() :
+ m_certificateDomain(0),
+ m_parserSchema(this)
+{
+ m_parserSchema.addBeginTagCallback(
+ TOKEN_CERTIFICATE_SET,
+ XML_EMPTY_NAMESPACE,
+ &CertificateConfigReader::blankFunction);
+
+ m_parserSchema.addBeginTagCallback(
+ TOKEN_CERTIFICATE_DOMAIN,
+ XML_EMPTY_NAMESPACE,
+ &CertificateConfigReader::tokenCertificateDomain);
+
+ m_parserSchema.addBeginTagCallback(
+ TOKEN_FINGERPRINT_SHA1,
+ XML_EMPTY_NAMESPACE,
+ &CertificateConfigReader::blankFunction);
+
+ m_parserSchema.addEndTagCallback(
+ TOKEN_CERTIFICATE_SET,
+ XML_EMPTY_NAMESPACE,
+ &CertificateConfigReader::blankFunction);
+
+ m_parserSchema.addEndTagCallback(
+ TOKEN_CERTIFICATE_DOMAIN,
+ XML_EMPTY_NAMESPACE,
+ &CertificateConfigReader::blankFunction);
+
+ m_parserSchema.addEndTagCallback(
+ TOKEN_FINGERPRINT_SHA1,
+ XML_EMPTY_NAMESPACE,
+ &CertificateConfigReader::tokenEndFingerprintSHA1);
+}
+
+void CertificateConfigReader::tokenCertificateDomain(CertificateIdentifier &)
+{
+ std::string name = m_parserSchema.getReader().
+ attribute(TOKEN_ATTR_NAME, SaxReader::THROW_DISABLE);
+
+ if (name.empty()) {
+ LogWarning("Invalid fingerprint file. Domain name is mandatory");
+ ThrowMsg(Exception::InvalidFile,
+ "Invalid fingerprint file. Domain name is mandatory");
+ } else if (name == TOKEN_VALUE_DEVELOPER) {
+ m_certificateDomain = CertStoreId::DEVELOPER;
+ } else if (name == TOKEN_VALUE_WAC_ROOT) {
+ m_certificateDomain = CertStoreId::WAC_ROOT;
+ } else if (name == TOKEN_VALUE_WAC_PUBLISHER) {
+ m_certificateDomain = CertStoreId::WAC_PUBLISHER;
+ } else if (name == TOKEN_VALUE_WAC_MEMBER) {
+ m_certificateDomain = CertStoreId::WAC_MEMBER;
+ }
+}
+
+void CertificateConfigReader::tokenEndFingerprintSHA1(
+ CertificateIdentifier &identificator)
+{
+ std::string text = m_parserSchema.getText();
+ text += ":"; // add guard at the end of fingerprint
+ Certificate::Fingerprint fingerprint;
+ int s = 0;
+ int byteDescLen = 0;
+ for (size_t i = 0; i < text.size(); ++i) {
+ if (isxdigit(text[i])) {
+ s <<= 4;
+ s += hexCharToInt(text[i]);
+ byteDescLen++;
+ if (byteDescLen > 2) {
+ Assert(0 && "Unsupported fingerprint format in xml file.");
+ }
+ } else if (text[i] == ':') {
+ fingerprint.push_back(static_cast<unsigned char>(s));
+ s = 0;
+ byteDescLen = 0;
+ } else {
+ Assert(0 && "Unussported fingerprint format in xml file.");
+ }
+ }
+ identificator.add(fingerprint, m_certificateDomain);
+}
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#ifndef \
+ _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTIFICATE_CONFIG_READER_H_
+#define \
+ _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTIFICATE_CONFIG_READER_H_
+
+#include <string>
+#include <dpl/exception.h>
+
+#include "CertificateIdentifier.h"
+#include "CertStoreType.h"
+#include "ParserSchema.h"
+
+namespace ValidationCore {
+class CertificateConfigReader
+{
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, InvalidFile)
+ };
+ CertificateConfigReader();
+
+ void initialize(const std::string &file,
+ const std::string &scheme)
+ {
+ m_parserSchema.initialize(file, true, SaxReader::VALIDATION_XMLSCHEME,
+ scheme);
+ }
+
+ void read(CertificateIdentifier &identificator)
+ {
+ m_parserSchema.read(identificator);
+ }
+
+ private:
+ void blankFunction(CertificateIdentifier &)
+ {
+ }
+ void tokenCertificateDomain(CertificateIdentifier &identificator);
+ void tokenEndFingerprintSHA1(CertificateIdentifier &identificator);
+
+ CertStoreId::Type m_certificateDomain;
+ ParserSchema<CertificateConfigReader, CertificateIdentifier>
+ m_parserSchema;
+};
+} // namespace ValidationCore
+
+#endif // _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTIFICATE_CONFIG_READER_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#ifndef \
+ _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTIFICATEIDENTIFICATOR_H_
+#define \
+ _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTIFICATEIDENTIFICATOR_H_
+
+#include <map>
+
+#include <dpl/noncopyable.h>
+
+#include "Certificate.h"
+#include "CertStoreType.h"
+
+namespace ValidationCore {
+class CertificateIdentifier : public DPL::Noncopyable
+{
+ public:
+ typedef std::map<Certificate::Fingerprint, CertStoreId::Set> FingerPrintMap;
+
+ CertificateIdentifier()
+ {
+ }
+ ~CertificateIdentifier()
+ {
+ }
+
+ void add(const Certificate::Fingerprint &fingerprint,
+ CertStoreId::Type domain)
+ {
+ fingerPrintMap[fingerprint].add(domain);
+ }
+
+ CertStoreId::Set find(const Certificate::Fingerprint &fingerprint) const
+ {
+ FingerPrintMap::const_iterator iter = fingerPrintMap.find(fingerprint);
+ if (iter == fingerPrintMap.end()) {
+ return CertStoreId::Set();
+ }
+ return iter->second;
+ }
+
+ CertStoreId::Set find(const CertificatePtr &certificate) const
+ {
+ return
+ find(certificate->getFingerprint(Certificate::FINGERPRINT_SHA1));
+ }
+
+ private:
+ FingerPrintMap fingerPrintMap;
+};
+} // namespace ValidationCore
+
+#endif // _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTIFICATEIDENTIFICATOR_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <dpl/assert.h>
+#include <openssl/x509v3.h>
+#include <dpl/log/log.h>
+#include <dpl/noncopyable.h>
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+
+#include "Base64.h"
+#include "CertificateLoader.h"
+#include "SSLContainers.h"
+
+namespace {
+const int MIN_RSA_KEY_LENGTH = 1024;
+//const char *OID_CURVE_SECP256R1 = "urn:oid:1.2.840.10045.3.1.7";
+} // namespace anonymous
+
+namespace ValidationCore {
+//// COMPARATOR CLASS START ////
+
+//class CertificateLoaderECDSA : public CertificateLoader::CertificateLoaderComparator, DPL::Noncopyable {
+//public:
+// CertificateLoaderECDSA(const std::string &publicKey)
+// : m_ecPublicKey(NULL)
+// , m_searchKey(NULL)
+// {
+// m_bnCtx = BN_CTX_new(); // if fails we can continue anyway
+// m_tmpPoint = BN_new(); // if fails we can continue anyway
+// m_initialized = CertificateLoader::convertBase64NodeToBigNum(publicKey, &m_searchKey);
+//
+// if(!m_initialized)
+// LogError("Init failed!");
+// }
+//
+// virtual bool compare(X509 *x509cert){
+// if(!m_initialized)
+// return false;
+//
+// EVP_PKEY_free(m_ecPublicKey);
+//
+// m_ecPublicKey = X509_get_pubkey(x509cert);
+//
+// if(m_ecPublicKey == NULL)
+// return false;
+//
+// if(m_ecPublicKey->type != EVP_PKEY_EC){
+// LogError("ecPublicKey has wrong type!");
+// return false;
+// }
+//
+// // Pointer to internal data of ecPublicKey. Do not free!
+// EC_KEY *eckey = m_ecPublicKey->pkey.ec;
+//
+// const EC_POINT *ecpoint = EC_KEY_get0_public_key(eckey);
+// const EC_GROUP *ecgroup = EC_KEY_get0_group(eckey);
+//
+// m_tmpPoint = EC_POINT_point2bn(ecgroup, ecpoint, POINT_CONVERSION_UNCOMPRESSED, m_tmpPoint, m_bnCtx);
+//
+// if(BN_cmp(m_tmpPoint, m_searchKey) == 0)
+// return true;
+//
+// return false;
+// }
+//
+// ~CertificateLoaderECDSA(){
+// BN_CTX_free(m_bnCtx);
+// EVP_PKEY_free(m_ecPublicKey);
+// BN_free(m_searchKey);
+// BN_free(m_tmpPoint);
+// }
+//
+//private:
+// bool m_initialized;
+// EVP_PKEY *m_ecPublicKey;
+// BN_CTX *m_bnCtx;
+// BIGNUM *m_searchKey;
+// BIGNUM *m_tmpPoint;
+//};
+
+///// COMPARETORS CLASS END /////
+
+//// COMPARATOR RSA CLASS START ////
+
+//class CertificateLoaderRSA : public CertificateLoader::CertificateLoaderComparator, DPL::Noncopyable {
+//public:
+// CertificateLoaderRSA(const std::string &m_modulus,const std::string &m_exponent )
+// : m_rsaPublicKey(NULL)
+// , m_modulus_bn(NULL)
+// , m_exponent_bn(NULL)
+// {
+//
+// m_initialized_modulus = CertificateLoader::convertBase64NodeToBigNum(m_modulus, &m_modulus_bn);
+// m_initialized_exponent = CertificateLoader::convertBase64NodeToBigNum(m_exponent, &m_exponent_bn);
+//
+// if(!m_initialized_modulus || !m_initialized_exponent)
+// LogError("Init failed!");
+// }
+//
+// virtual bool compare(X509 *x509cert){
+//
+// if(!m_initialized_modulus || !m_initialized_exponent)
+// return false;
+//
+// EVP_PKEY_free(m_rsaPublicKey);
+// m_rsaPublicKey = X509_get_pubkey(x509cert);
+//
+// if(m_rsaPublicKey == NULL)
+// return false;
+//
+// if(m_rsaPublicKey->type != EVP_PKEY_RSA){
+// LogInfo("rsaPublicKey has wrong type!");
+// return false;
+// }
+//
+// RSA *rsa = NULL;
+// rsa = m_rsaPublicKey->pkey.rsa;
+//
+// if (BN_cmp(m_modulus_bn, rsa->n) == 0 &&
+// BN_cmp(m_exponent_bn, rsa->e) == 0 ){
+// LogError ("Compare TRUE");
+// return true;
+// }
+// return false;
+// }
+//
+// ~CertificateLoaderRSA(){
+// EVP_PKEY_free(m_rsaPublicKey);
+// BN_free(m_modulus_bn);
+// BN_free(m_exponent_bn);
+//
+// }
+//
+//private:
+// bool m_initialized_modulus;
+// bool m_initialized_exponent;
+// EVP_PKEY *m_rsaPublicKey;
+// BIGNUM *m_modulus_bn;
+// BIGNUM *m_exponent_bn;
+//};
+
+///// COMPARETORS RSA CLASS END /////
+
+CertificateLoader::CertificateLoaderResult CertificateLoader::
+ loadCertificateBasedOnExponentAndModulus(const std::string &m_modulus,
+ const std::string &m_exponent)
+{
+ (void) m_modulus;
+ (void) m_exponent;
+ LogError("Not implemented.");
+ return UNKNOWN_ERROR;
+ // if (m_exponent.empty() || m_modulus.empty())
+ // return WRONG_ARGUMENTS;
+ //
+ // CertificateLoaderRSA comparator(m_modulus,m_exponent);
+ //
+ // CertificateLoaderResult result = NO_ERROR;
+ // for(int i=0; storeId[i]; ++i){
+ // result = loadCertificate(std::string(storeId[i]), &comparator);
+ //
+ // if(result == ERR_NO_MORE_CERTIFICATES)
+ // continue;
+ //
+ // return result;
+ // }
+ //
+ // return result;
+}
+
+CertificateLoader::CertificateLoaderResult CertificateLoader::loadCertificate(
+ const std::string &storageName,
+ CertificateLoader::CertificateLoaderComparator *cmp)
+{
+ (void) storageName;
+ (void) cmp;
+ LogError("Not Implemented");
+ return UNKNOWN_ERROR;
+ // long int result = OPERATION_SUCCESS;
+ //
+ // char storeId[CERTMGR_MAX_PLUGIN_ID_SIZE];
+ // char type[CERTMGR_MAX_CERT_TYPE_SIZE];
+ // certmgr_cert_id certId;
+ // certmgr_ctx context;
+ // certmgr_mem_buff certRetrieved;
+ // unsigned char buffer[CERTMGR_MAX_BUFFER_SIZE];
+ //
+ // certmgr_cert_descriptor descriptor;
+ //
+ // certRetrieved.data = buffer;
+ // certRetrieved.firstFree = 0;
+ // certRetrieved.size = CERTMGR_MAX_BUFFER_SIZE;
+ // certId.storeId = storeId;
+ // certId.type = type;
+ //
+ // CERTMGR_INIT_CONTEXT((&context), (sizeof(context)))
+ //
+ // strncpy(context.storeId, storageName.c_str(), storageName.size());
+ //
+ // for(certRetrieved.firstFree = 0;
+ // OPERATION_SUCCESS == (result = certmgr_retrieve_certificate_from_store(&context, &certRetrieved, &certId));
+ // certRetrieved.firstFree = 0)
+ // {
+ //
+ // if(OPERATION_SUCCESS!=certmgr_extract_certificate_data(&certRetrieved, &descriptor)){
+ // LogError("Extracting Certificate Data failed \n");
+ // continue;
+ // }
+ //
+ // const unsigned char *ptr = certRetrieved.data;
+ //
+ // X509 *x509cert = d2i_X509(NULL, &ptr, certRetrieved.size);
+ // if(x509cert == NULL){
+ // certmgr_release_certificate_data(&descriptor);
+ // LogError("Error extracting certificate (d2i_X509).");
+ // return UNKNOWN_ERROR;
+ // }
+ //
+ // LogDebug("The subject of this certificate is " << descriptor.mandatory.subject);
+ // if(cmp->compare(x509cert)){
+ // LogDebug("Found match. Coping bytes: " << certRetrieved.size);
+ // m_certificatePtr = CertificatePtr(new Certificate(certRetrieved));
+ // certmgr_release_certificate_data(&descriptor);
+ // X509_free(x509cert);
+ // break;
+ // }
+ //
+ // LogDebug("Release");
+ // X509_free(x509cert);
+ // certmgr_release_certificate_data(&descriptor);
+ // }
+ //
+ // if(ERR_NO_MORE_CERTIFICATES == result){
+ // LogError("Certificates for given DN not found\n");
+ // return CERTIFICATE_NOT_FOUND;
+ // }
+ //
+ // if(result!= OPERATION_SUCCESS){
+ // LogError("Certificate Manager Error\n");
+ // return UNKNOWN_ERROR;
+ // }
+ //
+ // LogDebug("Exit");
+ // return NO_ERROR;
+}
+
+// TODO
+CertificateLoader::CertificateLoaderResult CertificateLoader::
+ loadCertificateBasedOnSubjectName(const std::string &subjectName)
+{
+ (void) subjectName;
+ LogError("Not implemented.");
+ return UNKNOWN_ERROR;
+ // if(subjectName.empty())
+ // {
+ // return WRONG_ARGUMENTS;
+ // }
+ //
+ // long int result = OPERATION_SUCCESS;
+ //
+ // char storeId[CERTMGR_MAX_PLUGIN_ID_SIZE];
+ // char type[CERTMGR_MAX_CERT_TYPE_SIZE];
+ // certmgr_cert_id certId;
+ // certmgr_ctx context;
+ // certmgr_mem_buff certRetrieved;
+ // unsigned char buffer[CERTMGR_MAX_BUFFER_SIZE];
+ //
+ // certmgr_cert_descriptor descriptor;
+ //
+ // certRetrieved.data = buffer;
+ // certRetrieved.firstFree = 0;
+ // certRetrieved.size = CERTMGR_MAX_BUFFER_SIZE;
+ // certId.storeId = storeId;
+ // certId.type = type;
+ //
+ // CERTMGR_INIT_CONTEXT((&context), (sizeof(context)))
+ //
+ // for(certRetrieved.firstFree = 0;
+ // OPERATION_SUCCESS == (result = certmgr_retrieve_certificate_from_store(&context, &certRetrieved, &certId));
+ // certRetrieved.firstFree = 0)
+ // {
+ //
+ // if(OPERATION_SUCCESS!=certmgr_extract_certificate_data(&certRetrieved, &descriptor)){
+ // LogError("Extracting Certificate Data failed \n");
+ // continue;
+ // }
+ //
+ // if(!strcmp(subjectName.c_str(), descriptor.mandatory.subject)){
+ // LogDebug("The subject of this certificate is " << descriptor.mandatory.subject);
+ // m_certificatePtr = CertificatePtr(new Certificate(certRetrieved));
+ // certmgr_release_certificate_data(&descriptor);
+ // break;
+ // }
+ // LogDebug("Release");
+ // certmgr_release_certificate_data(&descriptor);
+ // }
+ //
+ // if(ERR_NO_MORE_CERTIFICATES == result) {
+ // LogError("Certificates for given DN not found\n");
+ // return CERTIFICATE_NOT_FOUND;
+ // }
+ // if(result!= OPERATION_SUCCESS){
+ // LogError("Certificate Manager Error\n");
+ // return UNKNOWN_ERROR;
+ // }
+ // LogDebug("Exit");
+ // return NO_ERROR;
+}
+
+// KW CertificateLoader::CertificateLoaderResult CertificateLoader::loadCertificateBasedOnIssuerName(const std::string &issuerName, const std::string &serialNumber)
+// KW {
+// KW if(issuerName.empty() || serialNumber.empty())
+// KW {
+// KW return WRONG_ARGUMENTS;
+// KW }
+// KW
+// KW if(m_cmBuff.data){
+// KW delete[] m_cmBuff.data;
+// KW memset(&m_cmBuff, 0, sizeof(certmgr_mem_buff));
+// KW }
+// KW
+// KW LogDebug("IssuerName: " << issuerName << " serialNumber: " << serialNumber);
+// KW
+// KW //used to check status of retrieved certificate
+// KW long int result = OPERATION_SUCCESS;
+// KW char storeId[CERTMGR_MAX_PLUGIN_ID_SIZE];
+// KW char type[CERTMGR_MAX_CERT_TYPE_SIZE];
+// KW certmgr_cert_id certId;
+// KW certmgr_ctx context;
+// KW certmgr_mem_buff certRetrieved;
+// KW unsigned char buffer[CERTMGR_MAX_BUFFER_SIZE];
+// KW
+// KW certmgr_cert_descriptor descriptor;
+// KW
+// KW certRetrieved.data = buffer;
+// KW certRetrieved.firstFree = 0;
+// KW certRetrieved.size = CERTMGR_MAX_BUFFER_SIZE;
+// KW certId.storeId = storeId;
+// KW certId.type = type;
+// KW
+// KW CERTMGR_INIT_CONTEXT((&context), (sizeof(context)))
+// KW
+// KW for(certRetrieved.firstFree = 0;
+// KW OPERATION_SUCCESS == (result = certmgr_retrieve_certificate_from_store(&context, &certRetrieved, &certId));
+// KW certRetrieved.firstFree = 0)
+// KW {
+// KW
+// KW LogDebug("Extracting certificate from CertMgr");
+// KW
+// KW if( OPERATION_SUCCESS != certmgr_extract_certificate_data(&certRetrieved, &descriptor) ){
+// KW LogError("Extracting Certificate Data failed \n");
+// KW continue;
+// KW }
+// KW
+// KW LogDebug("Issuer: " << descriptor.mandatory.issuer);
+// KW
+// KW const unsigned char *ptr = certRetrieved.data;
+// KW char *tmp;
+// KW
+// KW X509 *x509cert = d2i_X509(NULL, &ptr, certRetrieved.size);
+// KW std::string serialNO = std::string(tmp = i2s_ASN1_INTEGER(NULL, X509_get_serialNumber(x509cert)));
+// KW OPENSSL_free(tmp);
+// KW X509_free(x509cert);
+// KW
+// KW LogInfo("Certificate number found: " << serialNO);
+// KW LogInfo("Certificate number looking for: " << serialNumber);
+// KW
+// KW if(!strcmp(issuerName.c_str(), descriptor.mandatory.issuer)
+// KW && serialNumber == serialNO)
+// KW {
+// KW LogError("The issuer of this certificate is " << descriptor.mandatory.issuer);
+// KW
+// KW m_cmBuff.data = new unsigned char[certRetrieved.size];
+// KW m_cmBuff.firstFree = m_cmBuff.size = certRetrieved.size;
+// KW memcpy(m_cmBuff.data, certRetrieved.data, certRetrieved.size);
+// KW certmgr_release_certificate_data(&descriptor);
+// KW break;
+// KW }
+// KW certmgr_release_certificate_data(&descriptor);
+// KW }
+// KW
+// KW if(ERR_NO_MORE_CERTIFICATES == result) {
+// KW LogError("Certificates not found");
+// KW return CERTIFICATE_NOT_FOUND;
+// KW }
+// KW if(result != OPERATION_SUCCESS){
+// KW LogError("Certificate Manager Error");
+// KW return UNKNOWN_ERROR;
+// KW }
+// KW return NO_ERROR;
+// KW }
+
+CertificateLoader::CertificateLoaderResult CertificateLoader::
+ loadCertificateWithECKEY(const std::string &curveName,
+ const std::string &publicKey)
+{
+ (void) curveName;
+ (void) publicKey;
+ LogError("Not implemented.");
+ return UNKNOWN_ERROR;
+ // if(curveName != OID_CURVE_SECP256R1){
+ // LogError("Found field id: " << curveName << " Expected: " << OID_CURVE_SECP256R1);
+ // return UNSUPPORTED_CERTIFICATE_FIELD;
+ // }
+ //
+ // CertificateLoaderECDSA comparator(publicKey);
+ //
+ // CertificateLoaderResult result = NO_ERROR;
+ // for(int i=0; storeId[i]; ++i){
+ // result = loadCertificate(std::string(storeId[i]), &comparator);
+ //
+ // if(result == ERR_NO_MORE_CERTIFICATES)
+ // continue;
+ //
+ // return result;
+ // }
+ //
+ // return result;
+}
+
+CertificateLoader::CertificateLoaderResult CertificateLoader::
+ loadCertificateFromRawData(const std::string &rawData)
+{
+ Try {
+ m_certificatePtr =
+ CertificatePtr(new Certificate(rawData, Certificate::FORM_BASE64));
+ } Catch(Certificate::Exception::Base) {
+ LogWarning("Error reading certificate by openssl.");
+ return UNKNOWN_ERROR;
+ }
+
+ // Check the key length if sig algorithm is RSA
+ EVP_PKEY *pKey = X509_get_pubkey(m_certificatePtr->getX509());
+
+ if (pKey->type == EVP_PKEY_RSA) {
+ RSA* pRSA = pKey->pkey.rsa;
+
+ if (pRSA) {
+ int keyLength = RSA_size(pRSA);
+
+ // key Length (modulus) is in bytes
+ keyLength <<= 3;
+ LogDebug("RSA key length: " << keyLength << " bits");
+
+ if (keyLength < MIN_RSA_KEY_LENGTH) {
+ LogError(
+ "RSA key too short!" << "Has only " << keyLength << " bits");
+ return CERTIFICATE_SECURITY_ERROR;
+ }
+ }
+ }
+
+ return NO_ERROR;
+}
+
+// DEPRACETED FUNCTION
+//CertificateLoader::CertificateLoaderResult CertificateLoader::loadCertificateFromRawData(const std::string &rawData)
+//{
+// certmgr_mem_buff cmBuff = {0,0,0};
+//
+// long int size;
+// cmBuff.data = certmgr_util_base64_decode(const_cast<void*>(static_cast<const void*>(rawData.c_str())), rawData.size(), &size);
+//
+// cmBuff.firstFree = cmBuff.size = size;
+//
+// certmgr_cert_descriptor descriptor;
+//
+// long int result = certmgr_extract_certificate_data(&cmBuff, &descriptor);
+//
+// if (result != OPERATION_SUCCESS)
+// {
+// LogError("Unable to load certificate");
+// return UNKNOWN_ERROR;
+// }
+//
+// certmgr_release_certificate_data(&descriptor);
+//
+// m_certificatePtr = CertificatePtr(new Certificate(cmBuff));
+//
+// // we have to use temp pointer cause d2i_x509 modifies its input
+// const unsigned char* tmpPtr = cmBuff.data;
+// X509* pCertificate = d2i_X509(NULL, &tmpPtr, cmBuff.size);
+//
+// if (pCertificate)
+// {
+// SSLSmartContainer<X509> pX509(pCertificate);
+//
+// // Check the key length if sig algorithm is RSA
+// EVP_PKEY *pKey = X509_get_pubkey(pX509);
+//
+// if (pKey->type == EVP_PKEY_RSA)
+// {
+// RSA* pRSA = pKey->pkey.rsa;
+//
+// if (pRSA)
+// {
+// int keyLength = RSA_size(pRSA);
+//
+// // key Length (modulus) is in bytes
+// keyLength <<= 3;
+// LogDebug("RSA key length: " << keyLength << " bits");
+//
+// if (keyLength < MIN_RSA_KEY_LENGTH)
+// {
+// LogError("RSA key too short!" << "Has only " << keyLength << " bits");
+// return CERTIFICATE_SECURITY_ERROR;
+// }
+// }
+// }
+// }
+//
+// return NO_ERROR;
+//}
+
+CertificateLoader::CertificateLoaderResult CertificateLoader::
+ loadCertificateBasedOnDSAComponents(const std::string& strP,
+ const std::string& strQ,
+ const std::string& strG,
+ const std::string& strY,
+ const std::string& strJ,
+ const std::string& strSeed,
+ const std::string& strPGenCounter)
+{
+ (void) strP;
+ (void) strQ;
+ (void) strG;
+ (void) strY;
+ (void) strJ;
+ (void) strSeed;
+ (void) strPGenCounter;
+ LogError("Not implemented.");
+ return UNKNOWN_ERROR;
+ // (void)strY;
+ // (void)strJ;
+ // (void)strSeed;
+ // (void)strPGenCounter;
+ //
+ // long int result = UNKNOWN_ERROR;
+ //
+ // char storeId[CERTMGR_MAX_PLUGIN_ID_SIZE];
+ // char type[CERTMGR_MAX_CERT_TYPE_SIZE];
+ // certmgr_cert_id certId;
+ // certmgr_ctx context;
+ // certmgr_mem_buff certRetrieved;
+ //
+ // unsigned char buffer[CERTMGR_MAX_BUFFER_SIZE];
+ //
+ // certmgr_cert_descriptor descriptor;
+ //
+ // certRetrieved.data = buffer;
+ // certRetrieved.firstFree = 0;
+ // certRetrieved.size = CERTMGR_MAX_BUFFER_SIZE;
+ // certId.storeId = storeId;
+ // certId.type = type;
+ //
+ // CERTMGR_INIT_CONTEXT((&context), (sizeof(context)))
+ // std::string strStoreType("Operator");
+ // strncpy(context.storeId, strStoreType.c_str(), strStoreType.length());
+ //
+ // for (certRetrieved.firstFree = 0;
+ // OPERATION_SUCCESS == (result = certmgr_retrieve_certificate_from_store(&context, &certRetrieved, &certId));
+ // certRetrieved.firstFree = 0)
+ // {
+ //
+ // if (OPERATION_SUCCESS != certmgr_extract_certificate_data(&certRetrieved, &descriptor))
+ // {
+ // LogDebug("unable to retrieve cert from storage");
+ // continue;
+ // }
+ //
+ // X509* pCertificate = d2i_X509(NULL, (const unsigned char**) &(certRetrieved.data), certRetrieved.size);
+ //
+ // if (pCertificate)
+ // {
+ // EVP_PKEY *pKey = X509_get_pubkey(pCertificate);
+ //
+ // if (pKey->type == EVP_PKEY_DSA)
+ // {
+ // DSA* pDSA = pKey->pkey.dsa;
+ //
+ // if (pDSA)
+ // {
+ // BIGNUM *pDSApBigNum = NULL, *pDSAqBigNum = NULL, *pDSAgBigNum = NULL;
+ //
+ // convertBase64NodeToBigNum(strP, &pDSApBigNum);
+ // convertBase64NodeToBigNum(strQ, &pDSAqBigNum);
+ // convertBase64NodeToBigNum(strG, &pDSAgBigNum);
+ //
+ // if (pDSApBigNum && pDSAqBigNum && pDSAgBigNum &&
+ // BN_cmp(pDSApBigNum, pDSA->p) == 0 &&
+ // BN_cmp(pDSAqBigNum, pDSA->q) == 0 &&
+ // BN_cmp(pDSAgBigNum, pDSA->g) == 0)
+ // {
+ // LogInfo("DSA Certificate found");
+ // /* TODO load this certificate to m_cmBuff value */
+ // LogError("Not implemented!");
+ //
+ // EVP_PKEY_free(pKey);
+ // X509_free(pCertificate);
+ //
+ // BN_free(pDSApBigNum);
+ // BN_free(pDSAqBigNum);
+ // BN_free(pDSAgBigNum);
+ //
+ // certmgr_release_certificate_data(&descriptor);
+ // return NO_ERROR;
+ // }
+ //
+ // if (pDSApBigNum)
+ // {
+ // BN_free(pDSApBigNum);
+ // }
+ // if (pDSAqBigNum)
+ // {
+ // BN_free(pDSAqBigNum);
+ // }
+ // if (pDSAgBigNum)
+ // {
+ // BN_free(pDSAgBigNum);
+ // }
+ //
+ // }
+ // EVP_PKEY_free(pKey);
+ // }
+ // X509_free(pCertificate);
+ // }
+ // else
+ // LogError("Unable to load certificate");
+ //
+ // certmgr_release_certificate_data(&descriptor);
+ // }
+ //
+ // LogError("No DSA certificate with given parameters");
+ //
+ // return CERTIFICATE_NOT_FOUND;
+}
+
+bool CertificateLoader::convertBase64NodeToBigNum(const std::string& strNode,
+ BIGNUM** ppBigNum)
+{
+ (void) strNode;
+ (void) ppBigNum;
+ LogError("Not implemented.");
+ return false;
+ // if (!ppBigNum || *ppBigNum != NULL)
+ // {
+ // LogError("Ptr variable not initialized properly!");
+ // return false;
+ // }
+ //
+ // // decode base64 to binary
+ // long int binBuffLength = 0;
+ // unsigned char* binBuff = NULL;
+ //
+ // binBuff = certmgr_util_base64_decode(const_cast<char*> (strNode.c_str()), strNode.length(), &binBuffLength);
+ //
+ // if (!binBuff)
+ // {
+ // LogError("base64 decode failed");
+ // return false;
+ // }
+ //
+ // // convert binary to bignum
+ // *ppBigNum = BN_bin2bn(binBuff, binBuffLength, *ppBigNum);
+ //
+ // free(binBuff);
+ //
+ // if (!(*ppBigNum))
+ // {
+ // LogError("Conversion from node to bignum failed");
+ // return false;
+ // }
+ //
+ // return true;
+}
+
+// KW bool CertificateLoader::convertBigNumToBase64Node(const BIGNUM* pBigNum, std::string& strNode)
+// KW {
+// KW if (!pBigNum)
+// KW {
+// KW LogError("null ptr");
+// KW return false;
+// KW }
+// KW
+// KW int nNumLength = BN_num_bytes(pBigNum);
+// KW unsigned char* buffer = new unsigned char[nNumLength + 1];
+// KW
+// KW // convert bignum to binary format
+// KW if (BN_bn2bin(pBigNum, buffer) < 0)
+// KW {
+// KW LogError("Conversion from bignum to binary failed");
+// KW delete []buffer;
+// KW return false;
+// KW }
+// KW
+// KW char* pBase64Node = NULL;
+// KW unsigned long int buffLen = 0;
+// KW certmgr_util_base64_encode(buffer, (unsigned long int) nNumLength, &pBase64Node, &buffLen);
+// KW
+// KW strNode.assign(pBase64Node, buffLen);
+// KW
+// KW delete []buffer;
+// KW return true;
+// KW }
+} // namespace ValidationCore
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _CERTIFICATELOADER_H_
+#define _CERTIFICATELOADER_H_
+
+#include <string>
+#include <string.h>
+
+#include <dpl/noncopyable.h>
+#include <openssl/ssl.h>
+
+#include <cert-service.h>
+
+#include "Certificate.h"
+
+namespace ValidationCore {
+class CertificateLoader : public DPL::Noncopyable
+{
+ public:
+ class CertificateLoaderComparator
+ {
+ public:
+ virtual bool compare(X509 *x509cert) = 0;
+ virtual ~CertificateLoaderComparator()
+ {
+ }
+ };
+
+ enum CertificateLoaderResult
+ {
+ NO_ERROR,
+ CERTIFICATE_NOT_FOUND,
+ UNSUPPORTED_CERTIFICATE_FIELD,
+ WRONG_ARGUMENTS,
+ CERTIFICATE_SECURITY_ERROR, //!< there are some issues with certificate security (i.e. key too short)
+ UNKNOWN_ERROR
+ };
+
+ CertificateLoader()
+ {
+ }
+
+ virtual ~CertificateLoader()
+ {
+ }
+
+ CertificateLoaderResult loadCertificate(const std::string& storage,
+ CertificateLoaderComparator *cmp);
+
+ CertificateLoaderResult loadCertificateBasedOnSubjectName(
+ const std::string &subjectName);
+ CertificateLoaderResult loadCertificateBasedOnExponentAndModulus(
+ const std::string &m_modulus,
+ const std::string &m_exponent);
+ // KW CertificateLoaderResult loadCertificateBasedOnIssuerName(const std::string &isserName,
+ // KW const std::string &serialNumber);
+
+ CertificateLoaderResult loadCertificateFromRawData(
+ const std::string &rawData);
+
+ CertificateLoaderResult loadCertificateBasedOnDSAComponents(
+ const std::string& strP,
+ const std::string& strQ,
+ const std::string& strG,
+ const std::string& strY,
+ const std::string& strJ,
+ const std::string& strSeed,
+ const std::string& strPGenCounter);
+
+ CertificateLoaderResult loadCertificateWithECKEY(
+ const std::string &curveName,
+ const std::string &publicKey);
+
+ /**
+ * converts base64 encoded node to SSL bignum
+ * allocates mem on *ppBigNum, don't forget to free it later with BN_free!
+ * returns conversion status
+ */
+ static bool convertBase64NodeToBigNum(const std::string& strNode,
+ BIGNUM** ppBigNum);
+
+ /*
+ * encodes SSL bignum into base64 octstring
+ * returns conversion status
+ */
+ // KW static bool convertBigNumToBase64Node(const BIGNUM* pBigNum, std::string& strNode);
+
+ CertificatePtr getCertificatePtr() const
+ {
+ return m_certificatePtr;
+ }
+ private:
+ CertificatePtr m_certificatePtr;
+};
+} // namespace ValidationCore
+
+#endif // _CERTIFICATELOADER_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef VCORE_SRC_VCORE_CERTIFICATESTORAGE_H
+#define VCORE_SRC_VCORE_CERTIFICATESTORAGE_H
+
+#include <list>
+#include <openssl/x509.h>
+
+namespace ValidationCore {
+typedef std::list < X509* > X509CertificatesList;
+}
+
+#endif // VCORE_SRC_VCORE_CERTIFICATESTORAGE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @author Bartlomiej Grzelewski (b.grzelewski@gmail.com)
+ * @version 0.1
+ * @file CertificateVerifier.cpp
+ * @brief This class integrates OCSP and CRL.
+ */
+#include "CertificateVerifier.h"
+
+#include <dpl/assert.h>
+#include <dpl/foreach.h>
+#include <dpl/log/log.h>
+
+namespace ValidationCore {
+
+CertificateVerifier::CertificateVerifier(bool enableOcsp, bool enableCrl)
+: m_enableOcsp(enableOcsp)
+, m_enableCrl(enableCrl)
+{}
+
+VerificationStatus CertificateVerifier::check(
+ CertificateCollection &certCollection) const
+{
+ LogDebug("== Certificate collection validation start ==");
+ Assert(certCollection.isChain() && "Collection must form chain.");
+
+ VerificationStatus statusOcsp;
+ VerificationStatus statusCrl;
+
+ if (m_enableOcsp) {
+ statusOcsp = obtainOcspStatus(certCollection);
+ } else {
+ statusOcsp = VERIFICATION_STATUS_GOOD;
+ }
+
+ if (m_enableCrl) {
+ statusCrl = obtainCrlStatus(certCollection);
+ } else {
+ statusCrl = VERIFICATION_STATUS_GOOD;
+ }
+ LogDebug("== Certificate collection validation end ==");
+ return getStatus(statusOcsp, statusCrl);
+}
+
+VerificationStatus CertificateVerifier::obtainOcspStatus(
+ const CertificateCollection &chain) const
+{
+ LogDebug("== Obtain ocsp status ==");
+ CachedOCSP ocsp;
+ return ocsp.check(chain);
+}
+
+VerificationStatus CertificateVerifier::obtainCrlStatus(
+ const CertificateCollection &chain) const
+{
+ LogDebug("== Obtain crl status ==");
+ CachedCRL crl;
+ return crl.check(chain);
+}
+
+VerificationStatus CertificateVerifier::getStatus(
+ VerificationStatus ocsp,
+ VerificationStatus crl) const
+{
+ if (ocsp == VERIFICATION_STATUS_REVOKED ||
+ crl == VERIFICATION_STATUS_REVOKED)
+ {
+ LogDebug("Return status: REVOKED");
+ return VERIFICATION_STATUS_REVOKED;
+ }
+
+ if (ocsp == VERIFICATION_STATUS_GOOD) {
+ LogDebug("Return status: GOOD");
+ return VERIFICATION_STATUS_GOOD;
+ }
+
+ if (ocsp == VERIFICATION_STATUS_UNKNOWN) {
+ LogDebug("Return status: UNKNOWN");
+ return VERIFICATION_STATUS_UNKNOWN;
+ }
+
+ if (ocsp == VERIFICATION_STATUS_NOT_SUPPORT) {
+ LogDebug("Return status: NOT_SUPPORT");
+ return VERIFICATION_STATUS_GOOD;
+ }
+
+ LogDebug("Return status: ERROR");
+ return VERIFICATION_STATUS_ERROR;
+}
+
+VerificationStatus CertificateVerifier::checkEndEntity(
+ CertificateCollectionList &collectionList) const
+{
+ VerificationStatusSet statusOcsp;
+ VerificationStatusSet statusCrl;
+
+ if (m_enableOcsp) {
+ CachedOCSP ocsp;
+ FOREACH(it, collectionList){
+ statusOcsp.add(ocsp.checkEndEntity(*it));
+ }
+ } else {
+ statusOcsp.add(VERIFICATION_STATUS_GOOD);
+ }
+
+ if (m_enableCrl) {
+ CachedCRL crl;
+ FOREACH(it, collectionList){
+ statusCrl.add(crl.checkEndEntity(*it));
+ }
+ } else {
+ statusCrl.add(VERIFICATION_STATUS_GOOD);
+ }
+ LogDebug("== Certificate collection validateion end ==");
+ return getStatus(statusOcsp.convertToStatus(), statusCrl.convertToStatus());
+}
+
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @author Bartlomiej Grzelewski (b.grzelewski@gmail.com)
+ * @version 0.1
+ * @file CertificateVerifier.h
+ * @brief This class integrates OCSP and CRL into one module.
+ */
+#ifndef _SRC_VALIDATION_CORE_CERTIFICATE_VERIFIER_H_
+#define _SRC_VALIDATION_CORE_CERTIFICATE_VERIFIER_H_
+
+#include "Certificate.h"
+#include "CertificateCollection.h"
+#include "CachedCRL.h"
+#include "CachedOCSP.h"
+#include "VerificationStatus.h"
+
+namespace ValidationCore {
+
+class CertificateVerifier {
+ public:
+ explicit CertificateVerifier(bool enableOcsp, bool enableCrl);
+ ~CertificateVerifier(){}
+
+ /*
+ * Run OCSP and CRL for all certificates in collection.
+ * Collection must represent chain.
+ *
+ * Evaluate status. This function converts ocsp status set
+ * into one status - the most restricted. This one ocsp status
+ * and status from crl is evaluated to end result.
+ *
+ * Algorithm to evaluate result is represented in table:
+ *
+ * +--------------+-------+-------+-------+------------+---------+
+ * | OCSP |Good |Revoked|Unknown|Undetermined|Not |
+ * | | | | | |supported|
+ * | CRL | | | | | |
+ * +--------------+-------+-------+-------+------------+---------+
+ * | GOOD |GOOD |Revoked|Unknown|Undetermined|Good |
+ * +--------------+-------+-------+-------+------------+---------+
+ * | REVOKED |Revoked|Revoked|Revoked|Revoked |Revoked |
+ * +--------------+-------+-------+-------+------------+---------+
+ * | UNDETERMINED |Good |Revoked|Unknown|Undetermined|Good |
+ * +--------------+-------+-------+-------+------------+---------+
+ * | Not supported|Good |Revoked|Unknown|Undetermined|Good |
+ * +--------------+-------+-------+-------+------------+---------+
+ *
+ * As Undetermind function returns VERIFICATION_STATUS_ERROR.
+ */
+
+ VerificationStatus check(CertificateCollection &certCollection) const;
+
+ VerificationStatus checkEndEntity(
+ CertificateCollectionList &certCollectionList) const;
+
+ private:
+ VerificationStatus obtainOcspStatus(
+ const CertificateCollection &chain) const;
+ VerificationStatus obtainCrlStatus(
+ const CertificateCollection &chain) const;
+ VerificationStatus getStatus(VerificationStatus ocsp,
+ VerificationStatus crl) const;
+
+ bool m_enableOcsp;
+ bool m_enableCrl;
+};
+
+} // namespace ValidationCore
+
+#endif // _SRC_VALIDATION_CORE_CERTIFICATE_VERIFIER_H_
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "Config.h"
+
+#include <dpl/singleton_impl.h>
+IMPLEMENT_SINGLETON(ValidationCore::Config)
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _SRC_VALIDATION_CORE_VALIDATION_CORE_CONFIG_H_
+#define _SRC_VALIDATION_CORE_VALIDATION_CORE_CONFIG_H_
+
+#include <string>
+
+#include <dpl/singleton.h>
+
+namespace ValidationCore {
+class Config {
+public:
+ /*
+ * Set path to config file with certificate description.
+ */
+ bool setXMLConfigPath(const std::string& path) {
+ if (!m_certificateXMLConfigPath.empty()) {
+ return false;
+ }
+ m_certificateXMLConfigPath = path;
+ return true;
+ }
+
+ /*
+ * Set path to schema of config file.
+ */
+ bool setXMLSchemaPath(const std::string& path) {
+ if (!m_certificateXMLSchemaPath.empty()) {
+ return false;
+ }
+ m_certificateXMLSchemaPath = path;
+ return true;
+ }
+
+ /*
+ * Get path to config file with certificate description.
+ */
+ std::string getXMLConfigPath() {
+ return m_certificateXMLConfigPath;
+ }
+
+ /*
+ * Get path to schema of config file.
+ */
+ std::string getXMLSchemaPath() {
+ return m_certificateXMLSchemaPath;
+ }
+
+private:
+ std::string m_certificateXMLConfigPath;
+ std::string m_certificateXMLSchemaPath;
+};
+
+typedef DPL::Singleton<Config> ConfigSingleton;
+
+} // namespace ValidationCore
+
+#endif // _SRC_VALIDATION_CORE_VALIDATION_CORE_CONFIG_H_
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file webruntime_database.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file contains the definition of webruntime database
+ */
+#include "Database.h"
+
+DPL::Mutex g_vcoreDbQueriesMutex;
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file webruntime_database.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file contains the declaration of webruntime database
+ */
+#ifndef VCORE_SRC_VCORE_DATABASE_H
+#define VCORE_SRC_VCORE_DATABASE_H
+
+#include <dpl/db/thread_database_support.h>
+#include <dpl/db/sql_connection.h>
+#include <dpl/mutex.h>
+#include <dpl/thread.h>
+
+extern DPL::Mutex g_vcoreDbQueriesMutex;
+
+#define VCORE_DB_INTERNAL(tlsCommand, InternalType, interface) \
+ static DPL::ThreadLocalVariable<InternalType> *tlsCommand ## Ptr = NULL; \
+ { \
+ DPL::Mutex::ScopedLock lock(&g_vcoreDbQueriesMutex); \
+ if (!tlsCommand ## Ptr) { \
+ static DPL::ThreadLocalVariable<InternalType> tmp; \
+ tlsCommand ## Ptr = &tmp; \
+ } \
+ } \
+ DPL::ThreadLocalVariable<InternalType> &tlsCommand = *tlsCommand ## Ptr; \
+ if (tlsCommand.IsNull()) { tlsCommand = InternalType(interface); }
+
+#define VCORE_DB_SELECT(name, type, interface) \
+ VCORE_DB_INTERNAL(name, type::Select, interface)
+
+#define VCORE_DB_INSERT(name, type, interface) \
+ VCORE_DB_INTERNAL(name, type::Insert, interface)
+
+#define VCORE_DB_UPDATE(name, type, interface) \
+ VCORE_DB_INTERNAL(name, type::Update, interface)
+
+#define VCORE_DB_DELETE(name, type, interface) \
+ VCORE_DB_INTERNAL(name, type::Delete, interface)
+
+#endif // define VCORE_SRC_VCORE_DATABASE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file DeveloperModeValidator.cpp
+ * @author Bartosz Janiak (b.janiak@samsung.com)
+ * @version 1.0
+ * @brief DeveloperModeValidatorValidator - implementing WAC 2.0 spec, including TargetRestriction
+ */
+
+#include "DeveloperModeValidator.h"
+#include <algorithm>
+#include <vconf.h>
+#include <dpl/log/log.h>
+#include <dpl/scoped_free.h>
+
+namespace ValidationCore {
+
+DeveloperModeValidator::DeveloperModeValidator(bool complianceMode,
+ const std::string& fakeIMEI,
+ const std::string& fakeMEID) :
+ m_complianceModeEnabled(complianceMode),
+ m_developerModeEnabled(true),
+ m_fakeIMEI(fakeIMEI),
+ m_fakeMEID(fakeMEID)
+{
+}
+
+DeveloperModeValidator::DeveloperModeValidator(bool complianceMode,
+ bool developerMode,
+ const std::string& fakeIMEI,
+ const std::string& fakeMEID,
+ const std::string& realMEID) :
+ m_complianceModeEnabled(complianceMode),
+ m_developerModeEnabled(developerMode),
+ m_fakeIMEI(fakeIMEI),
+ m_fakeMEID(fakeMEID),
+ m_realMEID(realMEID)
+{
+}
+
+void DeveloperModeValidator::check(const SignatureData &data)
+{
+ LogDebug("entered");
+ const SignatureData::IMEIList& IMEIList = data.getIMEIList();
+ const SignatureData::MEIDList& MEIDList = data.getMEIDList();
+
+ if (IMEIList.empty() && MEIDList.empty()) {
+ LogDebug("No TargetRestriction in signature.");
+ return;
+ }
+
+ if (!m_developerModeEnabled) {
+ Throw(Exception::NoTargetRestrictionSatisfied);
+ }
+
+ if (!IMEIList.empty()) {
+ std::string phoneIMEIString = m_fakeIMEI;
+ if (!m_complianceModeEnabled) {
+ LogDebug("Compilance Mode is not enabled");
+ DPL::ScopedFree<char> phoneIMEI(
+ vconf_get_str(VCONFKEY_TELEPHONY_IMEI));
+ if (!phoneIMEI.Get()) {
+ ThrowMsg(Exception::NoTargetRestrictionSatisfied,
+ "Unable to get phone IMEI from vconf.");
+ }
+ phoneIMEIString = phoneIMEI.Get();
+ }
+
+ LogDebug("Phone IMEI: " << phoneIMEIString);
+ if (IMEIList.end() ==
+ std::find(IMEIList.begin(), IMEIList.end(), phoneIMEIString))
+ {
+ Throw(Exception::NoTargetRestrictionSatisfied);
+ }
+ }
+
+ if (!MEIDList.empty()) {
+ std::string phoneMEIDString = m_fakeMEID;
+ if (!m_complianceModeEnabled)
+ {
+ if (m_realMEID.empty())
+ {
+ ThrowMsg(Exception::NoTargetRestrictionSatisfied,
+ "Unable to get phone MEID from Tapi service.");
+ }
+ phoneMEIDString = m_realMEID;
+ }
+
+ LogDebug("Phone MEID: " << phoneMEIDString);
+ if (MEIDList.end() ==
+ std::find(MEIDList.begin(), MEIDList.end(), phoneMEIDString))
+ {
+ Throw(Exception::NoTargetRestrictionSatisfied);
+ }
+ }
+ LogDebug("exit: ok");
+}
+
+} //ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file DeveloperModeValidator.h
+ * @author Bartosz Janiak (b.janiak@samsung.com)
+ * @version 1.0
+ * @brief DeveloperModeValidatorValidator - implementing WAC 2.0 spec, including TargetRestriction
+ */
+
+#ifndef \
+ WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_DEVELOPER_MODE_VALIDATOR_H
+#define \
+ WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_DEVELOPER_MODE_VALIDATOR_H
+
+#include <string>
+#include <dpl/exception.h>
+#include "SignatureData.h"
+
+namespace ValidationCore {
+
+class DeveloperModeValidator
+{
+ public:
+ explicit DeveloperModeValidator(
+ bool complianceMode = false,
+ const std::string &fakeIMEI = "",
+ const std::string &fakeMEID = "") __attribute__((deprecated));
+
+ explicit DeveloperModeValidator(bool complianceMode = false,
+ bool developerMode = false,
+ const std::string &fakeIMEI = "",
+ const std::string &fakeMEID = "",
+ const std::string &realMEID = "");
+
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, UnableToLoadTestCertificate)
+ DECLARE_EXCEPTION_TYPE(Base, NoTargetRestrictionSatisfied)
+ };
+
+ void check(const SignatureData &data);
+ private:
+ bool m_complianceModeEnabled;
+ bool m_developerModeEnabled;
+ std::string m_fakeIMEI;
+ std::string m_fakeMEID;
+ std::string m_realMEID;
+};
+
+}
+#endif /* WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_DEVELOPER_MODE_VALIDATOR_H */
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file AbstractResponseCache.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 0.1
+ * @brief Common interface for OCSP/CRL caches
+ */
+
+#ifndef _SRC_VALIDATION_CORE_IABSTRACT_RESPONSE_CACHE_H_
+#define _SRC_VALIDATION_CORE_IABSTRACT_RESPONSE_CACHE_H_
+
+#include "Certificate.h"
+#include "CertificateCollection.h"
+#include "VerificationStatus.h"
+
+namespace ValidationCore {
+
+class IAbstractResponseCache {
+ public:
+ virtual VerificationStatus check(const CertificateCollection &certs) = 0;
+ virtual VerificationStatus checkEndEntity(CertificateCollection &certs) = 0;
+ virtual void updateCache() = 0;
+
+ virtual ~IAbstractResponseCache()
+ {
+ }
+};
+
+} // namespace ValidationCore
+
+#endif /* _SRC_VALIDATION_CORE_IABSTRACT_RESPONSE_CACHE_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @author Tomasz Morawski(t.morawski@samsung.com)
+ * @author Michal Ciepielski(m.ciepielski@samsung.com)
+ * @author Piotr Marcinkiewicz(p.marcinkiew@samsung.com)
+ * @version 0.4
+ * @file OCPS.cpp
+ * @brief Routines for certificate validation over OCSP
+ */
+
+#include "OCSP.h"
+
+#include <string.h>
+#include <algorithm>
+
+#include <openssl/ssl.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+#include <dpl/log/log.h>
+#include <dpl/assert.h>
+#include <dpl/foreach.h>
+#include <dpl/scoped_array.h>
+#include <dpl/scoped_free.h>
+
+#include <libsoup/soup.h>
+
+#include "Certificate.h"
+#include "SoupMessageSendSync.h"
+
+extern "C" {
+// This function is needed to fix "Invalid conversion from void*
+// to unsigned char*" C++ compiler error during calling
+// i2d_OCSP_REQUEST_bio macro
+ extern bool convertToBuffer(OCSP_REQUEST* req,
+ char** buf,
+ int* size);
+}
+
+namespace {
+const int ConnectionTimeoutInSeconds = 6;
+const int ConnectionRetryCount = 5;
+
+//! Maximum leeway in validity period in seconds: default 1 day
+//! (@see checkRevocationStatus function code)
+
+//! Maximum validity time for revocation status (1 day)
+const int MaxValidatyPeriodInSeconds = 24 * 60 * 60;
+
+//! Max age (@see checkRevocationStatus function code)
+const int MaxAge = -1;
+}
+
+namespace ValidationCore {
+
+const char* OCSP::DEFAULT_RESPONDER_URI_ENV = "OCSP_DEFAULT_RESPONDER_URI";
+
+OCSP::DigestAlgorithmMap createDigestAlgMap()
+{
+ OCSP::DigestAlgorithmMap mDigestAlg = OCSP::DigestAlgorithmMap();
+
+ mDigestAlg.insert(std::make_pair(OCSP::SHA1, EVP_sha1()));
+ mDigestAlg.insert(std::make_pair(OCSP::SHA224, EVP_sha224()));
+ mDigestAlg.insert(std::make_pair(OCSP::SHA256, EVP_sha256()));
+ mDigestAlg.insert(std::make_pair(OCSP::SHA384, EVP_sha384()));
+ mDigestAlg.insert(std::make_pair(OCSP::SHA512, EVP_sha512()));
+
+ return mDigestAlg;
+}
+
+OCSP::DigestAlgorithmMap OCSP::m_sDigestAlgMap = createDigestAlgMap();
+
+OCSP::OCSP() :
+ /* Upgrade of openssl is required to support sha256 */
+ // m_pCertIdDigestAlg(EVP_sha256()),
+ // m_pRequestDigestAlg(EVP_sha256()),
+ m_pCertIdDigestAlg(EVP_sha1()),
+ m_pRequestDigestAlg(EVP_sha1()),
+ m_bUseNonce(false),
+ m_bUseDefResponder(false),
+ m_bSignRequest(false),
+ m_pSignKey(0)
+{
+}
+
+SoupWrapper::SoupMessageSendBase::RequestStatus OCSP::sendOcspRequest(
+ OCSP_REQUEST* argRequest,
+ const DPL::OptionalString& argUri)
+{
+ using namespace SoupWrapper;
+ // convert OCSP_REQUEST to memory buffer
+ std::string url = DPL::ToUTF8String(*argUri);
+ char* requestBuffer;
+ int requestSizeInt;
+ if (!convertToBuffer(argRequest, &requestBuffer, &requestSizeInt)) {
+ ThrowMsg(OCSP::Exception::VerificationError,
+ "OCSP: failed to convert OCSP_REQUEST to mem buffer");
+ }
+
+ Assert(requestSizeInt >= 0);
+
+ SoupMessageSendBase::MessageBuffer buffer;
+ buffer.resize(requestSizeInt);
+ memcpy(&buffer[0], requestBuffer, requestSizeInt);
+ free(requestBuffer);
+
+ char *cport = 0,*chost = 0,*cpath = 0;
+ int use_ssl = 0;
+
+ if (!OCSP_parse_url(const_cast<char*>(url.c_str()),
+ &chost,
+ &cport,
+ &cpath,
+ &use_ssl))
+ {
+ LogWarning("Error in OCSP_parse_url");
+ return SoupMessageSendBase::REQUEST_STATUS_CONNECTION_ERROR;
+ }
+
+ std::string host = chost;
+
+ if (cport) {
+ host += ":";
+ host += cport;
+ }
+
+ free(cport);
+ free(chost);
+ free(cpath);
+
+ m_soupMessage.setHost(url);
+ m_soupMessage.setHeader("Host", host);
+ m_soupMessage.setRequest(std::string("application/ocsp-request"),
+ buffer);
+
+ return m_soupMessage.sendSync();
+}
+
+ValidationCore::VerificationStatusSet OCSP::validateCertificateList(
+ const CertificateList &certs)
+{
+ VerificationStatusSet statusSet;
+
+ if (certs.size() < 2) {
+ // no certificates to verify, just return a error
+ LogWarning("No validation will be proceed. OCSP require at"
+ " least 2 certificates in chain. Found only " <<
+ certs.size());
+ statusSet.add(VERIFICATION_STATUS_ERROR);
+ return statusSet;
+ }
+
+ CertificateList::const_iterator iter = certs.begin();
+ CertificateList::const_iterator parent = iter;
+
+ time_t minValidity = 0;
+ for (++parent; parent != certs.end(); ++iter, ++parent) {
+ LogDebug("Certificate validation (CN:" <<
+ (*iter)->getOneLine() << ")");
+ LogDebug("Parent certificate (CN:" <<
+ (*parent)->getOneLine() << ")");
+ statusSet.add(validateCertificate(*iter, *parent));
+ if ((0 == minValidity || minValidity > m_responseValidity) &&
+ m_responseValidity > 0)
+ {
+ minValidity = m_responseValidity;
+ }
+ }
+ m_responseValidity = minValidity;
+
+ return statusSet;
+}
+
+VerificationStatus OCSP::checkEndEntity(
+ const CertificateCollection &chain)
+{
+ const char *defResponderURI = getenv(OCSP::DEFAULT_RESPONDER_URI_ENV);
+
+ VerificationStatusSet verSet;
+ if (defResponderURI) {
+ setUseDefaultResponder(true);
+ setDefaultResponder(defResponderURI);
+ }
+
+ // this is temporary fix. it must be rewriten
+ CertificateList clst;
+ if (chain.isChain() && chain.size() >= 2) {
+ CertificateList::const_iterator icert = chain.begin();
+ clst.push_back(*icert);
+ ++icert;
+ clst.push_back(*icert);
+ }
+ verSet += validateCertificateList(clst);
+
+ return verSet.convertToStatus();
+}
+
+VerificationStatus OCSP::validateCertificate(CertificatePtr argCert,
+ CertificatePtr argIssuer)
+{
+ using namespace SoupWrapper;
+
+ Assert(!!argCert);
+ Assert(!!argIssuer);
+
+ Try {
+ DPL::OptionalString uri;
+
+ if (!m_bUseDefResponder) {
+ uri = argCert->getOCSPURL();
+ if (!uri) {
+ return VERIFICATION_STATUS_NOT_SUPPORT;
+ }
+ } else {
+ if (m_strResponderURI.empty()) {
+ ThrowMsg(Exception::VerificationError,
+ "Default responder is not set");
+ }
+ LogWarning("Default responder will be used");
+
+ uri = m_strResponderURI;
+ }
+
+ // creates a request
+ CreateRequestResult newRequest = createRequest(argCert, argIssuer);
+ if (!newRequest.success) {
+ ThrowMsg(Exception::VerificationError, "Request creation failed");
+ }
+
+ // SSLSmartContainer <OCSP_CERTID> certIdCont(certId);
+ // this smart ptr is commented out in purpose. request
+ // manages certIdmemory (which was done in createRequest above)
+ SSLSmartContainer <OCSP_REQUEST> requestCont(newRequest.ocspRequest);
+
+ SoupMessageSendBase::RequestStatus requestStatus;
+ requestStatus = sendOcspRequest(requestCont, uri);
+
+ if (requestStatus != SoupMessageSendBase::REQUEST_STATUS_OK) {
+ return VERIFICATION_STATUS_CONNECTION_FAILED;
+ }
+
+ // Response is m_soupMessage, convert it to OCSP_RESPONSE
+ OcspResponse response = convertToResponse();
+
+ if (!response.first) {
+ ThrowMsg(OCSP::Exception::VerificationError,
+ "OCSP: failed to convert mem buffer to OCSP_RESPONSE");
+ }
+
+ SSLSmartContainer <OCSP_RESPONSE> responseCont(response.second);
+ // verify response eg. check response status,
+ // validate responder certificate
+ validateResponse(requestCont,
+ responseCont,
+ newRequest.ocspCertId);
+ } Catch(Exception::ConnectionError) {
+ LogWarning("OCSP: ConnectionError");
+ return VERIFICATION_STATUS_CONNECTION_FAILED;
+ } Catch(Exception::CertificateRevoked) {
+ LogWarning("OCSP: Revoked");
+ return VERIFICATION_STATUS_REVOKED;
+ } Catch(Exception::CertificateUnknown) {
+ LogWarning("OCSP: Unknown");
+ return VERIFICATION_STATUS_UNKNOWN;
+ } Catch(Exception::VerificationError) {
+ LogWarning("OCSP: Verification error");
+ return VERIFICATION_STATUS_VERIFICATION_ERROR;
+ } Catch(Exception::Base) {
+ LogWarning("OCSP: Error");
+ return VERIFICATION_STATUS_ERROR;
+ }
+ LogWarning("OCSP: Good");
+ return VERIFICATION_STATUS_GOOD;
+}
+
+OCSP::CreateRequestResult OCSP::createRequest(CertificatePtr argCert,
+ CertificatePtr argIssuer)
+{
+ OCSP_REQUEST* newRequest = OCSP_REQUEST_new();
+
+ if (!newRequest) {
+ LogWarning("OCSP: Failed to create a request");
+ return CreateRequestResult();
+ }
+
+ SSLSmartContainer <OCSP_REQUEST> requestCont(newRequest);
+
+ OCSP_CERTID* certId = addSerial(argCert, argIssuer);
+
+ if (!certId) {
+ LogWarning("OCSP: Unable to create a serial id");
+ return CreateRequestResult();
+ }
+ SSLSmartContainer <OCSP_CERTID> certIdCont(certId);
+
+ // Inserting certificate ID to request
+ if (!OCSP_request_add0_id(requestCont, certIdCont)) {
+ LogWarning("OCSP: Unable to create a certificate id");
+ return CreateRequestResult();
+ }
+
+ if (m_bUseNonce) {
+ OCSP_request_add1_nonce(requestCont, 0, -1);
+ }
+
+ if (m_bSignRequest) {
+ if (!m_pSignCert || !m_pSignKey) {
+ LogWarning("OCSP: Unable to sign request if "
+ "SignCert or SignKey was not set");
+ return CreateRequestResult();
+ }
+
+ if (!OCSP_request_sign(requestCont,
+ m_pSignCert->getX509(),
+ m_pSignKey,
+ m_pRequestDigestAlg,
+ 0,
+ 0))
+ {
+ LogWarning("OCSP: Unable to sign request");
+ return CreateRequestResult();
+ }
+ }
+ return CreateRequestResult(true,
+ requestCont.DetachPtr(),
+ certIdCont.DetachPtr());
+}
+
+OCSP_CERTID* OCSP::addSerial(CertificatePtr argCert,
+ CertificatePtr argIssuer)
+{
+ X509_NAME* iname = X509_get_subject_name(argIssuer->getX509());
+ ASN1_BIT_STRING* ikey = X509_get0_pubkey_bitstr(argIssuer->getX509());
+ ASN1_INTEGER* serial = X509_get_serialNumber(argCert->getX509());
+
+ return OCSP_cert_id_new(m_pCertIdDigestAlg, iname, ikey, serial);
+}
+
+void OCSP::setDigestAlgorithmForCertId(DigestAlgorithm alg)
+{
+ DigestAlgorithmMap::const_iterator cit = m_sDigestAlgMap.find(alg);
+
+ if (cit != m_sDigestAlgMap.end()) {
+ m_pCertIdDigestAlg = cit->second;
+ } else {
+ LogDebug("Request for unsupported CertId digest algorithm"
+ "ignored!");
+ }
+}
+
+void OCSP::setDigestAlgorithmForRequest(DigestAlgorithm alg)
+{
+ DigestAlgorithmMap::const_iterator cit = m_sDigestAlgMap.find(alg);
+
+ if (cit != m_sDigestAlgMap.end()) {
+ m_pRequestDigestAlg = cit->second;
+ } else {
+ LogDebug("Request for unsupported OCSP request digest algorithm"
+ "ignored!");
+ }
+}
+
+void OCSP::setTrustedStore(const CertificateList& certs)
+{
+ X509_STORE *store = X509_STORE_new();
+ m_pTrustedStore = store;
+ // create a trusted store basing on certificate chain from a signature
+ FOREACH(iter, certs) {
+ X509_STORE_add_cert(store, (*iter)->getX509());
+ }
+}
+
+void OCSP::validateResponse(OCSP_REQUEST* argRequest,
+ OCSP_RESPONSE* argResponse,
+ OCSP_CERTID* argCertId)
+{
+ int result = OCSP_response_status(argResponse);
+
+ if (result != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+ handleInvalidResponse(result);
+ ThrowMsg(Exception::VerificationError, "OCSP_response_status failed");
+ }
+
+ // get response object
+ OCSP_BASICRESP* basic = OCSP_response_get1_basic(argResponse);
+ if (!basic) {
+ ThrowMsg(Exception::VerificationError,
+ "OCSP: Unable to get a BASICRESP object.");
+ }
+
+ SSLSmartContainer <OCSP_BASICRESP> basicRespCont(basic);
+ if (m_bUseNonce && OCSP_check_nonce(argRequest, basicRespCont) <= 0) {
+ ThrowMsg(Exception::VerificationError, "OCSP: Invalid nonce");
+ }
+
+ if (!verifyResponse(basic)) {
+ ThrowMsg(Exception::VerificationError,
+ "Unable to verify the OCSP responder's certificate");
+ }
+
+ checkRevocationStatus(basicRespCont, argCertId);
+}
+
+bool OCSP::verifyResponse(OCSP_BASICRESP* basic)
+{
+ Assert(m_pTrustedStore);
+ // verify ocsp response
+ int response = OCSP_basic_verify(basic, NULL, m_pTrustedStore, 0);
+ if (response <= 0) {
+ LogWarning("OCSP verification failed");
+ }
+
+ return response > 0;
+}
+
+void OCSP::checkRevocationStatus(OCSP_BASICRESP* basic,
+ OCSP_CERTID* id)
+{
+ ASN1_GENERALIZEDTIME* producedAt;
+ ASN1_GENERALIZEDTIME* thisUpdate;
+ ASN1_GENERALIZEDTIME* nextUpdate;
+ int reason;
+ int status;
+
+ m_responseValidity = 0;
+
+ if (!OCSP_resp_find_status(basic,
+ id,
+ &status,
+ &reason,
+ &producedAt,
+ &thisUpdate,
+ &nextUpdate))
+ {
+ ThrowMsg(Exception::VerificationError,
+ "OCSP: Failed to find certificate status.");
+ }
+
+ if (!OCSP_check_validity(thisUpdate,
+ nextUpdate,
+ MaxValidatyPeriodInSeconds,
+ MaxAge))
+ {
+ ThrowMsg(Exception::VerificationError,
+ "OCSP: Failed to check certificate validate.");
+ }
+
+ if (nextUpdate) {
+ asn1GeneralizedTimeToTimeT(nextUpdate,&m_responseValidity);
+ time_t now;
+ time(&now);
+ LogDebug("Time of next OCSP update got from server: " <<
+ m_responseValidity);
+ LogDebug("Expires in: " << (m_responseValidity - now));
+ LogDebug("Original: " << nextUpdate->data);
+ }
+
+ switch (status) {
+ case V_OCSP_CERTSTATUS_GOOD:
+ return;
+ case V_OCSP_CERTSTATUS_REVOKED:
+ ThrowMsg(Exception::CertificateRevoked, "Certificate is Revoked");
+ case V_OCSP_CERTSTATUS_UNKNOWN:
+ ThrowMsg(Exception::CertificateUnknown, "Certificate is Unknown");
+ default:
+ Assert(false && "Invalid status");
+ }
+}
+
+OCSP::OcspResponse OCSP::convertToResponse()
+{
+ using namespace SoupWrapper;
+
+ // convert memory buffer to ocsp response object
+ BUF_MEM res_bmem;
+ OCSP_RESPONSE* response;
+
+ SoupMessageSendBase::MessageBuffer buffer = m_soupMessage.getResponse();
+
+ res_bmem.length = buffer.size();
+ res_bmem.data = &buffer[0];
+ res_bmem.max = buffer.size();
+
+ BIO* res_mem_bio = BIO_new(BIO_s_mem());
+ BIO_set_mem_buf(res_mem_bio, &res_bmem, BIO_NOCLOSE);
+
+ response = d2i_OCSP_RESPONSE_bio(res_mem_bio, NULL);
+ BIO_free_all(res_mem_bio);
+
+ if (!response) {
+ LogWarning("OCSP: Failed to convert OCSP Response to DER format");
+ return std::make_pair(false, static_cast<OCSP_RESPONSE*>(NULL));
+ }
+
+ return std::make_pair(true, response);
+}
+
+void OCSP::handleInvalidResponse(int result)
+{
+ switch (result) {
+ case OCSP_RESPONSE_STATUS_MALFORMEDREQUEST:
+ LogWarning("OCSP: Server returns "
+ "OCSP_RESPONSE_STATUS_MALFORMEDREQUEST status");
+ break;
+ case OCSP_RESPONSE_STATUS_INTERNALERROR:
+ LogWarning("OCSP: Server returns "
+ "OCSP_RESPONSE_STATUS_INTERNALERROR status");
+ break;
+ case OCSP_RESPONSE_STATUS_TRYLATER:
+ LogWarning("OCSP: Server returns "
+ "OCSP_RESPONSE_STATUS_TRYLATER status");
+ break;
+ case OCSP_RESPONSE_STATUS_SIGREQUIRED:
+ LogWarning("OCSP: Server returns "
+ "OCSP_RESPONSE_STATUS_SIGREQUIRED status");
+ break;
+ case OCSP_RESPONSE_STATUS_UNAUTHORIZED:
+ LogWarning("OCSP: Server returns "
+ "OCSP_RESPONSE_STATUS_UNAUTHORIZED status");
+ break;
+ default:
+ Assert(false && "Invalid result value");
+ }
+}
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @author Tomasz Morawski(t.morawski@samsung.com)
+ * @author Michal Ciepielski(m.ciepielski@samsung.com)
+ * @author Piotr Marcinkiewicz(p.marcinkiew@samsung.com)
+ * @version 0.4
+ * @file OCPS.h
+ * @brief Routines for certificate validation over OCSP
+ */
+
+#ifndef WRT_ENGINE_SRC_VALIDATION_CORE_ENGINE_OCSP_H_
+#define WRT_ENGINE_SRC_VALIDATION_CORE_ENGINE_OCSP_H_
+
+#include <openssl/pem.h>
+#include <openssl/ocsp.h>
+#include <libsoup/soup.h>
+
+#include <string>
+#include <vector>
+#include <list>
+#include <utility>
+#include <map>
+
+#include <dpl/assert.h>
+#include <dpl/exception.h>
+#include <dpl/optional_typedefs.h>
+
+#include <vcore/scoped_gpointer.h>
+
+#include "OCSPCertMgrUtil.h"
+#include "CertificateCollection.h"
+#include "CertificateStorage.h"
+#include "VerificationStatus.h"
+#include "SSLContainers.h"
+
+#include "SoupMessageSendBase.h"
+#include "SoupMessageSendSync.h"
+/*
+ * The WRT MUST NOT allow installation of widgets with revoked signatures.
+ *
+ * The WRT MUST NOT allow use of widgets with revoked signatures.
+ *
+ * The WRT MUST support checking for revocation of widget signatures via
+ * OCSP [RFC 2560] at widget installation time, according to the following:
+ *
+ * At widget installation time, the WRT shall make several attempts
+ * (5 attempts at 6 seconds apart recommended) to establish contact with
+ * the OCSP server.
+ *
+ * If connectivity is successful and the application is validated, the
+ * installation process shall continue.
+ *
+ * If connectivity is successful and if the widget signature is
+ * determined to be revoked, the WRT shall issue a suitable error message
+ * and cancel installation.
+ *
+ * If connectivity is successful and revocation status is unknown or if
+ * connectivity is unsuccessful, the user must be notified that the
+ * widget was unable to be installed as trusted - the certification of
+ * the widget signature has not been validated -, and prompt the user to allow
+ * the user to install the widget as an untrusted application, or reject
+ * the installation.
+ *
+ * The WRT MUST support checking for revocation of widget signatures via OCSP
+ * [RFC 2560] at widget runtime.
+ *
+ * The WRT MUST support OCSP access policy.
+ */
+
+namespace ValidationCore {
+
+class OCSP
+// : public RevocationCheckerBase
+{
+ public:
+ static const char* DEFAULT_RESPONDER_URI_ENV;
+
+ VerificationStatus checkEndEntity(const CertificateCollection &certList);
+ OCSP();
+
+ enum DigestAlgorithm
+ {
+ SHA1,
+ SHA224,
+ SHA256,
+ SHA384,
+ SHA512
+ };
+ typedef std::map <DigestAlgorithm, const EVP_MD*> DigestAlgorithmMap;
+ /**
+ * Sets digest algorithm for certid in ocsp request
+ */
+ void setDigestAlgorithmForCertId(DigestAlgorithm alg);
+
+ /**
+ * Sets digest algorithm for certid in ocsp request
+ */
+ void setDigestAlgorithmForRequest(DigestAlgorithm alg);
+
+ void setTrustedStore(const CertificateList& certs);
+
+ VerificationStatusSet validateCertificateList(const CertificateList &certs);
+
+ VerificationStatus validateCertificate(CertificatePtr argCert,
+ CertificatePtr argIssuer);
+
+ void setDefaultResponder(const char* uri)
+ {
+ Assert(uri);
+ m_strResponderURI = DPL::FromUTF8String(uri);
+ }
+
+ void setUseDefaultResponder(bool value)
+ {
+ m_bUseDefResponder = value;
+ }
+
+ /**
+ * @return time when response will become invalid - for list of
+ * certificates, this is the minimum of all validities; value is
+ * valid only for not-revoked certificates (non error validation result)
+ */
+ time_t getResponseValidity()
+ {
+ return m_responseValidity;
+ }
+
+ private:
+ typedef WRT::ScopedGPointer<SoupSession> ScopedSoupSession;
+ typedef WRT::ScopedGPointer<SoupMessage> ScopedSoupMessage;
+
+ void handleInvalidResponse(int result);
+ void sendHTTPRequest(ScopedSoupSession& session,
+ ScopedSoupMessage& msg,
+ const char* host,
+ const char* port,
+ const char* path,
+ char* requestBuffer,
+ size_t reqestSize);
+ void sendRequest(const std::string& uri,
+ char* requestBuffer,
+ size_t requestSize,
+ char** responseBuffer,
+ size_t* responseSize);
+
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, ConnectionError)
+ DECLARE_EXCEPTION_TYPE(Base, CertificateRevoked)
+ DECLARE_EXCEPTION_TYPE(Base, CertificateUnknown)
+ DECLARE_EXCEPTION_TYPE(Base, VerificationError)
+ DECLARE_EXCEPTION_TYPE(Base, RetrieveCertFromStoreError)
+ DECLARE_EXCEPTION_TYPE(Base, VerificationNotSupport)
+ };
+
+ const EVP_MD* m_pCertIdDigestAlg;
+ const EVP_MD* m_pRequestDigestAlg;
+ static DigestAlgorithmMap m_sDigestAlgMap;
+
+ typedef std::pair<char*, size_t> HttpResponseBuffer;
+
+ SoupWrapper::SoupMessageSendBase::RequestStatus sendOcspRequest(
+ OCSP_REQUEST* argRequest,
+ const DPL::OptionalString& argUri);
+
+ //! Validates a single certificate
+ /*!
+ * @param cert The certificate to check
+ * @param issuer A certificate used to sign the certificate to check.
+ */
+
+ struct CreateRequestResult
+ {
+ bool success;
+ OCSP_REQUEST* ocspRequest;
+ OCSP_CERTID* ocspCertId;
+ CreateRequestResult(bool argSuccess = false,
+ OCSP_REQUEST* argOcspRequest = NULL,
+ OCSP_CERTID* argOcspCertId = NULL) :
+ success(argSuccess),
+ ocspRequest(argOcspRequest),
+ ocspCertId(argOcspCertId)
+ {
+ }
+ };
+
+ //! Creates a OCSP request
+ /*!
+ * @param request Returns created OCSP_REQUEST
+ * @param id Returns CertId that is used to find proper OCSP result in
+ * the OCSP response (@see checkRevocationStatus for more details).
+ *
+ */
+ CreateRequestResult createRequest(CertificatePtr argCert,
+ CertificatePtr argIssuer);
+
+ OCSP_CERTID* addSerial(CertificatePtr argCert,
+ CertificatePtr argIssuer);
+
+ void validateResponse(OCSP_REQUEST* argRequest,
+ OCSP_RESPONSE* argResponse,
+ OCSP_CERTID* argCertId);
+
+ //! Create a X509 store
+ bool verifyResponse(OCSP_BASICRESP* argResponse);
+
+ void checkRevocationStatus(OCSP_BASICRESP* argBasicResponse,
+ OCSP_CERTID* argCertId);
+
+ typedef std::pair<bool, OCSP_RESPONSE*> OcspResponse;
+
+ OcspResponse convertToResponse();
+
+ time_t m_responseValidity;
+ bool m_bUseNonce;
+ bool m_bUseDefResponder;
+ DPL::String m_strResponderURI;
+ bool m_bSignRequest;
+ EVP_PKEY* m_pSignKey;
+ CertificatePtr m_pSignCert;
+ SSLSmartContainer <X509_STORE> m_pTrustedStore;
+ SoupWrapper::SoupMessageSendSync m_soupMessage;
+};
+} // ValidationCore
+
+#endif //ifndef WRT_ENGINE_SRC_VALIDATION_CORE_ENGINE_OCSP_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @author Michal Ciepielski(m.ciepielski@samsung.com)
+ * @version 0.3
+ * @brief
+ */
+
+#include "OCSPCertMgrUtil.h"
+#include "SSLContainers.h"
+
+#include <openssl/pem.h>
+#include <openssl/ocsp.h>
+#include <dpl/log/log.h>
+#include <dpl/scoped_resource.h>
+#include <string.h>
+#include <iostream>
+#include <string>
+
+#include <cert-service.h>
+
+namespace {
+const int MAX_BUF = 1024;
+
+struct ContextDeleter
+{
+ typedef CERT_CONTEXT* Type;
+ static Type NullValue()
+ {
+ return NULL;
+ }
+ static void Destroy(Type context)
+ {
+ if (context) {
+ cert_svc_cert_context_final(context);
+ }
+ }
+};
+}
+
+namespace ValidationCore {
+namespace OCSPCertMgrUtil {
+/*
+ * TODO This API function should be changed to:
+ * CertifiatePtr getCertFromStore(const std::string &subject);
+ *
+ * All of cert_svc function could return error because input
+ * data are corruped. That's why I dont want to throw exceptions
+ * in this function.
+ */
+void getCertFromStore(X509_NAME *subject,
+ X509 **xcert)
+{
+ if (!xcert || *xcert || !subject) {
+ LogError("Invalid input!");
+ return;
+ }
+
+ typedef DPL::ScopedResource<ContextDeleter> ScopedContext;
+
+ int result;
+ char buffer[MAX_BUF];
+ const unsigned char* ptr = NULL;
+ X509 *pCertificate = NULL;
+ cert_svc_filename_list *fileList = NULL;
+
+ X509_NAME_oneline(subject, buffer, MAX_BUF);
+
+ ScopedContext ctx(cert_svc_cert_context_init());
+ if (ctx.Get() == NULL) {
+ LogWarning("Error in cert_svc_cert_context_init.");
+ return;
+ }
+
+ LogDebug("Search certificate with subject: " << buffer);
+ result = cert_svc_search_certificate(ctx.Get(), SUBJECT_STR, buffer);
+ LogDebug("Search finished!");
+
+ if (CERT_SVC_ERR_NO_ERROR != result) {
+ LogWarning("Error during certificate search");
+ return;
+ }
+
+ fileList = ctx.Get()->fileNames;
+
+ if (fileList == NULL) {
+ LogDebug("No certificate found");
+ return;
+ }
+
+ if (fileList->filename == NULL) {
+ LogWarning("Empty filename");
+ return;
+ }
+
+ LogDebug("Found cert file: " << fileList->filename);
+ ScopedContext ctx2(cert_svc_cert_context_init());
+
+ if (ctx2.Get() == NULL) {
+ LogWarning("Error in cert_svc_cert_context_init.");
+ return;
+ }
+
+ // TODO add read_certifcate_from_file function to Certificate.h
+ if (CERT_SVC_ERR_NO_ERROR !=
+ cert_svc_load_file_to_context(ctx2.Get(), fileList->filename)) {
+ LogWarning("Error in cert_svc_load_file_to_context");
+ return;
+ }
+
+ ptr = ctx2.Get()->certBuf->data;
+ // create a certificate from mem buff
+ pCertificate = d2i_X509(NULL, &ptr, ctx2.Get()->certBuf->size);
+
+ if (pCertificate == NULL) {
+ LogWarning("Error during certificate conversion in d2i_X509");
+ return;
+ }
+
+ *xcert = pCertificate;
+ if (fileList->next != NULL) {
+ LogError("There is more then one certificate with same subject :/");
+ // TODO Implement me.
+ for (fileList = fileList->next;
+ fileList != NULL;
+ fileList = fileList->next) {
+ LogError(
+ "Additional certificate with same subject: " <<
+ fileList->filename);
+ }
+ }
+}
+
+CertificatePtr getParentFromStore(const CertificatePtr &certificate)
+{
+ Assert(certificate.Get());
+ X509* rawPtr = certificate->getX509();
+
+ /* TODO Add getIssuerName function to Certificate.h */
+ X509_NAME *name = X509_get_issuer_name(rawPtr);
+
+ X509* rawTemp = NULL;
+ getCertFromStore(name, &rawTemp);
+
+ if (rawTemp == NULL) {
+ return CertificatePtr();
+ }
+
+ SSLSmartContainer<X509> scope(rawTemp);
+ return CertificatePtr(new Certificate(rawTemp));
+}
+
+CertificateList completeCertificateChain(const CertificateList &certificateList)
+{
+ CertificateList result = certificateList;
+ CertificatePtr last = result.back();
+ if (last->isSignedBy(last)) {
+ return result;
+ }
+ CertificatePtr parent = getParentFromStore(last);
+ if (parent.Get()) {
+ result.push_back(parent);
+ }
+ return result;
+}
+} // namespace OCSPCertMgrUtil
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @author Tomasz Morawski(t.morawski@samsung.com)
+ * @author Michal Ciepielski(m.ciepielski@samsung.com)
+ * @version 0.2
+ * @brief
+ */
+
+#ifndef _WRT_OCSP_CERT_MGR_UTIL_H_
+#define _WRT_OCSP_CERT_MGR_UTIL_H_
+
+#include <openssl/x509.h>
+
+#include "Certificate.h"
+
+namespace ValidationCore {
+namespace OCSPCertMgrUtil {
+void getCertFromStore(X509_NAME *subject,
+ X509 **xcert);
+CertificatePtr getParentFromStore(const CertificatePtr &certificate);
+/*
+ * Look for "parent" certificate from store.
+ * It returns new certificate chain.
+ */
+CertificateList completeCertificateChain(const CertificateList &certList);
+} // namespace OCSPCertMgrUtil
+} // namespace ValidationCore
+#endif
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @author Tomasz Morawski(t.morawski@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#include <openssl/ocsp.h>
+
+/*
+ * This function is needed to fix "Invalid conversion from void* to unsigned char*"
+ * C++ compiler error during calling i2d_OCSP_REQUEST_bio macro
+ */
+int convertToBuffer(OCSP_REQUEST *req, char **buf, int *size) {
+ BIO *req_mem_bio;
+ BUF_MEM req_bmem;
+
+ /*
+ * size and membuffer for request
+ */
+ *size = i2d_OCSP_REQUEST(req, NULL);
+ *buf = (char*) malloc(*size);
+
+ if (!*buf)
+ return 0;
+
+ /* copy request into buffer */
+ req_bmem.length = 0;
+ req_bmem.data = *buf;
+ req_bmem.max = *size;
+
+ /*
+ * create a new buffer using openssl
+ */
+ req_mem_bio = BIO_new(BIO_s_mem());
+
+ if (!req_mem_bio) {
+ /*
+ * creation failed, return
+ */
+ free(*buf);
+ *buf = NULL;
+ return 0;
+ }
+
+ BIO_set_mem_buf(req_mem_bio, &req_bmem, BIO_NOCLOSE);
+
+ /*
+ * prepare request
+ */
+ if (i2d_OCSP_REQUEST_bio(req_mem_bio, req) <= 0) {
+ free(*buf);
+ *buf = NULL;
+ BIO_free_all(req_mem_bio);
+ return 0;
+ }
+
+ /*
+ * check consistency
+ */
+ if (*size != ((int)req_bmem.length) || req_bmem.length != req_bmem.max)
+ {
+ free(*buf);
+ *buf = NULL;
+ BIO_free_all(req_mem_bio);
+ return 0;
+ }
+
+ /*
+ * free all reserved memory
+ */
+ BIO_free_all(req_mem_bio);
+
+ /*
+ * and return success
+ */
+ return 1;
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ParserSchema.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#ifndef _PARSERSCHEMA_H_
+#define _PARSERSCHEMA_H_
+
+#include <map>
+#include <string>
+
+#include <dpl/log/log.h>
+
+#include "SaxReader.h"
+
+namespace ValidationCore {
+namespace ParserSchemaException {
+DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+DECLARE_EXCEPTION_TYPE(Base, XmlReaderError)
+DECLARE_EXCEPTION_TYPE(Base, CertificateLoaderError)
+DECLARE_EXCEPTION_TYPE(Base, UnsupportedAlgorithm)
+DECLARE_EXCEPTION_TYPE(Base, UnsupportedValue)
+}
+
+template<typename ParserType, typename DataType>
+class ParserSchema
+{
+ public:
+ struct TagDescription
+ {
+ TagDescription(const std::string &tag,
+ const std::string & xmlNamespace) :
+ tagName(tag),
+ namespaceUri(xmlNamespace)
+ {
+ }
+
+ std::string tagName;
+ std::string namespaceUri;
+
+ bool operator<(const TagDescription &second) const
+ {
+ if (tagName < second.tagName) {
+ return true;
+ }
+ if (tagName > second.tagName) {
+ return false;
+ }
+ if (namespaceUri < second.namespaceUri) {
+ return true;
+ }
+ return false;
+ }
+ };
+
+ ParserSchema(ParserType * parser) :
+ m_functions(parser)
+ {
+ }
+
+ virtual ~ParserSchema()
+ {
+ }
+
+ void initialize(const std::string &filename,
+ bool defaultArgs,
+ SaxReader::ValidationType valType,
+ const std::string &xmlschema)
+ {
+ Try
+ {
+ m_reader.initialize(filename, defaultArgs, valType, xmlschema);
+ }
+ Catch(SaxReader::Exception::Base)
+ {
+ ReThrowMsg(ParserSchemaException::XmlReaderError, "XmlReaderError");
+ }
+ }
+
+ void deinitialize()
+ {
+ m_reader.deinitialize();
+ }
+
+ void read(DataType &dataContainer)
+ {
+ Try {
+ while (m_reader.next()) {
+ switch (m_reader.type()) {
+ case SaxReader::NODE_BEGIN:
+ beginNode(dataContainer);
+ break;
+ case SaxReader::NODE_END:
+ endNode(dataContainer);
+ break;
+ case SaxReader::NODE_TEXT:
+ textNode(dataContainer);
+ break;
+ default:
+ // LogInfo("Unknown Type Node");
+ break;
+ }
+ }
+ }
+ Catch(SaxReader::Exception::Base)
+ {
+ ReThrowMsg(ParserSchemaException::XmlReaderError, "XmlReaderError");
+ }
+ }
+
+ typedef void (ParserType::*FunctionPtr)(DataType &data);
+ typedef std::map<TagDescription, FunctionPtr> FunctionMap;
+
+ void addBeginTagCallback(const std::string &tag,
+ const std::string &namespaceUri,
+ FunctionPtr function)
+ {
+ TagDescription desc(tag, namespaceUri);
+ m_beginFunctionMap[desc] = function;
+ }
+
+ void addEndTagCallback(const std::string &tag,
+ const std::string &namespaceUri,
+ FunctionPtr function)
+ {
+ TagDescription desc(tag, namespaceUri);
+ m_endFunctionMap[desc] = function;
+ }
+
+ SaxReader& getReader(void)
+ {
+ return m_reader;
+ }
+
+ std::string& getText(void)
+ {
+ return m_textNode;
+ }
+
+ protected:
+ void beginNode(DataType &dataContainer)
+ {
+ TagDescription desc(m_reader.name(), m_reader.namespaceURI());
+ FunctionPtr fun = m_beginFunctionMap[desc];
+
+ if (fun == 0) {
+ LogDebug("No function found for xml tag: " << m_reader.name());
+ return;
+ }
+
+ (m_functions->*fun)(dataContainer);
+ }
+
+ void endNode(DataType &dataContainer)
+ {
+ TagDescription desc(m_reader.name(), m_reader.namespaceURI());
+ FunctionPtr fun = m_endFunctionMap[desc];
+
+ if (fun == 0) {
+ LogDebug("No function found for xml tag: " << m_reader.name());
+ return;
+ }
+
+ (m_functions->*fun)(dataContainer);
+ }
+
+ void textNode(DataType &dataContainer)
+ {
+ (void)dataContainer;
+ m_textNode = m_reader.value();
+ }
+
+ ParserType *m_functions;
+
+ SaxReader m_reader;
+ FunctionMap m_beginFunctionMap;
+ FunctionMap m_endFunctionMap;
+
+ // temporary values require due parsing textNode
+ std::string m_textNode;
+};
+} // namespace ValidationCore
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <dirent.h>
+#include <errno.h>
+#include <fstream>
+#include <memory>
+
+#include <dpl/errno_string.h>
+#include <dpl/log/log.h>
+
+#include "Base64.h"
+#include "ReferenceValidator.h"
+
+namespace {
+const char *SPECIAL_SYMBOL_CURRENT_DIR = ".";
+const char *SPECIAL_SYMBOL_UPPER_DIR = "..";
+const char *SPECIAL_SYMBOL_AUTHOR_SIGNATURE_FILE = "author-signature.xml";
+const char *REGEXP_DISTRIBUTOR_SIGNATURE = "^signature[1-9][0-9]*\\.xml";
+} // namespace anonymous
+
+namespace ValidationCore {
+ReferenceValidator::ReferenceValidator(const std::string &dirpath) :
+ m_dirpath(dirpath),
+ m_signatureRegexp(REGEXP_DISTRIBUTOR_SIGNATURE)
+{
+}
+
+ReferenceValidator::Result ReferenceValidator::checkReferences(
+ const SignatureData &signatureData)
+{
+ return dfsCheckDirectories(signatureData, std::string());
+}
+
+ReferenceValidator::Result ReferenceValidator::dfsCheckDirectories(
+ const SignatureData &signatureData,
+ const std::string &directory)
+{
+ DIR *dp;
+ struct dirent *dirp;
+ std::string currentDir = m_dirpath + directory;
+
+ if ((dp = opendir(currentDir.c_str())) == NULL) {
+ LogError("Error opening directory: " << currentDir.c_str());
+ m_errorDescription = currentDir;
+ return ERROR_OPENING_DIR;
+ }
+
+ for (errno = 0; (dirp = readdir(dp)) != NULL; errno = 0) {
+ if (!strcmp(dirp->d_name, SPECIAL_SYMBOL_CURRENT_DIR)) {
+ continue;
+ }
+
+ if (!strcmp(dirp->d_name, SPECIAL_SYMBOL_UPPER_DIR)) {
+ continue;
+ }
+
+ if (currentDir == m_dirpath && dirp->d_type == DT_REG &&
+ !strcmp(dirp->d_name,
+ SPECIAL_SYMBOL_AUTHOR_SIGNATURE_FILE) &&
+ signatureData.isAuthorSignature()) {
+ continue;
+ }
+
+ if (currentDir == m_dirpath && dirp->d_type == DT_REG &&
+ isDistributorSignature(dirp->d_name)) {
+ continue;
+ }
+
+ if (dirp->d_type == DT_DIR) {
+ LogDebug("Open directory: " << (directory + dirp->d_name));
+ std::string tmp_directory = directory + dirp->d_name + "/";
+ Result result = dfsCheckDirectories(signatureData, tmp_directory);
+ if (result != NO_ERROR) {
+ closedir(dp);
+ return result;
+ }
+ } else if (dirp->d_type == DT_REG) {
+ LogDebug("Found file: " << (directory + dirp->d_name));
+ const ReferenceSet &referenceSet = signatureData.getReferenceSet();
+ if (referenceSet.end() ==
+ referenceSet.find(directory + dirp->d_name)) {
+ closedir(dp);
+ m_errorDescription = directory + dirp->d_name;
+ return ERROR_REFERENCE_NOT_FOUND;
+ }
+ } else {
+ LogError("Unknown file type.");
+ closedir(dp);
+ m_errorDescription = directory + dirp->d_name;
+ return ERROR_UNSUPPORTED_FILE_TYPE;
+ }
+ }
+
+ if (errno != 0) {
+ m_errorDescription = DPL::GetErrnoString();
+ LogError("readdir failed. Errno code: " << errno <<
+ " Description: " << m_errorDescription);
+ closedir(dp);
+ return ERROR_READING_DIR;
+ }
+
+ closedir(dp);
+
+ return NO_ERROR;
+}
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _REFERENCEVALIDATOR_H_
+#define _REFERENCEVALIDATOR_H_
+
+#include <pcrecpp.h>
+
+#include "SignatureData.h"
+
+namespace ValidationCore {
+class ReferenceValidator
+{
+ public:
+ enum Result
+ {
+ NO_ERROR = 0,
+ ERROR_OPENING_DIR,
+ ERROR_READING_DIR,
+ ERROR_UNSUPPORTED_FILE_TYPE,
+ ERROR_REFERENCE_NOT_FOUND
+ };
+
+ ReferenceValidator(const std::string &dirpath);
+
+ virtual ~ReferenceValidator()
+ {
+ }
+
+ Result checkReferences(const SignatureData &signatureData);
+
+ private:
+
+ Result dfsCheckDirectories(const SignatureData &signatureData,
+ const std::string &directory);
+
+ inline bool isDistributorSignature(const char *cstring) const
+ {
+ return m_signatureRegexp.FullMatch(cstring);
+ }
+
+ std::string m_dirpath;
+ std::string m_errorDescription;
+ pcrecpp::RE m_signatureRegexp;
+};
+}
+
+#endif // _REFERENCEVALIDATOR_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @author Piotr Marcinkiewicz(p.marcinkiew@samsung.com)
+ * @version 0.4
+ * @file CommonCertValidator.cpp
+ * @brief Common routines for certificate validation over OCSP and CRL
+ */
+
+#include "RevocationCheckerBase.h"
+
+#include <cstdlib>
+
+#include <openssl/pem.h>
+
+#include <dpl/scoped_fclose.h>
+
+#include "Certificate.h"
+#include "CertificateCollection.h"
+
+namespace {
+const char DefaultBundlePatch[] = "/opt/etc/ssl/certs/ca-certificates.crt";
+} //Anonymous name space
+
+namespace ValidationCore {
+CertificatePtr RevocationCheckerBase::loadPEMFile(const char* fileName)
+{
+ DPL::ScopedFClose fd(fopen(fileName, "rb"));
+
+ // no such file, return NULL
+ if (!fd.Get()) {
+ return CertificatePtr();
+ }
+
+ // create a new X509 certificate basing on file
+ CertificatePtr cert(new Certificate(PEM_read_X509(fd.Get(),
+ NULL,
+ NULL,
+ NULL)));
+ return cert;
+}
+
+bool RevocationCheckerBase::sortCertList(CertificateList &lCertificates)
+{
+ CertificateCollection collection;
+ collection.load(lCertificates);
+
+ if (collection.sort()) {
+ lCertificates = collection.getChain();
+ return true;
+ }
+ return false;
+}
+
+} // ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @author Piotr Marcinkiewicz(p.marcinkiew@samsung.com)
+ * @version 0.4
+ * @file CommonCertValidator.h
+ * @brief Common routines for certificate validation over OCSP and CRL
+ */
+
+#ifndef WRT_ENGINE_SRC_VALIDATION_CORE_REVOCATIONCHECKERBASE_H_
+#define WRT_ENGINE_SRC_VALIDATION_CORE_REVOCATIONCHECKERBASE_H_
+
+#include <string>
+
+#include "Certificate.h"
+
+namespace ValidationCore {
+class RevocationCheckerBase
+{
+ public:
+ //! Loads a PEM file and returns X509 certificate object.
+ static CertificatePtr loadPEMFile(const char* path);
+
+ //! Sorts a list of certficates and verifies them if they form
+ //! a valid chain
+ static bool sortCertList(CertificateList &cert) __attribute__((deprecated));
+};
+} // ValidationCore
+
+#endif //ifndef WRT_ENGINE_SRC_VALIDATION_CORE_REVOCATIONCHECKERBASE_H_
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _SSLCONTAINERS_H
+#define _SSLCONTAINERS_H
+
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+
+/*
+ * default deleter functor with no overloaded operator()
+ */
+template <typename T>
+struct MySSLFree {};
+
+/*
+ * macro for defining custom deleters for openssl structs
+ * usage DECLARE_DELETER(OpenSSLType)
+ */
+#define DECLARE_DELETER(Type) template<> \
+ struct MySSLFree <Type> \
+ { \
+ void operator() (Type* p) \
+ { \
+ Type ## _free(p); \
+ } \
+ \
+ };
+
+/*
+ * declare custom deleter for X509 structs
+ */
+DECLARE_DELETER(X509)
+/*
+ * declare custom deleter for OCSP_REQUEST structs
+ */
+DECLARE_DELETER(OCSP_REQUEST)
+/*
+ * declare custom deleter for OCSP_RESPONSE structs
+ */
+DECLARE_DELETER(OCSP_RESPONSE)
+/*
+ * declare custom deleter for OCSP_CERTID structs
+ */
+DECLARE_DELETER(OCSP_CERTID)
+/*
+ * declare custom deleter for OCSP_BASICRESP structs
+ */
+DECLARE_DELETER(OCSP_BASICRESP)
+/*
+ * declare custom deleter for X509_STORE structs
+ */
+DECLARE_DELETER(X509_STORE)
+
+/*
+ * undef it, so anyone could use that macro name
+ */
+#undef DECLARE_DELETER
+
+/*
+ * OpenSSL smart container
+ * usage SSLSmartContainer <OpenSSLType> smartptr = ptrToOpenSSLType
+ * remember to add OpenSSLType to macro list few lines above
+ */
+template <typename T, typename deleter = MySSLFree<T> >
+class SSLSmartContainer
+{
+ public:
+ SSLSmartContainer() : m_pData(NULL)
+ {
+ }
+
+ /*
+ * explicit constructor, we don't want any auto casting
+ */
+ explicit SSLSmartContainer(T* pData)
+ {
+ m_pData = pData;
+ }
+
+ /*
+ * overloaded assignment operator
+ */
+ SSLSmartContainer & operator=(SSLSmartContainer& pContainer)
+ {
+ /*
+ * check if no assignment was done before
+ */
+ if (this != &pContainer) {
+ // if so, free internal data
+ deleter ssl_free;
+ ssl_free(m_pData);
+
+ // and assign new
+ m_pData = pContainer.m_pData;
+
+ pContainer.m_pData = NULL;
+ }
+
+ return *this;
+ }
+
+ SSLSmartContainer & operator=(T* pData)
+ {
+ /*
+ * check if no assignment was done before
+ */
+ if (m_pData != pData) {
+ // if so, free internal data
+ deleter ssl_free;
+ ssl_free(m_pData);
+
+ // and assign new
+ m_pData = pData;
+ }
+
+ return *this;
+ }
+
+ ~SSLSmartContainer()
+ {
+ deleter ssl_free;
+ ssl_free(m_pData);
+ }
+
+ /*
+ * overloaded operators for standardptr - like usage
+ */
+ SSLSmartContainer & operator*()
+ {
+ return *m_pData;
+ }
+ SSLSmartContainer* operator->()
+ {
+ return m_pData;
+ }
+
+ /*
+ * auto cast to T operator
+ */
+ operator T *() const { return m_pData;
+ }
+
+ /*
+ * detachs internal pointer from smart pointer
+ */
+ T* DetachPtr()
+ {
+ T* pData = m_pData;
+ m_pData = NULL;
+ return pData;
+ }
+
+ private:
+ /*
+ * blocked assignment from another types operator
+ */
+ template <typename S>
+ T & operator = (S& pContainer)
+ {
+ return *this;
+ }
+
+ /*
+ * internal data
+ */
+ T* m_pData;
+};
+
+#endif /* _SSLCONTAINERS_H */
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file SaxReader.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Simple c++ interface for libxml2.
+ */
+#include <dpl/assert.h>
+#include <dpl/exception.h>
+#include <dpl/log/log.h>
+
+#include "SaxReader.h"
+
+namespace ValidationCore {
+SaxReader::SaxReader() :
+ m_reader(0)
+{
+}
+
+SaxReader::~SaxReader()
+{
+ if (m_reader) {
+ deinitialize();
+ }
+}
+
+void SaxReader::initialize(const std::string &filename,
+ bool defaultArgs,
+ ValidationType validate,
+ const std::string &schema)
+{
+ Assert(m_reader == 0 && "Double initialization of SaxReader");
+
+ LogDebug("SaxReader opening file: " << filename);
+
+ /*
+ * create a new xml text reader
+ */
+ m_reader = xmlNewTextReaderFilename(filename.c_str());
+
+ if (m_reader == NULL) {
+ /*
+ * no such file, return
+ */
+ LogWarning("Error during opening file " << filename);
+ Throw(Exception::FileOpeningError);
+ }
+ if (validate == VALIDATION_XMLSCHEME &&
+ xmlTextReaderSchemaValidate(m_reader, schema.c_str())) {
+ /*
+ * unable to turn on schema validation
+ */
+ LogError("Turn on Schema validation failed.");
+ ThrowMsg(Exception::ParserInternalError,
+ "Turn on Scheme validation failed!");
+ }
+ // Path to DTD schema is taken from xml file.
+ if (validate == VALIDATION_DTD &&
+ xmlTextReaderSetParserProp(m_reader, XML_PARSER_VALIDATE, 1)) {
+ /*
+ * unable to turn on DTD validation
+ */
+ LogError("Turn on DTD validation failed!");
+ ThrowMsg(Exception::ParserInternalError,
+ "Turn on DTD validation failed!");
+ }
+ if (defaultArgs &&
+ xmlTextReaderSetParserProp(m_reader, XML_PARSER_DEFAULTATTRS, 1)) {
+ /*
+ * unable to turn on default arguments
+ */
+ LogError("Turn on default arguments failed");
+ ThrowMsg(Exception::ParserInternalError,
+ "Turn on Default Arguments failed!");
+ }
+}
+
+void SaxReader::deinitialize()
+{
+ xmlFreeTextReader(m_reader);
+ m_reader = 0;
+}
+
+bool SaxReader::next()
+{
+ int res = xmlTextReaderRead(m_reader);
+
+ if (0 == xmlTextReaderIsValid(m_reader)) {
+ LogWarning("Throw exception file not valid!");
+ Throw(Exception::FileNotValid);
+ }
+
+ if (res == 1) {
+ return true;
+ }
+
+ if (res == 0) {
+ return false;
+ }
+ LogError("ParserInternalError");
+ Throw(Exception::ParserInternalError);
+}
+
+void SaxReader::next(const std::string &token)
+{
+ xmlTextReaderRead(m_reader);
+ if (0 == xmlTextReaderIsValid(m_reader)) {
+ /*
+ * invalid file
+ */
+ LogWarning("Throw exception file not valid!");
+ Throw(Exception::FileNotValid);
+ }
+
+ xmlChar *name = xmlTextReaderName(m_reader);
+
+ if (name == NULL) {
+ /*
+ * invalid file
+ */
+ LogWarning("File not Valid");
+ Throw(Exception::FileNotValid);
+ }
+
+ if (token == reinterpret_cast<const char*>(name)) {
+ xmlFree(name);
+ } else {
+ /*
+ * we encountered wrong token
+ */
+ xmlFree(name);
+ LogWarning("Wrong Token");
+ Throw(Exception::WrongToken);
+ }
+}
+
+bool SaxReader::isEmpty(void)
+{
+ int ret = xmlTextReaderIsEmptyElement(m_reader);
+ if (-1 == ret) {
+ LogError("Parser Internal Error");
+ Throw(Exception::ParserInternalErrorInEmptyQuery);
+ }
+ return ret;
+}
+
+std::string SaxReader::attribute(const std::string &token,
+ ThrowType throwStatus)
+{
+ std::string value;
+ xmlChar *attr = xmlTextReaderGetAttribute(m_reader, BAD_CAST(token.c_str()));
+ if ((NULL == attr) && (throwStatus == THROW_DISABLE)) {
+ /*
+ * return empty string
+ */
+ //TODO why not DPL::Optional?
+ return std::string();
+ }
+ if (NULL == attr) {
+ /*
+ * error during read attribute
+ */
+ LogError("Error in reading attribute.");
+ Throw(Exception::ParserInternalErrorInReadingAttribute);
+ }
+
+ /*
+ * cast it to val and return it
+ */
+ value = reinterpret_cast<const char *>(attr);
+ xmlFree(attr);
+ return value;
+}
+
+// KW std::string SaxReader::fullName(){
+// KW std::string value;
+// KW xmlChar *name = xmlTextReaderName(m_reader);
+// KW if(NULL == name) {
+// KW LogError("Error in reading name.");
+// KW Throw(Exception::ErrorReadingName);
+// KW }
+// KW value = reinterpret_cast<const char *>(name);
+// KW xmlFree(name);
+// KW return value;
+// KW }
+
+std::string SaxReader::name()
+{
+ std::string value;
+ xmlChar *name = xmlTextReaderName(m_reader);
+ if (NULL == name) {
+ LogError("Error in reading name.");
+ Throw(Exception::ErrorReadingName);
+ }
+ value = reinterpret_cast<const char *>(name);
+ xmlFree(name);
+ size_t pos = value.find_last_of(":");
+ if (pos != std::string::npos) {
+ value.erase(0, pos + 1);
+ }
+ return value;
+}
+
+std::string SaxReader::namespaceURI()
+{
+ std::string value;
+ xmlChar *name = xmlTextReaderNamespaceUri(m_reader);
+ if (NULL != name) {
+ value = reinterpret_cast<const char *>(name);
+ xmlFree(name);
+ }
+ return value;
+}
+
+std::string SaxReader::value()
+{
+ std::string value;
+ /*
+ * get value of node
+ */
+ xmlChar *text = xmlTextReaderValue(m_reader);
+ if (NULL == text) {
+ LogError("Error in reading value");
+ Throw(Exception::ErrorReadingValue);
+ }
+ value = reinterpret_cast<const char*>(text);
+ /*
+ * free text and return the val
+ */
+ xmlFree(text);
+ return value;
+}
+
+SaxReader::NodeType SaxReader::type()
+{
+ xmlReaderTypes type =
+ static_cast<xmlReaderTypes>(xmlTextReaderNodeType(m_reader));
+ switch (type) {
+ case XML_READER_TYPE_ELEMENT:
+ return NODE_BEGIN;
+ case XML_READER_TYPE_END_ELEMENT:
+ return NODE_END;
+ case XML_READER_TYPE_TEXT:
+ return NODE_TEXT;
+ case XML_READER_TYPE_NONE:
+ case XML_READER_TYPE_ATTRIBUTE:
+ case XML_READER_TYPE_CDATA:
+ case XML_READER_TYPE_ENTITY_REFERENCE:
+ case XML_READER_TYPE_ENTITY:
+ case XML_READER_TYPE_PROCESSING_INSTRUCTION:
+ case XML_READER_TYPE_COMMENT:
+ case XML_READER_TYPE_DOCUMENT:
+ case XML_READER_TYPE_DOCUMENT_TYPE:
+ case XML_READER_TYPE_DOCUMENT_FRAGMENT:
+ case XML_READER_TYPE_NOTATION:
+ case XML_READER_TYPE_WHITESPACE:
+ case XML_READER_TYPE_SIGNIFICANT_WHITESPACE:
+ case XML_READER_TYPE_END_ENTITY:
+ case XML_READER_TYPE_XML_DECLARATION:
+ default:
+ return NODE_UNSUPPORTED;
+ }
+}
+
+void SaxReader::dumpNode(std::string &buffer)
+{
+ /*
+ * size of buffer
+ */
+ int size;
+ /*
+ * pointer to buffer
+ */
+ xmlBufferPtr buff = xmlBufferCreate();
+
+ xmlNodePtr node = xmlTextReaderExpand(m_reader);
+
+ if (node == NULL) {
+ /*
+ * internal parser error
+ */
+ xmlBufferFree(buff);
+ LogError("Parser Internal Error");
+ Throw(Exception::ParserInternalError);
+ }
+
+ /*
+ * get a size and fill in a buffer
+ */
+ size = xmlNodeDump(buff, node->doc, node, 0, 0);
+ buffer.insert(0, reinterpret_cast<char*>(buff->content), size);
+ xmlBufferFree(buff);
+}
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file SaxReader.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Simple c++ interface for libxml2.
+ */
+#ifndef _SAXREADER_H_
+#define _SAXREADER_H_
+
+#include <string>
+#include <libxml/xmlreader.h>
+#include <dpl/exception.h>
+
+namespace ValidationCore {
+class SaxReader
+{
+ public:
+ SaxReader();
+ ~SaxReader();
+
+ /*
+ * custom exceptions
+ */
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, FileOpeningError)
+ DECLARE_EXCEPTION_TYPE(Base, FileNotValid)
+ DECLARE_EXCEPTION_TYPE(Base, ParserInternalError)
+ DECLARE_EXCEPTION_TYPE(Base, WrongToken)
+ DECLARE_EXCEPTION_TYPE(Base, ParserInternalErrorInReadingAttribute)
+ DECLARE_EXCEPTION_TYPE(Base, ParserInternalErrorInEmptyQuery)
+ DECLARE_EXCEPTION_TYPE(Base, ErrorReadingValue)
+ DECLARE_EXCEPTION_TYPE(Base, ErrorReadingName)
+ DECLARE_EXCEPTION_TYPE(Base, UnsupportedType)
+ };
+
+ enum NodeType
+ {
+ NODE_UNSUPPORTED,
+ NODE_BEGIN,
+ NODE_END,
+ NODE_TEXT
+ };
+
+ enum ThrowType
+ {
+ THROW_ENABLE = 0,
+ THROW_DISABLE
+ };
+
+ /*
+ * xml validation modes
+ */
+ enum ValidationType
+ {
+ VALIDATION_DISABLE,
+ VALIDATION_XMLSCHEME,
+ VALIDATION_DTD
+ };
+
+ /*
+ * initializes parser
+ */
+ void initialize(const std::string &filename,
+ bool defaultArgs = false,
+ ValidationType validation = VALIDATION_DISABLE,
+ const std::string &schema = std::string());
+ /*
+ * deinitializes parser
+ */
+ void deinitialize();
+
+ /**
+ * Move to next xml node.
+ */
+ bool next();
+
+ /**
+ * Move to next xml node. If next node name is differ from token the exception will
+ * be thrown.
+ */
+ void next(const std::string &token);
+
+ /**
+ * Check if xml tag is empty.
+ */
+ bool isEmpty(void);
+
+ /**
+ * Read attribute tag.
+ */
+ std::string attribute(const std::string &token,
+ ThrowType throwStatus = THROW_ENABLE);
+
+ /**
+ * Read xml tag name with namespace.
+ */
+ // KW std::string fullName();
+
+ /**
+ * Read xml tag name without namespace.
+ */
+ std::string name();
+
+ /**
+ * Read xml tag namespace URI
+ */
+ std::string namespaceURI();
+
+ /**
+ * Read xml tag value.
+ */
+ std::string value();
+
+ /**
+ * Return information about node type.
+ */
+ NodeType type();
+
+ /**
+ * Save all contonet of xml file which is between current tag and
+ * it's close tag into buffer.
+ */
+ void dumpNode(std::string &buffer);
+
+ private:
+ /*
+ * internal libxml text reader
+ */
+ xmlTextReaderPtr m_reader;
+};
+}
+
+#endif // _SAXREADER_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file SignatureData.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief SignatureData is used to storage data parsed from digsig file.
+ */
+#ifndef _SIGNATUREDATA_H_
+#define _SIGNATUREDATA_H_
+
+#include <list>
+#include <set>
+#include <string>
+
+#include <dpl/log/log.h>
+#include <dpl/noncopyable.h>
+#include <dpl/string.h>
+
+#include "Certificate.h"
+#include "CertStoreType.h"
+#include "ValidatorCommon.h"
+
+/* TODO this class should not depend from OCSP headers */
+#include "OCSPCertMgrUtil.h"
+
+namespace ValidationCore {
+class SignatureData
+{
+ public:
+
+ SignatureData() :
+ m_signatureNumber(-1),
+ m_certificateSorted(false)
+ {
+ }
+
+ SignatureData(std::string fileName,
+ int fileNumber) :
+ m_signatureNumber(fileNumber),
+ m_fileName(fileName),
+ m_certificateSorted(false)
+ {
+ }
+
+ virtual ~SignatureData()
+ {
+ }
+ typedef std::list<std::string> IMEIList;
+ typedef std::list<std::string> MEIDList;
+
+ const ReferenceSet& getReferenceSet() const
+ {
+ return m_referenceSet;
+ }
+
+ void setReference(const ReferenceSet &referenceSet)
+ {
+ m_referenceSet = referenceSet;
+ }
+
+ CertificateList getCertList(void) const
+ {
+ return m_certList;
+ }
+
+ void setSortedCertificateList(const CertificateList &list)
+ {
+ m_certList = list;
+ m_certificateSorted = true;
+ }
+
+ bool isAuthorSignature(void) const
+ {
+ return m_signatureNumber == -1;
+ }
+
+ std::string getSignatureFileName(void) const
+ {
+ return m_fileName;
+ }
+
+ int getSignatureNumber() const
+ {
+ return m_signatureNumber;
+ }
+
+ std::string getRoleURI() const
+ {
+ return m_roleURI;
+ }
+
+ std::string getProfileURI() const
+ {
+ return m_profileURI;
+ }
+
+ bool containObjectReference(const std::string &ref) const
+ {
+ std::string rName = "#";
+ rName += ref;
+ return m_referenceSet.end() != m_referenceSet.find(rName);
+ }
+
+ ObjectList getObjectList() const
+ {
+ return m_objectList;
+ }
+
+ void setStorageType(const CertStoreId::Set &storeIdSet)
+ {
+ m_storeIdSet = storeIdSet;
+ }
+
+ const CertStoreId::Set& getStorageType(void) const
+ {
+ return m_storeIdSet;
+ }
+
+ const IMEIList& getIMEIList() const
+ {
+ return m_imeiList;
+ }
+
+ const MEIDList& getMEIDList() const
+ {
+ return m_meidList;
+ }
+
+ CertificatePtr getEndEntityCertificatePtr() const
+ {
+ if (m_certificateSorted) {
+ return m_certList.front();
+ }
+ return CertificatePtr();
+ }
+
+ CertificatePtr getRootCaCertificatePtr() const
+ {
+ if (m_certificateSorted) {
+ return m_certList.back();
+ }
+ return CertificatePtr();
+ }
+
+ friend class SignatureReader;
+ private:
+ ReferenceSet m_referenceSet;
+ CertificateList m_certList;
+
+ //TargetRestriction
+ IMEIList m_imeiList;
+ MEIDList m_meidList;
+
+ /*
+ * This number is taken from distributor signature file name.
+ * Author signature do not contain any number on the file name.
+ * Author signature should have signature number equal to -1.
+ */
+ int m_signatureNumber;
+ std::string m_fileName;
+ std::string m_roleURI;
+ std::string m_profileURI;
+ std::string m_identifier;
+ ObjectList m_objectList;
+ CertStoreId::Set m_storeIdSet;
+ bool m_certificateSorted;
+};
+
+typedef std::set<SignatureData> SignatureDataSet;
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file SignatureFinder.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Search for author-signature.xml and signatureN.xml files.
+ */
+#include <dirent.h>
+#include <errno.h>
+#include <istream>
+
+#include <dpl/log/log.h>
+
+#include "SignatureFinder.h"
+
+namespace ValidationCore {
+static const char *SIGNATURE_AUTHOR = "author-signature.xml";
+static const char *REGEXP_DISTRIBUTOR_SIGNATURE =
+ "^(signature)([1-9][0-9]*)(\\.xml)";
+
+SignatureFinder::SignatureFinder(const std::string& dir) :
+ m_dir(dir),
+ m_signatureRegexp(REGEXP_DISTRIBUTOR_SIGNATURE)
+{
+}
+
+SignatureFinder::Result SignatureFinder::find(SignatureFileInfoSet &set)
+{
+ DIR *dp;
+ struct dirent *dirp;
+
+ /*
+ * find a dir
+ */
+ if ((dp = opendir(m_dir.c_str())) == NULL) {
+ LogError("Error opening directory:" << m_dir);
+ return ERROR_OPENING_DIR;
+ }
+
+ for (errno = 0; (dirp = readdir(dp)) != NULL; errno = 0) {
+ /**
+ * check if it's author signature
+ */
+ if (!strcmp(dirp->d_name, SIGNATURE_AUTHOR)) {
+ set.insert(SignatureFileInfo(std::string(dirp->d_name), -1));
+ continue;
+ }
+
+ std::string sig, num, xml;
+ if (m_signatureRegexp.FullMatch(dirp->d_name, &sig, &num, &xml)) {
+ std::istringstream stream(num);
+ int number;
+ stream >> number;
+
+ if (stream.fail()) {
+ closedir(dp);
+ return ERROR_ISTREAM;
+ }
+
+ set.insert(SignatureFileInfo(std::string(dirp->d_name), number));
+ }
+ }
+
+ if (errno != 0) {
+ LogError("Error in readdir");
+ closedir(dp);
+ return ERROR_READING_DIR;
+ }
+
+ closedir(dp);
+ return NO_ERROR;
+}
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file SignatureFinder.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Search for author-signature.xml and signatureN.xml files.
+ */
+#ifndef _SIGNATUREFINDER_H_
+#define _SIGNATUREFINDER_H_
+
+#include <set>
+#include <string>
+
+#include <pcrecpp.h>
+
+#include "SignatureData.h"
+
+namespace ValidationCore {
+class SignatureFileInfo
+{
+ public:
+ SignatureFileInfo(const std::string &fileName,
+ int num) :
+ m_fileName(fileName),
+ m_fileNumber(num)
+ {
+ }
+
+ std::string getFileName() const
+ {
+ return m_fileName;
+ }
+
+ int getFileNumber() const
+ {
+ return m_fileNumber;
+ }
+
+ bool operator<(const SignatureFileInfo &second) const
+ {
+ return m_fileNumber < second.m_fileNumber;
+ }
+ private:
+ std::string m_fileName;
+ int m_fileNumber;
+};
+
+typedef std::set<SignatureFileInfo> SignatureFileInfoSet;
+
+class SignatureFinder
+{
+ public:
+ enum Result
+ {
+ NO_ERROR,
+ ERROR_OPENING_DIR,
+ ERROR_READING_DIR,
+ ERROR_ISTREAM
+ };
+
+ SignatureFinder(const std::string& dir);
+
+ Result find(SignatureFileInfoSet &set);
+
+ private:
+ std::string m_dir;
+ pcrecpp::RE m_signatureRegexp;
+};
+} // namespace ValidationCore
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file SignatureReader.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief SignatureReader is used to parse widget digital signature.
+ */
+#include "SignatureReader.h"
+
+#include "CertificateLoader.h"
+
+namespace ValidationCore {
+static const std::string XML_NAMESPACE =
+ "http://www.w3.org/2000/09/xmldsig#";
+static const std::string XML_NAMESPACE_DIGITALSIG =
+ "http://wacapps.net/ns/digsig";
+static const std::string XML_OBJ_NS =
+ "http://www.w3.org/2009/xmldsig-properties";
+
+// TAG TOKENS
+static const std::string TOKEN_SIGNATURE = "Signature";
+static const std::string TOKEN_SIGNED_INFO = "SignedInfo";
+static const std::string TOKEN_CANONICALIZATION_METHOD =
+ "CanonicalizationMethod";
+static const std::string TOKEN_SIGNATURE_METHOD = "SignatureMethod";
+static const std::string TOKEN_REFERENCE = "Reference";
+static const std::string TOKEN_TRANSFORMS = "Transforms";
+static const std::string TOKEN_TRANSFORM = "Transform";
+static const std::string TOKEN_DIGEST_METHOD = "DigestMethod";
+static const std::string TOKEN_DIGEST_VALUE = "DigestValue";
+static const std::string TOKEN_SIGNATURE_VALUE = "SignatureValue";
+static const std::string TOKEN_KEY_INFO = "KeyInfo";
+static const std::string TOKEN_X509DATA = "X509Data";
+static const std::string TOKEN_X509CERTIFICATE = "X509Certificate";
+static const std::string TOKEN_KEY_VALUE = "KeyValue";
+static const std::string TOKEN_RSA_KEY_VALUE = "RSAKeyValue";
+static const std::string TOKEN_MODULUS_COMPONENT = "Modulus";
+static const std::string TOKEN_EXPONENT_COMPONENT = "Exponent";
+static const std::string TOKEN_ECKEY_VALUE = "ECKeyValue";
+static const std::string TOKEN_NAMED_CURVE = "NamedCurve";
+static const std::string TOKEN_PUBLIC_KEY = "PublicKey";
+static const std::string TOKEN_OBJECT = "Object";
+static const std::string TOKEN_SIGNATURE_PROPERTIES = "SignatureProperties";
+static const std::string TOKEN_SIGNATURE_PROPERTY = "SignatureProperty";
+static const std::string TOKEN_PROFILE = "Profile";
+static const std::string TOKEN_ROLE = "Role";
+static const std::string TOKEN_IDENTIFIER = "Identifier";
+static const std::string TOKEN_DSAKEYVALUE = "DSAKeyValue";
+static const std::string TOKEN_DSA_P_COMPONENT = "P";
+static const std::string TOKEN_DSA_Q_COMPONENT = "Q";
+static const std::string TOKEN_DSA_G_COMPONENT = "G";
+static const std::string TOKEN_DSA_Y_COMPONENT = "Y";
+static const std::string TOKEN_DSA_J_COMPONENT = "J";
+static const std::string TOKEN_DSA_SEED_COMPONENT = "Seed";
+static const std::string TOKEN_DSA_PGENCOUNTER_COMPONENT = "PgenCounter";
+static const std::string TOKEN_TARGET_RESTRICTION = "TargetRestriction";
+
+// ATTRIBUTTE TOKENS
+
+static const std::string TOKEN_ALGORITHM = "Algorithm";
+static const std::string TOKEN_URI = "URI";
+static const std::string TOKEN_ID = "Id";
+static const std::string TOKEN_TARGET = "Target";
+static const std::string TOKEN_IMEI = "IMEI";
+static const std::string TOKEN_MEID = "MEID";
+
+// ATTIRUBTE VALUES
+
+static const std::string TOKEN_ATTR_PROFILE = "profile";
+static const std::string TOKEN_ATTR_ROLE = "role";
+static const std::string TOKEN_ATTR_IDENTIFIER = "identifier";
+
+// ALGORITHMS
+
+//static const std::string TOKEN_ALGORITHM_XML_EXC_CAN =
+// "http://www.w3.org/2001/10/xml-exc-c14n#";
+//static const std::string TOKEN_ALGORITHM_RSA_SHA256 =
+// "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
+//static const std::string TOKEN_ALGORITHM_DSA_SHA1 =
+// "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
+//static const std::string TOKEN_ALGORITHM_ECDSA_SHA256 =
+// "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
+//static const std::string TOKEN_ALGORITHM_SHA1 =
+// "http://www.w3.org/2000/09/xmldsig#sha1";
+//static const std::string TOKEN_ALGORITHM_SHA256 =
+// "http://www.w3.org/2001/04/xmlenc#sha256";
+//static const std::string TOKEN_ALGORITHM_SHA384 =
+// "http://www.w3.org/2001/04/xmldsig-more#sha384";
+//static const std::string TOKEN_ALGORITHM_SHA512 =
+// "http://www.w3.org/2001/04/xmlenc#sha512";
+
+SignatureReader::SignatureReader() :
+ m_signaturePropertiesCounter(0),
+ m_targetRestrictionObjectFound(false),
+ m_parserSchema(this)
+{
+ /**
+ * member func pointers map
+ */
+ m_parserSchema.addBeginTagCallback(TOKEN_SIGNATURE,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_SIGNED_INFO,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_CANONICALIZATION_METHOD,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_SIGNATURE_METHOD,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_REFERENCE,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_TRANSFORMS,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_TRANSFORM,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_DIGEST_METHOD,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_DIGEST_VALUE,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_SIGNATURE_VALUE,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_KEY_INFO,
+ XML_NAMESPACE,
+ &SignatureReader::tokenKeyInfo);
+ m_parserSchema.addBeginTagCallback(TOKEN_X509DATA,
+ XML_NAMESPACE,
+ &SignatureReader::tokenX509Data);
+ m_parserSchema.addBeginTagCallback(TOKEN_X509CERTIFICATE,
+ XML_NAMESPACE,
+ &SignatureReader::tokenX509Certificate);
+ m_parserSchema.addBeginTagCallback(TOKEN_ECKEY_VALUE,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_NAMED_CURVE,
+ XML_NAMESPACE,
+ &SignatureReader::tokenNamedCurve);
+ m_parserSchema.addBeginTagCallback(TOKEN_PUBLIC_KEY,
+ XML_NAMESPACE,
+ &SignatureReader::tokenPublicKey);
+ m_parserSchema.addBeginTagCallback(TOKEN_OBJECT,
+ XML_NAMESPACE,
+ &SignatureReader::tokenObject);
+ m_parserSchema.addBeginTagCallback(
+ TOKEN_SIGNATURE_PROPERTIES,
+ XML_NAMESPACE,
+ &SignatureReader::
+ tokenSignatureProperties);
+ m_parserSchema.addBeginTagCallback(TOKEN_SIGNATURE_PROPERTY,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_PROFILE,
+ XML_OBJ_NS,
+ &SignatureReader::tokenProfile);
+ m_parserSchema.addBeginTagCallback(TOKEN_ROLE,
+ XML_OBJ_NS,
+ &SignatureReader::tokenRole);
+ m_parserSchema.addBeginTagCallback(TOKEN_IDENTIFIER,
+ XML_OBJ_NS,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_KEY_VALUE,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_DSAKEYVALUE,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_DSA_P_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_DSA_Q_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_DSA_G_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_DSA_Y_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_DSA_J_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_DSA_SEED_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_DSA_PGENCOUNTER_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_RSA_KEY_VALUE,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_MODULUS_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_EXPONENT_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addBeginTagCallback(TOKEN_TARGET_RESTRICTION,
+ XML_NAMESPACE_DIGITALSIG,
+ &SignatureReader::tokenTargetRestriction);
+
+ m_parserSchema.addEndTagCallback(TOKEN_SIGNATURE,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addEndTagCallback(TOKEN_SIGNED_INFO,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addEndTagCallback(TOKEN_CANONICALIZATION_METHOD,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addEndTagCallback(TOKEN_SIGNATURE_METHOD,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addEndTagCallback(TOKEN_REFERENCE,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addEndTagCallback(TOKEN_TRANSFORMS,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addEndTagCallback(TOKEN_TRANSFORM,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addEndTagCallback(TOKEN_DIGEST_METHOD,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addEndTagCallback(TOKEN_DIGEST_VALUE,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addEndTagCallback(TOKEN_SIGNATURE_VALUE,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addEndTagCallback(TOKEN_KEY_INFO,
+ XML_NAMESPACE,
+ &SignatureReader::tokenEndKeyInfo);
+ m_parserSchema.addEndTagCallback(TOKEN_X509DATA,
+ XML_NAMESPACE,
+ &SignatureReader::tokenEndX509Data);
+ m_parserSchema.addEndTagCallback(TOKEN_X509CERTIFICATE,
+ XML_NAMESPACE,
+ &SignatureReader::tokenEndX509Certificate);
+ m_parserSchema.addEndTagCallback(TOKEN_ECKEY_VALUE,
+ XML_NAMESPACE,
+ &SignatureReader::tokenEndECKeyValue);
+ m_parserSchema.addEndTagCallback(TOKEN_PUBLIC_KEY,
+ XML_NAMESPACE,
+ &SignatureReader::tokenEndPublicKey);
+ m_parserSchema.addEndTagCallback(TOKEN_OBJECT,
+ XML_NAMESPACE,
+ &SignatureReader::tokenEndObject);
+ m_parserSchema.addEndTagCallback(TOKEN_SIGNATURE_PROPERTIES,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addEndTagCallback(TOKEN_SIGNATURE_PROPERTY,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addEndTagCallback(TOKEN_PROFILE,
+ XML_OBJ_NS,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addEndTagCallback(TOKEN_ROLE,
+ XML_OBJ_NS,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addEndTagCallback(TOKEN_IDENTIFIER,
+ XML_OBJ_NS,
+ &SignatureReader::tokenEndIdentifier);
+ m_parserSchema.addEndTagCallback(TOKEN_KEY_VALUE,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+ m_parserSchema.addEndTagCallback(TOKEN_DSAKEYVALUE,
+ XML_NAMESPACE,
+ &SignatureReader::tokenEndDSAKeyValue);
+ m_parserSchema.addEndTagCallback(TOKEN_DSA_P_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::tokenEndDSAPComponent);
+ m_parserSchema.addEndTagCallback(TOKEN_DSA_Q_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::tokenEndDSAQComponent);
+ m_parserSchema.addEndTagCallback(TOKEN_DSA_G_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::tokenEndDSAGComponent);
+ m_parserSchema.addEndTagCallback(TOKEN_DSA_Y_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::tokenEndDSAYComponent);
+ m_parserSchema.addEndTagCallback(TOKEN_DSA_J_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::tokenEndDSAJComponent);
+ m_parserSchema.addEndTagCallback(TOKEN_DSA_SEED_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::tokenEndDSASeedComponent);
+ m_parserSchema.addEndTagCallback(
+ TOKEN_DSA_PGENCOUNTER_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::
+ tokenEndDSAPGenCounterComponent);
+ m_parserSchema.addEndTagCallback(TOKEN_RSA_KEY_VALUE,
+ XML_NAMESPACE,
+ &SignatureReader::tokenEndRSAKeyValue);
+ m_parserSchema.addEndTagCallback(TOKEN_MODULUS_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::tokenEndKeyModulus);
+ m_parserSchema.addEndTagCallback(TOKEN_EXPONENT_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::tokenEndKeyExponent);
+ m_parserSchema.addEndTagCallback(TOKEN_TARGET_RESTRICTION,
+ XML_NAMESPACE,
+ &SignatureReader::blankFunction);
+}
+
+void SignatureReader::tokenKeyInfo(SignatureData &signatureData)
+{
+ (void)signatureData;
+}
+void SignatureReader::tokenX509Data(SignatureData &signatureData)
+{
+ (void)signatureData;
+}
+void SignatureReader::tokenX509Certificate(SignatureData &signatureData)
+{
+ (void)signatureData;
+}
+void SignatureReader::tokenPublicKey(SignatureData &signatureData)
+{
+ (void)signatureData;
+}
+
+void SignatureReader::tokenNamedCurve(SignatureData &signatureData)
+{
+ (void)signatureData;
+ m_nameCurveURI = m_parserSchema.getReader().attribute(TOKEN_URI);
+}
+
+void SignatureReader::tokenTargetRestriction(SignatureData &signatureData)
+{
+ std::string IMEI = m_parserSchema.getReader().attribute(
+ TOKEN_IMEI,
+ SaxReader::
+ THROW_DISABLE);
+ std::string MEID = m_parserSchema.getReader().attribute(
+ TOKEN_MEID,
+ SaxReader::
+ THROW_DISABLE);
+
+ //less verbose way to say (IMEI && MEID) || (!IMEI && !MEID)
+ if (IMEI.empty() == MEID.empty()) {
+ //WAC 2.0 WR-4650 point 4
+ ThrowMsg(Exception::TargetRestrictionException,
+ "TargetRestriction should contain exactly one attribute.");
+ return;
+ }
+
+ if (!IMEI.empty()) {
+ signatureData.m_imeiList.push_back(IMEI);
+ }
+ if (!MEID.empty()) {
+ signatureData.m_meidList.push_back(MEID);
+ }
+}
+
+void SignatureReader::tokenEndKeyInfo(SignatureData &signatureData)
+{
+ (void)signatureData;
+}
+
+void SignatureReader::tokenEndX509Data(SignatureData &signatureData)
+{
+ (void)signatureData;
+}
+
+void SignatureReader::tokenEndX509Certificate(SignatureData &signatureData)
+{
+ CertificateLoader loader;
+ if (CertificateLoader::NO_ERROR !=
+ loader.loadCertificateFromRawData(m_parserSchema.getText())) {
+ LogWarning("Certificate could not be loaded!");
+ ThrowMsg(ParserSchemaException::CertificateLoaderError,
+ "Certificate could not be loaded.");
+ }
+ signatureData.m_certList.push_back(loader.getCertificatePtr());
+}
+// KW void SignatureReader::tokenEndKeyName(SignatureData &signatureData){
+// KW CertificateLoader loader;
+// KW if(CertificateLoader::NO_ERROR != loader.loadCertificateBasedOnSubjectName(m_parserSchema.getText())){
+// KW LogError("Certificate could not be loaded!");
+// KW ThrowMsg(ParserSchemaException::CertificateLoaderError, "Certificate could not be loaded.");
+// KW }
+// KW signatureData.m_certList.push_back(loader);
+// KW }
+
+void SignatureReader::tokenEndRSAKeyValue(SignatureData &signatureData)
+{
+ CertificateLoader loader;
+ if (CertificateLoader::NO_ERROR !=
+ loader.loadCertificateBasedOnExponentAndModulus(m_modulus,
+ m_exponent)) {
+ LogWarning("Certificate could not be loaded!");
+ ThrowMsg(ParserSchemaException::CertificateLoaderError,
+ "Certificate could not be loaded.");
+ }
+ signatureData.m_certList.push_back(loader.getCertificatePtr());
+}
+
+void SignatureReader::tokenEndKeyModulus(SignatureData &signatureData)
+{
+ (void)signatureData;
+ m_modulus = m_parserSchema.getText();
+}
+
+void SignatureReader::tokenEndKeyExponent(SignatureData &signatureData)
+{
+ (void)signatureData;
+ m_exponent = m_parserSchema.getText();
+}
+
+void SignatureReader::tokenEndPublicKey(SignatureData &signatureData)
+{
+ (void)signatureData;
+ m_publicKey = m_parserSchema.getText();
+}
+
+void SignatureReader::tokenEndECKeyValue(SignatureData &signatureData)
+{
+ CertificateLoader loader;
+ if (CertificateLoader::NO_ERROR !=
+ loader.loadCertificateWithECKEY(m_nameCurveURI, m_publicKey)) {
+ ThrowMsg(ParserSchemaException::CertificateLoaderError,
+ "Certificate could not be loaded.");
+ }
+ signatureData.m_certList.push_back(loader.getCertificatePtr());
+}
+
+void SignatureReader::tokenEndObject(SignatureData &signatureData)
+{
+ m_signaturePropertiesCounter = 0;
+
+ if (((!signatureData.m_imeiList.empty()) ||
+ (!signatureData.m_meidList.empty())) &&
+ m_targetRestrictionObjectFound) {
+ //WAC 2.0 WR-4650 point 1
+ ThrowMsg(
+ Exception::TargetRestrictionException,
+ "TargetRestriction should contain exactly one ds:Object containing zero or more wac:TargetRestriction children.");
+ return;
+ }
+ if ((!signatureData.m_imeiList.empty()) ||
+ (!signatureData.m_meidList.empty())) {
+ m_targetRestrictionObjectFound = true;
+ }
+}
+void SignatureReader::tokenEndDSAPComponent(SignatureData& signatureData)
+{
+ (void)signatureData;
+ m_dsaKeyPComponent = m_parserSchema.getText();
+}
+
+void SignatureReader::tokenEndDSAQComponent(SignatureData& signatureData)
+{
+ (void)signatureData;
+ m_dsaKeyQComponent = m_parserSchema.getText();
+}
+
+void SignatureReader::tokenEndDSAGComponent(SignatureData& signatureData)
+{
+ (void)signatureData;
+ m_dsaKeyGComponent = m_parserSchema.getText();
+}
+
+void SignatureReader::tokenEndDSAYComponent(SignatureData& signatureData)
+{
+ (void)signatureData;
+ m_dsaKeyYComponent = m_parserSchema.getText();
+}
+
+void SignatureReader::tokenEndDSAJComponent(SignatureData& signatureData)
+{
+ (void)signatureData;
+ m_dsaKeyJComponent = m_parserSchema.getText();
+}
+
+void SignatureReader::tokenEndDSASeedComponent(SignatureData& signatureData)
+{
+ (void)signatureData;
+ m_dsaKeySeedComponent = m_parserSchema.getText();
+}
+
+void SignatureReader::tokenEndDSAPGenCounterComponent(
+ SignatureData& signatureData)
+{
+ (void)signatureData;
+ m_dsaKeyPGenCounter = m_parserSchema.getText();
+}
+
+void SignatureReader::tokenEndDSAKeyValue(SignatureData& signatureData)
+{
+ CertificateLoader loader;
+
+ if (CertificateLoader::NO_ERROR !=
+ loader.loadCertificateBasedOnDSAComponents(m_dsaKeyPComponent,
+ m_dsaKeyQComponent,
+ m_dsaKeyGComponent,
+ m_dsaKeyYComponent,
+ m_dsaKeyJComponent,
+ m_dsaKeySeedComponent,
+ m_dsaKeyPGenCounter)) {
+ LogWarning("Certificate could not be loaded.");
+ ThrowMsg(ParserSchemaException::CertificateLoaderError,
+ "Certificate could not be loaded.");
+ }
+ signatureData.m_certList.push_back(loader.getCertificatePtr());
+}
+
+void SignatureReader::tokenRole(SignatureData &signatureData)
+{
+ if (!signatureData.m_roleURI.empty()) {
+ LogWarning("Multiple definition of Role is not allowed.");
+ ThrowMsg(ParserSchemaException::UnsupportedValue,
+ "Multiple definition of Role is not allowed.");
+ }
+ signatureData.m_roleURI = m_parserSchema.getReader().attribute(TOKEN_URI);
+}
+
+void SignatureReader::tokenProfile(SignatureData &signatureData)
+{
+ if (!signatureData.m_profileURI.empty()) {
+ LogWarning("Multiple definition of Profile is not allowed.");
+ ThrowMsg(ParserSchemaException::UnsupportedValue,
+ "Multiple definition of Profile is not allowed.");
+ }
+ signatureData.m_profileURI = m_parserSchema.getReader().attribute(TOKEN_URI);
+}
+
+void SignatureReader::tokenEndIdentifier(SignatureData &signatureData)
+{
+ if (!signatureData.m_identifier.empty()) {
+ LogWarning("Multiple definition of Identifier is not allowed.");
+ ThrowMsg(ParserSchemaException::UnsupportedValue,
+ "Multiple definition of Identifier is not allowed.");
+ }
+ signatureData.m_identifier = m_parserSchema.getText();
+}
+
+void SignatureReader::tokenObject(SignatureData &signatureData)
+{
+ std::string id = m_parserSchema.getReader().attribute(TOKEN_ID);
+
+ if (id.empty()) {
+ LogWarning("Unsupported value of Attribute Id in Object tag.");
+ ThrowMsg(ParserSchemaException::UnsupportedValue,
+ "Unsupported value of Attribute Id in Object tag.");
+ }
+
+ signatureData.m_objectList.push_back(id);
+}
+
+void SignatureReader::tokenSignatureProperties(SignatureData &signatureData)
+{
+ (void)signatureData;
+ if (++m_signaturePropertiesCounter > 1) {
+ LogWarning("Only one SignatureProperties tag is allowed in Object");
+ ThrowMsg(ParserSchemaException::UnsupportedValue,
+ "Only one SignatureProperties tag is allowed in Object");
+ }
+}
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file SignatureReader.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief SignatureReader is used to parse widget digital signature.
+ */
+#ifndef _SIGNATUREREADER_H_
+#define _SIGNATUREREADER_H_
+
+#include <map>
+#include <dpl/log/log.h>
+
+#include "SignatureData.h"
+#include "ParserSchema.h"
+
+namespace ValidationCore {
+class SignatureReader
+{
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, TargetRestrictionException)
+ };
+
+ SignatureReader();
+
+ void initialize(SignatureData &data,
+ const std::string &xmlscheme)
+ {
+ m_parserSchema.initialize(
+ data.getSignatureFileName(), true, SaxReader::VALIDATION_XMLSCHEME,
+ xmlscheme);
+ }
+
+ void read(SignatureData &data)
+ {
+ m_parserSchema.read(data);
+ }
+
+ private:
+ void blankFunction(SignatureData &)
+ {
+ }
+
+ void tokenKeyInfo(SignatureData &signatureData);
+ void tokenKeyModulus(SignatureData &signatureData);
+ void tokenKeyExponent(SignatureData &signatureData);
+ void tokenX509Data(SignatureData &signatureData);
+ void tokenX509Certificate(SignatureData &signatureData);
+ void tokenPublicKey(SignatureData &signatureData);
+ void tokenNamedCurve(SignatureData &signatureData);
+ void tokenRole(SignatureData &signatureData);
+ void tokenProfile(SignatureData &signatureData);
+ void tokenObject(SignatureData &signatureData);
+ void tokenSignatureProperties(SignatureData &signatureData);
+ void tokenTargetRestriction(SignatureData &signatureData);
+
+ void tokenEndKeyInfo(SignatureData &signatureData);
+ // KW void tokenEndKeyName(SignatureData &signatureData);
+ void tokenEndRSAKeyValue(SignatureData &signatureData);
+ void tokenEndKeyModulus(SignatureData &signatureData);
+ void tokenEndKeyExponent(SignatureData &signatureData);
+ void tokenEndX509Data(SignatureData &signatureData);
+ void tokenEndX509Certificate(SignatureData &signatureData);
+ void tokenEndPublicKey(SignatureData &signatureData);
+ void tokenEndECKeyValue(SignatureData &signatureData);
+ void tokenEndIdentifier(SignatureData &signatureData);
+ void tokenEndObject(SignatureData &signatureData);
+
+ // DSA key components
+ void tokenEndDSAPComponent(SignatureData& signatureData);
+ void tokenEndDSAQComponent(SignatureData& signatureData);
+ void tokenEndDSAGComponent(SignatureData& signatureData);
+ void tokenEndDSAYComponent(SignatureData& signatureData);
+ void tokenEndDSAJComponent(SignatureData& signatureData);
+
+ void tokenEndDSAKeyValue(SignatureData& signatureData);
+
+ void tokenEndDSASeedComponent(SignatureData& signatureData);
+ void tokenEndDSAPGenCounterComponent(SignatureData& signatureData);
+
+ // temporary values required due reference parsing process
+ // optional parameters for dsa
+ std::string m_dsaKeyPComponent;
+ std::string m_dsaKeyQComponent;
+ std::string m_dsaKeyGComponent;
+ std::string m_dsaKeyYComponent;
+ std::string m_dsaKeyJComponent;
+ std::string m_dsaKeySeedComponent;
+ std::string m_dsaKeyPGenCounter;
+ // temporary values of ecdsa key
+ std::string m_publicKey;
+ std::string m_nameCurveURI;
+ std::string m_modulus;
+ std::string m_exponent;
+
+ // temporary values required due Object parsing
+ int m_signaturePropertiesCounter;
+ bool m_targetRestrictionObjectFound;
+
+ ParserSchema<SignatureReader, SignatureData> m_parserSchema;
+};
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <libxml/parser.h>
+#include <libxml/c14n.h>
+#include <openssl/asn1.h>
+
+#include <dpl/log/log.h>
+
+#include "CertificateVerifier.h"
+#include "OCSPCertMgrUtil.h"
+#include "Certificate.h"
+#include "ReferenceValidator.h"
+#include "SignatureValidator.h"
+#include "SSLContainers.h"
+#include "ValidatorCommon.h"
+#include "ValidatorFactories.h"
+#include "XmlsecAdapter.h"
+
+namespace {
+const time_t TIMET_DAY = 60 * 60 * 24;
+
+const std::string TOKEN_ROLE_AUTHOR_URI =
+ "http://www.w3.org/ns/widgets-digsig#role-author";
+const std::string TOKEN_ROLE_DISTRIBUTOR_URI =
+ "http://www.w3.org/ns/widgets-digsig#role-distributor";
+const std::string TOKEN_PROFILE_URI =
+ "http://www.w3.org/ns/widgets-digsig#profile";
+} // namespace anonymouse
+
+namespace ValidationCore {
+
+SignatureValidator::SignatureValidator(bool ocspEnable,
+ bool crlEnable,
+ bool complianceMode) :
+ m_ocspEnable(ocspEnable),
+ m_crlEnable(crlEnable),
+ m_complianceModeEnabled(complianceMode)
+{
+}
+
+SignatureValidator::~SignatureValidator()
+{
+}
+
+bool SignatureValidator::checkRoleURI(const SignatureData &data)
+{
+ std::string roleURI = data.getRoleURI();
+
+ if (roleURI.empty()) {
+ LogWarning("URI attribute in Role tag couldn't be empty.");
+ return false;
+ }
+
+ if (roleURI != TOKEN_ROLE_AUTHOR_URI && data.isAuthorSignature()) {
+ LogWarning("URI attribute in Role tag does not "
+ "match with signature filename.");
+ return false;
+ }
+
+ if (roleURI != TOKEN_ROLE_DISTRIBUTOR_URI && !data.isAuthorSignature()) {
+ LogWarning("URI attribute in Role tag does not "
+ "match with signature filename.");
+ return false;
+ }
+ return true;
+}
+
+bool SignatureValidator::checkProfileURI(const SignatureData &data)
+{
+ if (TOKEN_PROFILE_URI != data.getProfileURI()) {
+ LogWarning(
+ "Profile tag contains unsupported value in URI attribute(" <<
+ data.getProfileURI() << ").");
+ return false;
+ }
+ return true;
+}
+
+bool SignatureValidator::checkObjectReferences(const SignatureData &data)
+{
+ ObjectList objectList = data.getObjectList();
+ ObjectList::const_iterator iter;
+ for (iter = objectList.begin(); iter != objectList.end(); ++iter) {
+ if (!data.containObjectReference(*iter)) {
+ LogWarning("Signature does not contain reference for object " <<
+ *iter);
+ return false;
+ }
+ }
+ return true;
+}
+
+SignatureValidator::Result SignatureValidator::check(
+ SignatureData &data,
+ const std::string &widgetContentPath)
+{
+ bool disregard = false;
+
+ if (!checkRoleURI(data)) {
+ return SIGNATURE_INVALID;
+ }
+
+ if (!checkProfileURI(data)) {
+ return SIGNATURE_INVALID;
+ }
+
+ // CertificateList sortedCertificateList = data.getCertList();
+
+ CertificateCollection collection;
+ collection.load(data.getCertList());
+
+ // First step - sort certificate
+ if (!collection.sort()) {
+ LogWarning("Certificates do not form valid chain.");
+ return SIGNATURE_INVALID;
+ }
+
+ // Check for error
+ if (collection.empty()) {
+ LogWarning("Certificate list in signature is empty.");
+ return SIGNATURE_INVALID;
+ }
+
+ CertificateList sortedCertificateList = collection.getChain();
+
+ // TODO move it to CertificateCollection
+ // Add root CA and CA certificates (if chain is incomplete)
+ sortedCertificateList =
+ OCSPCertMgrUtil::completeCertificateChain(sortedCertificateList);
+
+ CertificatePtr root = sortedCertificateList.back();
+
+ // Is Root CA certificate trusted?
+ CertStoreId::Set storeIdSet = createCertificateIdentifier().find(root);
+
+ // WAC chapter 3.2.1 - verified definition
+ if (data.isAuthorSignature()) {
+ if (!storeIdSet.contains(CertStoreId::WAC_PUBLISHER)) {
+ LogWarning("Author signature has got unrecognized Root CA "
+ "certificate. Signature will be disregarded.");
+ disregard = true;
+ }
+ LogDebug("Root CA for author signature is correct.");
+ } else {
+ if (!storeIdSet.contains(CertStoreId::DEVELOPER) &&
+ !storeIdSet.contains(CertStoreId::WAC_ROOT) &&
+ !storeIdSet.contains(CertStoreId::WAC_MEMBER))
+ {
+ LogWarning("Distiributor signature has got unrecognized Root CA "
+ "certificate. Signature will be disregarded.");
+ disregard = true;
+ }
+ LogDebug("Root CA for distributor signature is correct.");
+ }
+
+ data.setStorageType(storeIdSet);
+ data.setSortedCertificateList(sortedCertificateList);
+
+ // We add only Root CA certificate because WAC ensure that the rest
+ // of certificates are present in signature files ;-)
+ XmlSec::XmlSecContext context;
+ context.signatureFile = data.getSignatureFileName();
+ context.certificatePtr = root;
+
+ // Now we should have full certificate chain.
+ // If the end certificate is not ROOT CA we should disregard signature
+ // but still signature must be valid... Aaaaaa it's so stupid...
+ if (!(root->isSignedBy(root))) {
+ LogWarning("Root CA certificate not found. Chain is incomplete.");
+ context.allowBrokenChain = true;
+ }
+
+ // WAC 2.0 SP-2066 The wrt must not block widget installation
+ // due to expiration of the author certificate.
+ time_t notAfter = data.getEndEntityCertificatePtr()->getNotAfter();
+ bool expired = notAfter < time(NULL);
+ if (data.isAuthorSignature() && expired) {
+ context.validationTime = notAfter - TIMET_DAY;
+ }
+ // end
+
+ if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validate(&context)) {
+ LogWarning("Installation break - invalid package!");
+ return SIGNATURE_INVALID;
+ }
+
+ data.setReference(context.referenceSet);
+
+ if (!checkObjectReferences(data)) {
+ return SIGNATURE_INVALID;
+ }
+
+ ReferenceValidator fileValidator(widgetContentPath);
+ if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(data)) {
+ LogWarning("Invalid package - file references broken");
+ return SIGNATURE_INVALID;
+ }
+
+ // It is good time to do OCSP check
+ // ocspCheck will throw an exception on any error.
+ // TODO Probably we should catch this exception and add
+ // some information to SignatureData.
+ if (!m_complianceModeEnabled && !data.isAuthorSignature()) {
+ CertificateCollection coll;
+ coll.load(sortedCertificateList);
+
+ if (!coll.sort()) {
+ LogDebug("Collection does not contain chain!");
+ return SIGNATURE_INVALID;
+ }
+
+ CertificateVerifier verificator(m_ocspEnable, m_crlEnable);
+ VerificationStatus result = verificator.check(coll);
+
+ if (result == VERIFICATION_STATUS_REVOKED) {
+ return SIGNATURE_REVOKED;
+ }
+
+ if (result == VERIFICATION_STATUS_UNKNOWN ||
+ result == VERIFICATION_STATUS_ERROR)
+ {
+ disregard = true;
+ }
+ }
+
+ if (disregard) {
+ LogWarning("Signature is disregard.");
+ return SIGNATURE_DISREGARD;
+ }
+ return SIGNATURE_VERIFIED;
+}
+
+std::string SignatureValidator::FingerprintToColonHex(
+ const Certificate::Fingerprint &fingerprint)
+{
+ std::string outString;
+
+ char buff[8];
+
+ for (size_t i = 0; i < fingerprint.size(); ++i) {
+ snprintf(buff,
+ sizeof(buff),
+ "%02X:",
+ static_cast<unsigned int>(fingerprint[i]));
+ outString += buff;
+ }
+
+ // remove trailing ":"
+ outString.erase(outString.end() - 1);
+ return outString;
+}
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _SIGNATUREVALIDATOR_H_
+#define _SIGNATUREVALIDATOR_H_
+
+#include <dpl/singleton.h>
+
+#include "Certificate.h"
+#include "OCSPCertMgrUtil.h"
+#include "SignatureData.h"
+
+#include "ValidatorCommon.h"
+#include "VerificationStatus.h"
+
+namespace ValidationCore {
+// Todo nocopyable
+class SignatureValidator
+{
+ public:
+ enum Result
+ {
+ SIGNATURE_VALID,
+ SIGNATURE_INVALID,
+ SIGNATURE_VERIFIED,
+ SIGNATURE_DISREGARD, // no ocsp response or ocsp return unknown status
+ SIGNATURE_REVOKED
+ };
+
+ /**
+ * Validation of the signature.
+ * If falidation succeed SignatureData will contains:
+ * list of validated references
+ * set selfSigned value
+ * root ca certificate
+ * end entity certificate
+ */
+ Result check(SignatureData &data,
+ const std::string &widgetContentPath);
+
+ static std::string FingerprintToColonHex(
+ const Certificate::Fingerprint &fingerprint);
+
+ explicit SignatureValidator(bool ocspEnable,
+ bool crlEnable,
+ bool complianceMode);
+ virtual ~SignatureValidator();
+
+ private:
+ bool checkRoleURI(const SignatureData &data);
+ bool checkProfileURI(const SignatureData &data);
+ bool checkObjectReferences(const SignatureData &data);
+
+ bool m_ocspEnable;
+ bool m_crlEnable;
+ bool m_complianceModeEnabled;
+};
+
+} // namespace ValidationCore
+
+#endif // _SIGNATUREVALIDATOR_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 0.1
+ * @file SoupMessageSendAsync.h
+ * @brief Routines for certificate validation over OCSP
+ */
+#ifndef _SRC_VALIDATION_CORE_SOUP_MESSAGE_SEND_ASYNC_H_
+#define _SRC_VALIDATION_CORE_SOUP_MESSAGE_SEND_ASYNC_H_
+
+#include <map>
+#include <vector>
+
+#include <dpl/assert.h>
+
+#include <dpl/event/inter_context_delegate.h>
+
+#include "SoupMessageSendBase.h"
+
+namespace SoupWrapper {
+
+class SoupMessageSendAsync
+ : public SoupMessageSendBase
+ , public DPL::Event::ICDelegateSupport<SoupMessageSendAsync>
+{
+ typedef DPL::Event::ICDelegate<SoupSession*, SoupMessage*, void*> SoupDelegate;
+ public:
+ void sendAsync() {
+ Assert(m_status == STATUS_IDLE);
+ Assert(!m_soupSession);
+ Assert(!m_soupMessage);
+
+ m_status = STATUS_SEND_ASYNC;
+ m_tryLeft = m_tryCount;
+ m_mainContext = g_main_context_new();
+
+ if (!m_mainContext){
+ m_status = STATUS_IDLE;
+
+ // call the delegate to outside with error!
+ return;
+ }
+
+ m_soupSession = soup_session_async_new_with_options(
+ SOUP_SESSION_ASYNC_CONTEXT,
+ m_mainContext,
+ SOUP_SESSION_TIMEOUT,
+ m_timeout,
+ NULL);
+
+ if (!m_soupSession){
+ m_status = STATUS_IDLE;
+ g_object_unref(m_mainContext);
+ m_mainContext = 0;
+
+ // call the deletage to outside with error!
+ return;
+ }
+
+ m_soupMessage = createRequest();
+
+ if (!m_soupMessage){
+ m_status = STATUS_IDLE;
+ g_object_unref(m_soupSession);
+ m_soupSession = 0;
+ g_object_unref(m_mainContext);
+ m_mainContext = 0;
+
+ // call the delegate to outsize with error!
+ return;
+ }
+
+ sendAsyncIterationStart();
+ }
+
+ protected:
+
+ struct SoupDelegateOpaque {
+ SoupDelegate dlg;
+ };
+
+ void sendAsyncIterationStart(){
+ // ICDelegate could be called only once.
+ // We can set user data only once.
+ // We need nasty hack because we will call ICDelegate m_tryCount times.
+ SoupDelegateOpaque *opaq = new SoupDelegateOpaque;
+ opaq->dlg = makeICDelegate(&SoupMessageSendAsync::requestReceiver);
+
+ soup_session_queue_message(m_soupSession,
+ m_soupMessage,
+ soupSessionCallback,
+ reinterpret_cast<gpointer>(opaq));
+ }
+
+ void sendAsyncIteration(SoupDelegateOpaque *opaq){
+ // Replace used ICDelegate with new one without changing
+ // userdata ;-)
+ opaq->dlg = makeICDelegate(&SoupMessageSendAsync::requestReceiver);
+ soup_session_requeue_message(m_soupSession,
+ m_soupMessage);
+ }
+
+ void requestReceiver(SoupSession *session, SoupMessage *msg, void *opaque){
+ // We are in thread which called sendAsync function.
+ Assert(session == m_soupSession);
+ Assert(msg == m_soupMessage);
+ Assert(opaque != 0);
+ Assert(m_status == STATUS_SEND_ASYNC);
+
+ m_tryLeft--;
+
+ if (msg->status_code == SOUP_STATUS_OK) {
+ m_responseBuffer.resize(msg->response_body->length);
+ memcpy(&m_responseBuffer[0],
+ msg->response_body->data,
+ msg->response_body->length);
+ // We are done.
+ m_status = STATUS_IDLE;
+ delete static_cast<SoupDelegateOpaque*>(opaque);
+
+ // call the delegate to outside!
+ return;
+ }
+
+ // Error protocol //
+ if (m_tryLeft <= 0) {
+ m_status = STATUS_IDLE;
+ delete static_cast<SoupDelegateOpaque*>(opaque);
+
+ // call the delegate to outside with error!
+ return;
+ }
+
+ // create delegate and send the request once again.
+ sendAsyncIteration(reinterpret_cast<SoupDelegateOpaque*>(opaque));
+ }
+
+ static void soupSessionCallback(SoupSession *session,
+ SoupMessage *msg,
+ gpointer userdata)
+ {
+ // We are in main thread. We need to switch context.
+ // This delegate can switch context to dpl thread or main thread.
+ SoupDelegateOpaque *opaque;
+ opaque = reinterpret_cast<SoupDelegateOpaque*>(userdata);
+ opaque->dlg(session, msg, userdata);
+ }
+
+ int m_tryLeft;
+
+ GMainContext *m_mainContext;
+ SoupSession *m_soupSession;
+ SoupMessage *m_soupMessage;
+};
+
+} // namespace ValidationCore
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 0.1
+ * @file SoupMessageSendBase.cpp
+ * @brief Simple wrapper for soup.
+ */
+#include "SoupMessageSendBase.h"
+
+#include <dpl/assert.h>
+#include <dpl/foreach.h>
+#include <dpl/log/log.h>
+
+namespace SoupWrapper {
+
+SoupMessageSendBase::SoupMessageSendBase()
+ : m_status(STATUS_IDLE)
+ , m_timeout(30)
+ , m_tryCount(5)
+{}
+
+SoupMessageSendBase::~SoupMessageSendBase(){
+ Assert(m_status == STATUS_IDLE);
+}
+
+void SoupMessageSendBase::setHeader(const std::string &property, const std::string &value){
+ Assert(m_status == STATUS_IDLE);
+ m_headerMap[property] = value;
+}
+
+void SoupMessageSendBase::setHost(const std::string &host){
+ Assert(m_status == STATUS_IDLE);
+ m_host = host;
+}
+
+void SoupMessageSendBase::setRequest(const std::string &contentType, const MessageBuffer &message){
+ Assert(m_status == STATUS_IDLE);
+ m_requestType = contentType;
+ m_requestBuffer = message;
+}
+
+SoupMessageSendBase::MessageBuffer SoupMessageSendBase::getResponse() const {
+ Assert(m_status == STATUS_IDLE);
+ return m_responseBuffer;
+}
+
+void SoupMessageSendBase::setTimeout(int seconds) {
+ Assert(m_status == STATUS_IDLE);
+ Assert(seconds >= 0);
+ m_timeout = seconds;
+}
+
+void SoupMessageSendBase::setRetry(int retry) {
+ Assert(m_status == STATUS_IDLE);
+ Assert(retry >= 0);
+ m_tryCount = retry + 1;
+}
+
+
+SoupMessage* SoupMessageSendBase::createRequest(){
+ SoupMessage *message;
+
+ LogInfo("Soup message will be send to: " << m_host.c_str());
+
+ if (!m_requestBuffer.empty()) {
+ message = soup_message_new("POST", m_host.c_str());
+ } else {
+ message = soup_message_new("GET", m_host.c_str());
+ }
+
+ if (!message) {
+ LogError("Error creating request!");
+ return 0;
+ }
+
+ FOREACH(it, m_headerMap){
+ soup_message_headers_append(message->request_headers,
+ it->first.c_str(),
+ it->second.c_str());
+ }
+
+ if (!m_requestBuffer.empty()) {
+ soup_message_set_http_version(message, SOUP_HTTP_1_0);
+ soup_message_set_request(message,
+ m_requestType.c_str(),
+ SOUP_MEMORY_COPY,
+ &m_requestBuffer[0],
+ m_requestBuffer.size());
+ }
+// soup_message_set_flags(message, SOUP_MESSAGE_NO_REDIRECT);
+ return message;
+}
+
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 0.1
+ * @file SoupMessageSendBase.h
+ * @brief Simple wrapper for soup.
+ */
+#ifndef _SRC_VALIDATION_CORE_SOUP_MESSAGE_SEND_BASE_H_
+#define _SRC_VALIDATION_CORE_SOUP_MESSAGE_SEND_BASE_H_
+
+#include <map>
+#include <vector>
+#include <string>
+
+#include <libsoup/soup.h>
+
+namespace SoupWrapper {
+
+class SoupMessageSendBase {
+ public:
+
+ typedef std::vector<char> MessageBuffer;
+ typedef std::map<std::string,std::string> HeaderMap;
+
+ enum RequestStatus {
+ REQUEST_STATUS_OK,
+ REQUEST_STATUS_CONNECTION_ERROR
+ };
+
+ SoupMessageSendBase();
+
+ virtual ~SoupMessageSendBase();
+
+ /**
+ * Add specific information to request header.
+ *
+ * @param[in] property property name (for example "Host")
+ * @param[in] value property value (for example "onet.pl:80")
+ */
+ void setHeader(const std::string &property,
+ const std::string &value);
+
+ /**
+ * Set request destination.
+ *
+ * @param[in] host - full path to source (http://onet.pl/index.html)
+ */
+ void setHost(const std::string &host);
+
+ /**
+ * Set body of request.
+ *
+ * @param[in] contentType (for example: "application/ocsp-request")
+ * @param[in] message body of reqeust
+ */
+ void setRequest(const std::string &contentType,
+ const MessageBuffer &message);
+
+ /**
+ * Set network timeout. Default is 30 seconds.
+ *
+ * @param[in] seconds timeout in seconds
+ */
+ void setTimeout(int seconds);
+
+ /**
+ * How many erros soup will accept before he will terminate connection.
+ * Default is 5.
+ *
+ * @param[in] retry number
+ */
+ void setRetry(int retry);
+
+ /**
+ * Get response from serwer.
+ */
+ MessageBuffer getResponse() const;
+
+ protected:
+
+ SoupMessage* createRequest();
+
+ enum Status {
+ STATUS_IDLE,
+ STATUS_SEND_SYNC,
+ STATUS_SEND_ASYNC
+ };
+
+ Status m_status;
+
+ int m_timeout;
+ int m_tryCount;
+
+ std::string m_host;
+ std::string m_requestType;
+ MessageBuffer m_requestBuffer;
+ MessageBuffer m_responseBuffer;
+ HeaderMap m_headerMap;
+};
+
+} // namespace ValidationCore
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 0.1
+ * @file SoupMessageSendSync.cpp
+ * @brief Implementation of soup synchronous interface.
+ */
+#include "SoupMessageSendSync.h"
+
+#include <memory>
+#include <functional>
+
+#include <vconf.h>
+
+#include <dpl/log/log.h>
+
+namespace SoupWrapper {
+
+SoupMessageSendBase::RequestStatus SoupMessageSendSync::sendSync()
+{
+ Assert(m_status == STATUS_IDLE);
+ m_status = STATUS_SEND_SYNC;
+
+ ScopedGMainContext context(g_main_context_new());
+
+ std::unique_ptr<char,std::function<void(void*)> >
+ proxy(vconf_get_str(VCONFKEY_NETWORK_PROXY), free);
+
+ std::unique_ptr <SoupURI, std::function<void(SoupURI*)> >
+ proxyURI(soup_uri_new (proxy.get()), soup_uri_free);
+
+ LogDebug("Proxy ptr:" << (void*)proxy.get() <<
+ " Proxy addr: " << proxy.get());
+
+ for(int tryCount = 0; tryCount < m_tryCount; ++ tryCount){
+ LogDebug("Try(" << tryCount << ") to download " << m_host);
+
+ ScopedSoupSession session(soup_session_async_new_with_options(
+ SOUP_SESSION_ASYNC_CONTEXT,
+ &*context,
+ SOUP_SESSION_TIMEOUT,
+ m_timeout,
+ SOUP_SESSION_PROXY_URI,
+ proxyURI.get(),
+ NULL));
+
+ ScopedSoupMessage msg;
+
+ msg.Reset(createRequest());
+
+ if (!msg) {
+ LogError("Unable to send HTTP request.");
+ m_status = STATUS_IDLE;
+ return REQUEST_STATUS_CONNECTION_ERROR;
+ }
+ soup_session_send_message(&*session, &*msg);
+
+ // if (SOUP_STATUS_IS_SUCCESSFUL(msg->status_code))
+
+ if (msg->status_code == SOUP_STATUS_OK) {
+ m_responseBuffer.resize(msg->response_body->length);
+ memcpy(&m_responseBuffer[0],
+ msg->response_body->data,
+ msg->response_body->length);
+ // We are done.
+ m_status = STATUS_IDLE;
+ return REQUEST_STATUS_OK;
+ } else {
+ LogWarning("Soup failed with code " << msg->status_code
+ << " message \n------------\n"
+ << msg->response_body->data
+ << "\n--------------\n");
+ }
+ }
+
+ m_status = STATUS_IDLE;
+ return REQUEST_STATUS_CONNECTION_ERROR;
+}
+
+} // namespave ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 0.1
+ * @file SoupMessageSendSync.h
+ * @brief Wrapper for soup synchronous interface.
+ */
+#ifndef _SRC_VALIDATION_CORE_SOUP_MESSAGE_SEND_SYNC_H_
+#define _SRC_VALIDATION_CORE_SOUP_MESSAGE_SEND_SYNC_H_
+
+#include "SoupMessageSendBase.h"
+
+#include <vcore/scoped_gpointer.h>
+
+namespace SoupWrapper {
+
+class SoupMessageSendSync : public SoupMessageSendBase {
+ public:
+ RequestStatus sendSync();
+ protected:
+ typedef WRT::ScopedGPointer<SoupMessage> ScopedSoupMessage;
+ typedef WRT::ScopedGPointer<SoupSession> ScopedSoupSession;
+ typedef WRT::ScopedGPointer<GMainContext> ScopedGMainContext;
+};
+
+} // namespace ValidationCore
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file VCore.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @brief
+ */
+
+#include <vcore/VCorePrivate.h>
+#include <vcore/Config.h>
+#include <vcore/Database.h>
+#include <openssl/ssl.h>
+#include <database_checksum_vcore.h>
+#include <glib.h>
+#include <glib-object.h>
+
+#include <dpl/assert.h>
+#include <dpl/log/log.h>
+
+namespace {
+DPL::DB::ThreadDatabaseSupport *threadInterface = NULL;
+} // namespace anonymous
+
+namespace ValidationCore {
+
+void AttachToThreadRO(void)
+{
+ Assert(threadInterface);
+ static bool check = true;
+ threadInterface->AttachToThread(
+ DPL::DB::SqlConnection::Flag::RO);
+ // We can have race condition here but CheckTableExist
+ // is thread safe and nothing bad will happend.
+ if (check) {
+ check = false;
+ Assert(ThreadInterface().CheckTableExist(DB_CHECKSUM_STR) &&
+ "Not a valid vcore database version");
+ }
+}
+
+void AttachToThreadRW(void)
+{
+ Assert(threadInterface);
+ static bool check = true;
+ threadInterface->AttachToThread(
+ DPL::DB::SqlConnection::Flag::RW);
+ // We can have race condition here but CheckTableExist
+ // is thread safe and nothing bad will happend.
+ if (check) {
+ check = false;
+ Assert(ThreadInterface().CheckTableExist(DB_CHECKSUM_STR) &&
+ "Not a valid vcore database version");
+ }
+}
+
+void DetachFromThread(void){
+ Assert(threadInterface);
+ threadInterface->DetachFromThread();
+}
+
+DPL::DB::ThreadDatabaseSupport& ThreadInterface(void) {
+ Assert(threadInterface);
+ return *threadInterface;
+}
+
+bool VCoreInit(const std::string& configFilePath,
+ const std::string& configSchemaPath,
+ const std::string& databasePath)
+{
+ if(threadInterface) {
+ LogDebug("Already Initialized");
+ return false;
+ }
+
+ threadInterface = new DPL::DB::ThreadDatabaseSupport(
+ databasePath.c_str(),
+ DPL::DB::SqlConnection::Flag::UseLucene);
+
+ SSL_library_init();
+// g_thread_init(NULL);
+ g_type_init();
+
+ LogDebug("Initializing VCore");
+ Config &globalConfig = ConfigSingleton::Instance();
+ bool returnValue = globalConfig.setXMLConfigPath(configFilePath) &&
+ globalConfig.setXMLSchemaPath(configSchemaPath);
+
+ return returnValue;
+}
+
+void VCoreDeinit()
+{
+ Assert(threadInterface && "Not initialized or already deinitialized");
+ delete threadInterface;
+ threadInterface = NULL;
+}
+
+} // namespace ValidationCore
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file VCore.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#ifndef _VCORE_SRC_VCORE_VCORE_H_
+#define _VCORE_SRC_VCORE_VCORE_H_
+
+#include <string>
+
+namespace ValidationCore {
+/*
+ * configFilePath - path to XML config file with certificates configuration
+ *
+ * configSchemaPath - XMLschema of config file
+ *
+ * databasePath - path to database with OCSP/CRL cache.
+ *
+ * This function could be run only once. If you call it twice it will
+ * return false and non data will be set.
+ *
+ * This function must be call before AttachToThread function.
+ */
+bool VCoreInit(const std::string& configFilePath,
+ const std::string& configSchemaPath,
+ const std::string& databasePath);
+
+/*
+ * This function will free internal structures responsible for db connection.
+ */
+void VCoreDeinit(void);
+
+/*
+ * All thread with are using OCSP/CRL must call AttachToThread function before
+ * it can call OCSP/CRL. More than one thread could be Attach with OCPS/CRL.
+ *
+ * You mast attach thread to OCSP/CRL because OCSP/CRL is using database
+ * CertificateCachedDAO. For each thread that will be using this database
+ * vcore must create internal structure (with connection info).
+ *
+ */
+void AttachToThreadRO(void);
+void AttachToThreadRW(void);
+void DetachFromThread(void);
+
+} // namespace ValidationCore
+
+#endif // _VCORE_SRC_VCORE_VCORE_H_
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file VCore.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#ifndef _VCORE_SRC_VCORE_VCOREPRIVATE_H_
+#define _VCORE_SRC_VCORE_VCOREPRIVATE_H_
+
+#include <string>
+#include <VCore.h>
+#include <database_checksum_vcore.h>
+#include <dpl/db/thread_database_support.h>
+
+namespace ValidationCore {
+DPL::DB::ThreadDatabaseSupport& ThreadInterface(void);
+} // namespace ValidationCore
+
+#endif // _VCORE_SRC_VCORE_VCORE_H_
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ValidatorCommon.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief This file contais definictions of common types used in ValidationCore.
+ */
+#ifndef _VALIDATORCOMMON_H_
+#define _VALIDATORCOMMON_H_
+
+#include <list>
+#include <set>
+#include <string>
+
+namespace ValidationCore {
+typedef std::set< std::string > ReferenceSet;
+typedef std::list< std::string > ObjectList;
+
+/*
+ * base deleter func
+ */
+template <typename T>
+struct ValidatorCoreUniversalFree {};
+
+// Template Specialization
+#define VC_DECLARE_DELETER(type, function) \
+ template <> \
+ struct ValidatorCoreUniversalFree <type> { \
+ void universal_free(type *ptr){ \
+ if (ptr) { \
+ function(ptr); } \
+ } \
+ };
+
+template <typename T>
+class AutoPtr
+{
+ public:
+ AutoPtr(T *ptr) :
+ m_data(ptr)
+ {
+ }
+
+ AutoPtr(const AutoPtr<T> &second)
+ {
+ m_data = second.m_data;
+ second.m_data = 0;
+ }
+
+ AutoPtr & operator=(const AutoPtr &second)
+ {
+ if (this != &second) {
+ ValidatorCoreUniversalFree<T> deleter;
+ deleter.universal_free(m_data);
+ m_data = second.m_data;
+ second.m_data = 0;
+ }
+ return *this;
+ }
+
+ /**
+ * overloaded -> operator, so smart ptr could act as ordinary ptr
+ */
+ T* operator->()
+ {
+ return m_data;
+ }
+
+ ~AutoPtr()
+ {
+ ValidatorCoreUniversalFree<T> deleter;
+ deleter.universal_free(m_data);
+ }
+
+ /**
+ * get internal pointer
+ */
+ T* get(void)
+ {
+ return m_data;
+ }
+
+ private:
+ mutable T *m_data;
+};
+} // namespace ValidationCore
+
+#endif // _VALIDATORCOMMON_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#include <vcore/ValidatorFactories.h>
+
+#include <string>
+#include <dpl/log/log.h>
+
+#include <vcore/Certificate.h>
+#include <vcore/CertificateConfigReader.h>
+#include <vcore/Config.h>
+
+namespace ValidationCore {
+
+const CertificateIdentifier& createCertificateIdentifier()
+{
+ static CertificateIdentifier certificateIdentifier;
+ static bool initialized = false;
+ if (!initialized) {
+ CertificateConfigReader reader;
+ std::string file =
+ ConfigSingleton::Instance().getXMLConfigPath();
+ LogDebug("File with fingerprint list is: " << file);
+ std::string schema =
+ ConfigSingleton::Instance().getXMLSchemaPath();
+ LogDebug("File with fingerprint list schema is: " << schema);
+ reader.initialize(file, schema);
+ reader.read(certificateIdentifier);
+ initialized = true;
+ }
+ return certificateIdentifier;
+}
+
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#ifndef _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_VALIDATORFACTORY_H_
+#define _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_VALIDATORFACTORY_H_
+
+#include <CertificateIdentifier.h>
+
+namespace ValidationCore {
+// First use of CertificateIdentificator should initialized it.
+// We do not want to create cyclic dependencies between
+// CertificateConfigReader and CertificateIdentificator so
+// we are using factory method to create CertificateIdentificator.
+
+const CertificateIdentifier& createCertificateIdentifier();
+} // namespace ValidationCore
+
+#endif // _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_VALIDATORFACTORY_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "VerificationStatus.h"
+
+namespace ValidationCore {
+VerificationStatus VerificationStatusSet::convertToStatus() const
+{
+ if (m_verdictMap & VERIFICATION_STATUS_REVOKED) {
+ return VERIFICATION_STATUS_REVOKED;
+ }
+
+ if (m_verdictMap & VERIFICATION_STATUS_VERIFICATION_ERROR) {
+ return VERIFICATION_STATUS_VERIFICATION_ERROR;
+ }
+
+ if (m_verdictMap & VERIFICATION_STATUS_ERROR) {
+ return VERIFICATION_STATUS_ERROR;
+ }
+
+ if (m_verdictMap & VERIFICATION_STATUS_UNKNOWN) {
+ return VERIFICATION_STATUS_UNKNOWN;
+ }
+
+ if (m_verdictMap & VERIFICATION_STATUS_CONNECTION_FAILED) {
+ return VERIFICATION_STATUS_CONNECTION_FAILED;
+ }
+
+ if (m_verdictMap & VERIFICATION_STATUS_NOT_SUPPORT) {
+ return VERIFICATION_STATUS_NOT_SUPPORT;
+ }
+
+ if (m_verdictMap & VERIFICATION_STATUS_GOOD) {
+ return VERIFICATION_STATUS_GOOD;
+ }
+
+ return VERIFICATION_STATUS_ERROR;
+}
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _SRC_VALIDATION_CORE_VERIFICATION_STATUS_H_
+#define _SRC_VALIDATION_CORE_VERIFICATION_STATUS_H_
+
+namespace ValidationCore {
+enum VerificationStatus
+{
+ //! The certificate has not been revoked.
+ /*! Connection to OCSP responder was successful and the certificate
+ * has not been revoked.
+ */
+ VERIFICATION_STATUS_GOOD = 1,
+
+ //! The certificate has been revoked.
+ /*! Connection to OCSP responder was successful and the certificate
+ * has been revoked.
+ * RFC2560: "The "revoked" state indicates that the certificate has
+ * been revoked (either permanantly or temporarily
+ * (on hold))."
+ */
+ VERIFICATION_STATUS_REVOKED = 1 << 1,
+
+ //! The certificate status is unknown.
+ /*! Connection to OCSP responder was successful and the certificate
+ * has unknown status.
+ *
+ * RFC2560: "The "unknown" state indicates that the responder
+ * doesn't know about the certificate being requested."
+ */
+ VERIFICATION_STATUS_UNKNOWN = 1 << 2,
+
+ //! The certificate status was not figure out.
+ /*! The response from ocsp/crl server contains broken signature. */
+ VERIFICATION_STATUS_VERIFICATION_ERROR = 1 << 3,
+
+ //! The certificate status was not figure out.
+ /*! The certificate does not contain ocsp/crl extension. */
+ VERIFICATION_STATUS_NOT_SUPPORT = 1 << 4,
+
+ //! The certificate status was not figure out.
+ /*! The CertMgr could not connect to OCSP responder. */
+ VERIFICATION_STATUS_CONNECTION_FAILED = 1 << 5,
+
+ //! The certificate status is unknown due to internal error inside OCSP
+ VERIFICATION_STATUS_ERROR = 1 << 6
+};
+
+class VerificationStatusSet
+{
+ public:
+ VerificationStatusSet() : m_verdictMap(0)
+ {
+ }
+
+ inline void add(VerificationStatus status)
+ {
+ m_verdictMap |= status;
+ }
+
+ inline bool contains(VerificationStatus status) const
+ {
+ return m_verdictMap & status;
+ }
+
+ inline bool isEmpty() const
+ {
+ return 0 == m_verdictMap;
+ }
+
+ inline void operator+=(const VerificationStatusSet &second)
+ {
+ m_verdictMap |= second.m_verdictMap;
+ }
+
+ inline void reset()
+ {
+ m_verdictMap = 0;
+ }
+
+ VerificationStatus convertToStatus() const;
+
+ private:
+ unsigned int m_verdictMap;
+};
+
+/* TODO this status should be defined in wrt-engine sources */
+enum WidgetVerificationStatus
+{
+ // All certificate has been veficated and all certificates are good.
+ // Widget is able to be installed.
+ WIDGET_VERIFICATION_STATUS_GOOD,
+ // Some certificate has been revoked. Widget is not able to be installed.
+ WIDGET_VERIFICATION_STATUS_REVOKED,
+};
+} // namespace ValidationCore
+
+#endif // _SRC_VALIDATION_CORE_VERIFICATION_STATUS_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#include "WacOrigin.h"
+
+#include <algorithm>
+#include <ctype.h>
+#include <idna.h>
+
+#include <<dpl/log/log.h>>
+
+#include <iri.h>
+#include "ValidatorCommon.h"
+
+namespace {
+const std::string SCHEME_HTTP = "http";
+const std::string SCHEME_HTTPS = "https";
+const int PORT_HTTP = 80;
+const int PORT_HTTPS = 443;
+}
+
+namespace ValidationCore {
+VC_DECLARE_DELETER(iri_struct, iri_destroy)
+
+WacOrigin::WacOrigin(const std::string &url) :
+ m_port(0),
+ m_parseFailed(false)
+{
+ parse(url.c_str());
+}
+
+WacOrigin::WacOrigin(const char *url) :
+ m_port(0),
+ m_parseFailed(false)
+{
+ parse(url);
+}
+
+bool WacOrigin::operator==(const WacOrigin &second) const
+{
+ if (m_parseFailed || second.m_parseFailed) {
+ return false;
+ }
+
+ return (m_scheme == second.m_scheme) &&
+ (m_host == second.m_host) &&
+ (m_port == second.m_port);
+}
+
+void WacOrigin::parse(const char *url)
+{
+ // Step are taken from algorihtm:
+ // http://www.w3.org/TR/html5/origin-0.html#origin-0
+
+ // Step 1
+ // Step 2
+ AutoPtr<iri_struct> iri(iri_parse(url));
+ if (!iri.get()) {
+ m_parseFailed = true;
+ return;
+ }
+
+ if (iri->scheme) {
+ m_scheme = iri->scheme;
+ } else {
+ m_parseFailed = true;
+ return;
+ }
+
+ // Step 3 - Skip this point.
+ // WAC 2.0 PRV - we are suport only "http" and "https" schemas.
+
+ // Step 4 - Todo
+
+ // Step 5
+ std::transform(m_scheme.begin(), m_scheme.end(), m_scheme.begin(), tolower);
+
+ // Step 6 - we only support "http" and "https" schemas
+ if ((m_scheme != SCHEME_HTTP) && (m_scheme != SCHEME_HTTPS)) {
+ m_parseFailed = true;
+ return;
+ }
+
+ // Step 7 - Skip. We do not support "file" schema.
+
+ // Step 8
+ if (iri->host) {
+ m_host = iri->host;
+ } else {
+ m_parseFailed = true;
+ return;
+ }
+
+ // Step 9
+ char *output = NULL;
+ if (IDNA_SUCCESS !=
+ idna_to_ascii_lz(m_host.c_str(), &output, IDNA_USE_STD3_ASCII_RULES)) {
+ LogError("libidn error");
+ m_parseFailed = true;
+ free(output);
+ return;
+ }
+ m_host = output;
+ free(output);
+
+ // Step 10
+ std::transform(m_host.begin(), m_host.end(), m_host.begin(), ::tolower);
+
+ // Step 11
+ if (iri->port) {
+ m_port = iri->port;
+ } else {
+ setPort();
+ }
+
+ // Step 12 - Skip it. We do not return anything.
+ // User should create geters if he need access to schema/host/port.
+}
+
+void WacOrigin::setPort()
+{
+ if (SCHEME_HTTP == m_scheme) {
+ m_port = PORT_HTTP;
+ return;
+ } else if (SCHEME_HTTPS == m_scheme) {
+ m_port = PORT_HTTPS;
+ return;
+ } else {
+ LogDebug("Scheme " << m_scheme << " is not support by WAC2.0");
+ m_parseFailed = true;
+ }
+}
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief This is stub for HTML5Origin implementation.
+ * This implementation is compatible with WAC 2.0 PRV requirements
+ * and is _not_ full compatible with ORIGIN algorithm requirements
+ * defined in http://www.w3.org/TR/html5/origin-0.html#origin-0
+ */
+#ifndef _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_HTML5ORIGIN_H_
+#define _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_HTML5ORIGIN_H_
+
+#include <string>
+
+namespace ValidationCore {
+class WacOrigin
+{
+ public:
+
+ WacOrigin(const std::string &url);
+ WacOrigin(const char *url);
+
+ bool operator!=(const WacOrigin &second) const
+ {
+ return !(operator==(second));
+ }
+
+ bool operator==(const WacOrigin &second) const;
+
+ private:
+ void parse(const char *url);
+ void setPort();
+
+ std::string m_scheme;
+ std::string m_host;
+ int m_port;
+ bool m_parseFailed; // if parsing failed we should return unique identifier
+};
+} //namespace ValidationCore
+
+#endif // _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_HTML5ORIGIN_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file XmlsecAdapter.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+
+/*
+ * Copyright (C) 2002-2003 Aleksey Sanin. All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+
+#include <cstdlib>
+#include <cstring>
+
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#endif /* XMLSEC_NO_XSLT */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmldsig.h>
+#include <xmlsec/crypto.h>
+#include <xmlsec/io.h>
+#include <xmlsec/keyinfo.h>
+
+#include <dpl/assert.h>
+#include <dpl/log/log.h>
+
+#include "XmlsecAdapter.h"
+#include <dpl/singleton_impl.h>
+IMPLEMENT_SINGLETON(ValidationCore::XmlSec)
+
+namespace {
+
+struct FileWrapper {
+ FileWrapper(void *argFile, bool argReleased)
+ : file(argFile)
+ , released(argReleased)
+ {}
+ void *file;
+ bool released;
+};
+
+} // anonymous namespace
+
+namespace ValidationCore {
+VC_DECLARE_DELETER(xmlSecKeysMngr, xmlSecKeysMngrDestroy)
+
+static const char* DIGEST_MD5 = "md5";
+
+std::string XmlSec::s_prefixPath;
+
+int XmlSec::fileMatchCallback(const char *filename)
+{
+ std::string path = s_prefixPath + filename;
+ return xmlFileMatch(path.c_str());
+}
+
+void* XmlSec::fileOpenCallback(const char *filename)
+{
+ std::string path = s_prefixPath + filename;
+ LogDebug("Xmlsec opening: " << path);
+ return new FileWrapper(xmlFileOpen(path.c_str()),false);
+}
+
+int XmlSec::fileReadCallback(void *context,
+ char *buffer,
+ int len)
+{
+ FileWrapper *fw = static_cast<FileWrapper*>(context);
+ if (fw->released) {
+ return 0;
+ }
+ int output = xmlFileRead(fw->file, buffer, len);
+ if (output == 0) {
+ fw->released = true;
+ xmlFileClose(fw->file);
+ }
+ return output;
+}
+
+int XmlSec::fileCloseCallback(void *context)
+{
+ FileWrapper *fw = static_cast<FileWrapper*>(context);
+ int output = 0;
+ if (!(fw->released)) {
+ output = xmlFileClose(fw->file);
+ }
+ delete fw;
+ return output;
+}
+
+void XmlSec::fileExtractPrefix(XmlSecContext *context)
+{
+ if (!(context->workingDirectory.empty())) {
+ s_prefixPath = context->workingDirectory;
+ return;
+ }
+
+ s_prefixPath = context->signatureFile;
+ size_t pos = s_prefixPath.rfind('/');
+ if (pos == std::string::npos) {
+ s_prefixPath.clear();
+ } else {
+ s_prefixPath.erase(pos + 1, std::string::npos);
+ }
+}
+
+XmlSec::XmlSec() :
+ m_initialized(false)
+{
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif
+
+ if (xmlSecInit() < 0) {
+ LogError("Xmlsec initialization failed.");
+ ThrowMsg(Exception::InternalError, "Xmlsec initialization failed.");
+ }
+
+ if (xmlSecCheckVersion() != 1) {
+ xmlSecShutdown();
+ LogError("Loaded xmlsec library version is not compatible.");
+ ThrowMsg(Exception::InternalError,
+ "Loaded xmlsec library version is not compatible.");
+ }
+
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if (xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+ xmlSecShutdown();
+ LogError(
+ "Error: unable to load default xmlsec-crypto library. Make sure "
+ "that you have it installed and check shared libraries path "
+ "(LD_LIBRARY_PATH) envornment variable.");
+ ThrowMsg(Exception::InternalError,
+ "Unable to load default xmlsec-crypto library.");
+ }
+#endif
+
+ if (xmlSecCryptoAppInit(NULL) < 0) {
+ xmlSecShutdown();
+ LogError("Crypto initialization failed.");
+ ThrowMsg(Exception::InternalError, "Crypto initialization failed.");
+ }
+
+ if (xmlSecCryptoInit() < 0) {
+ xmlSecCryptoAppShutdown();
+ xmlSecShutdown();
+ LogError("Xmlsec-crypto initialization failed.");
+ ThrowMsg(Exception::InternalError,
+ "Xmlsec-crypto initialization failed.");
+ }
+
+ m_initialized = true;
+}
+
+void XmlSec::deinitialize(void)
+{
+ Assert(m_initialized);
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+
+ s_prefixPath.clear();
+ m_initialized = false;
+}
+
+XmlSec::~XmlSec()
+{
+ if (m_initialized) {
+ deinitialize();
+ }
+}
+
+XmlSec::Result XmlSec::validateFile(XmlSecContext *context,
+ xmlSecKeysMngrPtr mngr)
+{
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int size, res = -1;
+
+ fileExtractPrefix(context);
+ LogDebug("Prefix path: " << s_prefixPath);
+
+ xmlSecIOCleanupCallbacks();
+
+ xmlSecIORegisterCallbacks(
+ fileMatchCallback,
+ fileOpenCallback,
+ fileReadCallback,
+ fileCloseCallback);
+
+ /* load file */
+ doc = xmlParseFile(context->signatureFile.c_str());
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)) {
+ LogWarning("Unable to parse file " << context->signatureFile);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(
+ doc), xmlSecNodeSignature, xmlSecDSigNs);
+ if (node == NULL) {
+ LogWarning("Start node not found in " << context->signatureFile);
+ goto done;
+ }
+
+ /* create signature context */
+ dsigCtx = xmlSecDSigCtxCreate(mngr);
+ if (dsigCtx == NULL) {
+ LogError("Failed to create signature context.");
+ goto done;
+ }
+
+ if (context->allowBrokenChain) {
+ dsigCtx->keyInfoReadCtx.flags |=
+ XMLSEC_KEYINFO_FLAGS_ALLOW_BROKEN_CHAIN;
+ }
+
+ if (context->validationTime) {
+ LogDebug("Setting validation time.");
+ dsigCtx->keyInfoReadCtx.certsVerificationTime = context->validationTime;
+ }
+
+ /* Verify signature */
+ if (xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
+ LogWarning("Signature verify error.");
+ goto done;
+ }
+
+ if (dsigCtx->keyInfoReadCtx.flags2 &
+ XMLSEC_KEYINFO_ERROR_FLAGS_BROKEN_CHAIN) {
+ LogWarning("XMLSEC_KEYINFO_FLAGS_ALLOW_BROKEN_CHAIN was set to true!");
+ LogWarning("Signature contains broken chain!");
+ context->errorBrokenChain = true;
+ }
+
+ /* print verification result to stdout */
+ if (dsigCtx->status == xmlSecDSigStatusSucceeded) {
+ LogDebug("Signature is OK");
+ res = 0;
+ } else {
+ LogDebug("Signature is INVALID");
+ goto done;
+ }
+
+ if (dsigCtx->c14nMethod && dsigCtx->c14nMethod->id &&
+ dsigCtx->c14nMethod->id->name) {
+ LogInfo("Canonicalization method: " <<
+ reinterpret_cast<const char *>(dsigCtx->c14nMethod->id->name));
+ }
+
+ size = xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences));
+ for (int i = 0; i < size; ++i) {
+ xmlSecDSigReferenceCtxPtr dsigRefCtx =
+ (xmlSecDSigReferenceCtxPtr)xmlSecPtrListGetItem(&(dsigCtx->
+ signedInfoReferences),
+ i);
+ if (dsigRefCtx && dsigRefCtx->uri) {
+ if (dsigRefCtx->digestMethod && dsigRefCtx->digestMethod->id &&
+ dsigRefCtx->digestMethod->id->name) {
+ const char* pDigest =
+ reinterpret_cast<const char *>(dsigRefCtx->digestMethod->id
+ ->name);
+ std::string strDigest(pDigest);
+ LogInfo("reference digest method: " <<
+ reinterpret_cast<const char *>(dsigRefCtx->digestMethod
+ ->id
+ ->name));
+ if (strDigest == DIGEST_MD5) {
+ LogWarning("MD5 digest method used! Please use sha");
+ res = -1;
+ break;
+ }
+ }
+ context->referenceSet.insert(std::string(reinterpret_cast<char *>(
+ dsigRefCtx->uri)));
+ }
+ }
+
+done:
+ /* cleanup */
+ if (dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if (doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+
+ if (res) {
+ return ERROR_INVALID_SIGNATURE;
+ }
+ return NO_ERROR;
+}
+
+void XmlSec::loadDERCertificateMemory(XmlSecContext *context,
+ xmlSecKeysMngrPtr mngr)
+{
+ unsigned char *derCertificate = NULL;
+ int size = i2d_X509(context->certificatePtr->getX509(), &derCertificate);
+
+ if (!derCertificate) {
+ LogError("Failed during x509 conversion to der format.");
+ ThrowMsg(Exception::InternalError,
+ "Failed during x509 conversion to der format.");
+ }
+
+ if (xmlSecCryptoAppKeysMngrCertLoadMemory(mngr,
+ derCertificate,
+ size,
+ xmlSecKeyDataFormatDer,
+ xmlSecKeyDataTypeTrusted) < 0) {
+ OPENSSL_free(derCertificate);
+ LogError("Failed to load der certificate from memory.");
+ ThrowMsg(Exception::InternalError,
+ "Failed to load der certificate from memory.");
+ }
+
+ OPENSSL_free(derCertificate);
+}
+
+void XmlSec::loadPEMCertificateFile(XmlSecContext *context,
+ xmlSecKeysMngrPtr mngr)
+{
+ if (xmlSecCryptoAppKeysMngrCertLoad(mngr,
+ context->certificatePath.c_str(),
+ xmlSecKeyDataFormatPem,
+ xmlSecKeyDataTypeTrusted) < 0) {
+ LogError("Failed to load PEM certificate from file.");
+ ThrowMsg(Exception::InternalError,
+ "Failed to load PEM certificate from file.");
+ }
+}
+
+XmlSec::Result XmlSec::validate(XmlSecContext *context)
+{
+ Assert(context);
+ Assert(!(context->signatureFile.empty()));
+ Assert(context->certificatePtr.Get() || !(context->certificatePath.empty()));
+
+ if (!m_initialized) {
+ LogError("XmlSec is not initialized.");
+ ThrowMsg(Exception::InternalError, "XmlSec is not initialized");
+ }
+
+ AutoPtr<xmlSecKeysMngr> mngr(xmlSecKeysMngrCreate());
+
+ if (!mngr.get()) {
+ LogError("Failed to create keys manager.");
+ ThrowMsg(Exception::InternalError, "Failed to create keys manager.");
+ }
+
+ if (xmlSecCryptoAppDefaultKeysMngrInit(mngr.get()) < 0) {
+ LogError("Failed to initialize keys manager.");
+ ThrowMsg(Exception::InternalError, "Failed to initialize keys manager.");
+ }
+ context->referenceSet.clear();
+
+ if (context->certificatePtr.Get()) {
+ loadDERCertificateMemory(context, mngr.get());
+ }
+
+ if (!context->certificatePath.empty()) {
+ loadPEMCertificateFile(context, mngr.get());
+ }
+
+ return validateFile(context, mngr.get());
+}
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file XmlSecAdapter.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#ifndef _XMLSECADAPTER_H_
+#define _XMLSECADAPTER_H_
+
+#include <xmlsec/keysmngr.h>
+
+#include <dpl/exception.h>
+#include <dpl/noncopyable.h>
+#include <dpl/singleton.h>
+
+#include "Certificate.h"
+#include "ValidatorCommon.h"
+
+namespace ValidationCore {
+class XmlSec : public DPL::Noncopyable
+{
+ public:
+
+ struct XmlSecContext
+ {
+ /* You _must_ set one of the value: certificatePath or certificate. */
+ XmlSecContext() :
+ validationTime(0),
+ allowBrokenChain(false),
+ errorBrokenChain(false)
+ {
+ }
+
+ /*
+ * Absolute path to signature file.
+ */
+ std::string signatureFile;
+ /*
+ * Direcotory with signed data.
+ * If you leave it empty xmlsec will use directory extracted
+ * from signatureFile.
+ */
+ std::string workingDirectory;
+ /*
+ * Path to trusted certificate.
+ */
+ std::string certificatePath;
+ /*
+ * Trusted certificate. In most cases it should be Root CA certificate.
+ */
+ CertificatePtr certificatePtr;
+ /*
+ * Validation date.
+ * 0 - uses current time.
+ */
+ time_t validationTime;
+ /*
+ * Input parameter.
+ * If true, signature validation will not be interrupted by chain error.
+ * If true and chain is broken then the value errorBrokenChain will be
+ * set to true.
+ */
+ bool allowBrokenChain;
+ /*
+ * Output parameter.
+ * This will be set if chain is incomplete or broken.
+ */
+ bool errorBrokenChain;
+ /*
+ * Output parameter.
+ * Reference checked by xmlsec
+ */
+ ReferenceSet referenceSet;
+ };
+
+ enum Result
+ {
+ NO_ERROR,
+ ERROR_INVALID_SIGNATURE
+ };
+
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, InternalError)
+ };
+
+ /*
+ * Context - input/output param.
+ */
+ Result validate(XmlSecContext *context);
+ protected:
+ XmlSec();
+ ~XmlSec();
+ private:
+ void deinitialize(void);
+
+ void loadDERCertificateMemory(XmlSecContext *context,
+ xmlSecKeysMngrPtr mngr);
+ void loadPEMCertificateFile(XmlSecContext *context,
+ xmlSecKeysMngrPtr mngr);
+ Result validateFile(XmlSecContext *context,
+ xmlSecKeysMngrPtr mngr);
+
+ bool m_initialized;
+
+ static std::string s_prefixPath;
+ static int fileMatchCallback(const char *filename);
+ static void* fileOpenCallback(const char *filename);
+ static int fileReadCallback(void *context,
+ char *buffer,
+ int len);
+ static int fileCloseCallback(void *context);
+ static void fileExtractPrefix(XmlSecContext *context);
+};
+
+typedef DPL::Singleton<XmlSec> XmlSecSingleton;
+} // namespace ValidationCore
+#endif // _XMLSECVERIFICATOR_H_
--- /dev/null
+/**
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file api.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @author Jacek Migacz (j.migacz@samsung.com)
+ * @version 1.0
+ * @brief This is part of C-api proposition for cert-svc.
+ */
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+
+#include <algorithm>
+#include <fstream>
+#include <map>
+#include <memory>
+#include <set>
+#include <string>
+#include <vector>
+
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs12.h>
+#include <openssl/err.h>
+#include <openssl/sha.h>
+
+#include <dlog.h>
+
+#include <dpl/foreach.h>
+#include <dpl/log/log.h>
+
+#include <cert-svc/cinstance.h>
+#include <cert-svc/ccert.h>
+#include <cert-svc/cocsp.h>
+#include <cert-svc/cpkcs12.h>
+#include <cert-svc/ccrl.h>
+#include <cert-svc/cpkcs12.h>
+#include <cert-svc/cprimitives.h>
+
+#include <vcore/Base64.h>
+#include <vcore/Certificate.h>
+#include <vcore/CertificateCollection.h>
+#include <vcore/OCSP.h>
+#include <vcore/CRL.h>
+#include <vcore/CRLCacheInterface.h>
+#include <vcore/pkcs12.h>
+
+using namespace ValidationCore;
+
+namespace {
+
+typedef std::unique_ptr<CERT_CONTEXT, std::function<int(CERT_CONTEXT*)> > ScopedCertCtx;
+
+class CRLCacheCAPI : public CRLCacheInterface {
+public:
+ CRLCacheCAPI(
+ CertSvcCrlCacheWrite crlWrite,
+ CertSvcCrlCacheRead crlRead,
+ CertSvcCrlFree crlFree,
+ void *userParam)
+ : m_crlWrite(crlWrite)
+ , m_crlRead(crlRead)
+ , m_crlFree(crlFree)
+ , m_userParam(userParam)
+ {}
+
+ bool getCRLResponse(CRLCachedData *ptr){
+ if (!m_crlRead || !m_crlFree)
+ return false;
+
+ char *buffer;
+ int size;
+
+ bool result = m_crlRead(
+ ptr->distribution_point.c_str(),
+ &buffer,
+ &size,
+ &(ptr->next_update_time),
+ m_userParam);
+
+ if (result) {
+ ptr->crl_body.clear();
+ ptr->crl_body.append(buffer, size);
+ m_crlFree(buffer, m_userParam);
+ }
+
+ return result;
+ }
+ void setCRLResponse(CRLCachedData *ptr){
+ if (m_crlWrite) {
+ m_crlWrite(
+ ptr->distribution_point.c_str(),
+ ptr->crl_body.c_str(),
+ ptr->crl_body.size(),
+ ptr->next_update_time,
+ m_userParam);
+ }
+ }
+
+private:
+ CertSvcCrlCacheWrite m_crlWrite;
+ CertSvcCrlCacheRead m_crlRead;
+ CertSvcCrlFree m_crlFree;
+ void *m_userParam;
+};
+
+class CertSvcInstanceImpl {
+public:
+ CertSvcInstanceImpl()
+ : m_certificateCounter(0)
+ , m_idListCounter(0)
+ , m_stringListCounter(0)
+ , m_crlWrite(NULL)
+ , m_crlRead(NULL)
+ , m_crlFree(NULL)
+ {}
+
+ ~CertSvcInstanceImpl(){
+ FOREACH(it, m_allocatedStringSet) {
+ delete[] *it;
+ }
+ }
+
+ inline void reset(){
+ m_certificateCounter = 0;
+ m_certificateMap.clear();
+ m_idListCounter = 0;
+ m_idListMap.clear();
+ m_stringListCounter = 0;
+ m_stringListMap.clear();
+
+ FOREACH(it, m_allocatedStringSet) {
+ delete[] *it;
+ }
+
+ m_allocatedStringSet.clear();
+ }
+
+ inline int addCert(const CertificatePtr &cert) {
+ m_certificateMap[m_certificateCounter] = cert;
+ return m_certificateCounter++;
+ }
+
+ inline void removeCert(const CertSvcCertificate &cert) {
+ auto iter = m_certificateMap.find(cert.privateHandler);
+ if (iter != m_certificateMap.end()) {
+ m_certificateMap.erase(iter);
+ }
+ }
+
+ inline int getCertFromList(
+ const CertSvcCertificateList &handler,
+ int position,
+ CertSvcCertificate *certificate)
+ {
+ auto iter = m_idListMap.find(handler.privateHandler);
+ if (iter == m_idListMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ if (position >= static_cast<int>(iter->second.size())) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ certificate->privateInstance = handler.privateInstance;
+ certificate->privateHandler = (iter->second)[position];
+ return CERTSVC_SUCCESS;
+ }
+
+ inline int getCertListLen(const CertSvcCertificateList &handler, int *len) {
+ auto iter = m_idListMap.find(handler.privateHandler);
+ if (iter == m_idListMap.end() || !len) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ *len = (iter->second).size();
+ return CERTSVC_SUCCESS;
+ }
+
+ inline void removeCertList(const CertSvcCertificateList &handler) {
+ auto iter = m_idListMap.find(handler.privateHandler);
+ if (iter != m_idListMap.end())
+ m_idListMap.erase(iter);
+ }
+
+ inline int isSignedBy(const CertSvcCertificate &child,
+ const CertSvcCertificate &parent,
+ int *status)
+ {
+ auto citer = m_certificateMap.find(child.privateHandler);
+ if (citer == m_certificateMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ auto piter = m_certificateMap.find(parent.privateHandler);
+ if (piter == m_certificateMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+
+ if (citer->second->isSignedBy(piter->second)) {
+ *status = CERTSVC_TRUE;
+ } else {
+ *status = CERTSVC_FALSE;
+ }
+ return CERTSVC_SUCCESS;
+ }
+
+ inline int getField(const CertSvcCertificate &cert,
+ CertSvcCertificateField field,
+ CertSvcString *buffer)
+ {
+ auto iter = m_certificateMap.find(cert.privateHandler);
+ if (iter == m_certificateMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+
+ auto certPtr = iter->second;
+ DPL::OptionalString result;
+ switch(field) {
+ case CERTSVC_SUBJECT:
+ result = DPL::OptionalString(certPtr->getOneLine());
+ break;
+ case CERTSVC_ISSUER:
+ result = DPL::OptionalString(certPtr->getOneLine(Certificate::FIELD_ISSUER));
+ break;
+ case CERTSVC_SUBJECT_COMMON_NAME:
+ result = certPtr->getCommonName();
+ break;
+ case CERTSVC_SUBJECT_COUNTRY_NAME:
+ result = certPtr->getCountryName();
+ break;
+ case CERTSVC_SUBJECT_STATE_NAME:
+ result = certPtr->getStateOrProvinceName();
+ break;
+ case CERTSVC_SUBJECT_ORGANIZATION_NAME:
+ result = certPtr->getOrganizationName();
+ break;
+ case CERTSVC_SUBJECT_ORGANIZATION_UNIT_NAME:
+ result = certPtr->getOrganizationalUnitName();
+ break;
+ case CERTSVC_ISSUER_COMMON_NAME:
+ result = certPtr->getCommonName(Certificate::FIELD_ISSUER);
+ break;
+ case CERTSVC_ISSUER_STATE_NAME:
+ result = certPtr->getStateOrProvinceName(Certificate::FIELD_ISSUER);
+ break;
+ case CERTSVC_ISSUER_ORGANIZATION_NAME:
+ result = certPtr->getOrganizationName(Certificate::FIELD_ISSUER);
+ break;
+ case CERTSVC_ISSUER_ORGANIZATION_UNIT_NAME:
+ result = certPtr->getOrganizationalUnitName(Certificate::FIELD_ISSUER);
+ break;
+ case CERTSVC_VERSION:
+ {
+ std::stringstream stream;
+ stream << (certPtr->getVersion()+1);
+ result = DPL::OptionalString(DPL::FromUTF8String(stream.str()));
+ break;
+ }
+ case CERTSVC_SERIAL_NUMBER:
+ result = DPL::OptionalString(certPtr->getSerialNumberString());
+ break;
+ case CERTSVC_KEY_USAGE:
+ result = DPL::OptionalString(certPtr->getKeyUsageString());
+ break;
+ case CERTSVC_KEY:
+ result = DPL::OptionalString(certPtr->getPublicKeyString());
+ break;
+ case CERTSVC_SIGNATURE_ALGORITHM:
+ result = DPL::OptionalString(certPtr->getSignatureAlgorithmString());
+ break;
+ default:
+ break;
+ }
+
+ if (result.IsNull()) {
+ buffer->privateHandler = NULL;
+ buffer->privateLength = 0;
+ buffer->privateInstance = cert.privateInstance;
+ return CERTSVC_SUCCESS;
+ }
+ std::string output = DPL::ToUTF8String(*result);
+
+ char *cstring = new char[output.size()+1];
+ strncpy(cstring, output.c_str(), output.size()+1);
+
+ buffer->privateHandler = cstring;
+ buffer->privateLength = output.size();
+ buffer->privateInstance = cert.privateInstance;
+
+ m_allocatedStringSet.insert(cstring);
+
+ return CERTSVC_SUCCESS;
+ }
+
+ inline int getNotAfter(const CertSvcCertificate &cert,
+ time_t *time)
+ {
+ auto iter = m_certificateMap.find(cert.privateHandler);
+ if (iter == m_certificateMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ *time = iter->second->getNotAfter();
+ return CERTSVC_SUCCESS;
+ }
+
+ inline int getNotBefore(const CertSvcCertificate &cert,
+ time_t *time)
+ {
+ auto iter = m_certificateMap.find(cert.privateHandler);
+ if (iter == m_certificateMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ *time = iter->second->getNotBefore();
+ return CERTSVC_SUCCESS;
+ }
+
+ inline int isRootCA(const CertSvcCertificate &cert, int *status){
+ auto iter = m_certificateMap.find(cert.privateHandler);
+ if (iter == m_certificateMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ if (iter->second->isRootCert()) {
+ *status = CERTSVC_TRUE;
+ } else {
+ *status = CERTSVC_FALSE;
+ }
+ return CERTSVC_SUCCESS;
+ }
+
+ inline int getCrl(const CertSvcCertificate &cert, CertSvcStringList *handler){
+ auto iter = m_certificateMap.find(cert.privateHandler);
+ if (iter == m_certificateMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ int position = m_stringListCounter++;
+
+ std::list<std::string> temp = iter->second->getCrlUris();
+ std::copy(temp.begin(),
+ temp.end(),
+ back_inserter(m_stringListMap[position]));
+
+ handler->privateHandler = position;
+ handler->privateInstance = cert.privateInstance;
+
+ return CERTSVC_SUCCESS;
+ }
+
+ inline int getStringFromList(
+ const CertSvcStringList &handler,
+ int position,
+ CertSvcString *buffer)
+ {
+ buffer->privateHandler = NULL;
+ buffer->privateLength = 0;
+
+ auto iter = m_stringListMap.find(handler.privateHandler);
+ if (iter == m_stringListMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ if (position >= (int)iter->second.size()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ const std::string &data = iter->second.at(position);
+ int size = data.size();
+ char *cstring = new char[size+1];
+ if (!cstring) {
+ return CERTSVC_FAIL;
+ }
+
+ strncpy(cstring, data.c_str(), data.size()+1);
+
+ buffer->privateHandler = cstring;
+ buffer->privateLength = data.size();
+ buffer->privateInstance = handler.privateInstance;
+
+ m_allocatedStringSet.insert(cstring);
+
+ return CERTSVC_SUCCESS;
+ }
+
+ inline int getStringListLen(
+ const CertSvcStringList &handler,
+ int *size)
+ {
+ auto iter = m_stringListMap.find(handler.privateHandler);
+ if (iter == m_stringListMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ *size = (int) iter->second.size();
+ return CERTSVC_SUCCESS;
+ }
+
+ inline void removeStringList(const CertSvcStringList &handler)
+ {
+ m_stringListMap.erase(m_stringListMap.find(handler.privateHandler));
+ }
+
+ inline void removeString(const CertSvcString &handler)
+ {
+ auto iter = m_allocatedStringSet.find(handler.privateHandler);
+ if (iter != m_allocatedStringSet.end()) {
+ delete[] *iter;
+ m_allocatedStringSet.erase(iter);
+ }
+ }
+
+ inline int certificateSearch(
+ CertSvcInstance instance,
+ CertSvcCertificateField field,
+ const char *value,
+ CertSvcCertificateList *handler)
+ {
+ int result;
+ search_field fieldId = SEARCH_FIELD_END;
+
+ switch(field){
+ case CERTSVC_SUBJECT:
+ fieldId = SUBJECT_STR;
+ break;
+ case CERTSVC_ISSUER:
+ fieldId = ISSUER_STR;
+ break;
+ case CERTSVC_SUBJECT_COMMON_NAME:
+ fieldId = SUBJECT_COMMONNAME;
+ break;
+ default:
+ LogError("Not implemented!");
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+
+ ScopedCertCtx ctx(cert_svc_cert_context_init(),
+ cert_svc_cert_context_final);
+
+ if (ctx.get() == NULL) {
+ LogWarning("Error in cert_svc_cert_context_init.");
+ return CERTSVC_FAIL;
+ }
+
+ LogDebug("Match string: " << value);
+ result = cert_svc_search_certificate(ctx.get(), fieldId, const_cast<char*>(value));
+ LogDebug("Search finished!");
+
+ if (CERT_SVC_ERR_NO_ERROR != result) {
+ LogWarning("Error during certificate search");
+ return CERTSVC_FAIL;
+ }
+
+ cert_svc_filename_list *fileList = ctx.get()->fileNames;
+
+ int listId = m_idListCounter++;
+ std::vector<int> &list = m_idListMap[listId];
+ handler->privateHandler = listId;
+ handler->privateInstance = instance;
+
+ for(;fileList != NULL; fileList = fileList->next) {
+ ScopedCertCtx ctx2(cert_svc_cert_context_init(),
+ cert_svc_cert_context_final);
+ if (ctx2.get() == NULL) {
+ LogWarning("Error in cert_svc_cert_context_init.");
+ return CERTSVC_FAIL;
+ }
+
+ // TODO add read_certifcate_from_file function to Certificate.h
+ if (CERT_SVC_ERR_NO_ERROR !=
+ cert_svc_load_file_to_context(ctx2.get(), fileList->filename))
+ {
+ LogWarning("Error in cert_svc_load_file_to_context");
+ return CERTSVC_FAIL;
+ }
+ int certId = addCert(CertificatePtr(new Certificate(*(ctx2.get()->certBuf))));
+ list.push_back(certId);
+ }
+ return CERTSVC_SUCCESS;
+ }
+
+ inline int sortCollection(CertSvcCertificate *certificate_array, int size) {
+ if (size < 2) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+
+ for(int i=1; i<size; ++i) {
+ if (certificate_array[i-1].privateInstance.privatePtr
+ != certificate_array[i].privateInstance.privatePtr)
+ {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ }
+
+ CertificateList certList;
+ std::map<Certificate*,int> translator;
+
+ for(int i=0; i<size; ++i) {
+ int pos = certificate_array[i].privateHandler;
+ auto cert = m_certificateMap.find(pos);
+ if (cert == m_certificateMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ translator[cert->second.Get()] = pos;
+ certList.push_back(cert->second);
+ }
+
+ CertificateCollection collection;
+ collection.load(certList);
+
+ if (!collection.sort()) {
+ return CERTSVC_FAIL;
+ }
+
+ auto chain = collection.getChain();
+
+ int i=0;
+ for (auto iter = chain.begin(); iter != chain.end() && i<size; ++iter, ++i) {
+ certificate_array[i].privateHandler = translator[iter->Get()];
+ }
+
+ return CERTSVC_SUCCESS;
+ }
+
+ inline int getX509Copy(const CertSvcCertificate &certificate, X509** cert)
+ {
+ auto it = m_certificateMap.find(certificate.privateHandler);
+ if (it == m_certificateMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ *cert = X509_dup(it->second->getX509());
+ return CERTSVC_SUCCESS;
+ }
+
+ inline int saveToFile(const CertSvcCertificate &certificate,
+ const char *location)
+ {
+ auto it = m_certificateMap.find(certificate.privateHandler);
+ if (it == m_certificateMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ FILE *out;
+ if (NULL == (out = fopen(location, "w"))) {
+ return CERTSVC_FAIL;
+ }
+ if (0 == i2d_X509_fp(out, it->second->getX509())) {
+ fclose(out);
+ return CERTSVC_FAIL;
+ }
+ fclose(out);
+ return CERTSVC_SUCCESS;
+ }
+
+ inline int ocspCheck(const CertSvcCertificate *chain,
+ int chain_size,
+ const CertSvcCertificate *trusted,
+ int trusted_size,
+ const char *url,
+ int *status)
+ {
+ auto instance = chain[0].privateInstance.privatePtr;
+
+ for(int i=1; i<chain_size; ++i) {
+ if (instance != chain[i].privateInstance.privatePtr)
+ {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ }
+ CertificateList chainList, trustedList;
+
+ for(int i=0; i<chain_size; ++i) {
+ auto cert = m_certificateMap.find(chain[i].privateHandler);
+ if (cert == m_certificateMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ chainList.push_back(cert->second);
+ }
+
+ for(int i=0; i<trusted_size; ++i) {
+ if (instance != trusted[i].privateInstance.privatePtr)
+ {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ }
+
+ for(int i=0; i<trusted_size; ++i) {
+ auto cert = m_certificateMap.find(trusted[i].privateHandler);
+ if (cert == m_certificateMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ trustedList.push_back(cert->second);
+ }
+
+ OCSP ocsp;
+// ocsp.setDigestAlgorithmForCertId(OCSP::SHA1);
+// ocsp.setDigestAlgorithmForRequest(OCSP::SHA1);
+ ocsp.setTrustedStore(trustedList);
+
+ if (url) {
+ ocsp.setUseDefaultResponder(true);
+ ocsp.setDefaultResponder(url);
+ }
+
+ CertificateCollection collection;
+ collection.load(chainList);
+ if (!collection.sort()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+
+ chainList = collection.getChain();
+
+ VerificationStatusSet statusSet = ocsp.validateCertificateList(chainList);
+
+ int ret = 0;
+ if (statusSet.contains(VERIFICATION_STATUS_GOOD)) {
+ ret |= CERTSVC_OCSP_GOOD;
+ }
+ if (statusSet.contains(VERIFICATION_STATUS_REVOKED)) {
+ ret |= CERTSVC_OCSP_REVOKED;
+ }
+ if (statusSet.contains(VERIFICATION_STATUS_UNKNOWN)) {
+ ret |= CERTSVC_OCSP_UNKNOWN;
+ }
+ if (statusSet.contains(VERIFICATION_STATUS_VERIFICATION_ERROR)) {
+ ret |= CERTSVC_OCSP_VERIFICATION_ERROR;
+ }
+ if (statusSet.contains(VERIFICATION_STATUS_NOT_SUPPORT)) {
+ ret |= CERTSVC_OCSP_NO_SUPPORT;
+ }
+ if (statusSet.contains(VERIFICATION_STATUS_ERROR)) {
+ ret |= CERTSVC_OCSP_ERROR;
+ }
+
+ *status = ret;
+ return CERTSVC_SUCCESS;
+ }
+
+ inline int verify(
+ CertSvcCertificate certificate,
+ CertSvcString &message,
+ CertSvcString &signature,
+ const char *algorithm,
+ int *status)
+ {
+ int result = CERTSVC_FAIL;
+
+ if (!status) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+
+ auto it = m_certificateMap.find(certificate.privateHandler);
+ if (it == m_certificateMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+
+ OpenSSL_add_all_digests();
+
+ int temp;
+ EVP_MD_CTX* mdctx = NULL;
+ const EVP_MD * md = NULL;
+ X509 *cert = it->second->getX509();
+ EVP_PKEY *pkey = NULL;
+
+ if (cert == NULL) {
+ goto err;
+ }
+
+ pkey = X509_get_pubkey(cert);
+
+ if (pkey == NULL) {
+ goto err;
+ }
+
+ if (algorithm == NULL) {
+ md = EVP_get_digestbyobj(cert->cert_info->signature->algorithm);
+ } else {
+ md = EVP_get_digestbyname(algorithm);
+ }
+
+ if (md == NULL) {
+ result = CERTSVC_INVALID_ALGORITHM;
+ goto err;
+ }
+
+ mdctx = EVP_MD_CTX_create();
+
+ if (mdctx == NULL) {
+ goto err;
+ }
+
+ if (EVP_VerifyInit_ex(mdctx, md, NULL) != 1) {
+ goto err;
+ }
+
+ if (EVP_VerifyUpdate(mdctx, message.privateHandler, message.privateLength) != 1) {
+ goto err;
+ }
+
+ temp = EVP_VerifyFinal(mdctx,
+ reinterpret_cast<unsigned char*>(signature.privateHandler),
+ signature.privateLength,
+ pkey);
+
+ if (temp == 0) {
+ *status = CERTSVC_INVALID_SIGNATURE;
+ result = CERTSVC_SUCCESS;
+ } else if (temp == 1) {
+ *status = CERTSVC_SUCCESS;
+ result = CERTSVC_SUCCESS;
+ }
+
+ err:
+ if (mdctx != NULL)
+ EVP_MD_CTX_destroy(mdctx);
+ if (pkey != NULL)
+ EVP_PKEY_free(pkey);
+ return result;
+ }
+
+ inline int base64Encode(
+ const CertSvcString &message,
+ CertSvcString *base64)
+ {
+ if (!base64) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ std::string info(message.privateHandler, message.privateLength);
+ Base64Encoder base;
+ base.reset();
+ base.append(info);
+ base.finalize();
+ info = base.get();
+ char *ptr = new char[info.size()+1];
+ memcpy(ptr, info.c_str(), info.size()+1);
+ m_allocatedStringSet.insert(ptr);
+ base64->privateHandler = ptr;
+ base64->privateLength = info.size();
+ base64->privateInstance = message.privateInstance;
+ return CERTSVC_SUCCESS;
+ }
+
+ int base64Decode(
+ const CertSvcString &base64,
+ CertSvcString *message)
+ {
+ if (!message) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ std::string info(base64.privateHandler, base64.privateLength);
+ Base64Decoder base;
+ base.reset();
+ base.append(info);
+ if (!base.finalize()) {
+ return CERTSVC_FAIL;
+ }
+ info = base.get();
+ char *ptr = new char[info.size()+1];
+ memcpy(ptr, info.c_str(), info.size()+1);
+ m_allocatedStringSet.insert(ptr);
+ message->privateHandler = ptr;
+ message->privateLength = info.size();
+ message->privateInstance = base64.privateInstance;
+ return CERTSVC_SUCCESS;
+ }
+
+ inline int stringNew(
+ CertSvcInstance &instance,
+ const char *str,
+ int size,
+ CertSvcString *output)
+ {
+ if (!output) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+
+ int allocSize = size;
+
+ if (str[allocSize-1] != 0)
+ allocSize++;
+
+ char *ptr = new char[allocSize];
+ memcpy(ptr, str, size);
+ ptr[allocSize-1] = 0;
+
+ output->privateHandler = ptr;
+ output->privateLength = size;
+ output->privateInstance = instance;
+ return CERTSVC_SUCCESS;
+ }
+
+ inline void setCRLFunction(
+ CertSvcCrlCacheWrite writePtr,
+ CertSvcCrlCacheRead readPtr,
+ CertSvcCrlFree freePtr)
+ {
+ m_crlWrite = writePtr;
+ m_crlRead = readPtr;
+ m_crlFree = freePtr;
+ }
+
+ inline int crlCheck(
+ CertSvcCertificate certificate,
+ CertSvcCertificate *trustedStore,
+ int storeSize,
+ int force,
+ int *status,
+ void *userParam)
+ {
+ for(int i=1; i<storeSize; ++i) {
+ if (certificate.privateInstance.privatePtr
+ != trustedStore[i].privateInstance.privatePtr)
+ {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ }
+
+ CRL crl(new CRLCacheCAPI(m_crlWrite, m_crlRead, m_crlFree, userParam));
+
+ for (int i=0; i<storeSize; ++i) {
+ auto iter = m_certificateMap.find(trustedStore[i].privateHandler);
+ if (iter == m_certificateMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ crl.addToStore(iter->second);
+ }
+
+ auto iter = m_certificateMap.find(certificate.privateHandler);
+ if (iter == m_certificateMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ if (iter->second->getCrlUris().empty()) {
+ *status = CERTSVC_CRL_NO_SUPPORT;
+ return CERTSVC_SUCCESS;
+ }
+ crl.updateList(iter->second, force ? CRL::UPDATE_ON_DEMAND: CRL::UPDATE_ON_EXPIRED);
+ CRL::RevocationStatus st = crl.checkCertificate(iter->second);
+ *status = 0;
+
+ if (!st.isCRLValid) {
+ *status |= CERTSVC_CRL_VERIFICATION_ERROR;
+ return CERTSVC_SUCCESS;
+ }
+
+ if (st.isRevoked) {
+ *status |= CERTSVC_CRL_REVOKED;
+ } else {
+ *status |= CERTSVC_CRL_GOOD;
+ }
+
+ return CERTSVC_SUCCESS;
+ }
+
+ inline int certificateVerify(
+ CertSvcCertificate certificate,
+ CertSvcCertificate *trusted,
+ int trustedSize,
+ CertSvcCertificate *untrusted,
+ int untrustedSize,
+ int *status)
+ {
+ if (!trusted || !status) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ auto iter = m_certificateMap.find(certificate.privateHandler);
+ if (iter == m_certificateMap.end()) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+
+ X509 *cert = iter->second->getX509();
+ X509_STORE *store = X509_STORE_new();
+ STACK_OF(X509) *ustore = sk_X509_new_null();
+
+ for (int i=0; i<trustedSize; ++i) {
+ auto iter = m_certificateMap.find(trusted[i].privateHandler);
+ if (iter == m_certificateMap.end()) {
+ X509_STORE_free(store);
+ sk_X509_free(ustore);
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ X509_STORE_add_cert(store, iter->second->getX509());
+ }
+
+ for (int i=0; i<untrustedSize; ++i) {
+ auto iter = m_certificateMap.find(untrusted[i].privateHandler);
+ if (iter == m_certificateMap.end()) {
+ X509_STORE_free(store);
+ sk_X509_free(ustore);
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ sk_X509_push(ustore, iter->second->getX509());
+ }
+ X509_STORE_CTX context;
+ X509_STORE_CTX_init(&context, store, cert, ustore);
+ int result = X509_verify_cert(&context);
+ X509_STORE_CTX_cleanup(&context);
+ X509_STORE_free(store);
+ sk_X509_free(ustore);
+
+ if (result == 1) {
+ *status = CERTSVC_SUCCESS;
+ } else {
+ *status = CERTSVC_FAIL;
+ }
+ return CERTSVC_SUCCESS;
+ }
+
+ inline int pkcsNameIsUnique(
+ CertSvcString pfxIdString,
+ int *is_unique)
+ {
+ gboolean exists;
+ int result = c_certsvc_pkcs12_alias_exists(pfxIdString.privateHandler, &exists);
+ *is_unique = !exists;
+ return result;
+ }
+
+ inline int pkcsImport(
+ CertSvcString path,
+ CertSvcString pass,
+ CertSvcString pfxIdString)
+ {
+ return c_certsvc_pkcs12_import(path.privateHandler, pass.privateHandler, pfxIdString.privateHandler);
+ }
+
+ inline int getPkcsIdList(
+ CertSvcInstance &instance,
+ CertSvcStringList *handler)
+ {
+ gchar **aliases;
+ gsize i, naliases;
+ std::vector<std::string> output;
+ int result;
+
+ result = c_certsvc_pkcs12_aliases_load(&aliases, &naliases);
+ if(result != CERTSVC_SUCCESS)
+ return result;
+ for(i = 0; i < naliases; i++)
+ output.push_back(std::string(aliases[i]));
+ c_certsvc_pkcs12_aliases_free(aliases);
+
+ int position = m_stringListCounter++;
+ m_stringListMap[position] = output;
+
+ handler->privateHandler = position;
+ handler->privateInstance = instance;
+ }
+
+ inline int pkcsHasPassword(
+ CertSvcString filepath,
+ int *has_password)
+ {
+ return c_certsvc_pkcs12_has_password(filepath.privateHandler, has_password);
+ }
+
+ inline int getPkcsPrivateKey(
+ CertSvcString pfxIdString,
+ char **buffer,
+ int *size)
+ {
+ int result = c_certsvc_pkcs12_private_key_load(pfxIdString.privateHandler, buffer);
+ if(result == CERTSVC_SUCCESS)
+ *size = strlen(*buffer);
+ return result;
+ }
+
+ inline int getPkcsCertificateList(
+ CertSvcInstance &instance,
+ CertSvcString &pfxIdString,
+ CertSvcCertificateList *handler)
+ {
+ gchar **certs;
+ gsize i, ncerts;
+ std::vector<CertificatePtr> certPtrVector;
+ std::vector<int> listId;
+ int result;
+
+ result = c_certsvc_pkcs12_load_certificates(pfxIdString.privateHandler, &certs, &ncerts);
+ if(result != CERTSVC_SUCCESS)
+ return result;
+ for(i = 0; i < ncerts; i++) {
+ ScopedCertCtx context(cert_svc_cert_context_init(), cert_svc_cert_context_final);
+ if(cert_svc_load_file_to_context(context.get(), certs[i]) != CERT_SVC_ERR_NO_ERROR) {
+ c_certsvc_pkcs12_free_certificates(certs);
+ return CERTSVC_IO_ERROR;
+ }
+ else
+ certPtrVector.push_back(CertificatePtr(new Certificate(*(context->certBuf))));
+ }
+ c_certsvc_pkcs12_free_certificates(certs);
+
+ FOREACH(it, certPtrVector) {
+ listId.push_back(addCert(*it));
+ }
+
+ int position = m_idListCounter++;
+ m_idListMap[position] = listId;
+
+ handler->privateInstance = instance;
+ handler->privateHandler = position;
+
+ return result;
+ }
+
+ inline int pkcsDelete(CertSvcString pfxIdString)
+ {
+ return c_certsvc_pkcs12_delete(pfxIdString.privateHandler);
+ }
+
+private:
+ int m_certificateCounter;
+ std::map<int, CertificatePtr> m_certificateMap;
+
+ int m_idListCounter;
+ std::map<int, std::vector<int> > m_idListMap;
+
+ int m_stringListCounter;
+ std::map<int, std::vector<std::string> > m_stringListMap;
+
+ std::set<char *> m_allocatedStringSet;
+
+ CertSvcCrlCacheWrite m_crlWrite;
+ CertSvcCrlCacheRead m_crlRead;
+ CertSvcCrlFree m_crlFree;
+};
+
+inline CertSvcInstanceImpl *impl(CertSvcInstance instance) {
+ return static_cast<CertSvcInstanceImpl*>(instance.privatePtr);
+}
+
+} // namespace anonymous
+
+int certsvc_instance_new(CertSvcInstance *instance) {
+ static int init = 1;
+ if (init) {
+ SSL_library_init(); // required by message verification
+ OpenSSL_add_all_digests();
+ g_type_init(); // required by libsoup/ocsp
+ init = 0;
+ }
+ try {
+ instance->privatePtr =
+ reinterpret_cast<void*>(new CertSvcInstanceImpl);
+ if (instance->privatePtr)
+ return CERTSVC_SUCCESS;
+ } catch (std::bad_alloc &) {
+ return CERTSVC_BAD_ALLOC;
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+void certsvc_instance_reset(CertSvcInstance instance) {
+ impl(instance)->reset();
+}
+
+void certsvc_instance_free(CertSvcInstance instance) {
+ delete impl(instance);
+}
+
+int certsvc_certificate_new_from_file(
+ CertSvcInstance instance,
+ const char *location,
+ CertSvcCertificate *certificate)
+{
+ try {
+ ScopedCertCtx context(cert_svc_cert_context_init(),
+ cert_svc_cert_context_final);
+
+ int result = cert_svc_load_file_to_context(context.get(), location);
+
+ switch(result) {
+ case CERT_SVC_ERR_INVALID_PARAMETER: return CERTSVC_WRONG_ARGUMENT;
+ case CERT_SVC_ERR_INVALID_OPERATION: return CERTSVC_FAIL;
+ case CERT_SVC_ERR_MEMORY_ALLOCATION: return CERTSVC_BAD_ALLOC;
+ default:;
+ }
+
+ CertificatePtr cert(new Certificate(*(context->certBuf)));
+
+ certificate->privateInstance = instance;
+ certificate->privateHandler = impl(instance)->addCert(cert);
+
+ return CERTSVC_SUCCESS;
+ // TODO support for std exceptions
+ } catch (std::bad_alloc &) {
+ return CERTSVC_BAD_ALLOC;
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_certificate_new_from_memory(
+ CertSvcInstance instance,
+ const unsigned char *memory,
+ int len,
+ CertSvcCertificateForm form,
+ CertSvcCertificate *certificate)
+{
+ try {
+ Certificate::FormType formType;
+ std::string binary((char*)memory, len);
+
+ if (CERTSVC_FORM_DER == form) {
+ formType = Certificate::FORM_DER;
+ } else {
+ formType = Certificate::FORM_BASE64;
+ }
+
+ CertificatePtr cert(new Certificate(binary, formType));
+
+ certificate->privateInstance = instance;
+ certificate->privateHandler = impl(instance)->addCert(cert);
+ return CERTSVC_SUCCESS;
+ } catch (std::bad_alloc &) {
+ return CERTSVC_BAD_ALLOC;
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+void certsvc_certificate_free(CertSvcCertificate certificate)
+{
+ impl(certificate.privateInstance)->removeCert(certificate);
+}
+
+int certsvc_certificate_save_file(
+ CertSvcCertificate certificate,
+ const char *location)
+{
+ return impl(certificate.privateInstance)->saveToFile(certificate, location);
+}
+
+int certsvc_certificate_search(
+ CertSvcInstance instance,
+ CertSvcCertificateField field,
+ const char *value,
+ CertSvcCertificateList *handler)
+{
+ try {
+ return impl(instance)->certificateSearch(instance, field, value, handler);
+ } catch (std::bad_alloc &) {
+ return CERTSVC_BAD_ALLOC;
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_certificate_list_get_one(
+ CertSvcCertificateList handler,
+ int position,
+ CertSvcCertificate *certificate)
+{
+ return impl(handler.privateInstance)->
+ getCertFromList(handler,position, certificate);
+}
+
+int certsvc_certificate_list_get_length(
+ CertSvcCertificateList handler,
+ int *size)
+{
+ return impl(handler.privateInstance)->getCertListLen(handler, size);
+}
+
+void certsvc_certificate_list_free(CertSvcCertificateList handler)
+{
+ impl(handler.privateInstance)->removeCertList(handler);
+}
+
+int certsvc_certificate_is_signed_by(
+ CertSvcCertificate child,
+ CertSvcCertificate parent,
+ int *status)
+{
+ if (child.privateInstance.privatePtr == parent.privateInstance.privatePtr) {
+ return impl(child.privateInstance)->isSignedBy(child, parent, status);
+ }
+ return CERTSVC_WRONG_ARGUMENT;
+}
+
+int certsvc_certificate_get_string_field(
+ CertSvcCertificate certificate,
+ CertSvcCertificateField field,
+ CertSvcString *buffer)
+{
+ try {
+ return impl(certificate.privateInstance)->getField(certificate, field, buffer);
+ } catch (std::bad_alloc &) {
+ return CERTSVC_BAD_ALLOC;
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_certificate_get_not_after(
+ CertSvcCertificate certificate,
+ time_t *result)
+{
+ try {
+ return impl(certificate.privateInstance)->getNotAfter(certificate, result);
+ } catch(...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_certificate_get_not_before(
+ CertSvcCertificate certificate,
+ time_t *result)
+{
+ try {
+ return impl(certificate.privateInstance)->getNotBefore(certificate, result);
+ } catch(...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_certificate_is_root_ca(CertSvcCertificate certificate, int *status)
+{
+ return impl(certificate.privateInstance)->isRootCA(certificate, status);
+}
+
+int certsvc_certificate_get_crl_distribution_points(
+ CertSvcCertificate certificate,
+ CertSvcStringList *handler)
+{
+ try {
+ return impl(certificate.privateInstance)->getCrl(certificate, handler);
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_string_list_get_one(
+ CertSvcStringList handler,
+ int position,
+ CertSvcString *buffer)
+{
+ try {
+ return impl(handler.privateInstance)->getStringFromList(handler, position, buffer);
+ } catch (std::bad_alloc &) {
+ return CERTSVC_BAD_ALLOC;
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_string_list_get_length(
+ CertSvcStringList handler,
+ int *size)
+{
+ return impl(handler.privateInstance)->getStringListLen(handler, size);
+}
+
+void certsvc_string_list_free(CertSvcStringList handler)
+{
+ impl(handler.privateInstance)->removeStringList(handler);
+}
+
+void certsvc_string_free(CertSvcString string)
+{
+ impl(string.privateInstance)->removeString(string);
+}
+
+void certsvc_string_to_cstring(
+ CertSvcString string,
+ const char **buffer,
+ int *len)
+{
+ if (buffer) {
+ *buffer = string.privateHandler;
+ }
+ if (len) {
+ *len = string.privateLength;
+ }
+}
+
+int certsvc_certificate_chain_sort(
+ CertSvcCertificate *certificate_array,
+ int size)
+{
+ try {
+ if (!certificate_array) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ return impl(certificate_array[0].privateInstance)->
+ sortCollection(certificate_array, size);
+ } catch (std::bad_alloc &) {
+ return CERTSVC_BAD_ALLOC;
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_certificate_dup_x509(CertSvcCertificate certificate, X509 **cert)
+{
+ try {
+ return impl(certificate.privateInstance)->getX509Copy(certificate, cert);
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+void certsvc_certificate_free_x509(X509 *x509)
+{
+ X509_free(x509);
+}
+
+int certsvc_ocsp_check(
+ CertSvcCertificate *chain,
+ int chain_size,
+ CertSvcCertificate *trusted,
+ int trusted_size,
+ const char *url,
+ int *status)
+{
+ try {
+ if (!chain || !trusted) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ return impl(chain[0].privateInstance)->
+ ocspCheck(chain,
+ chain_size,
+ trusted,
+ trusted_size,
+ url,
+ status);
+ } catch (std::bad_alloc &) {
+ return CERTSVC_BAD_ALLOC;
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_message_verify(
+ CertSvcCertificate certificate,
+ CertSvcString message,
+ CertSvcString signature,
+ const char *algorithm,
+ int *status)
+{
+ try {
+ return impl(certificate.privateInstance)->verify(
+ certificate,
+ message,
+ signature,
+ algorithm,
+ status);
+ } catch(...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_base64_encode(CertSvcString message, CertSvcString *base64)
+{
+ try {
+ return impl(message.privateInstance)->base64Encode(message, base64);
+ } catch(...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_base64_decode(CertSvcString base64, CertSvcString *message)
+{
+ try {
+ return impl(base64.privateInstance)->base64Decode(base64, message);
+ } catch(...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_string_new(
+ CertSvcInstance instance,
+ const char *url,
+ int size,
+ CertSvcString *output)
+{
+ try {
+ return impl(instance)->stringNew(instance, url, size, output);
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_string_not_managed(
+ CertSvcInstance instance,
+ const char *url,
+ int size,
+ CertSvcString *output)
+{
+ if (!output) {
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+ output->privateHandler = const_cast<char*>(url);
+ output->privateLength = size;
+ output->privateInstance = instance;
+ return CERTSVC_SUCCESS;
+}
+
+void certsvc_crl_cache_functions(
+ CertSvcInstance instance,
+ CertSvcCrlCacheWrite writePtr,
+ CertSvcCrlCacheRead readPtr,
+ CertSvcCrlFree freePtr)
+{
+ impl(instance)->setCRLFunction(writePtr, readPtr, freePtr);
+}
+
+int certsvc_crl_check(
+ CertSvcCertificate certificate,
+ CertSvcCertificate *trustedStore,
+ int storeSize,
+ int force,
+ int *status,
+ void *userParam)
+{
+ try {
+ return impl(certificate.privateInstance)->crlCheck(
+ certificate,
+ trustedStore,
+ storeSize,
+ force,
+ status,
+ userParam);
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_certificate_verify(
+ CertSvcCertificate certificate,
+ CertSvcCertificate *trusted,
+ int trustedSize,
+ CertSvcCertificate *untrusted,
+ int untrustedSize,
+ int *status)
+{
+ try {
+ return impl(certificate.privateInstance)->certificateVerify(
+ certificate,
+ trusted,
+ trustedSize,
+ untrusted,
+ untrustedSize,
+ status);
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_pkcs12_alias_exists(CertSvcInstance instance,
+ CertSvcString pfxIdString,
+ int *is_unique)
+{
+ try {
+ return impl(instance)->pkcsNameIsUnique(pfxIdString, is_unique);
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_pkcs12_import_from_file(CertSvcInstance instance,
+ CertSvcString path,
+ CertSvcString password,
+ CertSvcString pfxIdString)
+{
+ try {
+ return impl(instance)->pkcsImport(path, password, pfxIdString);
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_pkcs12_get_id_list(
+ CertSvcInstance instance,
+ CertSvcStringList *pfxIdStringList)
+{
+ try {
+ return impl(instance)->getPkcsIdList(
+ instance,
+ pfxIdStringList);
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_pkcs12_has_password(
+ CertSvcInstance instance,
+ CertSvcString filepath,
+ int *has_password)
+{
+ try {
+ return impl(instance)->pkcsHasPassword(
+ filepath,
+ has_password);
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_pkcs12_load_certificate_list(
+ CertSvcInstance instance,
+ CertSvcString pfxIdString,
+ CertSvcCertificateList *certificateList)
+{
+ try {
+ return impl(instance)->getPkcsCertificateList(
+ instance,
+ pfxIdString,
+ certificateList);
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_pkcs12_private_key_dup(
+ CertSvcInstance instance,
+ CertSvcString pfxIdString,
+ char **buffer,
+ int *size)
+{
+ try {
+ return impl(instance)->getPkcsPrivateKey(pfxIdString, buffer, size);
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+void certsvc_pkcs12_private_key_free(
+ char *buffer)
+{
+ delete[] buffer;
+}
+
+int certsvc_pkcs12_delete(
+ CertSvcInstance instance,
+ CertSvcString pfxIdString)
+{
+ try {
+ return impl(instance)->pkcsDelete(pfxIdString);
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
--- /dev/null
+/**
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file pkcs12.h
+ * @author Jacek Migacz (j.migacz@samsung.com)
+ * @version 1.0
+ * @brief PKCS#12 container manipulation routines.
+ */
+#define _GNU_SOURCE
+
+#include "pkcs12.h"
+#include <cert-svc/cerror.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+#include <openssl/sha.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <ss_manager.h>
+
+#define SYSCALL(call) while(((call) == -1) && (errno == EINTR))
+
+#define CERTSVC_PKCS12_STORAGE_DIR "/opt/share/cert-svc/pkcs12"
+#define CERTSVC_PKCS12_STORAGE_FILE "storage"
+#define CERTSVC_PKCS12_STORAGE_PATH CERTSVC_PKCS12_STORAGE_DIR "/" CERTSVC_PKCS12_STORAGE_FILE
+
+static const char CERTSVC_PKCS12_STORAGE_KEY_PKEY[] = "pkey";
+static const char CERTSVC_PKCS12_STORAGE_KEY_CERTS[] = "certs";
+static const gchar CERTSVC_PKCS12_STORAGE_SEPARATOR = ';';
+
+static gboolean keyfile_check(const char *pathname) {
+ int result;
+ if(access(pathname, F_OK | R_OK | W_OK) == 0)
+ return TRUE;
+ SYSCALL(result = creat(pathname, S_IRUSR | S_IWUSR));
+ return (result != -1) ? TRUE : FALSE;
+}
+
+static GKeyFile *keyfile_load(const char *pathname) {
+ GKeyFile *keyfile;
+ GError *error;
+
+ if(!keyfile_check(pathname))
+ return NULL;
+ keyfile = g_key_file_new();
+ error = NULL;
+ if(!g_key_file_load_from_file(keyfile, pathname, G_KEY_FILE_KEEP_COMMENTS, &error)) {
+ g_key_file_free(keyfile);
+ return NULL;
+ }
+ return keyfile;
+}
+
+static int generate_random_filepath(char **filepath) {
+ int generator;
+ int64_t random;
+ SHA_CTX ctx;
+ unsigned char d[SHA_DIGEST_LENGTH];
+ int result;
+
+ if(!filepath)
+ return CERTSVC_WRONG_ARGUMENT;
+
+ SYSCALL(generator = open("/dev/urandom", O_RDONLY));
+ if(generator == -1)
+ return CERTSVC_FAIL;
+ SYSCALL(result = read(generator, &random, sizeof(random)));
+ if(result == -1) {
+ SYSCALL(close(generator));
+ return CERTSVC_FAIL;
+ }
+ SYSCALL(result = close(generator));
+ if(result == -1)
+ return CERTSVC_FAIL;
+
+ SHA1_Init(&ctx);
+ SHA1_Update(&ctx, &random, sizeof(random));
+ SHA1_Final(d, &ctx);
+
+ result = asprintf(filepath, "%s/" \
+ "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x" \
+ "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+ CERTSVC_PKCS12_STORAGE_DIR,
+ d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], d[8], d[9],
+ d[10], d[11], d[12], d[13], d[14], d[15], d[16], d[17], d[18], d[19]);
+ return (result != -1) ? CERTSVC_SUCCESS : CERTSVC_BAD_ALLOC;
+}
+
+static int unique_filename(char **filepath, gboolean with_secure_storage) {
+ const unsigned attempts = 0xFFU;
+ unsigned trial;
+ int result;
+ ssm_file_info_t sfi;
+ gboolean exists;
+
+ trial = 0U;
+ try_again:
+ ++trial;
+ result = generate_random_filepath(filepath);
+ if(result != CERTSVC_SUCCESS)
+ return result;
+ if(with_secure_storage)
+ exists = (access(*filepath, F_OK) == 0 || ssm_getinfo(*filepath, &sfi, SSM_FLAG_DATA, NULL) == 0);
+ else
+ exists = (access(*filepath, F_OK) == 0);
+ if(exists) {
+ free(*filepath);
+ if(trial + 1 > attempts)
+ return CERTSVC_FAIL;
+ else
+ goto try_again;
+ }
+ return CERTSVC_SUCCESS;
+}
+
+static char *bare_filename(char *filepath) {
+ char *needle;
+ if(!filepath)
+ return NULL;
+ needle = strrchr(filepath, '/');
+ if(!needle)
+ return NULL;
+ return *(++needle) ? needle : NULL;
+}
+
+int c_certsvc_pkcs12_alias_exists(const gchar *alias, gboolean *exists) {
+ GKeyFile *keyfile;
+
+ if(exists == NULL)
+ return CERTSVC_WRONG_ARGUMENT;
+ keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH);
+ if(!keyfile)
+ return CERTSVC_IO_ERROR;
+ *exists = g_key_file_has_group(keyfile, alias);
+ g_key_file_free(keyfile);
+ return CERTSVC_SUCCESS;
+}
+
+int c_certsvc_pkcs12_import(const char *path, const char *password, const gchar *alias) {
+ int exists;
+ FILE *stream;
+ PKCS12 *container;
+ EVP_PKEY *key;
+ X509 *cert;
+ STACK_OF(X509) *certv;
+ int nicerts;
+ char *unique;
+ int result;
+ struct stat st;
+ int wr_res;
+ GKeyFile *keyfile;
+ gchar *bare;
+ gchar *pkvalue;
+ gchar **cvaluev;
+ gsize i, n;
+ gchar *data;
+ gsize length;
+
+ certv = NULL;
+ if(!alias || strlen(alias) < 1)
+ return CERTSVC_WRONG_ARGUMENT;
+ result = c_certsvc_pkcs12_alias_exists(alias, &exists);
+ if(result != CERTSVC_SUCCESS)
+ return result;
+ if(exists == TRUE)
+ return CERTSVC_DUPLICATED_ALIAS;
+
+ keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH);
+ if(!keyfile)
+ return CERTSVC_IO_ERROR;
+ if(stat(CERTSVC_PKCS12_STORAGE_PATH, &st) == -1) {
+ if(mkdir(CERTSVC_PKCS12_STORAGE_PATH, S_IRWXU | S_IRWXG | S_IRWXO) == -1) {
+ result = CERTSVC_FAIL;
+ goto free_keyfile;
+ }
+ }
+
+ if((stream = fopen(path, "rb")) == NULL) {
+ result = CERTSVC_IO_ERROR;
+ goto free_keyfile;
+ }
+ container = d2i_PKCS12_fp(stream, NULL);
+ fclose(stream);
+ if(container == NULL) {
+ result = CERTSVC_FAIL;
+ goto free_keyfile;
+ }
+ result = PKCS12_parse(container, password, &key, &cert, &certv);
+ PKCS12_free(container);
+ if(result == 0) {
+ result = CERTSVC_FAIL;
+ goto free_keyfile;
+ }
+ nicerts = certv ? sk_X509_num(certv) : 0;
+ cvaluev = (gchar **)calloc(1 + nicerts, sizeof(gchar *));
+ n = 0;
+
+ result = unique_filename(&unique, TRUE);
+ if(result != CERTSVC_SUCCESS)
+ goto clean_cert_chain_and_pkey;
+ if((stream = fopen(unique, "w")) == NULL) {
+ free(unique);
+ result = CERTSVC_IO_ERROR;
+ goto clean_cert_chain_and_pkey;
+ }
+ result = PEM_write_PrivateKey(stream, key, NULL, NULL, 0, NULL, NULL);
+ fclose(stream);
+ if(result == 0) {
+ result = CERTSVC_FAIL;
+ goto clean_cert_chain_and_pkey;
+ }
+ wr_res = ssm_write_file(unique, SSM_FLAG_DATA, NULL);
+ if(wr_res != 0) {
+ free(unique);
+ result = CERTSVC_FAIL;
+ goto clean_cert_chain_and_pkey;
+ }
+ bare = bare_filename(unique);
+ if(bare) {
+ pkvalue = g_strdup(bare);
+ g_key_file_set_string(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_PKEY, pkvalue);
+ }
+ free(unique);
+ result = unique_filename(&unique, FALSE);
+ if(result != CERTSVC_SUCCESS)
+ goto clean_cert_chain_and_pkey;
+ if((stream = fopen(unique, "w")) == NULL) {
+ free(unique);
+ result = CERTSVC_IO_ERROR;
+ goto clean_cert_chain_and_pkey;
+ }
+ result = PEM_write_X509_AUX(stream, cert);
+ fclose(stream);
+ if(result == 0) {
+ result = CERTSVC_FAIL;
+ goto clean_cert_chain_and_pkey;
+ }
+ bare = bare_filename(unique);
+ if(bare)
+ cvaluev[n++] = g_strdup(bare);
+ free(unique);
+ for(i = 0; i < nicerts; i++) {
+ result = unique_filename(&unique, FALSE);
+ if(result != CERTSVC_SUCCESS)
+ goto clean_cert_chain_and_pkey;
+ if((stream = fopen(unique, "w")) == NULL) {
+ free(unique);
+ result = CERTSVC_IO_ERROR;
+ goto clean_cert_chain_and_pkey;
+ }
+ result = PEM_write_X509_AUX(stream, sk_X509_value(certv, i));
+ fclose(stream);
+ if(result == 0) {
+ result = CERTSVC_FAIL;
+ goto clean_cert_chain_and_pkey;
+ }
+ bare = bare_filename(unique);
+ if(bare)
+ cvaluev[n++] = g_strdup(bare);
+ free(unique);
+ }
+ g_key_file_set_list_separator(keyfile, CERTSVC_PKCS12_STORAGE_SEPARATOR);
+ g_key_file_set_string_list(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_CERTS, (gchar *const *)cvaluev, n + 1);
+ data = g_key_file_to_data(keyfile, &length, NULL);
+ if(data == NULL) {
+ result = CERTSVC_BAD_ALLOC;
+ goto clean_cert_chain_and_pkey;
+ }
+ if(!g_file_set_contents(CERTSVC_PKCS12_STORAGE_PATH, data, length, NULL)) {
+ result = CERTSVC_IO_ERROR;
+ goto free_data;
+ }
+ result = CERTSVC_SUCCESS;
+ free_data:
+ g_free(data);
+ clean_cert_chain_and_pkey:
+ EVP_PKEY_free(key);
+ X509_free(cert);
+ sk_X509_free(certv);
+ free(pkvalue);
+ for(i = 0; i < n; i++) {
+ g_free(cvaluev[i]);
+ }
+ free(cvaluev);
+ free_keyfile:
+ g_key_file_free(keyfile);
+ return result;
+}
+
+int c_certsvc_pkcs12_aliases_load(gchar ***aliases, gsize *naliases) {
+ GKeyFile *keyfile;
+
+ keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH);
+ if(!keyfile)
+ return CERTSVC_IO_ERROR;
+ *aliases = g_key_file_get_groups(keyfile, naliases);
+ g_key_file_free(keyfile);
+ return CERTSVC_SUCCESS;
+}
+
+void c_certsvc_pkcs12_aliases_free(gchar **aliases) {
+ g_strfreev(aliases);
+}
+
+int c_certsvc_pkcs12_has_password(const char *filepath, gboolean *passworded) {
+ FILE *stream;
+ EVP_PKEY *pkey;
+ X509 *cert;
+ PKCS12 *container;
+ int result;
+
+ if(passworded == NULL)
+ return CERTSVC_WRONG_ARGUMENT;
+ if((stream = fopen(filepath, "rb")) == NULL)
+ return CERTSVC_IO_ERROR;
+ container = d2i_PKCS12_fp(stream, NULL);
+ fclose(stream);
+ if(container == NULL)
+ return CERTSVC_FAIL;
+ result = PKCS12_parse(container, NULL, &pkey, &cert, NULL);
+ PKCS12_free(container);
+ if(result == 1) {
+ EVP_PKEY_free(pkey);
+ X509_free(cert);
+ *passworded = FALSE;
+ return CERTSVC_SUCCESS;
+ }
+ else {
+ if(ERR_GET_REASON(ERR_peek_last_error()) == PKCS12_R_MAC_VERIFY_FAILURE) {
+ *passworded = TRUE;
+ return CERTSVC_SUCCESS;
+ }
+ else
+ return CERTSVC_FAIL;
+ }
+}
+
+int c_certsvc_pkcs12_load_certificates(const gchar *alias, gchar ***certs, gsize *ncerts) {
+ GKeyFile *keyfile;
+ gchar **barev;
+ gsize i;
+ keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH);
+ if(!keyfile)
+ return CERTSVC_IO_ERROR;
+ g_key_file_set_list_separator(keyfile, CERTSVC_PKCS12_STORAGE_SEPARATOR);
+ barev = g_key_file_get_string_list(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_CERTS, ncerts, NULL);
+ *certs = g_malloc((*ncerts + 1) * sizeof(gchar *));
+ for(i = 0; i < *ncerts; i++)
+ *certs[i] = g_strdup_printf("%s/%s", CERTSVC_PKCS12_STORAGE_DIR, barev[i]);
+ (*certs)[*ncerts] = NULL;
+ g_strfreev(barev);
+ g_key_file_free(keyfile);
+ return CERTSVC_SUCCESS;
+}
+
+void c_certsvc_pkcs12_free_certificates(gchar **certs) {
+ gsize i = 0;
+ if(certs == NULL)
+ return;
+ while(certs[i])
+ g_free(certs[i++]);
+ g_free(certs);
+}
+
+int c_certsvc_pkcs12_private_key_load(const gchar *alias, char **buffer) {
+ GKeyFile *keyfile;
+ gchar *pkey;
+ GError *error;
+ ssm_file_info_t sfi;
+ size_t readlen;
+ char *spkp;
+ int result;
+
+ if(!buffer)
+ return CERTSVC_WRONG_ARGUMENT;
+ keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH);
+ if(!keyfile)
+ return CERTSVC_IO_ERROR;
+ error = NULL;
+ result = CERTSVC_SUCCESS;
+ pkey = g_key_file_get_string(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_PKEY, &error);
+ if(error && error->code == G_KEY_FILE_ERROR_KEY_NOT_FOUND)
+ result = CERTSVC_SUCCESS;
+ else if(error)
+ result = CERTSVC_FAIL;
+ else {
+ if(asprintf(&spkp, "%s/%s", CERTSVC_PKCS12_STORAGE_DIR, pkey) == -1) {
+ spkp = NULL;
+ result = CERTSVC_BAD_ALLOC;
+ }
+ else if(ssm_getinfo(spkp, &sfi, SSM_FLAG_DATA, NULL) == 0) {
+ if((*buffer = malloc(sfi.originSize))) {
+ if(ssm_read(spkp, *buffer, sfi.originSize, &readlen, SSM_FLAG_DATA, NULL) != 0) {
+ c_certsvc_pkcs12_private_key_free(buffer);
+ result = CERTSVC_FAIL;
+ }
+ }
+ else
+ result = CERTSVC_BAD_ALLOC;
+ }
+ free(spkp);
+ g_free(pkey);
+ }
+ g_key_file_free(keyfile);
+ return result;
+}
+
+void c_certsvc_pkcs12_private_key_free(char *buffer) {
+ free(buffer);
+}
+
+int c_certsvc_pkcs12_delete(const gchar *alias) {
+ gchar **certs;
+ gsize ncerts;
+ char *pkey;
+ int result;
+ GKeyFile *keyfile;
+ gchar *data;
+ gsize i, length;
+
+ result = c_certsvc_pkcs12_load_certificates(alias, &certs, &ncerts);
+ if(result != CERTSVC_SUCCESS)
+ goto load_certificates_failed;
+ result = c_certsvc_pkcs12_private_key_load(alias, &pkey);
+ if(result != CERTSVC_SUCCESS)
+ goto private_key_load_failed;
+ keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH);
+ if(!keyfile) {
+ result = CERTSVC_IO_ERROR;
+ goto keyfile_load_failed;
+ }
+ if(g_key_file_remove_group(keyfile, alias, NULL)) {
+ data = g_key_file_to_data(keyfile, &length, NULL);
+ if(data == NULL) {
+ result = CERTSVC_BAD_ALLOC;
+ goto keyfile_free;
+ }
+ if(!g_file_set_contents(CERTSVC_PKCS12_STORAGE_PATH, data, length, NULL)) {
+ result = CERTSVC_IO_ERROR;
+ goto data_free;
+ }
+ }
+ for(i = 0; i < ncerts; i++)
+ unlink(certs[i]);
+ ssm_delete_file(pkey, SSM_FLAG_DATA, NULL);
+ data_free:
+ g_free(data);
+ keyfile_free:
+ g_key_file_free(keyfile);
+ keyfile_load_failed:
+ c_certsvc_pkcs12_private_key_free(pkey);
+ private_key_load_failed:
+ c_certsvc_pkcs12_free_certificates(certs);
+ load_certificates_failed:
+ return result;
+}
--- /dev/null
+/**
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file pkcs12.c
+ * @author Jacek Migacz (j.migacz@samsung.com)
+ * @version 1.0
+ * @brief PKCS#12 container manipulation routines.
+ */
+#ifndef _PKCS12_H_
+#define _PKCS12_H_
+
+#include <glib.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int c_certsvc_pkcs12_alias_exists(const gchar *alias, gboolean *exists);
+int c_certsvc_pkcs12_import(const char *path, const char *password, const gchar *alias);
+int c_certsvc_pkcs12_aliases_load(gchar ***aliases, gsize *naliases);
+void c_certsvc_pkcs12_aliases_free(gchar **aliases);
+int c_certsvc_pkcs12_has_password(const char *filepath, gboolean *passworded);
+int c_certsvc_pkcs12_load_certificates(const gchar *alias, gchar ***certificates, gsize *ncertificates);
+void c_certsvc_pkcs12_free_certificates(gchar **certs);
+int c_certsvc_pkcs12_private_key_load(const gchar *alias, char **pkey);
+void c_certsvc_pkcs12_private_key_free(char *buffer);
+/*
+int c_certsvc_pkcs12_certificate_email_load(const gchar *alias, char **buffer, int *size);
+void c_certsvc_pkcs12_certificate_email_free(char *buffer);
+*/
+int c_certsvc_pkcs12_delete(const gchar *alias);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @file scoped_fclose.h
+ * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of scoped fclose RAII
+ */
+#ifndef WRT_ENGINE_SRC_COMMON_SCOPED_GPOINTER_H
+#define WRT_ENGINE_SRC_COMMON_SCOPED_GPOINTER_H
+
+#include <cstddef>
+#include <glib-object.h>
+
+#include <dpl/scoped_resource.h>
+#include <dpl/assert.h>
+
+namespace WRT {
+struct ScopedGPointerPolicy
+{
+ typedef gpointer Type;
+ static Type NullValue()
+ {
+ return NULL;
+ }
+ static void Destroy(Type pointer)
+ {
+ if (pointer != NULL) {
+ g_object_unref(pointer);
+ }
+ }
+};
+
+template <typename Class>
+class ScopedGPointer : public DPL::ScopedResource<ScopedGPointerPolicy>
+{
+ typedef ScopedGPointerPolicy Policy;
+ typedef DPL::ScopedResource<Policy> BaseType;
+
+ public:
+ explicit ScopedGPointer(typename Policy::Type pointer =
+ Policy::NullValue()) :
+ BaseType(pointer)
+ {
+ }
+
+ Class *operator->() const throw()
+ {
+ Assert(this->m_value != Policy::NullValue() &&
+ "Dereference of scoped NULL pointer!");
+ return static_cast<Class *>(this->m_value);
+ }
+
+ Class & operator *() const throw()
+ {
+ Assert(this->m_value != Policy::NullValue() &&
+ "Dereference of scoped NULL pointer!");
+ return *static_cast<Class *>(this->m_value);
+ }
+};
+} // namespace WRT
+
+#endif // WRT_ENGINE_SRC_COMMON_SCOPED_GPOINTER_H
projects / platform / core / security / cert-svc.git / commitdiff