--- /dev/null
+/_build_
+/cscope.files
+/cscope.in.out
+/cscope.out
+/cscope.po.out
CMAKE_MINIMUM_REQUIRED(VERSION 2.6)
PROJECT(certsvc)
-SET(CMAKE_VERBOSE_MAKEFILE off)
-
-SET(PREFIX ${CMAKE_INSTALL_PREFIX})
-SET(EXEC_PREFIX "\${prefix}")
-SET(LIBDIR "\${prefix}/lib")
-SET(INCLUDEDIR "\${prefix}/include")
-SET(VERSION_MAJOR 1)
-SET(VERSION "${VERSION_MAJOR}.0.0")
-SET(TARGET_VCORE_LIB "cert-svc-vcore")
+INCLUDE(FindPkgConfig)
-INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include)
+SET(SO_VERSION 1)
+SET(VERSION "${SO_VERSION}.0.0")
-INCLUDE(FindPkgConfig)
-pkg_check_modules(pkgs REQUIRED openssl dlog glib-2.0)
+SET(TARGET_CERT_SVC_LIB "cert-svc")
+SET(TARGET_VCORE_LIB "cert-svc-vcore")
-FOREACH(flag ${pkgs_CFLAGS})
-SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
-ENDFOREACH(flag)
+# compiler options
+SET(GC_SECTIONS_FLAGS "-fdata-sections -ffunction-sections -Wl,--gc-sections")
+SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${GC_SECTIONS_FLAGS}")
+SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${GC_SECTIONS_FLAGS}")
-SET(source_dir "./srcs")
-SET(include_dir "./include")
+SET(CMAKE_C_FLAGS_RELEASE "-fvisibility=hidden -Wall -O2")
+SET(CMAKE_CXX_FLAGS_RELEASE "-std=c++0x -Wall -O2")
-# About debug
-SET(debug "-DCERT_SVC_LOG") # for debug
-#SET(debug "-DCERT_SVC_LOG_CONSOLE") # for debug
+SET(CMAKE_C_FLAGS_DEBUG "-fvisibility=hidden -Wall -O0 -g")
+SET(CMAKE_CXX_FLAGS_DEBUG "-std=c++0x -Wall -O0 -g")
+
+SET(CMAKE_C_FLAGS_CCOV "-fvisibility=hidden -Wall -O2 --coverage")
+SET(CMAKE_CXX_FLAGS_CCOV "-std=c++0x -Wall -O2 --coverage")
-SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -fvisibility=hidden")
-SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS}")
SET(CMAKE_SHARED_LINKER_FLAGS "-Wl,--as-needed")
SET(CMAKE_EXE_LINKER_FLAGS "-Wl,--as-needed")
SET(CMAKE_SKIP_RPATH "TRUE")
-SET(CMAKE_CXX_FLAGS "-O2 -std=c++0x -g -Wall")
+#SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Werror -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wmissing-declarations")
-###################################################################################################
+################################################################################
# for libcert-svc.so
-SET(libcert-svc_SOURCES
- ${source_dir}/cert-service.c
- ${source_dir}/cert-service-util.c
- ${source_dir}/cert-service-store.c
- ${source_dir}/cert-service-process.c )
-SET(libcert-svc_LDFLAGS " -module -avoid-version ${pkgs_LDFALGS} ")
-SET(libcert-svc_CFLAGS " ${CFLAGS} -fvisibility=hidden -g -fPIC -I${CMAKE_CURRENT_SOURCE_DIR}/include ${debug} ")
-SET(libcert-svc_CPPFLAGS " -DPIC ")
-
-ADD_LIBRARY(cert-svc SHARED ${libcert-svc_SOURCES})
-TARGET_LINK_LIBRARIES(cert-svc ${pkgs_LDFLAGS} ${pkgs_LIBRARIES} -L${prefix}/lib -lpthread)
-SET_TARGET_PROPERTIES(cert-svc PROPERTIES COMPILE_FLAGS "${libcert-svc_CFLAGS} ${libcert-svc_CPPFLAGS}")
-SET_TARGET_PROPERTIES(cert-svc PROPERTIES SOVERSION ${VERSION_MAJOR})
-SET_TARGET_PROPERTIES(cert-svc PROPERTIES VERSION ${VERSION})
-###################################################################################################
-
-###################################################################################################
-# for dpkg-pki-sig
-SET(PackageSignVerify_SOURCES
- ${source_dir}/dpkg-pki-sig.c
- ${source_dir}/cert-service-util.c )
-SET(PackageSignVerify_CFLAGS " -fvisibility=hidden -I. -I${CMAKE_CURRENT_SOURCE_DIR}/include ${debug} ")
-SET(PackageSignVerify_LDFALGS " -module -avoid-version ${pkgs_LDFLAGS} ")
-
-ADD_EXECUTABLE(dpkg-pki-sig ${PackageSignVerify_SOURCES})
-TARGET_LINK_LIBRARIES(dpkg-pki-sig ${pkgs_LDFLAGS} cert-svc)
-SET_TARGET_PROPERTIES(dpkg-pki-sig PROPERTIES COMPILE_FLAGS "${PackageSignVerify_CFLAGS} ")
-###################################################################################################
+################################################################################
+
+PKG_CHECK_MODULES(CERT_SVC_DEPS
+ REQUIRED
+ openssl
+ dlog
+ glib-2.0
+ libxml-2.0
+)
+
+SET(CERT_SVC_SOURCES
+ ${PROJECT_SOURCE_DIR}/srcs/cert-service.c
+ ${PROJECT_SOURCE_DIR}/srcs/cert-service-util.c
+ ${PROJECT_SOURCE_DIR}/srcs/cert-service-store.c
+ ${PROJECT_SOURCE_DIR}/srcs/cert-service-process.c
+)
+
+IF (CMAKE_BUILD_TYPE MATCHES "DEBUG")
+ ADD_DEFINITIONS("-DTIZEN_DEBUG_ENABLE")
+ ADD_DEFINITIONS("-DBUILD_TYPE_DEBUG")
+ENDIF (CMAKE_BUILD_TYPE MATCHES "DEBUG")
+
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/include
+ ${CERT_SVC_DEPS_INCLUDE_DIRS}
+)
+
+ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
+
+IF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+MESSAGE("TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL ENABLED")
+ADD_DEFINITIONS("-DTIZEN_FEATURE_CERT_SVC_OCSP_CRL")
+ENDIF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+
+ADD_LIBRARY(${TARGET_CERT_SVC_LIB} SHARED ${CERT_SVC_SOURCES})
+
+SET_TARGET_PROPERTIES(${TARGET_CERT_SVC_LIB} PROPERTIES
+ SOVERSION ${SO_VERSION}
+ VERSION ${VERSION}
+)
+
+TARGET_LINK_LIBRARIES(${TARGET_CERT_SVC_LIB}
+ pthread
+ ${CERT_SVC_DEPS_LIBRARIES}
+)
+
+
+################################################################################
CONFIGURE_FILE(cert-svc.pc.in cert-svc.pc @ONLY)
CONFIGURE_FILE(cert-svc-vcore.pc.in cert-svc-vcore.pc @ONLY)
-INSTALL(TARGETS cert-svc DESTINATION /usr/lib COMPONENT RuntimeLibraries)
-INSTALL(PROGRAMS ${CMAKE_BINARY_DIR}/dpkg-pki-sig DESTINATION /usr/bin)
-INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/cert-svc.pc DESTINATION /usr/lib/pkgconfig)
-INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/cert-svc-vcore.pc DESTINATION /usr/lib/pkgconfig)
+INSTALL(TARGETS ${TARGET_CERT_SVC_LIB} DESTINATION ${LIBDIR} COMPONENT RuntimeLibraries)
+INSTALL(PROGRAMS ${TARGET_SIGN_TOOL} DESTINATION ${BINDIR})
+INSTALL(FILES
+ ${CMAKE_CURRENT_BINARY_DIR}/cert-svc.pc
+ ${CMAKE_CURRENT_BINARY_DIR}/cert-svc-vcore.pc
+ DESTINATION ${LIBDIR}/pkgconfig
+)
INSTALL(FILES ${PROJECT_SOURCE_DIR}/targetinfo DESTINATION /opt/share/cert-svc/)
-INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/include/cert-service.h DESTINATION /usr/include)
+INSTALL(FILES ${PROJECT_SOURCE_DIR}/res/pin/.pin DESTINATION /opt/share/cert-svc/pin/)
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/include/cert-service.h DESTINATION ${INCLUDEDIR})
+INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/res/ca-certificate.crt DESTINATION /opt/share/cert-svc/)
# Now we must create empty directory for certificates.
# Without this directories rpm package will fail during build.
+#INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
+# DESTINATION /usr/share/cert-svc/ca-certs/code-signing/native
+# FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
+#)
+#INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
+# DESTINATION /usr/share/cert-svc/ca-certs/code-signing/wac
+# FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
+#)
INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
- DESTINATION /usr/share/cert-svc/ca-certs/code-signing/native
+ DESTINATION /usr/share/cert-svc/certs/code-signing/wac
FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
)
INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
- DESTINATION /usr/share/cert-svc/ca-certs/code-signing/wac
+ DESTINATION /usr/share/cert-svc/certs/code-signing/tizen
FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
)
-INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
- DESTINATION /opt/share/cert-svc/certs/code-signing/wac
- FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
+IF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+INSTALL(FILES ${PROJECT_SOURCE_DIR}/res/fota/FOTA_ROOT.cer
+ DESTINATION /usr/share/cert-svc/certs/fota
)
+ENDIF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
DESTINATION /opt/share/cert-svc/certs/sim/operator
FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
)
INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
- DESTINATION /opt/share/cert-svc/certs/ssl
- FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
-)
-INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
DESTINATION /opt/share/cert-svc/certs/user
FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
)
DESTINATION /opt/share/cert-svc/certs/mdm/security/cert
FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
)
+INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty
+ DESTINATION /opt/share/cert-svc/pkcs12
+ FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH
+)
ADD_SUBDIRECTORY(vcore)
ADD_SUBDIRECTORY(etc)
+IF (DEFINED CERTSVC_BUILD_TEST_PACKAGE)
ADD_SUBDIRECTORY(tests)
+ENDIF (DEFINED CERTSVC_BUILD_TEST_PACKAGE)
--- /dev/null
+Copyright (c) Samsung Electronics Co., Ltd. All rights reserved.
+Except as noted, this software is licensed under Apache License, Version 2.
+Please, see the LICENSE.APLv2 file for Apache License terms and conditions.
+++ /dev/null
-#!/bin/sh
-
-export TET_INSTALL_PATH=$HOME/work/TETware # local tetware path
-export TET_TARGET_PATH=$TET_INSTALL_PATH/tetware-target
-export PATH=$TET_TARGET_PATH/bin:$PATH
-export LD_LIBRARY_PATH=$TET_TARGET_PATH/lib/tet3:$LD_LIBRARY_PATH
-export TET_ROOT=$TET_TARGET_PATH
-
-export TET_SUITE_ROOT=`pwd`
-FILE_NAME_EXTENSION=`date +%s`
-
-RESULT_DIR=results
-HTML_RESULT=$RESULT_DIR/build-tar-result-$FILE_NAME_EXTENSION.html
-JOURNAL_RESULT=$RESULT_DIR/build-tar-result-$FILE_NAME_EXTENSION.journal
-
-mkdir -p $RESULT_DIR
-
-tcc -c -p ./
-tcc -b -j $JOURNAL_RESULT -p ./
-grw -c 3 -f chtml -o $HTML_RESULT $JOURNAL_RESULT
+++ /dev/null
-#!/bin/sh
-export TET_INSTALL_PATH=/mnt/nfs/TETware
-export TET_TARGET_PATH=$TET_INSTALL_PATH/tetware-target
-export PATH=$TET_TARGET_PATH/bin:$PATH
-export LD_LIBRARY_PATH=$TET_TARGET_PATH/lib/tet3:$LD_LIBRARY_PATH
-
-export TET_ROOT=$TET_TARGET_PATH
-
-export TET_SUITE_ROOT=`pwd`
-FILE_NAME_EXTENSION=`date +%s`
-
-RESULT_DIR=results
-HTML_RESULT=$RESULT_DIR/exec-tar-result-$FILE_NAME_EXTENSION.html
-JOURNAL_RESULT=$RESULT_DIR/exec-tar-result-$FILE_NAME_EXTENSION.journal
-
-mkdir -p $RESULT_DIR
-
-tcc -e -j $JOURNAL_RESULT -p ./
-grw -c 3 -f chtml -o $HTML_RESULT $JOURNAL_RESULT
+++ /dev/null
-CC ?= gcc
-
-TARGETS = \
- utc_SecurityFW_cert_svc_load_buf_to_context_func \
- utc_SecurityFW_cert_svc_load_file_to_context_func \
- utc_SecurityFW_cert_svc_load_PFX_file_to_context_func \
- utc_SecurityFW_cert_svc_push_buf_into_context_func \
- utc_SecurityFW_cert_svc_push_file_into_context_func \
- utc_SecurityFW_cert_svc_add_certificate_to_store_func \
- utc_SecurityFW_cert_svc_delete_certificate_from_store_func \
- utc_SecurityFW_cert_svc_verify_certificate_func \
- utc_SecurityFW_cert_svc_verify_signature_func \
- utc_SecurityFW_cert_svc_extract_certificate_data_func \
- utc_SecurityFW_cert_svc_search_certificate_func \
- utc_SecurityFW_cert_svc_check_ocsp_status_func
-
-PKGS = cert-svc
-
-LDFLAGS = `pkg-config --libs $(PKGS)`
-LDFLAGS += $(TET_ROOT)/lib/tet3/tcm_s.o
-LDFLAGS += -L$(TET_ROOT)/lib/tet3 -ltcm_s
-LDFLAGS += -L$(TET_ROOT)/lib/tet3 -lapi_s
-
-CFLAGS = -I. `pkg-config --cflags $(PKGS)`
-CFLAGS += -I$(TET_ROOT)/inc/tet3
-CFLAGS += -Wall
-
-all: $(TARGETS)
-
-$(TARGETS): %: %.c
- $(CC) -o $@ $< $(CFLAGS) $(LDFLAGS)
-
-clean:
- rm -f $(TARGETS) *~
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBADANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJDUjEM
-MAoGA1UECBMDU1RSMQswCQYDVQQKEwJPUjEMMAoGA1UECxMDT1VSMQwwCgYDVQQD
-EwNDTlIxFTATBgkqhkiG9w0BCQEWBkVtYWlsUjAeFw0wNzEyMTkwNTE5MjBaFw0x
-MDEyMTgwNTE5MjBaMFsxCzAJBgNVBAYTAkNSMQwwCgYDVQQIEwNTVFIxCzAJBgNV
-BAoTAk9SMQwwCgYDVQQLEwNPVVIxDDAKBgNVBAMTA0NOUjEVMBMGCSqGSIb3DQEJ
-ARYGRW1haWxSMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG2dhVCOuBD2i4
-mjWLU8vkQpRVylojbSzxvO3uynaOZAnhqLxu2F2ugR1NLJOlrgbjq13xCO4FjKZj
-eb4kln5HJl7GLCNz8ns2+kAtwiVfpZnQ8U6Y/1BLiB7sLH+ONB4g6Rm9cgST1e6H
-e/EJMkzU75+wkj94ORZ4TINDU4kU4QIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG
-SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
-FgQUX0cbXBYMGt9k4/HRapEA9XUlKk4wHwYDVR0jBBgwFoAUX0cbXBYMGt9k4/HR
-apEA9XUlKk4wDQYJKoZIhvcNAQEFBQADgYEAXyKHjF6k0yNY/og30g1+SsNxYNqC
-yzGEbCywXELFakhQ1qmx12VY6qkeo+khyuiRfp9cDx8sSQ2asypIYeO9ctRNmp4D
-lC8YNI7BdY/g4Xq7uy4BKeng8Mv8VNAtdBaKreJqSk5RvQmepXRiTJgo2DzGlCU5
-3aU1rQ6vF96wFt4=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXwIBAAKBgQDx+bjbdNEi67ys43mIioVWuJpTrKRi4QlVMj7roX1n76DQN4WI
-w/9m6wD0tHsmto INVALID PRIVATE KEY rSUlS7N5+Vc7Rd2yEGDJokMz4pDI
-FHkuTjTctqhnlKkHbkxeERD+nhnXbH/CKfZZmgW9Mhzls13WZaJLDnrLcwIDAQAB
-AoGBAMKFCYIB6o20DDy/sNd+46nPROC3DH8ggKwodERf0bxX+mLn/0TuqsZFbMNK
-wyVf4R4veczDwICzZLkE8AEaNgzoA/gV0REbj38hgqEAG6D/rZaPwNnqN4CISXur
-3kBypPUE05DG8FhdRC1R6hrMlakvXJw3zHunclIMmWlvk/pBAkEA/i8OTj6nBNz+
-oUrWGyYfuLrUsHVhL5DnwyaR9zKuxzmYRv9xHEAPKU/GBF9YKWxQygwY0o4ql00y
-qZKAXWW7iwJBAPO0Vcz00c4gRWJsFyETPadMq8n84NgccxfOYm9BQsdiOAq+xxTh
-k5c/c+bHUCNoAv7x3pWCn+EVqpnbFtH7TLkCQQCW4G2Yaj4Pd/I44UgHo3CO4W9g
-Mrx2VIgNYXahCdeO8BQAiJ2mTCvztKNwcvvM0rt9wwJ08Og9GRiqaQiC5+ETAkEA
-1+8g2zLNt7tGX1fxAoB+737y9E1ZmINUw3I+K+ACYJI5n+O8mFbrpGc3tfNCoaym
-guki1QzhxtmgySSkSrhFGQJBAOj1P+ku8LHK1l2TWe1DjyqE32T5SGDuq/FLoxnj
-1UNwHaU7GPeRjSftGwxFvPL9alo7dFoTQCgCrTSOvnb0H8w=
------END RSA PRIVATE KEY-----
+++ /dev/null
-0\8a_biÕT^zY\90\9e|æýäINVALID SIGNATURE FILEHäñ\8fH\98Ïú]\98Î<\1e¬ëéû\1a]Sµâ%½\89(h\v
-¾8y*H6,+âJ\8f+Aõ\89Um\81\81\98Ã|Xe+Ëdä\88¿jT÷X\94\81%hS\f@dÖÃ\8fè\94o\8fV\92ìÝ\9eÊ3J\9a
+++ /dev/null
-Hello, world!
+++ /dev/null
-abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,3AFF87E45B7C4AA5
-
-at84LbXLjHmHBbTcdDQ3Idaq9OhStzPN/v/DmYGL4zB6r5BNQQqpqWMHufCGb77k
-BQSaCRKf6J/2BcUmcbhy4hG1hFbca7qkGjbuCPQWS5ivIXmxHTXtLCH1gP6OGVv6
-hKtB8R5JluiSAuzvf9apjOnch+dJMmj/RLSXg5ucjtHlCG7YSI9pRlXl5cm3rPmC
-7fEdoIBXfsdPDcxQ09IVIdOR5WCXQNKOs9JHrrO+z8RhOmczk44dgY2nlXjigfeC
-2ZLZKebhiq1rwqm163HvEcb7wa1tPndubTwR3dwlbUPjZ270amCE8+qoiMspSg3Y
-5uP/J5skC/2xoTzfR6T7Sg2OQPB4MgYbZkcIuHXKuQwnids0+Tp0w76eaa1BkJb+
-GFpe6nz5BqvR5nJSm+3UuRBynQbSq/bHGWgs+bwbGP71uDgmfNzieqfkbQXMD0O/
-KgSqULuuaRl3Ax9C7EwBTbKJVuWeFX8jd7/SnHEi5UszxM3EyzbkHxuJcNY51Y81
-y3xd7z48Nqy97N8N8YzNyW9Uyau8lCqudRuGT19yjswq1fCyrBRoP+vpbi3ZLRPf
-AMgYu7eWK8jb7sQSJiqum+1c5czNgNMI/OlXA+847CPJG9TKSmWWnqrhL0vExvLV
-Ad+ery8fndCIJF9Dt9L5BSwCipjvmyAveNXmj6/JnX19npcBSf6yPHuUNPcPxIWn
-xMkZRkh/kTBnY27BA8ObNFRkZdAK6eNVlaNWoNghw28UZI6ANhn13qe9b/8nc6CQ
-aU3AaNIKhaOHKcHoAICCx3mrxEeqD/bQ2GN2/VAl6iaArHEVzbZrEA==
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXwIBAAKBgQDx+bjbdNEi67ys43mIioVWuJpTrKRi4QlVMj7roX1n76DQN4WI
-w/9m6wD0tHsmtoqmzuIvc89GSEqyb7oOtHIYrSUlS7N5+Vc7Rd2yEGDJokMz4pDI
-FHkuTjTctqhnlKkHbkxeERD+nhnXbH/CKfZZmgW9Mhzls13WZaJLDnrLcwIDAQAB
-AoGBAMKFCYIB6o20DDy/sNd+46nPROC3DH8ggKwodERf0bxX+mLn/0TuqsZFbMNK
-wyVf4R4veczDwICzZLkE8AEaNgzoA/gV0REbj38hgqEAG6D/rZaPwNnqN4CISXur
-3kBypPUE05DG8FhdRC1R6hrMlakvXJw3zHunclIMmWlvk/pBAkEA/i8OTj6nBNz+
-oUrWGyYfuLrUsHVhL5DnwyaR9zKuxzmYRv9xHEAPKU/GBF9YKWxQygwY0o4ql00y
-qZKAXWW7iwJBAPO0Vcz00c4gRWJsFyETPadMq8n84NgccxfOYm9BQsdiOAq+xxTh
-k5c/c+bHUCNoAv7x3pWCn+EVqpnbFtH7TLkCQQCW4G2Yaj4Pd/I44UgHo3CO4W9g
-Mrx2VIgNYXahCdeO8BQAiJ2mTCvztKNwcvvM0rt9wwJ08Og9GRiqaQiC5+ETAkEA
-1+8g2zLNt7tGX1fxAoB+737y9E1ZmINUw3I+K+ACYJI5n+O8mFbrpGc3tfNCoaym
-guki1QzhxtmgySSkSrhFGQJBAOj1P+ku8LHK1l2TWe1DjyqE32T5SGDuq/FLoxnj
-1UNwHaU7GPeRjSftGwxFvPL9alo7dFoTQCgCrTSOvnb0H8w=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN PUBLIC KEY-----
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDx+bjbdNEi67ys43mIioVWuJpT
-rKRi4QlVMj7roX1n76DQN4WIw/9m6wD0tHsmtoqmzuIvc89GSEqyb7oOtHIYrSUl
-S7N5+Vc7Rd2yEGDJokMz4pDIFHkuTjTctqhnlKkHbkxeERD+nhnXbH/CKfZZmgW9
-Mhzls13WZaJLDnrLcwIDAQAB
------END PUBLIC KEY-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIID6TCCA1KgAwIBAgIJAMctWiF5xt5tMA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD
-VQQGEwJLUjEVMBMGA1UECBMMUHJvdmluY2VOYW1lMRUwEwYDVQQHEwxMb2NhbGl0
-eU5hbWUxGTAXBgNVBAoTEE9yZ2FuaXphdGlvbk5hbWUxHzAdBgNVBAsTFk9yZ2Fu
-aXphdGlvbmFsVW5pdE5hbWUxEzARBgNVBAMTCkNvbW1vbk5hbWUxHDAaBgkqhkiG
-9w0BCQEWDUVtYWlsQEFkZHJlc3MwHhcNMDgxMjAyMDEyOTU1WhcNMDkxMjAyMDEy
-OTU1WjCBqjELMAkGA1UEBhMCS1IxFTATBgNVBAgTDFByb3ZpbmNlTmFtZTEVMBMG
-A1UEBxMMTG9jYWxpdHlOYW1lMRkwFwYDVQQKExBPcmdhbml6YXRpb25OYW1lMR8w
-HQYDVQQLExZPcmdhbml6YXRpb25hbFVuaXROYW1lMRMwEQYDVQQDEwpDb21tb25O
-YW1lMRwwGgYJKoZIhvcNAQkBFg1FbWFpbEBBZGRyZXNzMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDx+bjbdNEi67ys43mIioVWuJpTrKRi4QlVMj7roX1n76DQ
-N4WIw/9m6wD0tHsmtoqmzuIvc89GSEqyb7oOtHIYrSUlS7N5+Vc7Rd2yEGDJokMz
-4pDIFHkuTjTctqhnlKkHbkxeERD+nhnXbH/CKfZZmgW9Mhzls13WZaJLDnrLcwID
-AQABo4IBEzCCAQ8wHQYDVR0OBBYEFH/W4In2zyXx5vE+SKt4nIXEmpSqMIHfBgNV
-HSMEgdcwgdSAFH/W4In2zyXx5vE+SKt4nIXEmpSqoYGwpIGtMIGqMQswCQYDVQQG
-EwJLUjEVMBMGA1UECBMMUHJvdmluY2VOYW1lMRUwEwYDVQQHEwxMb2NhbGl0eU5h
-bWUxGTAXBgNVBAoTEE9yZ2FuaXphdGlvbk5hbWUxHzAdBgNVBAsTFk9yZ2FuaXph
-dGlvbmFsVW5pdE5hbWUxEzARBgNVBAMTCkNvbW1vbk5hbWUxHDAaBgkqhkiG9w0B
-CQEWDUVtYWlsQEFkZHJlc3OCCQDHLVohecbebTAMBgNVHRMEBTADAQH/MA0GCSqG
-SIb3DQEBBQUAA4GBACeNJG+xzXv+NQwiSfobosEUo3SqH+e0syRFEKIUjW3BcEe+
-YFdUDThTixp3Y5PFX2oFo23DEBHP09/Wwox7GAYGegZOQ1W7j5oykI2a/zFHC6tb
-5As3hdnKn3wHePsj09qHKv/dPd6BdoGWaXgM1uIqSTCm5GZAynNRQGG0AKBX
------END CERTIFICATE-----
+++ /dev/null
-0\8a_biÕT^zY\90\9e|æýä`\18¤ýúf#3\ 5òÝÙ¯n\1dJ\90£0\18Ã/\99?Häñ\8fH\98Ïú]\98Î<\1e¬ëéû\1a]Sµâ%½\89(h\v
-¾8y*H6,+âJ\8f+Aõ\89Um\81\81\98Ã|Xe+Ëdä\88¿jT÷X\94\81%hS\f@dÖÃ\8fè\94o\8fV\92ìÝ\9eÊ3J\9a
\ No newline at end of file
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDPD8+lCBi/i2wsPFX+AkO3qK9Fo0ooY9HaJnrCDfhYpXPF27j7
-YkfqF3sla9GM4nSW9GvlSTuz5WpjNhn4PNhLnBSdK2pxzDqfudXbYI5EQNcSU1Ll
-cUHIv+wNnFt8jqyZR2VQ5fiVPoo8mdl1R3NR9P02Ru0adxDOHQEMhmsj/wIDAQAB
-AoGARPYsHvfCXlEOFvGFZlLUwN9SeKv4r9kG9FPqgKTseIGqPFSAmGDUOLfXUNBG
-+1gUoo4HPVcVpkWbGC3VmmKRWovD4JOM08Wk+ovdkzKVc3BnJLzDVGoOx7/Whef+
-bkV3IiD1kFIX+YE3IvI+t95QFS5nTdZeyhCiWtz1nAKbIIECQQDwAgMnpE2iPn1e
-NbW9vdit7amCwkGeBSpsBgLbNqFpkpZGWsNvALd68iKbbAGDcgB8tQI/dRUiGnND
-w+Rb371BAkEA3NvQOCMuL7kdYwZfaL//+jvcG52QEdR7iJGKXgKL+mef5XiNQfOX
-DNTpkuFaU3JIQdgNNhspE18A1vU/zvpRPwJBAOgvei/agoRH4e7HFQf3Zmx0s/1c
-wjAGHVEdy5uY0TSZ7Ckp21FCpz4YiyRCq4AnRJNgZUlQkl5IqmPPWdcLr0ECQAMI
-cb+TnBrDrAekGsNRf65sDAXFECluhZPGi+PmnQ1/Rs7b7PSu57AhbGO7/IWQ2DUv
-Rl8r2FCPyW8qRwoMnfkCQQCgIuBlYF3k/NUfBxmdQy3iWbZThRhnFkHlidSbW7uC
-pduzqcc8qHINCDatsMYCaE5WgfQnz3UmF49sNr02Bt61
------END RSA PRIVATE KEY-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 15 (0xf)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 13 03:18:18 2009 GMT
- Not After : Mar 11 03:18:18 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First Test Certificate
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:cf:0f:cf:a5:08:18:bf:8b:6c:2c:3c:55:fe:02:
- 43:b7:a8:af:45:a3:4a:28:63:d1:da:26:7a:c2:0d:
- f8:58:a5:73:c5:db:b8:fb:62:47:ea:17:7b:25:6b:
- d1:8c:e2:74:96:f4:6b:e5:49:3b:b3:e5:6a:63:36:
- 19:f8:3c:d8:4b:9c:14:9d:2b:6a:71:cc:3a:9f:b9:
- d5:db:60:8e:44:40:d7:12:53:52:e5:71:41:c8:bf:
- ec:0d:9c:5b:7c:8e:ac:99:47:65:50:e5:f8:95:3e:
- 8a:3c:99:d9:75:47:73:51:f4:fd:36:46:ed:1a:77:
- 10:ce:1d:01:0c:86:6b:23:ff
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 25:0C:EC:1F:D6:1A:A2:95:AF:C1:A3:DA:EF:B1:F3:BE:62:F3:10:6C
- X509v3 Authority Key Identifier:
- DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA
- serial:F2:5B:40:5B:C2:B7:D0:64
-
- Signature Algorithm: sha1WithRSAEncryption
- 18:fe:74:f1:af:0a:d9:91:ad:b5:7c:f3:01:f8:98:1a:dc:b3:
- 66:6b:f4:bc:16:9a:e6:2b:f2:1f:77:23:89:a8:68:e0:8d:e3:
- 50:f3:f1:e6:38:f1:59:54:9b:44:0f:72:00:1a:61:71:9c:f0:
- 4f:a3:08:9d:17:36:0c:54:82:be:24:04:cb:b5:04:e9:20:c9:
- 6e:bc:8f:af:18:d8:2d:ee:cc:a8:8b:e4:1a:35:98:f6:53:72:
- 89:4f:05:f8:c3:7b:50:13:ee:cf:9f:d3:eb:a7:7c:4a:e6:89:
- 0f:6b:0e:d6:c7:bc:db:04:03:08:25:59:b4:06:5b:ce:a6:db:
- 7b:3a:5d:80:e8:ff:66:e1:22:03:54:28:16:0e:89:c8:5b:aa:
- b2:6e:1a:0f:07:53:60:bc:f4:2a:2d:a7:89:f2:b4:58:55:47:
- 2e:b1:b2:3c:50:30:6b:0c:12:34:11:5f:54:2a:0a:ab:19:d9:
- 36:ae:e2:16:5e:b8:8e:0d:17:d0:42:82:96:4d:fb:36:56:69:
- 7b:ce:32:fb:91:a4:02:73:8c:75:7e:de:87:06:52:20:ed:26:
- ff:47:72:f2:f6:01:2e:ec:38:da:0b:5b:be:ec:8e:c6:02:28:
- 92:57:28:04:f5:00:87:90:34:e1:81:c5:cc:21:00:6b:4d:d5:
- d5:c3:f6:f1:97:e1:5e:8c:ea:56:2e:5e:ce:9e:de:b9:a6:86:
- 60:33:1d:94:76:39:e1:70:9a:d2:b3:9a:f4:47:f8:bd:83:26:
- 38:a0:ab:a3:bc:81:df:6b:79:7d:f5:67:8f:5a:e1:a4:67:29:
- 58:07:66:70:6a:43:dc:f7:4c:82:54:15:a0:2f:ab:c0:9f:24:
- 91:e0:a7:d1:b1:58:bf:43:bf:25:1f:32:fc:98:26:b1:2f:19:
- 8f:d8:69:c1:1a:bd:b0:3e:0a:dc:54:c1:27:34:b9:1b:55:93:
- ff:e6:23:ac:af:33:ed:8d:6e:ee:36:18:70:9e:a2:87:b6:e2:
- 1d:3a:ee:e8:e2:79:97:15:7c:83:d1:89:71:ab:87:8d:36:a7:
- 7d:d8:4c:e2:b6:b7:1f:32:34:a8:75:ca:4f:00:3e:49:b0:5c:
- 40:1a:9c:6e:bd:b5:5f:f4:2e:c5:0a:54:b4:89:4a:63:35:ff:
- 80:8d:fe:31:e8:2e:92:77:8c:19:1a:2c:b8:95:1e:ef:d5:7d:
- c6:f9:4d:05:b6:f8:dd:55:0c:10:43:6e:7d:47:c8:b0:83:db:
- a3:7b:b4:5a:e3:a9:33:b2:ed:23:83:6a:e1:ce:c6:1c:89:27:
- 39:2c:3d:2f:55:49:c8:c5:9d:23:46:fe:88:71:da:ef:2b:25:
- e4:79:92:2b:1d:61:a6:dc
------BEGIN CERTIFICATE-----
-MIIEfjCCAmagAwIBAgIBDzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMTgxOFoXDTE5
-MDMxMTAzMTgxOFowWzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xHzAdBgNVBAMTFkZpcnN0IFRlc3QgQ2Vy
-dGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8Pz6UIGL+LbCw8
-Vf4CQ7eor0WjSihj0domesIN+Filc8XbuPtiR+oXeyVr0YzidJb0a+VJO7PlamM2
-Gfg82EucFJ0ranHMOp+51dtgjkRA1xJTUuVxQci/7A2cW3yOrJlHZVDl+JU+ijyZ
-2XVHc1H0/TZG7Rp3EM4dAQyGayP/AgMBAAGjgdEwgc4wCQYDVR0TBAIwADAsBglg
-hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
-BBYEFCUM7B/WGqKVr8Gj2u+x875i8xBsMHQGA1UdIwRtMGuhXqRcMFoxCzAJBgNV
-BAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMREwDwYDVQQHEwhTdXdvbi1TaTEW
-MBQGA1UEChMNU2Ftc3VuZyBFbGVjLjELMAkGA1UEAxMCQ0GCCQDyW0BbwrfQZDAN
-BgkqhkiG9w0BAQUFAAOCAgEAGP508a8K2ZGttXzzAfiYGtyzZmv0vBaa5ivyH3cj
-iaho4I3jUPPx5jjxWVSbRA9yABphcZzwT6MInRc2DFSCviQEy7UE6SDJbryPrxjY
-Le7MqIvkGjWY9lNyiU8F+MN7UBPuz5/T66d8SuaJD2sO1se82wQDCCVZtAZbzqbb
-ezpdgOj/ZuEiA1QoFg6JyFuqsm4aDwdTYLz0Ki2nifK0WFVHLrGyPFAwawwSNBFf
-VCoKqxnZNq7iFl64jg0X0EKClk37NlZpe84y+5GkAnOMdX7ehwZSIO0m/0dy8vYB
-Luw42gtbvuyOxgIoklcoBPUAh5A04YHFzCEAa03V1cP28ZfhXozqVi5ezp7euaaG
-YDMdlHY54XCa0rOa9Ef4vYMmOKCro7yB32t5ffVnj1rhpGcpWAdmcGpD3PdMglQV
-oC+rwJ8kkeCn0bFYv0O/JR8y/JgmsS8Zj9hpwRq9sD4K3FTBJzS5G1WT/+YjrK8z
-7Y1u7jYYcJ6ih7biHTru6OJ5lxV8g9GJcauHjTanfdhM4ra3HzI0qHXKTwA+SbBc
-QBqcbr21X/QuxQpUtIlKYzX/gI3+MegukneMGRosuJUe79V9xvlNBbb43VUMEENu
-fUfIsIPbo3u0WuOpM7LtI4Nq4c7GHIknOSw9L1VJyMWdI0b+iHHa7ysl5HmSKx1h
-ptw=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 16 (0x10)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 13 03:23:56 2009 GMT
- Not After : Mar 11 03:23:56 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:80/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 75:b9:17:be:1c:06:6f:12:a9:04:1b:63:0b:0d:5c:70:55:e2:
- 31:c0:88:71:d0:56:8e:e5:16:e8:3b:47:1a:08:03:93:56:b2:
- 9b:a2:04:3c:a8:81:10:5a:18:7b:d2:70:ae:7c:0b:94:b6:6c:
- f2:58:e7:69:82:e5:f2:aa:4e:f3:ac:85:6d:5a:ac:11:53:d2:
- 8d:3d:53:ae:ab:f7:f3:c6:f0:ba:f2:e6:7b:2d:74:74:75:fd:
- e0:8d:67:c9:12:d5:f2:93:44:48:66:5b:85:26:7d:95:77:48:
- 4f:a4:72:65:67:38:99:47:4e:cd:47:1c:43:7a:0a:58:a6:99:
- 1b:1b:01:09:f7:0b:34:8a:3a:8d:10:e2:ca:9c:48:a3:f6:39:
- 42:3b:43:e6:f6:81:8b:36:5a:ed:33:98:70:24:ca:4f:18:8b:
- d9:c1:0a:d9:cd:96:33:d0:e8:ac:bd:3f:34:af:86:52:d1:69:
- 6e:90:8e:d0:86:bf:b1:04:3d:85:99:0f:e3:c3:e6:60:47:34:
- 37:97:f2:a2:69:c4:4e:dc:62:d0:eb:c2:24:77:2e:a3:ba:c1:
- 88:a9:b2:b4:fb:79:a6:d4:cf:5e:3f:03:41:25:c4:f3:29:0a:
- fd:b7:78:55:b1:9a:0c:79:32:2f:2e:fe:69:ba:a0:2c:62:bc:
- 11:38:c4:47:a8:b0:72:70:d1:50:9f:b9:87:64:f5:12:56:c5:
- f7:ed:8e:23:08:df:d0:0e:1a:6b:25:8c:b3:6b:7c:cc:55:6d:
- 90:83:a9:ef:7d:45:04:a6:dc:7c:0d:80:c1:54:22:d1:b8:e2:
- 43:cc:ad:75:a2:07:eb:d3:26:da:8a:c4:fb:6f:0b:ac:11:f4:
- 01:7f:b9:37:68:ec:1e:60:a2:ae:d6:b2:0b:37:cb:7e:5d:dc:
- ec:14:21:69:84:ff:fc:61:85:b6:bf:7f:d2:af:3c:70:12:c6:
- ba:40:e8:b5:25:56:34:ca:44:f1:ea:15:ad:79:50:ec:44:b7:
- 6c:d7:4b:cc:2c:4f:45:01:85:15:76:2a:03:c2:14:9c:3e:bf:
- 87:7b:59:d7:aa:2d:48:20:b6:1a:6e:6e:b0:c2:77:22:3c:ea:
- 24:d0:f8:62:b0:4b:01:3a:48:be:5f:66:73:0a:46:b3:1f:83:
- 41:91:f5:fd:e8:08:08:52:18:3a:8c:6a:19:2c:e3:30:d8:53:
- 13:97:62:83:eb:e3:ed:3a:8e:64:25:b1:8a:01:f4:24:14:6d:
- d4:61:c1:c3:8d:c3:89:2c:5f:6e:d8:1e:1d:de:b9:77:06:0b:
- 31:63:e4:ce:d9:76:1b:68:48:ea:ec:64:d5:a6:a5:15:29:1d:
- 79:af:21:2d:a8:e6:e6:f8
------BEGIN CERTIFICATE-----
-MIID7DCCAdSgAwIBAgIBEDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjM1NloXDTE5
-MDMxMTAzMjM1NlowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
-AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgwLzAwMDIwDQYJ
-KoZIhvcNAQEFBQADggIBAHW5F74cBm8SqQQbYwsNXHBV4jHAiHHQVo7lFug7RxoI
-A5NWspuiBDyogRBaGHvScK58C5S2bPJY52mC5fKqTvOshW1arBFT0o09U66r9/PG
-8Lry5nstdHR1/eCNZ8kS1fKTREhmW4UmfZV3SE+kcmVnOJlHTs1HHEN6ClimmRsb
-AQn3CzSKOo0Q4sqcSKP2OUI7Q+b2gYs2Wu0zmHAkyk8Yi9nBCtnNljPQ6Ky9PzSv
-hlLRaW6QjtCGv7EEPYWZD+PD5mBHNDeX8qJpxE7cYtDrwiR3LqO6wYipsrT7eabU
-z14/A0ElxPMpCv23eFWxmgx5Mi8u/mm6oCxivBE4xEeosHJw0VCfuYdk9RJWxfft
-jiMI39AOGmsljLNrfMxVbZCDqe99RQSm3HwNgMFUItG44kPMrXWiB+vTJtqKxPtv
-C6wR9AF/uTdo7B5goq7Wsgs3y35d3OwUIWmE//xhhba/f9KvPHASxrpA6LUlVjTK
-RPHqFa15UOxEt2zXS8wsT0UBhRV2KgPCFJw+v4d7WdeqLUggthpubrDCdyI86iTQ
-+GKwSwE6SL5fZnMKRrMfg0GR9f3oCAhSGDqMahks4zDYUxOXYoPr4+06jmQlsYoB
-9CQUbdRhwcONw4ksX27YHh3euXcGCzFj5M7ZdhtoSOrsZNWmpRUpHXmvIS2o5ub4
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDAqVFjGeLM850Z2HWQqxNAoz+d3O9IQg0ANtvqaP25FTSprw9S
-K1cuA3QTQbRZaX724VRCjcP0hSv/B5ekL1vkE75y72XnWb7tFHGCzAkDUJlmCDQa
-QUXm4zeYMmoV1DJj9yZsWu1FvbuqvjNLnMuyAxPjLW9hVyro6EQPWernvwIDAQAB
-AoGADQgm8i4hEj30RXhH04ZO4hNozTPRl7CoEnijfYKmjutpSYUG40b9OaaQJnFO
-UrH5HZf2TB4swBB1/mU0E64EaBX7EciQbBTN0uInTnAJKHVJrFaFqMXYS6rsAKoA
-KjW/2hx0/CFhsulji9s1cqlHKvwKfp3YRbkuQ0ulLsdkmlECQQDqelfLcaVS71pf
-jnxlAP49pQT3t/ee81bnl8o/75vhObxhKu28KSQy3RI13JjecR0RPIpYdPQdPB6h
-fjNbH9D3AkEA0lhjsahWvs2+QBukcN84gJyfa/WBizgVfD/oZVm4fvNZjK3neH0V
-S29bkGfqMroy0U0PAm7Qs36dWnAFMdI1eQJBAMuJgdZ3AzS30vIp5G9k6k0mhuZl
-ykwvHVwR1h2j5+MdVBngwtdXuzVv05Pvtr843yuMKudYNmN+QXSb8QaD2scCQGmi
-7EZfhVkDmKU3fKkW4Zhtj/626B0TyG6C5eJoYaiX7AQjnhi7sMMWpMRr+4kIS9cj
-PQN6xaMvVjUCBwnTSPkCQAP/Iv+ctNcZNuRcDm1g/voruqlMs5bAbhQ50Nut1z3+
-ekOGBxIWXr9mDcBji8OMjww8WBUGuvcJssLPKrTbBGM=
------END RSA PRIVATE KEY-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 17 (0x11)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 13 03:24:10 2009 GMT
- Not After : Mar 11 03:24:10 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:81/0003
-
- Signature Algorithm: sha1WithRSAEncryption
- 5a:7d:5f:25:e5:5a:49:3e:e9:06:4c:f1:7f:83:7d:d4:0d:13:
- 36:35:bf:32:92:69:60:1d:ae:2e:ed:89:b3:d4:1e:78:d2:85:
- 35:7a:1f:65:30:78:5e:d3:30:60:3d:7d:2c:be:02:6a:f0:22:
- 5e:82:86:53:01:a4:b6:1c:9f:d4:79:e9:ec:eb:d8:33:85:fb:
- 21:d2:82:77:b9:6d:20:8e:af:82:ff:25:82:27:3b:d7:d9:38:
- 31:a3:2b:bc:55:00:28:f6:f9:bf:01:e6:66:0b:b8:a8:ed:30:
- 09:52:8d:bf:94:7b:96:d1:93:5b:a3:a4:f1:9f:aa:f4:04:54:
- 0b:69:73:af:36:d7:3e:33:2c:29:38:04:9b:65:32:31:fa:17:
- 2f:0a:9f:19:05:d8:01:0c:db:13:1e:55:ec:94:38:3f:83:ee:
- 50:35:d1:6e:4f:32:c3:3d:d3:39:c8:c5:cc:56:b4:33:2e:8b:
- 75:a0:9c:cd:28:e5:42:a1:89:e1:06:90:bd:f3:8e:b5:48:9e:
- 1c:dd:56:4d:d9:ec:6e:0b:7b:72:e5:0a:be:7e:33:5a:13:25:
- 13:87:4c:9a:27:49:02:6d:28:5b:e7:4d:1b:7c:11:22:10:45:
- b1:57:b7:fc:12:62:69:24:69:ee:67:ce:5b:20:70:6a:22:29:
- f4:a0:90:59:d3:a2:be:7b:43:3a:59:0b:23:d1:2e:ed:51:98:
- 87:c5:4d:1c:64:08:f8:ca:af:36:ab:5d:00:ce:15:00:f4:ad:
- 34:44:27:8b:72:c6:6d:24:4c:1a:e3:f7:4c:bc:25:a2:a8:e2:
- a8:79:58:57:a7:5d:f0:20:28:d2:ef:84:ff:ee:42:0f:1e:59:
- 93:4c:05:45:ff:c1:0d:cb:30:1d:bb:26:5a:4d:24:c0:44:52:
- 77:33:17:dd:d1:00:63:1e:9b:4d:ca:28:8b:bb:fd:0d:0b:e3:
- 72:26:94:e2:8c:5a:d7:1a:a6:e7:b7:bc:4b:bf:cc:02:2c:d8:
- 9b:cb:31:7d:09:4c:15:73:5d:1a:a8:46:10:66:68:80:a9:f3:
- 3d:f8:7c:9d:46:3d:ce:ae:75:6f:92:db:34:d3:d7:be:6c:4e:
- 76:b6:b6:b7:a2:a8:b9:9e:a9:f1:6f:a6:e5:01:bb:82:13:bd:
- 7f:24:81:c3:22:54:58:f0:7e:8d:9a:86:82:00:46:66:33:e4:
- 96:98:8a:33:7b:ed:93:9b:cf:68:b5:eb:42:da:6d:50:49:f0:
- 14:27:01:f6:57:09:26:7c:61:81:d0:e5:e9:ec:6d:18:eb:97:
- 1a:55:cf:1f:d9:20:67:8f:71:bb:0c:98:6d:c0:4b:85:32:c9:
- d3:b7:f3:d0:60:fd:64:01
------BEGIN CERTIFICATE-----
-MIID7DCCAdSgAwIBAgIBETANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQxMFoXDTE5
-MDMxMTAzMjQxMFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
-AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgxLzAwMDMwDQYJ
-KoZIhvcNAQEFBQADggIBAFp9XyXlWkk+6QZM8X+DfdQNEzY1vzKSaWAdri7tibPU
-HnjShTV6H2UweF7TMGA9fSy+AmrwIl6ChlMBpLYcn9R56ezr2DOF+yHSgne5bSCO
-r4L/JYInO9fZODGjK7xVACj2+b8B5mYLuKjtMAlSjb+Ue5bRk1ujpPGfqvQEVAtp
-c6821z4zLCk4BJtlMjH6Fy8KnxkF2AEM2xMeVeyUOD+D7lA10W5PMsM90znIxcxW
-tDMui3WgnM0o5UKhieEGkL3zjrVInhzdVk3Z7G4Le3LlCr5+M1oTJROHTJonSQJt
-KFvnTRt8ESIQRbFXt/wSYmkkae5nzlsgcGoiKfSgkFnTor57QzpZCyPRLu1RmIfF
-TRxkCPjKrzarXQDOFQD0rTREJ4tyxm0kTBrj90y8JaKo4qh5WFenXfAgKNLvhP/u
-Qg8eWZNMBUX/wQ3LMB27JlpNJMBEUnczF93RAGMem03KKIu7/Q0L43ImlOKMWtca
-pue3vEu/zAIs2JvLMX0JTBVzXRqoRhBmaICp8z34fJ1GPc6udW+S2zTT175sTna2
-treiqLmeqfFvpuUBu4ITvX8kgcMiVFjwfo2ahoIARmYz5JaYijN77ZObz2i160La
-bVBJ8BQnAfZXCSZ8YYHQ5ensbRjrlxpVzx/ZIGePcbsMmG3AS4UyydO389Bg/WQB
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 18 (0x12)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 13 03:24:20 2009 GMT
- Not After : Mar 11 03:24:20 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:82/0004
-
- Signature Algorithm: sha1WithRSAEncryption
- 1d:80:7c:33:dd:ab:99:c7:06:f5:aa:fd:16:7d:89:d8:a9:a2:
- 89:38:af:26:b7:b1:0f:69:3d:d6:09:3e:6d:dd:d2:e0:51:b8:
- 97:fc:8d:96:08:0d:33:2d:75:e7:d2:9e:47:2b:fd:46:5b:c9:
- f2:68:4f:26:8f:83:3d:fc:aa:d7:6a:20:77:15:3f:78:d9:75:
- b3:79:10:fd:ab:ab:95:34:69:64:3c:8a:65:6d:66:bb:a9:da:
- 26:79:51:59:a7:c2:97:ea:6c:7f:31:91:d3:a5:c2:65:ca:d5:
- 4f:6f:c8:d9:b9:c7:03:7b:c6:2d:16:5f:fe:de:02:28:f3:e9:
- 64:ad:e9:62:3c:e5:91:31:0f:c9:c9:33:1a:a5:66:d8:5b:80:
- 18:6f:5f:55:34:51:43:fa:79:50:ba:17:19:2c:b9:25:b8:a3:
- a0:b2:08:38:49:6d:3c:86:8c:42:2c:d8:07:bd:39:f1:3c:97:
- 8f:c6:83:cd:85:8f:e9:52:63:77:4f:d6:9e:58:3e:22:f8:29:
- 8e:44:92:c6:b7:ab:28:35:22:7b:b7:d0:8f:34:70:15:f2:4b:
- 91:65:42:8d:d5:ce:75:4b:2f:7b:7e:7f:7e:61:09:5b:b2:1a:
- 64:94:18:c9:8e:c3:ee:a4:89:d6:97:55:76:28:b0:e6:bc:7c:
- f0:c9:9b:20:e3:a5:10:da:c1:9c:c4:4e:ff:e8:ca:3c:19:82:
- 06:d6:aa:05:cb:05:e5:bd:36:cf:4c:3a:a7:e6:21:af:e8:5e:
- 2d:ee:3b:94:24:91:37:92:95:3f:d3:f8:b8:5a:13:56:16:a7:
- 20:34:f6:fd:cb:59:6d:4c:ff:04:df:ef:61:08:d9:2f:85:a8:
- b1:7c:07:80:93:31:7b:bb:7f:8d:17:ba:8b:64:41:82:4a:ca:
- f6:a9:f7:69:b8:cf:ed:17:c1:ca:09:5a:52:c4:ce:a0:9c:e3:
- 4c:52:ab:ea:b3:4f:3c:93:1d:50:bf:60:e8:6e:d1:bf:90:0c:
- 3f:1d:6b:2c:a5:c5:bf:eb:e2:da:cb:76:56:08:51:cc:87:49:
- 21:16:f0:a6:85:ce:0f:c3:32:c2:50:cc:04:f5:d1:bb:de:b8:
- db:9b:79:e1:d2:73:14:b2:7c:5a:cf:26:7b:24:4a:58:48:58:
- 2e:b1:a1:2f:01:c2:71:40:85:c8:9b:21:10:15:1a:3e:5e:3d:
- 79:53:9c:82:b2:4e:ad:91:96:9f:03:c5:f6:44:ea:d6:d6:cf:
- 3b:1e:74:e6:b1:f2:f4:b3:e0:7d:91:77:ac:50:d9:66:1b:73:
- 59:3e:e6:18:07:bb:e0:60:4f:1e:8d:40:2b:da:25:ac:c8:85:
- d6:31:62:f3:5b:05:4a:11
------BEGIN CERTIFICATE-----
-MIID7DCCAdSgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQyMFoXDTE5
-MDMxMTAzMjQyMFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
-AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgyLzAwMDQwDQYJ
-KoZIhvcNAQEFBQADggIBAB2AfDPdq5nHBvWq/RZ9idipook4rya3sQ9pPdYJPm3d
-0uBRuJf8jZYIDTMtdefSnkcr/UZbyfJoTyaPgz38qtdqIHcVP3jZdbN5EP2rq5U0
-aWQ8imVtZrup2iZ5UVmnwpfqbH8xkdOlwmXK1U9vyNm5xwN7xi0WX/7eAijz6WSt
-6WI85ZExD8nJMxqlZthbgBhvX1U0UUP6eVC6FxksuSW4o6CyCDhJbTyGjEIs2Ae9
-OfE8l4/Gg82Fj+lSY3dP1p5YPiL4KY5Eksa3qyg1Inu30I80cBXyS5FlQo3VznVL
-L3t+f35hCVuyGmSUGMmOw+6kidaXVXYosOa8fPDJmyDjpRDawZzETv/oyjwZggbW
-qgXLBeW9Ns9MOqfmIa/oXi3uO5QkkTeSlT/T+LhaE1YWpyA09v3LWW1M/wTf72EI
-2S+FqLF8B4CTMXu7f40XuotkQYJKyvap92m4z+0XwcoJWlLEzqCc40xSq+qzTzyT
-HVC/YOhu0b+QDD8dayylxb/r4trLdlYIUcyHSSEW8KaFzg/DMsJQzAT10bveuNub
-eeHScxSyfFrPJnskSlhIWC6xoS8BwnFAhcibIRAVGj5ePXlTnIKyTq2Rlp8DxfZE
-6tbWzzsedOax8vSz4H2Rd6xQ2WYbc1k+5hgHu+BgTx6NQCvaJazIhdYxYvNbBUoR
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 19 (0x13)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 13 03:24:30 2009 GMT
- Not After : Mar 11 03:24:30 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:83/0005
-
- Signature Algorithm: sha1WithRSAEncryption
- 9b:ea:5d:a3:f4:b2:04:44:31:6b:64:e4:7d:25:5d:69:1b:25:
- 3d:63:d4:3f:2c:0f:c6:60:44:70:18:57:31:be:84:38:e8:53:
- 29:dd:5e:f2:5c:8e:41:6d:e8:ea:a7:23:91:b9:f4:c1:20:2c:
- cd:d6:b4:b4:e6:9d:c3:b4:5b:4c:48:dd:3a:cc:cd:9e:0c:93:
- bb:e0:03:43:1c:ab:01:86:4e:67:44:ad:68:3d:e6:00:4d:9e:
- 95:5f:86:0f:e4:18:af:3d:76:a4:1b:91:5e:e8:07:2b:aa:62:
- 4e:d9:af:f8:15:e7:3c:bb:8c:f4:a9:4f:df:72:f6:b0:6a:36:
- ad:eb:d2:10:02:cb:65:28:a7:4c:4f:98:e1:7b:1e:aa:af:3e:
- 61:65:91:58:94:99:26:69:29:06:50:02:44:61:a6:3c:ee:8a:
- 7e:db:56:5a:f5:cc:d6:58:6f:a2:40:51:e1:81:fa:3b:b8:4b:
- 8d:00:64:b2:99:d3:e7:8a:52:78:b3:67:a1:64:5d:dd:a0:c5:
- 54:1d:de:07:29:ef:85:01:d4:e9:24:44:8b:df:9b:f5:ae:80:
- 4d:fa:4d:08:76:7c:97:6b:86:74:22:56:d1:87:6b:41:54:66:
- fc:3b:d2:3e:2d:95:c1:46:06:b9:db:0e:8b:e1:be:c8:56:82:
- c3:1d:df:84:b6:50:ee:b8:30:3c:54:07:49:8b:e2:d4:a7:b8:
- 35:0d:b6:09:7e:04:01:bb:71:86:8c:50:87:a7:3a:2d:b8:7c:
- 24:cd:b1:a6:87:b8:eb:d5:dc:8f:02:21:f9:71:06:34:c4:e5:
- 6f:ff:53:4b:dd:33:96:60:8b:6d:bb:03:b1:36:31:2d:02:6c:
- 7f:ba:70:0a:78:b8:fb:45:92:84:5b:1e:a7:15:39:13:33:fd:
- 6f:a7:95:76:10:1f:b3:cd:11:e8:ed:ce:2c:63:cd:64:23:62:
- c4:21:d6:48:bf:f7:10:b8:da:d5:72:14:ad:5a:a0:5d:4a:2b:
- a0:76:5f:b8:3b:d2:6b:8a:7f:6b:6a:cc:84:eb:6a:be:d9:26:
- 2c:bb:38:06:b8:f4:d4:fb:78:85:83:c8:ad:6e:56:f9:67:5f:
- bc:3c:41:b6:f0:6f:d4:45:78:ed:3e:2f:c7:3a:3e:9a:98:68:
- c4:64:79:29:51:19:cd:a6:70:c4:04:30:50:86:9c:f2:54:57:
- b1:e1:7d:4a:d5:34:fc:93:31:6d:64:15:79:31:c0:70:d5:db:
- bc:a0:be:21:22:1e:61:ac:4a:9f:a2:a6:ff:de:52:2e:31:d7:
- 5e:39:66:c6:47:55:f6:64:f5:bd:ed:c0:60:b8:59:88:a1:8e:
- 8c:5f:20:1b:be:41:51:f4
------BEGIN CERTIFICATE-----
-MIID7DCCAdSgAwIBAgIBEzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQzMFoXDTE5
-MDMxMTAzMjQzMFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
-AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgzLzAwMDUwDQYJ
-KoZIhvcNAQEFBQADggIBAJvqXaP0sgREMWtk5H0lXWkbJT1j1D8sD8ZgRHAYVzG+
-hDjoUyndXvJcjkFt6OqnI5G59MEgLM3WtLTmncO0W0xI3TrMzZ4Mk7vgA0McqwGG
-TmdErWg95gBNnpVfhg/kGK89dqQbkV7oByuqYk7Zr/gV5zy7jPSpT99y9rBqNq3r
-0hACy2Uop0xPmOF7HqqvPmFlkViUmSZpKQZQAkRhpjzuin7bVlr1zNZYb6JAUeGB
-+ju4S40AZLKZ0+eKUnizZ6FkXd2gxVQd3gcp74UB1OkkRIvfm/WugE36TQh2fJdr
-hnQiVtGHa0FUZvw70j4tlcFGBrnbDovhvshWgsMd34S2UO64MDxUB0mL4tSnuDUN
-tgl+BAG7cYaMUIenOi24fCTNsaaHuOvV3I8CIflxBjTE5W//U0vdM5Zgi227A7E2
-MS0CbH+6cAp4uPtFkoRbHqcVORMz/W+nlXYQH7PNEejtzixjzWQjYsQh1ki/9xC4
-2tVyFK1aoF1KK6B2X7g70muKf2tqzITrar7ZJiy7OAa49NT7eIWDyK1uVvlnX7w8
-Qbbwb9RFeO0+L8c6PpqYaMRkeSlRGc2mcMQEMFCGnPJUV7HhfUrVNPyTMW1kFXkx
-wHDV27ygviEiHmGsSp+ipv/eUi4x1145ZsZHVfZk9b3twGC4WYihjoxfIBu+QVH0
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 20 (0x14)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 13 03:24:40 2009 GMT
- Not After : Mar 11 03:24:40 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:84/0006
-
- Signature Algorithm: sha1WithRSAEncryption
- 49:da:46:14:f1:5a:4a:09:cb:36:a5:fe:ab:50:f5:ea:e1:b2:
- 18:79:dc:d7:79:bb:a8:b0:8d:0b:b5:e1:a9:60:db:8a:e9:3a:
- b8:15:b0:eb:e4:45:bf:90:64:6b:4e:c1:dc:7e:9d:5f:47:0e:
- be:7b:22:ba:c2:71:3d:5d:8b:8f:14:67:1d:19:51:54:05:5a:
- 06:11:e1:1f:ca:bb:98:1a:a3:d6:16:b9:5d:8d:03:70:28:40:
- ca:3a:7d:fe:a7:c3:40:ab:7a:0a:42:3a:95:f6:da:fd:bc:d9:
- 09:50:70:9a:7a:b4:e9:ae:75:b7:cd:a8:56:f4:2e:7c:ef:40:
- 63:6d:02:da:50:29:c8:df:2f:40:04:84:9d:60:a2:3c:21:fc:
- d6:64:02:72:cb:4c:5b:e1:68:d9:0a:16:84:58:47:a5:d1:28:
- 18:86:eb:07:b9:1f:db:9f:46:de:6b:2d:2e:4e:20:9a:40:3a:
- 56:86:28:9f:c5:15:97:1a:3f:70:18:5f:44:1d:64:d0:76:ef:
- 09:c5:23:21:03:32:9c:c4:23:af:c4:1f:85:fd:da:b8:40:33:
- b6:c2:7d:2b:67:ff:88:a0:9c:a8:2e:9e:4b:40:44:6b:bc:c0:
- 3b:f2:b3:a3:d5:f0:b4:04:85:cd:b4:cd:49:3d:34:64:1e:1d:
- 16:a1:8f:05:74:8e:91:ee:98:6c:cc:c8:d8:c3:5e:fd:65:4a:
- 15:ed:28:cb:0b:c3:b6:29:bc:d6:3d:0d:0e:a8:21:36:27:74:
- 9d:f2:7c:58:1f:88:25:35:2b:7f:4c:16:38:df:0f:32:8f:db:
- 22:96:ad:e8:8b:bd:d8:d5:e9:e1:b0:fe:53:03:e6:c7:67:78:
- bf:a6:50:dc:2a:0a:c9:a2:df:6a:d5:c3:db:eb:20:1c:78:ed:
- 69:14:d4:f5:26:62:78:f6:33:a0:ac:95:19:5d:a6:d9:30:8d:
- 21:80:2d:42:dc:a5:a5:a0:42:41:e8:60:f1:4d:81:6d:e6:58:
- 32:b9:e4:23:09:34:3e:7a:fb:69:4b:f3:c0:8a:00:c3:59:2b:
- 02:13:fc:4e:9c:3e:8f:34:fe:b0:ca:07:df:6b:1d:97:9c:ca:
- a9:b1:b6:8f:2d:92:6c:12:4b:64:23:d6:47:c1:f2:6f:79:16:
- 78:7b:f8:36:b9:83:a3:a4:e7:0f:c0:99:d9:a3:09:45:ac:92:
- 52:62:26:64:51:04:e9:92:6f:3e:f9:62:93:c5:2a:00:5b:d3:
- 0b:66:75:ad:bb:5d:12:37:09:3c:b6:95:6d:c2:05:17:8f:d7:
- 79:aa:0d:6a:6c:00:6e:94:0c:e8:e3:31:9d:8e:63:e9:f9:d2:
- dc:8e:07:36:9a:e3:08:55
------BEGIN CERTIFICATE-----
-MIID7DCCAdSgAwIBAgIBFDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQ0MFoXDTE5
-MDMxMTAzMjQ0MFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
-AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjg0LzAwMDYwDQYJ
-KoZIhvcNAQEFBQADggIBAEnaRhTxWkoJyzal/qtQ9erhshh53Nd5u6iwjQu14alg
-24rpOrgVsOvkRb+QZGtOwdx+nV9HDr57IrrCcT1di48UZx0ZUVQFWgYR4R/Ku5ga
-o9YWuV2NA3AoQMo6ff6nw0CregpCOpX22v282QlQcJp6tOmudbfNqFb0LnzvQGNt
-AtpQKcjfL0AEhJ1gojwh/NZkAnLLTFvhaNkKFoRYR6XRKBiG6we5H9ufRt5rLS5O
-IJpAOlaGKJ/FFZcaP3AYX0QdZNB27wnFIyEDMpzEI6/EH4X92rhAM7bCfStn/4ig
-nKgunktARGu8wDvys6PV8LQEhc20zUk9NGQeHRahjwV0jpHumGzMyNjDXv1lShXt
-KMsLw7YpvNY9DQ6oITYndJ3yfFgfiCU1K39MFjjfDzKP2yKWreiLvdjV6eGw/lMD
-5sdneL+mUNwqCsmi32rVw9vrIBx47WkU1PUmYnj2M6CslRldptkwjSGALULcpaWg
-QkHoYPFNgW3mWDK55CMJND56+2lL88CKAMNZKwIT/E6cPo80/rDKB99rHZecyqmx
-to8tkmwSS2Qj1kfB8m95Fnh7+Da5g6Ok5w/AmdmjCUWsklJiJmRRBOmSbz75YpPF
-KgBb0wtmda27XRI3CTy2lW3CBReP13mqDWpsAG6UDOjjMZ2OY+n50tyOBzaa4whV
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 22 (0x16)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 14 13:48:12 2009 GMT
- Not After : Mar 14 13:48:12 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:85/0007
-
- Signature Algorithm: sha1WithRSAEncryption
- b1:9e:ce:8d:09:9e:f9:21:6f:be:f2:a7:54:6e:24:82:e3:2b:
- 88:b7:0d:e0:e2:49:33:b4:8b:ad:60:71:cc:20:23:57:cf:17:
- a8:46:c0:a7:1a:5f:8e:8d:1a:cc:0b:1b:da:a4:34:b1:d7:74:
- 1b:a7:e4:71:a1:2d:fd:2e:18:51:02:2c:93:ff:a9:f7:98:bd:
- ed:6b:4c:55:8e:24:f6:97:8e:8a:80:56:52:7a:17:da:94:96:
- fa:27:78:8c:65:40:a6:b1:d2:2a:13:fe:76:c0:0c:f2:04:3f:
- d1:88:25:c3:5a:05:ca:33:d7:bb:27:e2:8b:e8:d4:00:fd:fc:
- b6:a8:9d:27:c2:f9:ea:98:32:79:85:9d:a3:e7:bf:78:65:e8:
- 15:ef:49:48:87:a9:b2:b4:c4:cb:ec:a7:da:90:36:d6:c5:6f:
- ff:c3:85:19:13:0b:27:6a:d3:c4:e7:97:62:08:49:a3:e9:22:
- 9a:3c:d1:91:8f:6e:8e:87:47:0e:38:43:8e:5a:84:f6:9c:24:
- c1:9f:90:29:dc:38:73:72:7d:3f:d6:7f:dd:b3:d1:1d:cf:7b:
- bc:31:a6:6b:b4:be:10:06:94:69:a0:16:ef:bd:e9:e7:a2:8b:
- 18:e1:10:27:7f:9d:8a:f9:60:18:d5:93:54:d6:4e:c2:31:bf:
- 37:00:db:d5:cf:85:da:e9:7b:e4:bb:48:f3:a5:6e:ba:48:1b:
- 50:6a:10:99:f8:77:81:95:78:1b:d0:fe:d0:74:47:28:05:34:
- 32:32:5f:1f:52:42:85:f8:7a:f1:a8:87:ff:2f:6c:ec:83:09:
- 91:85:0a:43:ce:35:a2:7f:94:b6:ae:70:94:b6:0f:c9:c7:8a:
- ee:7c:a7:32:8a:ee:c3:e1:ee:01:34:c1:b8:db:98:80:4c:ac:
- 5f:ac:18:02:fa:f5:c1:36:df:39:57:57:81:b9:26:d0:81:0e:
- 75:79:18:21:29:a6:cb:eb:97:58:f2:dd:8a:88:c1:a2:c7:54:
- 9f:97:89:b1:ef:ff:11:5f:18:0a:cd:25:3e:d8:35:07:45:55:
- 1e:bb:a2:54:fc:66:ac:0f:ac:2a:77:d6:1a:a4:44:cc:5a:49:
- 37:45:70:5b:c9:3d:2c:6d:c1:7e:af:4d:9c:4f:2a:a2:d9:01:
- 3d:e2:7f:a4:f2:4b:d7:60:b1:06:a3:b4:46:35:43:1c:be:79:
- 46:a7:8a:50:ee:22:4f:b8:57:45:c9:83:8a:65:bb:7a:86:b3:
- 30:3a:7c:62:d3:b7:08:34:a7:05:0a:44:a7:57:5c:2b:b6:34:
- 03:ea:3a:61:06:c9:f2:65:16:f2:20:c5:32:0a:61:20:c9:f7:
- 07:2e:e8:d2:f2:67:c4:64
------BEGIN CERTIFICATE-----
-MIID7DCCAdSgAwIBAgIBFjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNDEzNDgxMloXDTEw
-MDMxNDEzNDgxMlowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
-AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjg1LzAwMDcwDQYJ
-KoZIhvcNAQEFBQADggIBALGezo0Jnvkhb77yp1RuJILjK4i3DeDiSTO0i61gccwg
-I1fPF6hGwKcaX46NGswLG9qkNLHXdBun5HGhLf0uGFECLJP/qfeYve1rTFWOJPaX
-joqAVlJ6F9qUlvoneIxlQKax0ioT/nbADPIEP9GIJcNaBcoz17sn4ovo1AD9/Lao
-nSfC+eqYMnmFnaPnv3hl6BXvSUiHqbK0xMvsp9qQNtbFb//DhRkTCydq08Tnl2II
-SaPpIpo80ZGPbo6HRw44Q45ahPacJMGfkCncOHNyfT/Wf92z0R3Pe7wxpmu0vhAG
-lGmgFu+96eeiixjhECd/nYr5YBjVk1TWTsIxvzcA29XPhdrpe+S7SPOlbrpIG1Bq
-EJn4d4GVeBvQ/tB0RygFNDIyXx9SQoX4evGoh/8vbOyDCZGFCkPONaJ/lLaucJS2
-D8nHiu58pzKK7sPh7gE0wbjbmIBMrF+sGAL69cE23zlXV4G5JtCBDnV5GCEppsvr
-l1jy3YqIwaLHVJ+XibHv/xFfGArNJT7YNQdFVR67olT8ZqwPrCp31hqkRMxaSTdF
-cFvJPSxtwX6vTZxPKqLZAT3if6TyS9dgsQajtEY1Qxy+eUanilDuIk+4V0XJg4pl
-u3qGszA6fGLTtwg0pwUKRKdXXCu2NAPqOmEGyfJlFvIgxTIKYSDJ9wcu6NLyZ8Rk
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 41 (0x29)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 23:32:11 2009 GMT
- Not After : Mar 14 23:32:11 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Seventh OCSP Client certificate
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:ab:f9:60:ff:9d:55:0f:31:12:2c:f2:df:64:22:
- fb:c0:97:1d:e4:13:fb:d7:15:37:5d:b9:2d:97:37:
- c4:e8:34:cb:00:85:22:4d:8a:85:80:a1:ae:90:5e:
- 71:bf:6d:0d:a3:c3:8d:ce:47:58:60:25:bb:9c:95:
- 0a:0b:cd:23:01:ae:18:be:d5:65:bd:8b:55:bf:ee:
- 59:8a:db:20:bd:f9:f3:ac:53:2e:09:99:fb:27:7d:
- 23:8b:f6:96:d9:41:37:0a:43:16:1f:f9:5d:84:b3:
- 3b:79:45:ff:dd:b2:35:99:c0:db:85:24:22:a8:7e:
- ff:e0:8b:f2:d8:ca:3e:ae:e5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:86/0008
-
- Signature Algorithm: sha1WithRSAEncryption
- 08:02:c2:09:8a:f6:f1:d7:9e:d3:30:dc:ce:97:fc:84:bd:5b:
- ae:60:39:82:0a:06:38:43:1e:55:de:83:11:d3:12:e0:81:76:
- fd:5c:6e:9e:30:73:6d:8f:b2:32:a6:60:24:24:ee:e3:fd:73:
- 10:12:e6:c7:23:6b:1f:4e:b5:52:e3:12:09:ee:dd:19:d2:b4:
- a6:34:e6:14:3c:79:58:95:4b:25:e3:f6:97:d2:cc:20:93:48:
- 1f:d5:2f:37:db:15:bf:f4:71:ad:04:bd:95:80:57:a5:49:bb:
- aa:ca:f3:ff:af:62:dd:f9:94:75:38:59:6c:74:ef:ac:1e:19:
- 60:6d:4b:be:f7:62:2f:c6:68:b9:c4:fc:8a:fd:9f:b2:4d:44:
- 87:12:51:6e:7d:5f:41:2c:ea:e6:9c:3c:bd:cf:dc:aa:14:b2:
- 34:16:e0:38:b3:8c:f4:d7:68:1f:6c:cc:3c:da:30:32:8e:58:
- 5b:9a:bf:75:7a:38:a3:cf:60:6f:74:cc:a6:c1:55:f6:96:84:
- 98:04:db:b1:07:d6:f6:06:11:af:c2:fb:81:a4:77:04:4d:55:
- 9d:c4:28:d4:3c:d0:97:a0:f8:d4:18:59:cc:23:3a:b3:c0:82:
- ad:1d:e2:4c:e4:da:24:73:cd:77:ab:db:22:07:94:d1:16:26:
- 27:82:e2:d5:82:f9:e1:29:fb:8f:9e:88:a2:1b:5c:8b:31:3c:
- c6:1c:ae:16:31:28:f8:e2:5c:9d:e9:e8:d7:d9:fe:0a:39:3f:
- fa:65:20:53:5e:20:32:4b:b8:a8:4b:a8:b8:e8:f1:3f:0a:80:
- 7d:b4:8c:1b:e6:54:d3:02:d6:56:a3:a6:4e:87:9a:51:ed:0d:
- 52:9b:e1:66:c8:64:c8:95:55:08:aa:f9:c0:9d:5a:89:03:21:
- 6b:29:96:f8:42:64:6a:3f:d5:92:d5:13:00:6c:89:38:ea:01:
- 0d:28:3b:a0:12:e1:cf:cf:fd:10:5e:a3:9b:67:0b:3e:a7:17:
- 7a:de:76:25:26:54:db:0f:a8:f9:e9:50:f0:1e:9a:0d:ad:d6:
- ad:63:32:be:c0:bb:7a:66:be:c9:d3:f2:1e:48:c3:f5:2b:15:
- 4d:39:cc:88:32:65:97:99:01:41:12:07:4e:d7:1d:af:fa:46:
- 29:93:02:70:ed:df:89:a3:d5:50:1c:07:ed:df:f8:5c:d6:11:
- c6:1a:32:e6:2b:e7:49:d8:82:16:dd:41:5d:13:9c:a0:00:68:
- 82:54:f8:5e:2a:81:3e:fe:0b:bf:6e:de:e2:b4:4f:09:31:74:
- 4d:6a:2d:b7:a9:0a:54:f4:a7:1f:63:8a:6e:73:bc:e3:38:9e:
- b8:26:e5:f6:8a:dd:ad:14
------BEGIN CERTIFICATE-----
-MIID7TCCAdWgAwIBAgIBKTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjIzMzIxMVoXDTE5
-MDMxNDIzMzIxMVowZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xKDAmBgNVBAMTH1NldmVudGggT0NTUCBD
-bGllbnQgY2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKv5
-YP+dVQ8xEizy32Qi+8CXHeQT+9cVN125LZc3xOg0ywCFIk2KhYChrpBecb9tDaPD
-jc5HWGAlu5yVCgvNIwGuGL7VZb2LVb/uWYrbIL3586xTLgmZ+yd9I4v2ltlBNwpD
-Fh/5XYSzO3lF/92yNZnA24UkIqh+/+CL8tjKPq7lAgMBAAGjODA2MDQGCCsGAQUF
-BwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovLzEyNy4wLjAuMTo4Ni8wMDA4MA0G
-CSqGSIb3DQEBBQUAA4ICAQAIAsIJivbx157TMNzOl/yEvVuuYDmCCgY4Qx5V3oMR
-0xLggXb9XG6eMHNtj7IypmAkJO7j/XMQEubHI2sfTrVS4xIJ7t0Z0rSmNOYUPHlY
-lUsl4/aX0swgk0gf1S832xW/9HGtBL2VgFelSbuqyvP/r2Ld+ZR1OFlsdO+sHhlg
-bUu+92Ivxmi5xPyK/Z+yTUSHElFufV9BLOrmnDy9z9yqFLI0FuA4s4z012gfbMw8
-2jAyjlhbmr91ejijz2BvdMymwVX2loSYBNuxB9b2BhGvwvuBpHcETVWdxCjUPNCX
-oPjUGFnMIzqzwIKtHeJM5Nokc813q9siB5TRFiYnguLVgvnhKfuPnoiiG1yLMTzG
-HK4WMSj44lyd6ejX2f4KOT/6ZSBTXiAyS7ioS6i46PE/CoB9tIwb5lTTAtZWo6ZO
-h5pR7Q1Sm+FmyGTIlVUIqvnAnVqJAyFrKZb4QmRqP9WS1RMAbIk46gENKDugEuHP
-z/0QXqObZws+pxd63nYlJlTbD6j56VDwHpoNrdatYzK+wLt6Zr7J0/IeSMP1KxVN
-OcyIMmWXmQFBEgdO1x2v+kYpkwJw7d+Jo9VQHAft3/hc1hHGGjLmK+dJ2IIW3UFd
-E5ygAGiCVPheKoE+/gu/bt7itE8JMXRNai23qQpU9KcfY4puc7zjOJ64JuX2it2t
-FA==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCr+WD/nVUPMRIs8t9kIvvAlx3kE/vXFTdduS2XN8ToNMsAhSJN
-ioWAoa6QXnG/bQ2jw43OR1hgJbuclQoLzSMBrhi+1WW9i1W/7lmK2yC9+fOsUy4J
-mfsnfSOL9pbZQTcKQxYf+V2Eszt5Rf/dsjWZwNuFJCKofv/gi/LYyj6u5QIDAQAB
-AoGATwAeWQ5TdskaCl//0yZm9A/3gUDU3fc3GezpTqAl6m3mG3UNTwWlUnPzlwpr
-wn48V9CLogkQRgrPZpzoooc33trobB4AOArUwvmOpvfUTV6QfqgqKetBoWkRbnW2
-bRPSg+6Au8WhS97WYjMJishKsqgJSxzM/O8ZGD0rypiHG8ECQQDVGGBveE6MUIgg
-UisnkmB/bgdLwfM9h5hTWMvorS66QLJeMbYUBzPRsQbzjaplvqwc/MhNNFa+bW4h
-tBpMGkbpAkEAzpl8u/pXWR1IsIrl8nyVRRJQCqElrAds/biF7uKeYeQzDJjRLHdy
-8a2KEXL79fCEagf4BYuMIpSp1lJWcZxinQJBAJxefe1uT91g/vMQuMAaBpubxtjN
-ostk499NSpwb8S0Vao36Vo0N1/WovNwd+Ysdxriiue0FWh30uRscSSvNIHkCQAtT
-nOQNaIaJNXgAVXUC4Ygk5eB/TzpsOcx7NlSPdhF12lqhci5W6iVX1073l9q28fuC
-LlXXfbpTnjAS2Yxm/30CQAPX7Gx0QbM+juuMhZXNUSZdGXgRe59Y0sDRqJ8WPAUR
-6ADfsota0RF80sIFT0NJLe1AIjaC/U5hlFrCtEceov8=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFMDCCAxgCCQDyW0BbwrfQZDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJL
-UjETMBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNV
-BAoTDVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwNjA3MjIxNFoX
-DTE5MDMwNDA3MjIxNFowWjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2kt
-RG8xETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMQsw
-CQYDVQQDEwJDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMXhh68a
-WUeOMDqFnGm1yuqgKJ5gL7aLXkLvaoptZnZchTi+LbzDEIhAyHLVZhzW5TTalY9I
-svqIB+vax6kYSJl1vzIqha7dBsHcftCqJqlDwl35pPOOfDJBcMjd211arVe/7XHI
-sdTmOaGpBVF/7WGMGgla9HIFLnr/EocSdxq/tyU82TPHBpTfjOnkXxuZLkvcTBdm
-2e3Za6iLoXZBUwqAEbbfTQnsBClcBgUyaVR1bxwLjEbjmg8N9RvpHSNDhVBQkjRg
-80znryxojICHB3JplfNBFGJ+PtymRXQEouvzZRiy0tLRHydvULO1hsVO/mGtaKyh
-FILUkn240w1u8aiyM/7a1VEy+hYS4lLOiQnbCsZI6gWdzmroa1tBOOV3mjTb0tjn
-xIGbGu2fnEQMrKhRBN1l04hELBlTUqGgvXqWBgYB03uaHt61Ul4HjAPqLWkmWu/C
-ZlEO6ewoCoJHCPR0Z89gGdrcMzJBaF2dsceurIcYL+rSlALTkpo3SiQiRlqcNSQQ
-UUhFcE+fsQq050gXxk6AMjZi3EZC/Lj2Z/oYcf5hiwt7gnzMux5A0Mxob8g4gRGI
-hOOxDxZg53X9frdTW6xnMTGHq2mqmVtQnquvz6MNcDw7cnJBUQkUWHkq4wvL3y6z
-bhBFUXsX7gBKox0JMY3PHeH+untLNoWdi9F9AgMBAAEwDQYJKoZIhvcNAQEFBQAD
-ggIBAHVU/HAqDC+bX8J0Nt7y0jO1ioUun6qPzjcQ9QRYjZ71JrsRbTgNmYkKtBi1
-8TZ/Dyq27OO612N4qrGe8dZwTK7z8bhVv4+mjgpP/uyO1woLDpYof26z09cfYd3z
-J0OE7Ta0/OlMYCDWl6ORPCNkfv7Bj0cS/XsJczfJAaPdyUozTR6Jl4qARHgS07H4
-ITZGnzPSk34AhJdZFVcnepCSjb4eXTJw1xjAd/OIaD8qtAnrrx/RnWAiii7BIUN/
-O6oOBSumPIrzBbgOJ96KyE5DDaoaECBWEFeyLsXk9PW3PC4CcPrTW1qjkr2cFrPm
-oYhIb2NkYQzpx36wLqG9tiGGiO8BFmyDjffAu8rBvMIFDGjy62fA+n/BMyrfxrQ3
-bKPt/GVHEEhhpNVAF+aRdJk7UtirLIrOYnRJDcbi51ZYiLpogmsH0PZ7JcC2ZkCb
-w753asG0K48OcRNw4c2D0tOXWUE+pkTjbE4HUD4xU+of3x3V98xHghd2G8MOMoRL
-M4tcK/zs76pOY6gfNuZe8nN/9RI+gsiiswWLkSBDEJEAEngZchdmd0I+8ed9qKW8
-Sm+85bfdya+Pbl858kubbkVup8wdl6wfILV+1XZOks1enknQYbls6Gx6mF9Llx1h
-mEHwvjERzOA7ykbVsRj/42Rn4g6JNEzJIZCsaSowk1zt0imn
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD
-VQQDEwxDZXJ0IENoYWluIDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMe1
-y9pN5QxRxXP50eN0G1usaTIVMbxvSvM62+uLYBoF/AcNHKH89yAuZZUYYfLuOH6N
-6Q/7oedTTWr+xLM5u2/5FLGvEyUM87IM6GPfiNtVTdKVYa1H/eUE/Wzvy9rPThrh
-mA/dfgEwFcQV6c269viBSzUVLpEFZNOGxZ4NrV5pAgMBAAGgADANBgkqhkiG9w0B
-AQUFAAOBgQBLCg6kFYFJpEjLdeXsScF/NQ1oBOxzF3GsEfhV1fwErLk9fvW4xep8
-CkzYzXbvZrrW1MLYgj0Bp0A3HJjnLttZXLXB2rmgwvWdcap7QziypjoR2R2GmPhm
-4iVZyKpVW19lV3ofUHLU6TTbP0wC3LGfQoSZv80Tp6mBdtwccQGDHQ==
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 50 (0x32)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 24 07:30:26 2009 GMT
- Not After : Mar 24 07:30:26 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 1
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c7:b5:cb:da:4d:e5:0c:51:c5:73:f9:d1:e3:74:
- 1b:5b:ac:69:32:15:31:bc:6f:4a:f3:3a:db:eb:8b:
- 60:1a:05:fc:07:0d:1c:a1:fc:f7:20:2e:65:95:18:
- 61:f2:ee:38:7e:8d:e9:0f:fb:a1:e7:53:4d:6a:fe:
- c4:b3:39:bb:6f:f9:14:b1:af:13:25:0c:f3:b2:0c:
- e8:63:df:88:db:55:4d:d2:95:61:ad:47:fd:e5:04:
- fd:6c:ef:cb:da:cf:4e:1a:e1:98:0f:dd:7e:01:30:
- 15:c4:15:e9:cd:ba:f6:f8:81:4b:35:15:2e:91:05:
- 64:d3:86:c5:9e:0d:ad:5e:69
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 0a:20:59:10:b7:68:03:8d:c5:82:bf:b2:4d:4e:a5:0b:54:51:
- 27:4d:ec:86:a8:f0:5c:e8:8d:20:23:f5:81:c2:61:7a:40:2c:
- dc:bd:dd:7e:d1:f1:4e:70:4c:77:7b:11:ed:1b:4b:a6:1e:4d:
- 6d:9b:f4:99:81:39:a3:3d:cd:fc:1f:ce:16:62:05:c4:99:1c:
- 68:e3:98:d6:47:ea:73:e4:b0:70:d3:fa:23:b9:4d:8a:09:91:
- 66:ef:57:cb:68:1c:39:c3:5c:c3:92:a3:d0:c5:db:65:af:e2:
- 18:62:73:e4:aa:be:c7:e6:a5:7b:e7:31:f0:30:3e:2a:0c:1a:
- 21:f1:1e:19:5f:12:b7:31:58:93:46:12:f0:7e:a8:73:46:a1:
- df:2b:c3:8c:c1:ea:0f:a3:29:20:e3:ee:ad:6f:d4:a1:db:f9:
- 76:d1:20:71:78:a1:b9:fb:b2:27:df:61:5a:00:17:38:29:f7:
- 65:14:98:26:87:83:a2:84:31:1c:a2:22:12:2f:9a:1d:fa:bd:
- 55:0c:f3:71:10:bb:f5:42:a4:12:01:61:87:2b:3e:46:bd:ad:
- 4b:6b:07:e3:64:30:3a:1f:57:b8:26:44:27:de:c3:8e:07:c6:
- 24:06:97:4a:10:4e:7a:b5:60:d9:b2:4d:4d:ad:38:6f:0e:41:
- db:f4:a8:51:81:42:79:fd:c5:94:67:8f:21:d5:05:bc:7b:b8:
- f3:94:8b:39:0c:30:7b:42:09:0f:77:0e:7e:93:e8:35:b0:ac:
- 00:e0:4d:03:a6:3c:f3:96:bf:23:06:95:0d:bb:20:26:9c:7b:
- 86:6c:f6:ff:84:65:a8:35:de:ad:c8:c6:57:c1:00:ae:61:4e:
- 2a:0c:67:f0:9a:e3:36:4a:45:5f:3f:1f:20:13:fe:0a:f9:7d:
- b5:a4:ba:ba:b5:f6:09:9e:40:fb:c6:d6:f5:74:d4:ea:0d:4b:
- 53:32:89:3d:7b:f5:c3:42:3d:57:69:76:07:28:1a:62:f7:24:
- c3:a1:cf:6c:77:d6:6e:98:9a:ce:4f:59:e2:94:d7:8d:80:40:
- f4:eb:84:40:ca:7e:67:0e:58:7c:b8:12:e0:8e:f1:67:05:5e:
- ff:b4:5e:84:cf:3a:af:d1:26:49:91:8c:60:3c:c6:8a:ed:3f:
- be:30:0c:f0:1e:62:1d:61:cd:00:d5:7d:97:47:c6:28:94:90:
- 91:47:a1:18:6e:8a:97:6c:51:f4:52:0b:69:d3:c0:4b:2b:7a:
- 1b:cf:3a:7d:d4:56:a5:b4:df:95:d9:b7:db:c1:ee:4c:72:27:
- 21:b4:19:06:de:57:19:e3:7f:22:11:72:9f:01:68:9d:a5:aa:
- d2:85:85:b8:59:15:c6:24
------BEGIN CERTIFICATE-----
-MIID2jCCAcKgAwIBAgIBMjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMyNDA3MzAyNloXDTEw
-MDMyNDA3MzAyNlowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gMTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAx7XL2k3lDFHFc/nR43QbW6xpMhUx
-vG9K8zrb64tgGgX8Bw0cofz3IC5llRhh8u44fo3pD/uh51NNav7Eszm7b/kUsa8T
-JQzzsgzoY9+I21VN0pVhrUf95QT9bO/L2s9OGuGYD91+ATAVxBXpzbr2+IFLNRUu
-kQVk04bFng2tXmkCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAB
-hhhodHRwOi8vMTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADggIBAAog
-WRC3aAONxYK/sk1OpQtUUSdN7Iao8FzojSAj9YHCYXpALNy93X7R8U5wTHd7Ee0b
-S6YeTW2b9JmBOaM9zfwfzhZiBcSZHGjjmNZH6nPksHDT+iO5TYoJkWbvV8toHDnD
-XMOSo9DF22Wv4hhic+SqvsfmpXvnMfAwPioMGiHxHhlfErcxWJNGEvB+qHNGod8r
-w4zB6g+jKSDj7q1v1KHb+XbRIHF4obn7siffYVoAFzgp92UUmCaHg6KEMRyiIhIv
-mh36vVUM83EQu/VCpBIBYYcrPka9rUtrB+NkMDofV7gmRCfew44HxiQGl0oQTnq1
-YNmyTU2tOG8OQdv0qFGBQnn9xZRnjyHVBbx7uPOUizkMMHtCCQ93Dn6T6DWwrADg
-TQOmPPOWvyMGlQ27ICace4Zs9v+EZag13q3IxlfBAK5hTioMZ/Ca4zZKRV8/HyAT
-/gr5fbWkurq19gmeQPvG1vV01OoNS1MyiT179cNCPVdpdgcoGmL3JMOhz2x31m6Y
-ms5PWeKU142AQPTrhEDKfmcOWHy4EuCO8WcFXv+0XoTPOq/RJkmRjGA8xortP74w
-DPAeYh1hzQDVfZdHxiiUkJFHoRhuipdsUfRSC2nTwEsrehvPOn3UVqW035XZt9vB
-7kxyJyG0GQbeVxnjfyIRcp8BaJ2lqtKFhbhZFcYk
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDHtcvaTeUMUcVz+dHjdBtbrGkyFTG8b0rzOtvri2AaBfwHDRyh
-/PcgLmWVGGHy7jh+jekP+6HnU01q/sSzObtv+RSxrxMlDPOyDOhj34jbVU3SlWGt
-R/3lBP1s78vaz04a4ZgP3X4BMBXEFenNuvb4gUs1FS6RBWTThsWeDa1eaQIDAQAB
-AoGBAITKrA6vRsLnSGyyS057cImHXbdQgm6ybdrHY13+odsL6aXioQxRAR1j3GXD
-/bUjk2sK/1KCVghTyqF/X9lwZOGFOM5XsyptHxF/afgBljGzZwW21GBG4hSfSOjm
-+yL2Xhlejol1GbC3D9jLksxrfcKuVFkXbBJVYp1dQ+9wBWvRAkEA8AwIpeMYz4/B
-W83f2FnK81ETeO8DKldFQADlgv4q3F/un2oSCxBglyyq0i7JjdK2/kgxHN62zsxZ
-LeDZUr1z5QJBANT7gO03J8jODO8wqqaS63T/0vxoMHrAF/l/NC0Fpk5AZutDvsn9
-yWLy0PNwJlLzKo8XBCjIY9wVxiwS9/Ic4DUCQFWUpLyns1/Eq7YUNvsGQFHxFNUn
-uWQuCvVfnHPQM+2vkf5prZceNqGO/jPDFH6ooi8UA9Z8HIar2ht+L1zNSHUCQQDI
-Ifk5bv2sfKq8zH9e/WnRzF7nHcSIZB9jLDvMHqXynCPZ6RPL3PWzTDY6uuTYR3Vz
-dg5LgFoNwkwwuDZTRP0NAkAUHcJbjs2ey95utZ/to9Cl+ztaJWoa83dSQCx978l0
-a9O/kVYympJTHCnL8mU9QqePQvJjtgBY4ypcsaJ2luFV
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBpTCCAQ4CAQAwZTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRYwFAYD
-VQQDEw1DZXJ0IENoYWluIDEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa
-eurpTfFGrr35DIHe/fTPE/x0VBv3+9Ow9q4y/hcN35Hid8e3ZItTSLJQxhDTTcLC
-nlPRrzv+0MNkv5VIo16FKffDGUxUCXpCgby58GPrCpA8nfoluO6AUMG5wo0o66Qb
-iLUvDDAEjJeoqZonfFp5A0n87IE5YRxSm5ea8FTbLwIDAQABoAAwDQYJKoZIhvcN
-AQEFBQADgYEAm45LnopOspLWfwwEJxCYyX/DmQ8v7bsm50hvVAn71/Zh9GiD3cnV
-fgsyNQsoPR56gnh9y8QJvZjfUzQue37ueMZyXegCbgn2/bh51HaS3cW6R8Tbq5vq
-PBpU1sXVSRyBK1iqH8DoBH8O5f0a1Tf4vI8k36j/pS3UWZW5T+2Kj9U=
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 55 (0x37)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 9
- Validity
- Not Before: Mar 24 07:09:56 2009 GMT
- Not After : Mar 24 07:09:56 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 10
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:da:7a:ea:e9:4d:f1:46:ae:bd:f9:0c:81:de:fd:
- f4:cf:13:fc:74:54:1b:f7:fb:d3:b0:f6:ae:32:fe:
- 17:0d:df:91:e2:77:c7:b7:64:8b:53:48:b2:50:c6:
- 10:d3:4d:c2:c2:9e:53:d1:af:3b:fe:d0:c3:64:bf:
- 95:48:a3:5e:85:29:f7:c3:19:4c:54:09:7a:42:81:
- bc:b9:f0:63:eb:0a:90:3c:9d:fa:25:b8:ee:80:50:
- c1:b9:c2:8d:28:eb:a4:1b:88:b5:2f:0c:30:04:8c:
- 97:a8:a9:9a:27:7c:5a:79:03:49:fc:ec:81:39:61:
- 1c:52:9b:97:9a:f0:54:db:2f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 81:7f:37:9d:a6:8f:7d:f1:03:b0:78:a3:44:7e:c1:31:27:f0:
- 73:51:eb:55:76:3f:1b:a5:59:0f:5b:ab:2f:ff:72:9d:8a:46:
- af:30:a4:c1:6a:25:1c:04:b9:22:14:b8:39:52:f1:4f:f0:24:
- eb:f0:5f:62:79:24:c2:ec:84:92:87:5d:9c:05:87:e8:b1:71:
- a7:30:fc:03:2d:9f:c5:3b:7c:58:7e:7a:86:75:50:ad:14:5e:
- f9:69:c4:49:1e:58:33:da:5f:eb:bc:c5:ac:10:2a:dd:3c:87:
- 1c:0f:aa:37:93:c0:68:4c:3d:b4:0c:30:78:63:af:8a:f4:80:
- e8:8e
------BEGIN CERTIFICATE-----
-MIICUTCCAbqgAwIBAgIBNzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
-A1UEAxMMQ2VydCBDaGFpbiA5MB4XDTA5MDMyNDA3MDk1NloXDTEwMDMyNDA3MDk1
-NlowUjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xFjAUBgNVBAMTDUNlcnQgQ2hhaW4gMTAwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBANp66ulN8UauvfkMgd799M8T/HRUG/f707D2rjL+
-Fw3fkeJ3x7dki1NIslDGENNNwsKeU9GvO/7Qw2S/lUijXoUp98MZTFQJekKBvLnw
-Y+sKkDyd+iW47oBQwbnCjSjrpBuItS8MMASMl6ipmid8WnkDSfzsgTlhHFKbl5rw
-VNsvAgMBAAGjODA2MDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDov
-LzEyNy4wLjAuMTo4OS8wMDAyMA0GCSqGSIb3DQEBBQUAA4GBAIF/N52mj33xA7B4
-o0R+wTEn8HNR61V2PxulWQ9bqy//cp2KRq8wpMFqJRwEuSIUuDlS8U/wJOvwX2J5
-JMLshJKHXZwFh+ixcacw/AMtn8U7fFh+eoZ1UK0UXvlpxEkeWDPaX+u8xawQKt08
-hxwPqjeTwGhMPbQMMHhjr4r0gOiO
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDaeurpTfFGrr35DIHe/fTPE/x0VBv3+9Ow9q4y/hcN35Hid8e3
-ZItTSLJQxhDTTcLCnlPRrzv+0MNkv5VIo16FKffDGUxUCXpCgby58GPrCpA8nfol
-uO6AUMG5wo0o66QbiLUvDDAEjJeoqZonfFp5A0n87IE5YRxSm5ea8FTbLwIDAQAB
-AoGBALyImbKeifi+zjzeKCwv5lPUIWSZOFF0xKbPGF/0mBxms1NEndmKMBi8gPPn
-F5ngXpLnYdluaE1qBVMpaD94ixSyDPpma813+TpeuTiyBsTDEWuBmRFkqNLP/G4d
-r6t5QI70416sfeMoDHwLygrFAGhQ+Kd1E7PtuSP+zcEWhK2BAkEA+FPGot/RW5Nv
-geG7v5FlU2Qu/uJHbR4f7yVbHopYh94ulJM3EyLvqbzNguS9RztcdQxt18IBoRLu
-Q1a5bdhrIQJBAOE7DnRG/n5AQpmAMObQaMp9sXafVly3KltLiEkJEImGdgg2H43y
-tf+1mfBoFpGF7tI574bprFT+p/IpG4D+TE8CQFWhVeK+OUxRx+bKt1o0wfMCne4I
-i0bGV464m/YpEKQxanCTXy97IZevYlKbm+VfQ9+c3JfE75jilUSlOCX3teECQQDb
-l1CIXY9SWCSWtDz5TMheZB3ZoY/55TsOt52wV34gF1CMwPgS1UhMfyoPEeyvBP3L
-SWEXEExMsdvcZefC5CxRAkEArkFcrJ8KTJii0neLhFi1UkuKdoGxeVx9TGikV/fr
-wXVLTrG/SyVKjWH+qMyN4B1i23MQsdBtnL6e1+q4tXcwTQ==
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD
-VQQDEwxDZXJ0IENoYWluIDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANte
-pqtg84X2DQcXjK5SeBN1IYzTSiDRDYriNJX/0jEp52LprM5ept33oDjzlrIkBrbI
-xgZXuvDwaQh6wb+HywYrevyBJjaBRgSbmR8fDjYFr33yV/smHaWjW69wHW9VK9bf
-O91LUR4XpomUXhacCP3ZXB6tefFbQsI3WXPZ5bVlAgMBAAGgADANBgkqhkiG9w0B
-AQUFAAOBgQBp9/rm/8Gr74HMFqeYZLcW8UuIi3hykrWlQCCLPgTl8eWc7gYRBVQ+
-cbvSj06cpf0oKivPVfHWTj40e+wG4pWD3czl3KlGpRqPNRM6AzwkRWHZEzlyQ82n
-l3URQ1VRDeuXNhJxUM632NDKFmKK7vil2vjOguLYFTuJhKnHahaLYw==
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 47 (0x2f)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 1
- Validity
- Not Before: Mar 24 07:09:44 2009 GMT
- Not After : Mar 24 07:09:44 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 2
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:db:5e:a6:ab:60:f3:85:f6:0d:07:17:8c:ae:52:
- 78:13:75:21:8c:d3:4a:20:d1:0d:8a:e2:34:95:ff:
- d2:31:29:e7:62:e9:ac:ce:5e:a6:dd:f7:a0:38:f3:
- 96:b2:24:06:b6:c8:c6:06:57:ba:f0:f0:69:08:7a:
- c1:bf:87:cb:06:2b:7a:fc:81:26:36:81:46:04:9b:
- 99:1f:1f:0e:36:05:af:7d:f2:57:fb:26:1d:a5:a3:
- 5b:af:70:1d:6f:55:2b:d6:df:3b:dd:4b:51:1e:17:
- a6:89:94:5e:16:9c:08:fd:d9:5c:1e:ad:79:f1:5b:
- 42:c2:37:59:73:d9:e5:b5:65
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- c1:6c:a1:95:34:3e:32:74:35:1a:cb:76:24:cb:1b:e2:a0:ff:
- 6a:78:ef:8d:7f:dd:40:3f:39:85:aa:19:a9:e5:ce:ca:c4:2d:
- b8:6c:6d:d4:e9:b1:a2:45:94:16:d7:8b:23:3a:d3:7f:6d:b0:
- 8a:7c:ed:2e:6c:e3:ba:dc:3c:25:4b:13:f4:28:a4:f9:87:b4:
- 69:b5:51:4d:da:d4:7e:9e:0f:99:6e:1a:5a:5f:b5:dc:f2:7b:
- d5:8f:57:39:61:e3:a8:2e:bc:8a:b7:9d:d3:21:58:81:12:b9:
- e5:bc:b9:fc:bd:39:2d:e8:8b:c0:49:bc:ba:16:ee:43:58:d9:
- 93:82
------BEGIN CERTIFICATE-----
-MIICUDCCAbmgAwIBAgIBLzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
-A1UEAxMMQ2VydCBDaGFpbiAxMB4XDTA5MDMyNDA3MDk0NFoXDTEwMDMyNDA3MDk0
-NFowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gMjCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA216mq2DzhfYNBxeMrlJ4E3UhjNNKINENiuI0lf/S
-MSnnYumszl6m3fegOPOWsiQGtsjGBle68PBpCHrBv4fLBit6/IEmNoFGBJuZHx8O
-NgWvffJX+yYdpaNbr3Adb1Ur1t873UtRHhemiZReFpwI/dlcHq158VtCwjdZc9nl
-tWUCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
-MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAwWyhlTQ+MnQ1Gst2
-JMsb4qD/anjvjX/dQD85haoZqeXOysQtuGxt1OmxokWUFteLIzrTf22winztLmzj
-utw8JUsT9Cik+Ye0abVRTdrUfp4PmW4aWl+13PJ71Y9XOWHjqC68ired0yFYgRK5
-5by5/L05LeiLwEm8uhbuQ1jZk4I=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQDbXqarYPOF9g0HF4yuUngTdSGM00og0Q2K4jSV/9IxKedi6azO
-Xqbd96A485ayJAa2yMYGV7rw8GkIesG/h8sGK3r8gSY2gUYEm5kfHw42Ba998lf7
-Jh2lo1uvcB1vVSvW3zvdS1EeF6aJlF4WnAj92VwerXnxW0LCN1lz2eW1ZQIDAQAB
-AoGAfGJmzrXiXwrsyCCqPA222BGKPHdxiLoAm8c3WfX8ELRZ5tPoj/tLUoCd8Kzt
-vYR/6hRddCs6bHNkmtJAGYG9s20fU7o6TrFJd/l4qjYVNl9cxKaWoMXN3xmANrFD
-3ZiXOotSQrNCqJdllg6AvezCNRL1yDGppWXAL7TM2OGxTAECQQDwYJPFSid+CMR3
-fQTvQBsmdsrUSHaDIENMYHAfq2BqWYIkNRL2PHmhfiQ5yepi1MzQ2clq+2Gbvl8K
-zmMkiEcFAkEA6aCMYZkXCM33+lRnBd447qGpj0uYgH+VGmq9WPhugfag/UtdVfsL
-H3pBnMcfLctot4dFgFGKaAOpMDRVVZBC4QJABQwCDkJgUeUdOuUFFYDjEQutdoeO
-9XHX9+KOeBvBCnqWoOv8We8rHpjnac8zfJ+7LSdlczmT8xEsLa3npvy1gQJAXaBR
-oetQJ98jOdcJUni0KC3xXdPV0elPP773Eui8oKjN67SAOyzYUE0WblX+UMPru2Ei
-oUIMTZLqAr92U0v1AQJAchSMGsAOQ113Ck4O5AWOkegz9EZFkCs9g1kmNxBmLVtv
-11Jw1oMbJG+03OnXyf55zRroTCXqqt8GZUSQrVOg9A==
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD
-VQQDEwxDZXJ0IENoYWluIDMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMY9
-x+UPx1koqrb8XtANlW3fjIJCbe+prVGsc8HhCqGOgG6sCjVVYT1EMkbZ9wNLMbDi
-orP4kUvjXB1c4EhRUZoGQRriTEVcwCqGRETOAQJW5ptLjV5Jp/lAGwCTkdYuJJ8f
-BFnraFH+dLoSsLh9e8KV/6an/d6KoWn7gIWlpkNPAgMBAAGgADANBgkqhkiG9w0B
-AQUFAAOBgQBj+KktKrbneMSXk1AqRHqT1CyMjwgWmHsEkzsvey/hitowV7vypOGh
-WjBwRJ1SrjZcn54Z+70CcM1Nv4qwSMOK3HhidwAH203CCAgMQoGmH9qYnQ2fbMgr
-DuwIQJbr0Gvm2zvz5Xrvj78OrnhX/X3YjWLtVhh1XeoUCTo8HVrgaA==
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 48 (0x30)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 2
- Validity
- Not Before: Mar 24 07:09:46 2009 GMT
- Not After : Mar 24 07:09:46 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 3
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c6:3d:c7:e5:0f:c7:59:28:aa:b6:fc:5e:d0:0d:
- 95:6d:df:8c:82:42:6d:ef:a9:ad:51:ac:73:c1:e1:
- 0a:a1:8e:80:6e:ac:0a:35:55:61:3d:44:32:46:d9:
- f7:03:4b:31:b0:e2:a2:b3:f8:91:4b:e3:5c:1d:5c:
- e0:48:51:51:9a:06:41:1a:e2:4c:45:5c:c0:2a:86:
- 44:44:ce:01:02:56:e6:9b:4b:8d:5e:49:a7:f9:40:
- 1b:00:93:91:d6:2e:24:9f:1f:04:59:eb:68:51:fe:
- 74:ba:12:b0:b8:7d:7b:c2:95:ff:a6:a7:fd:de:8a:
- a1:69:fb:80:85:a5:a6:43:4f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 87:26:72:c1:5b:e8:04:3a:3f:c5:65:24:17:7a:e5:40:67:f3:
- 1e:cd:91:0c:75:bd:aa:14:61:d1:1a:2c:d7:11:21:bb:a3:70:
- 92:54:e5:3d:30:d1:b5:50:73:72:1b:72:e8:47:b0:af:a9:85:
- f5:e4:d5:53:d5:db:4d:88:48:00:4c:69:32:ab:f2:a8:d0:57:
- 90:c6:24:fc:7b:77:de:6c:dd:c5:c9:6e:5b:21:15:73:4d:4d:
- f7:a3:ca:31:60:84:24:e9:4d:21:fc:88:ce:13:99:35:76:4c:
- e7:26:47:43:a7:eb:79:bd:7e:aa:80:48:ad:5c:46:ae:ab:74:
- 9e:29
------BEGIN CERTIFICATE-----
-MIICUDCCAbmgAwIBAgIBMDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
-A1UEAxMMQ2VydCBDaGFpbiAyMB4XDTA5MDMyNDA3MDk0NloXDTEwMDMyNDA3MDk0
-NlowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gMzCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAxj3H5Q/HWSiqtvxe0A2Vbd+MgkJt76mtUaxzweEK
-oY6AbqwKNVVhPUQyRtn3A0sxsOKis/iRS+NcHVzgSFFRmgZBGuJMRVzAKoZERM4B
-Albmm0uNXkmn+UAbAJOR1i4knx8EWetoUf50uhKwuH17wpX/pqf93oqhafuAhaWm
-Q08CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
-MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAhyZywVvoBDo/xWUk
-F3rlQGfzHs2RDHW9qhRh0Ros1xEhu6NwklTlPTDRtVBzchty6Eewr6mF9eTVU9Xb
-TYhIAExpMqvyqNBXkMYk/Ht33mzdxcluWyEVc01N96PKMWCEJOlNIfyIzhOZNXZM
-5yZHQ6freb1+qoBIrVxGrqt0nik=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDGPcflD8dZKKq2/F7QDZVt34yCQm3vqa1RrHPB4QqhjoBurAo1
-VWE9RDJG2fcDSzGw4qKz+JFL41wdXOBIUVGaBkEa4kxFXMAqhkREzgECVuabS41e
-Saf5QBsAk5HWLiSfHwRZ62hR/nS6ErC4fXvClf+mp/3eiqFp+4CFpaZDTwIDAQAB
-AoGBAIJPyj7AiIILQWzXqFuLElcPRAW8NRf9qXiuq8kebSaVzcbyQCOe5DSpx4Lb
-dIwtuZRU5i73jkscQUjr7GKdUc2NHvCDQzjnk7S5uu8NFiHXqVXDJxHwAZI0svzD
-vFilu2E3r9Wj7dZa7l4uSEXLyagdwo0bD2xcrdwnyu5qLTuBAkEA7CUIGOEAK7ly
-Xweti+/fnni6cznMmWi1DDeM39GtbxHI3oPa2d7Ddkn5ZWRtFbIepLWi5+k6Xzpz
-fkCaA3js9wJBANbo4y/L/QKNhASI70DlKwFiJr+4RmQ1739l2BDHW+8crw+sM3VZ
-exVtHHKw6U6wqLMvzaojVZwnEJo05uWQ/mkCQGU7jtgThN45ttUUVoq5/3RRLyT8
-b0CIyax+F+9PVPlbd3AkuGpT/Bk2pyqXPchiPo6/qyGeMz7lsOM70IqSiYsCQGUU
-6u6rSpityT98zNPANmcTLFiWqv0tZTWNyH+z1Sj1W93KR/XVHZBpXq0PSt1JOD/3
-pwt0TSsCMMvnQAcQGKkCQCXU5eHdRmhCp9Eei5+fI+XUhBLkqzyrqlK1NVijgXTE
-kSXhaQWG9iLDDNgSkO6ofCPOTwcfIteXnc1OjGB/0Jk=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD
-VQQDEwxDZXJ0IENoYWluIDQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALoF
-MPZlb8bkVABxHIVsXlpCZ99m4qNpvoXZhMCLG71N8u/fAdNlM/lmmgh54SFuiuY8
-3JbyQ+kyaJ0GBtf8+9LaWBaBGczXQyD0hcEDmzTAbHqhGV1PQYz7dH1Mhshv+fLI
-1DjMwEQLwLANSCssxp+SIS2A3Uu92uJ9rfVdp6V/AgMBAAGgADANBgkqhkiG9w0B
-AQUFAAOBgQCDwFPg48L29Vm880XqQ9ngfj9ylWk3wbW4SFnSNVRoC7g476/dNg7R
-lMyuzHOGYWPQUDUBB9hrlIgOo11jihD3VMVSZRfz4U/+yPq6AU6J5QB8p8ibz5gE
-sjyUHkuc9lwniTtZvqbVuvXM73UlqQJ3Y5OCW1nrAE5eoaH9Zr7ifg==
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 49 (0x31)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 3
- Validity
- Not Before: Mar 24 07:09:47 2009 GMT
- Not After : Mar 24 07:09:47 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 4
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:ba:05:30:f6:65:6f:c6:e4:54:00:71:1c:85:6c:
- 5e:5a:42:67:df:66:e2:a3:69:be:85:d9:84:c0:8b:
- 1b:bd:4d:f2:ef:df:01:d3:65:33:f9:66:9a:08:79:
- e1:21:6e:8a:e6:3c:dc:96:f2:43:e9:32:68:9d:06:
- 06:d7:fc:fb:d2:da:58:16:81:19:cc:d7:43:20:f4:
- 85:c1:03:9b:34:c0:6c:7a:a1:19:5d:4f:41:8c:fb:
- 74:7d:4c:86:c8:6f:f9:f2:c8:d4:38:cc:c0:44:0b:
- c0:b0:0d:48:2b:2c:c6:9f:92:21:2d:80:dd:4b:bd:
- da:e2:7d:ad:f5:5d:a7:a5:7f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- b6:bc:69:88:2c:7a:dd:69:8b:90:cf:a8:ec:33:db:ad:10:06:
- ad:d2:94:ee:cf:d3:33:97:ac:60:38:e0:5a:a4:7b:d0:ca:a7:
- 5c:19:be:93:1c:61:85:14:08:f0:35:44:99:d4:7e:b0:fb:be:
- 4e:5c:18:a9:b9:b5:9a:91:4e:d1:e1:44:8d:ec:ca:4e:eb:6e:
- 17:27:76:0d:57:ad:cf:32:e4:a5:bc:b6:ad:22:e5:27:6d:11:
- 81:4d:4c:09:14:ea:11:7c:81:14:5e:fb:95:4d:f3:1d:5d:d0:
- f9:b6:45:e7:c5:c6:40:21:64:60:2e:71:1f:32:dc:21:fe:5c:
- 45:da
------BEGIN CERTIFICATE-----
-MIICUDCCAbmgAwIBAgIBMTANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
-A1UEAxMMQ2VydCBDaGFpbiAzMB4XDTA5MDMyNDA3MDk0N1oXDTEwMDMyNDA3MDk0
-N1owUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNDCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAugUw9mVvxuRUAHEchWxeWkJn32bio2m+hdmEwIsb
-vU3y798B02Uz+WaaCHnhIW6K5jzclvJD6TJonQYG1/z70tpYFoEZzNdDIPSFwQOb
-NMBseqEZXU9BjPt0fUyGyG/58sjUOMzARAvAsA1IKyzGn5IhLYDdS73a4n2t9V2n
-pX8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
-MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAtrxpiCx63WmLkM+o
-7DPbrRAGrdKU7s/TM5esYDjgWqR70MqnXBm+kxxhhRQI8DVEmdR+sPu+TlwYqbm1
-mpFO0eFEjezKTutuFyd2DVetzzLkpby2rSLlJ20RgU1MCRTqEXyBFF77lU3zHV3Q
-+bZF58XGQCFkYC5xHzLcIf5cRdo=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC6BTD2ZW/G5FQAcRyFbF5aQmffZuKjab6F2YTAixu9TfLv3wHT
-ZTP5ZpoIeeEhbormPNyW8kPpMmidBgbX/PvS2lgWgRnM10Mg9IXBA5s0wGx6oRld
-T0GM+3R9TIbIb/nyyNQ4zMBEC8CwDUgrLMafkiEtgN1Lvdrifa31XaelfwIDAQAB
-AoGAV3w1iMwwA5RCxWptBXrv7PcqLvEOSdhjmEOyoXNK+n78cD+rdiY0iWjtrGrV
-rIl2nc2l2P/bXIMunBrHgTEjpTtQQIr1n8xqCJeyLXaVaCi2rjLYSdvxC+lABoMc
-/+pODEWl1VJdEckXg9w8Jr7VY0toc3zeKbsZJuGr2O559xECQQDiYqx/fFhMb6tN
-+/LkhLCCgeHbURSW7UABiOocNE2crznHfZcWSD04GLH/UgwhP3RJ6CHcOtmXSD11
-ZQkNugZ9AkEA0lq+2QxhcFDAeJWfeFFZLw8I67xRY6tlZIiOQyWnRFVh6eHPvduU
-BfYxBU6FA9G0MAWgGxgZqtOLxqnQIuuQqwJBALlnSJCsHICVH/2hLv66MPjhOEDu
-uWcV7MqU/+6TY1DELRTVJWzJQuHzT6uj3W1JU4rHwxtjUxrTvgmr8ms8g90CQCGE
-2kJlyaUHCRRt6yJV/BsWjzpZILL8HcT+SYUDm/q0jEyjceHz+ktU5ozM7T8ljEvW
-qaOHnJdu7Cf06TiXRs8CQGMP4OjEfVMq+JxG5puFaa8e1fbSjiTP4EsUgRcE1Bzj
-UqT7VwOrJZXFTYK7Z9ZyG7z03WpVeucertzdRNNby9A=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD
-VQQDEwxDZXJ0IENoYWluIDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK9m
-4MEu+XXtCyezOskdnzkh+RTuHKTuw/AkpsdD3fkD0EQB5RnpeyZlPD09mrlpKgBG
-DssgmMadN34MkKbXsFQrS/M+mxkzoTTrYuO5u/7MyjrZ/HEKZe8w8/QbVfCLuRLY
-UCUlrF1jn9HFIfJaBLEqNKASYA+KPquih+Vb1ki/AgMBAAGgADANBgkqhkiG9w0B
-AQUFAAOBgQBOhSWuteVBcr9zMnKrrNFAGKZJ4TBgqfPP5zjIoDnk8vE+7B0gUot3
-sp+sUkA03izQ5Ctx8Rdd9D4P752f2XEk+lEftnOokLcZu6EXgVtYh1aHqTFqyzK+
-3Ap/3yYmdC0KBbzIF7fDS/vTGJLlkEu5WpswNxfEvPEs7z9T6hdtXg==
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 50 (0x32)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 4
- Validity
- Not Before: Mar 24 07:09:48 2009 GMT
- Not After : Mar 24 07:09:48 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 5
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:af:66:e0:c1:2e:f9:75:ed:0b:27:b3:3a:c9:1d:
- 9f:39:21:f9:14:ee:1c:a4:ee:c3:f0:24:a6:c7:43:
- dd:f9:03:d0:44:01:e5:19:e9:7b:26:65:3c:3d:3d:
- 9a:b9:69:2a:00:46:0e:cb:20:98:c6:9d:37:7e:0c:
- 90:a6:d7:b0:54:2b:4b:f3:3e:9b:19:33:a1:34:eb:
- 62:e3:b9:bb:fe:cc:ca:3a:d9:fc:71:0a:65:ef:30:
- f3:f4:1b:55:f0:8b:b9:12:d8:50:25:25:ac:5d:63:
- 9f:d1:c5:21:f2:5a:04:b1:2a:34:a0:12:60:0f:8a:
- 3e:ab:a2:87:e5:5b:d6:48:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 9f:b3:eb:f1:0b:e7:fa:c3:f0:6a:3b:ba:67:c3:ae:48:51:63:
- 2c:7a:b9:c7:cd:d9:92:46:75:40:a5:a2:d6:ba:8e:a1:cb:c7:
- fd:5d:98:f7:2a:e5:0a:06:49:42:8a:e0:09:b1:eb:18:9c:c9:
- 1b:e5:d1:4f:a0:0a:a6:14:68:54:7a:b7:9b:f6:44:c5:d8:a1:
- 21:99:c9:49:db:64:a5:53:48:5f:b6:d3:ba:fa:73:67:10:10:
- 5e:12:45:f8:27:a8:e0:fb:7c:16:73:fb:98:e1:3e:35:f3:de:
- 7c:b7:1c:42:2d:d2:9b:8e:03:f5:5f:c7:2f:51:b1:ff:73:45:
- d2:70
------BEGIN CERTIFICATE-----
-MIICUDCCAbmgAwIBAgIBMjANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
-A1UEAxMMQ2VydCBDaGFpbiA0MB4XDTA5MDMyNDA3MDk0OFoXDTEwMDMyNDA3MDk0
-OFowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAr2bgwS75de0LJ7M6yR2fOSH5FO4cpO7D8CSmx0Pd
-+QPQRAHlGel7JmU8PT2auWkqAEYOyyCYxp03fgyQptewVCtL8z6bGTOhNOti47m7
-/szKOtn8cQpl7zDz9BtV8Iu5EthQJSWsXWOf0cUh8loEsSo0oBJgD4o+q6KH5VvW
-SL8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
-MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAn7Pr8Qvn+sPwaju6
-Z8OuSFFjLHq5x83ZkkZ1QKWi1rqOocvH/V2Y9yrlCgZJQorgCbHrGJzJG+XRT6AK
-phRoVHq3m/ZExdihIZnJSdtkpVNIX7bTuvpzZxAQXhJF+Ceo4Pt8FnP7mOE+NfPe
-fLccQi3Sm44D9V/HL1Gx/3NF0nA=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQCvZuDBLvl17QsnszrJHZ85IfkU7hyk7sPwJKbHQ935A9BEAeUZ
-6XsmZTw9PZq5aSoARg7LIJjGnTd+DJCm17BUK0vzPpsZM6E062Ljubv+zMo62fxx
-CmXvMPP0G1Xwi7kS2FAlJaxdY5/RxSHyWgSxKjSgEmAPij6rooflW9ZIvwIDAQAB
-AoGAUnAV3nYHhSdeANC6JmAnv6B6Ax5OlC4sJSf0wt7g6vKh5fTGCsGzwb3+7AGS
-QOZueSZ0OYAejerCdBnPurrRAlZLifGptbvinAu9lRDpmaF2HUmQa4Dc0c+Y1Roa
-pzWnPzMWlBrhmWqmK/DwZNJ+Vusufv3yO8epjsOGCgUVUiECQQDnRPDf0KyJlzC5
-Xc9Dc3/pdn0D6La3IChyLiPo10rg5dBN/mTCnlPxnvauiTQkyPS7j+2n2oUKwcEE
-jVuwKf/ZAkEAwiiNEsejDkTLHIwDVkNa14+Glh3s0Ct5ajFv1HslQesKElMnjKVy
-ab7YAQBij9Ty24p3K6mdGWY5Nwe02JNGVwJBAK++OfU61AJyu/oBCaHOQWOeQP4Z
-d8/NRi8OVQd5o1MoEJVUPimOu2efTwHvDYruktt9UjH94p/8ALt+2DAUmnECQQCw
-EyhEdKlJYle0DsFj9Hcob2+FKaQ98H8OL8ETt43FJsqebay7HrsQbNLkrZ20hFCt
-ifeisBHZG9wdLK7zjTPHAkEAnGsXnM+YYDlm4OwChrpq0qcuud5uOgx4RuCniEol
-mij1xTDGrJGLEBkFhZ+KwOLoaM8m7javKXQejqTeE6E8Fg==
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD
-VQQDEwxDZXJ0IENoYWluIDYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM4S
-INEUYAFHqkxmG0xPhy/sr/wRQb3ZmHq44d1Z0MCeQNK3i8eKZeoNDDbx5kVh3G8I
-J2LQeBsmcdT+C5/qhhtDxwjWxetbEcmLg46nBQ1cbM6rcOB9BeoGOfmMlFZWN2Kz
-GHe94VtToQdNx8zGTC7vqoMZtazjcisNcnoKyoFvAgMBAAGgADANBgkqhkiG9w0B
-AQUFAAOBgQAU4t4likO62t1Pvrg9g4o/bx9Z7ccdQyJSF3dG+gL1dJs71aas8hBV
-Z5tnuuX0VIw8Ze7pSqCltNJb1OKYT6XNrxipTWbqrJURVyLHXOPJiq7O3+Ug/8qP
-a155z1LbEabXHPjDzCZ3TXplWDgfEGfa3iA2DOQsxZlrRdqrcrskeA==
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 51 (0x33)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 5
- Validity
- Not Before: Mar 24 07:09:51 2009 GMT
- Not After : Mar 24 07:09:51 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 6
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:ce:12:20:d1:14:60:01:47:aa:4c:66:1b:4c:4f:
- 87:2f:ec:af:fc:11:41:bd:d9:98:7a:b8:e1:dd:59:
- d0:c0:9e:40:d2:b7:8b:c7:8a:65:ea:0d:0c:36:f1:
- e6:45:61:dc:6f:08:27:62:d0:78:1b:26:71:d4:fe:
- 0b:9f:ea:86:1b:43:c7:08:d6:c5:eb:5b:11:c9:8b:
- 83:8e:a7:05:0d:5c:6c:ce:ab:70:e0:7d:05:ea:06:
- 39:f9:8c:94:56:56:37:62:b3:18:77:bd:e1:5b:53:
- a1:07:4d:c7:cc:c6:4c:2e:ef:aa:83:19:b5:ac:e3:
- 72:2b:0d:72:7a:0a:ca:81:6f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 47:f3:03:ee:f0:fe:31:bb:01:47:ca:0e:69:65:a2:f8:4a:6f:
- ca:6c:86:80:42:e3:87:49:22:b9:15:f0:da:b6:ca:d9:8b:7f:
- f9:38:c0:72:d0:d1:b3:44:8d:95:5e:ab:e7:ad:37:34:ba:8b:
- 2f:11:64:b5:20:09:70:fe:cf:6d:3e:d3:7f:f7:f1:ae:31:74:
- aa:ae:a7:0b:65:4e:e0:0b:80:87:25:d0:0c:bc:db:f5:ac:0c:
- 18:8e:4b:c2:42:88:e6:29:4f:2e:6e:df:72:f4:2f:27:39:b8:
- e4:dc:64:1a:d7:c8:f3:f8:42:53:60:53:24:d7:38:75:50:bc:
- d1:30
------BEGIN CERTIFICATE-----
-MIICUDCCAbmgAwIBAgIBMzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
-A1UEAxMMQ2VydCBDaGFpbiA1MB4XDTA5MDMyNDA3MDk1MVoXDTEwMDMyNDA3MDk1
-MVowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNjCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAzhIg0RRgAUeqTGYbTE+HL+yv/BFBvdmYerjh3VnQ
-wJ5A0reLx4pl6g0MNvHmRWHcbwgnYtB4GyZx1P4Ln+qGG0PHCNbF61sRyYuDjqcF
-DVxszqtw4H0F6gY5+YyUVlY3YrMYd73hW1OhB03HzMZMLu+qgxm1rONyKw1yegrK
-gW8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
-MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAR/MD7vD+MbsBR8oO
-aWWi+EpvymyGgELjh0kiuRXw2rbK2Yt/+TjActDRs0SNlV6r5603NLqLLxFktSAJ
-cP7PbT7Tf/fxrjF0qq6nC2VO4AuAhyXQDLzb9awMGI5LwkKI5ilPLm7fcvQvJzm4
-5NxkGtfI8/hCU2BTJNc4dVC80TA=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDOEiDRFGABR6pMZhtMT4cv7K/8EUG92Zh6uOHdWdDAnkDSt4vH
-imXqDQw28eZFYdxvCCdi0HgbJnHU/guf6oYbQ8cI1sXrWxHJi4OOpwUNXGzOq3Dg
-fQXqBjn5jJRWVjdisxh3veFbU6EHTcfMxkwu76qDGbWs43IrDXJ6CsqBbwIDAQAB
-AoGAWzE2iI/ltGtMd6av6eM/xfuOHZRdbXB/w79RZK08biEaOqWzG8ipNRw1DZOa
-/ZVDAXewRlBO9mTa9xC9gDU+xsKywipWyRPnv5Yy7qfT+NP/JZCvwlL7qhqtHXzt
-KPpJ5GRxcJ+o05CartwA7fCXdv9T/qF02O2nZxCIYOpFRwECQQDqMoXwT37xvE5/
-/efvGAlBQGCj02YdjBxWRwx5iq1HeU5H4tqTKrfUWyI1m3cZFXUzjz0iH/SoK2jL
-7IwMwl9BAkEA4UFIcDVADwJMuLPqKuIDB49rXY+BO9mno9hfgcZ4Y/fWZcF+lJtR
-Mw8H+PsCkObu603wxiQGWIsyZPorDTZkrwJAU7S7Kqk/NieX5ydZPpvYsvnPkL5+
-QRFTD4NVchue020IDamHdhJOohfwojhu2QhSW5tWvlutlm3thvWFGQpgAQJBAIHz
-uMfLYM6H5B025qSgyWCmNCnA7azKr/VNkiP7jV8XD2CbFdzEEj9jr5TLszpHkJS9
-3WdiRyrz+znYPdgchk8CQQCzC1Z/NbGXu7H/OjsMD6SNgpZDmqctdXjn6jKjZr7c
-vtyoo2WkJtkREWzWPd+pEDxJCsAuxMCtVifJYLkMCa+w
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD
-VQQDEwxDZXJ0IENoYWluIDcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANXC
-GPP8CjxO9yvG/R/XE7s1dG7KXasJZyHQ7afomX55UrgyPStfG3gOqiu25wPs9X60
-VDuH2QIex+YEzyd7NuYvjo6U91vGblEs3hfaBEXqMdCVxFA8Fo4hx/AOtYbIWEim
-DU2ipoyBemeJQ1YcyuNpiggFV7dtA8IEr3th7oQnAgMBAAGgADANBgkqhkiG9w0B
-AQUFAAOBgQCkBxeKgQYEaocFnvlHiM94YS7cJB31E8mnIinvB+HgxdkPxgxwMD70
-iq/EcsRXOLVk07i5C5jJ0kygnBhDnIUooTlRf9dNa8yzqlJrnbsU9bkF7d0KziBu
-iFxR4uNjdPPVYg8Ah4V96DjivKlsLotpOMS7cbhOaCT7YG8hH8YXpw==
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 52 (0x34)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 6
- Validity
- Not Before: Mar 24 07:09:53 2009 GMT
- Not After : Mar 24 07:09:53 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 7
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:d5:c2:18:f3:fc:0a:3c:4e:f7:2b:c6:fd:1f:d7:
- 13:bb:35:74:6e:ca:5d:ab:09:67:21:d0:ed:a7:e8:
- 99:7e:79:52:b8:32:3d:2b:5f:1b:78:0e:aa:2b:b6:
- e7:03:ec:f5:7e:b4:54:3b:87:d9:02:1e:c7:e6:04:
- cf:27:7b:36:e6:2f:8e:8e:94:f7:5b:c6:6e:51:2c:
- de:17:da:04:45:ea:31:d0:95:c4:50:3c:16:8e:21:
- c7:f0:0e:b5:86:c8:58:48:a6:0d:4d:a2:a6:8c:81:
- 7a:67:89:43:56:1c:ca:e3:69:8a:08:05:57:b7:6d:
- 03:c2:04:af:7b:61:ee:84:27
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 49:e7:f8:dc:ad:06:43:cb:d8:67:e6:e7:c0:7e:dd:a8:21:cd:
- b9:53:a8:d8:7a:24:df:dc:9c:bb:55:1d:d8:ca:44:0b:0f:fb:
- f8:db:61:2a:97:79:21:e6:96:2a:8c:76:c4:eb:ad:77:45:53:
- f5:e2:de:29:7d:29:88:3a:d4:a3:a8:5a:dc:37:24:43:d1:57:
- a5:5b:0b:3e:05:2d:0a:1a:0e:18:37:50:cc:36:54:85:37:28:
- 50:c8:61:c7:94:48:a0:60:ab:68:b0:b2:a8:61:14:5e:4a:dd:
- 04:8a:1a:69:01:45:e2:c6:e2:cb:15:e6:01:49:98:3c:5a:5d:
- 2a:d4
------BEGIN CERTIFICATE-----
-MIICUDCCAbmgAwIBAgIBNDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
-A1UEAxMMQ2VydCBDaGFpbiA2MB4XDTA5MDMyNDA3MDk1M1oXDTEwMDMyNDA3MDk1
-M1owUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNzCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA1cIY8/wKPE73K8b9H9cTuzV0bspdqwlnIdDtp+iZ
-fnlSuDI9K18beA6qK7bnA+z1frRUO4fZAh7H5gTPJ3s25i+OjpT3W8ZuUSzeF9oE
-Reox0JXEUDwWjiHH8A61hshYSKYNTaKmjIF6Z4lDVhzK42mKCAVXt20DwgSve2Hu
-hCcCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
-MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEASef43K0GQ8vYZ+bn
-wH7dqCHNuVOo2Hok39ycu1Ud2MpECw/7+NthKpd5IeaWKox2xOutd0VT9eLeKX0p
-iDrUo6ha3DckQ9FXpVsLPgUtChoOGDdQzDZUhTcoUMhhx5RIoGCraLCyqGEUXkrd
-BIoaaQFF4sbiyxXmAUmYPFpdKtQ=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDVwhjz/Ao8Tvcrxv0f1xO7NXRuyl2rCWch0O2n6Jl+eVK4Mj0r
-Xxt4DqortucD7PV+tFQ7h9kCHsfmBM8nezbmL46OlPdbxm5RLN4X2gRF6jHQlcRQ
-PBaOIcfwDrWGyFhIpg1NoqaMgXpniUNWHMrjaYoIBVe3bQPCBK97Ye6EJwIDAQAB
-AoGAb2ARplalcqTmTm4BB20F/94rS2qvgWWF0e3NVlZwW6CVRBoRGx8T7eseKWbE
-WZxGkX0eAmKW5G7rUuMgmH6vrC2NjFBNvfMLPK3kVxhQVx3Rwu9nN2/u2olzBcMt
-epGj0Yyu7kRHol/ld1+DmoBUOYb6BlOpDyGWdFFa4eW1IhECQQD8s/SXIMXIHBF8
-tUd7rPXm6e96php4M2jaY1ezB5MO7laNivcCioIHihWgEY+BrzuH8moeJbLL1TtJ
-KhzysxmPAkEA2IwQYLVOCfKegG7yzgkbrrzwdWNi0i6P2LAl96kFWzf6DcUTuHun
-GYGMv1yCMj/jzZ+k0VTMWETgJKRzFZUv6QJBAKlxYQgVCYlsiK0+QHhFOX1kTxfG
-WOlQT3ZgNmXtJkZUueSe0ZH6ncXAaU+zdq5WeWxmt5EPZhwXFnGws0hpnzECQQCL
-QIbHqc+lVf/XV4GMPQ8wLw/ybRb/UjHuhlfkCy0Gm9iRQkqMN/gcztJTvIl9BtjX
-QfIbKwy9No1tAtN+7ZEBAkEA8T3mn9G2pTg/49iBP0TW1fJBsdacWj8ZK1D3egto
-JR7qKqVyQTifeJpeATTX/vvuTu0ikbshLotT/UBGy8dBtw==
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD
-VQQDEwxDZXJ0IENoYWluIDgwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOTg
-xNyGAJRpsdWIcsjCUsBWYg72gKLvjmj52tmFAVkEXvf8Ixbc/y1SCoyBlvokHUuJ
-YCwlGutOpiHFH1uH1mWM1+GiVWd+AXwohNcjVvT44ZykH3T+a8AUzP0Fe7r2sOP1
-fkbOcDlck0MB+K04pgxxYJ4LDb9CbNOeIUxV7XRzAgMBAAGgADANBgkqhkiG9w0B
-AQUFAAOBgQC8LTrpUri6N2x1c8Dyrge+RTsYHP4XjtXX3tSx6A0I58t2MvoXBzPA
-pnpu2X3Y14xxoGZc0zs12d32mnHmwHzH4iQpb0VvYWstrtX13sjMQc0M9K4M61Me
-I3iWynn5mZbqAwZDEv57uXLJuzOmcMQ3BHe2bOpiVKUA3z7uDzR8vw==
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 53 (0x35)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 7
- Validity
- Not Before: Mar 24 07:09:54 2009 GMT
- Not After : Mar 24 07:09:54 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 8
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:e4:e0:c4:dc:86:00:94:69:b1:d5:88:72:c8:c2:
- 52:c0:56:62:0e:f6:80:a2:ef:8e:68:f9:da:d9:85:
- 01:59:04:5e:f7:fc:23:16:dc:ff:2d:52:0a:8c:81:
- 96:fa:24:1d:4b:89:60:2c:25:1a:eb:4e:a6:21:c5:
- 1f:5b:87:d6:65:8c:d7:e1:a2:55:67:7e:01:7c:28:
- 84:d7:23:56:f4:f8:e1:9c:a4:1f:74:fe:6b:c0:14:
- cc:fd:05:7b:ba:f6:b0:e3:f5:7e:46:ce:70:39:5c:
- 93:43:01:f8:ad:38:a6:0c:71:60:9e:0b:0d:bf:42:
- 6c:d3:9e:21:4c:55:ed:74:73
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- be:aa:0c:d9:b6:cc:d6:e1:47:ca:cb:6a:36:5e:67:43:f6:8e:
- ab:d9:2a:5c:9d:e0:74:f5:55:70:80:8e:2f:f8:16:4c:2d:4c:
- 9c:94:80:6b:6b:c0:7a:e4:0f:f4:60:64:10:ba:93:f5:2a:39:
- 0f:5f:06:8a:d4:75:5b:b2:c4:92:25:ad:21:fa:98:75:54:48:
- b5:d6:80:c6:9d:96:af:bf:fd:f4:57:80:cf:03:5c:dc:2b:b3:
- f6:a2:7a:8e:8d:a5:01:92:53:e4:b7:77:99:1b:71:04:97:66:
- 57:a1:28:9d:3b:f8:ac:2e:15:18:17:2e:5d:0b:47:49:3b:65:
- 88:fc
------BEGIN CERTIFICATE-----
-MIICUDCCAbmgAwIBAgIBNTANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
-A1UEAxMMQ2VydCBDaGFpbiA3MB4XDTA5MDMyNDA3MDk1NFoXDTEwMDMyNDA3MDk1
-NFowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gODCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA5ODE3IYAlGmx1YhyyMJSwFZiDvaAou+OaPna2YUB
-WQRe9/wjFtz/LVIKjIGW+iQdS4lgLCUa606mIcUfW4fWZYzX4aJVZ34BfCiE1yNW
-9PjhnKQfdP5rwBTM/QV7uvaw4/V+Rs5wOVyTQwH4rTimDHFgngsNv0Js054hTFXt
-dHMCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
-MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAvqoM2bbM1uFHystq
-Nl5nQ/aOq9kqXJ3gdPVVcICOL/gWTC1MnJSAa2vAeuQP9GBkELqT9So5D18GitR1
-W7LEkiWtIfqYdVRItdaAxp2Wr7/99FeAzwNc3Cuz9qJ6jo2lAZJT5Ld3mRtxBJdm
-V6EonTv4rC4VGBcuXQtHSTtliPw=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDk4MTchgCUabHViHLIwlLAVmIO9oCi745o+drZhQFZBF73/CMW
-3P8tUgqMgZb6JB1LiWAsJRrrTqYhxR9bh9ZljNfholVnfgF8KITXI1b0+OGcpB90
-/mvAFMz9BXu69rDj9X5GznA5XJNDAfitOKYMcWCeCw2/QmzTniFMVe10cwIDAQAB
-AoGALlxlI/I0zds2/XTdI1NRZcpZpIRD/D0gEJ2DugnaAwkCn6LADNKJEcoLfviE
-93g3QuS5yVdew4kz16VRO74hLCCjm7M++isvLhljozWAotBVfllQ8g9HcCuG551y
-y2vTDbrKUfeNUELBd2DKjYMN4K3gJRzPcjh6eQvZ238fl8ECQQD6cRMUPzdKLwQp
-dlTQ5dBeLJ14cn9zoFkBkgoF1JGXtDxhs+5elZQPS+skPoDy+ergjOMN8ixSaQ6T
-FJ/X73STAkEA6fUtQ2x/Q+YJcoRr5EEKqtyEPIZEeACAzRdxps1PAI++vafjk3x2
-5v/pTcpAEMSRzjZtlQTqC+fkx2vMANDMoQJAMPx7IeO3meAWbVHDB1Vca39Ike27
-dk9v+XmqUjeg/s53XRkH0CJr4o4UAXPkXyJ5SdDk/K5Y8wmvmx9WoLMq1wJBAMKy
-SX/Bq8tKhXQqpUrnocP9DYL8zb/70zRaHTeNxgAWn8pfDDFxs9WbBIG7HUOXAivU
-+a64zzknOymGGNhY6uECQE+NCMEicPRY8yNuNX2Ygr0Uxwbb0we55N8GA24Prkrl
-crhKfL6y0MdsHAgnIRaGV2+mpehS9TbVlx31AdFrugE=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD
-VQQDEwxDZXJ0IENoYWluIDkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHI
-MkJfqFOzIqNYmnwe/jMSZFw+RRhbI6x5Q0XXZG985KOVXPnhxLFjQ5x+EIGqf961
-t4WmtWA5JSJIZMVUGm6xIpDzjBeFwr4cgaqmexS0ehOylHJC73fMMKTIXICyRy73
-21PqrmNaGSAwK/HQow4NTMDJfpu1C9tRaucOdGnvAgMBAAGgADANBgkqhkiG9w0B
-AQUFAAOBgQDfGF6773CFR6nLxqZl91TH8JViLLsQgN3JSMh9e71JJrjVN/pg8XHy
-FyR2cFwubPkDwtIrb5EBtPqH7iNHymDwjqD2wpICNKZ+n/4KNjJ4mNP3bYj951/9
-KndQJfEViEKfsMM/aRDcKQMxHyAB17nmu0hsJs2rFhVutgAWfv1HQw==
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 54 (0x36)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 8
- Validity
- Not Before: Mar 24 07:09:55 2009 GMT
- Not After : Mar 24 07:09:55 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 9
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:e1:c8:32:42:5f:a8:53:b3:22:a3:58:9a:7c:1e:
- fe:33:12:64:5c:3e:45:18:5b:23:ac:79:43:45:d7:
- 64:6f:7c:e4:a3:95:5c:f9:e1:c4:b1:63:43:9c:7e:
- 10:81:aa:7f:de:b5:b7:85:a6:b5:60:39:25:22:48:
- 64:c5:54:1a:6e:b1:22:90:f3:8c:17:85:c2:be:1c:
- 81:aa:a6:7b:14:b4:7a:13:b2:94:72:42:ef:77:cc:
- 30:a4:c8:5c:80:b2:47:2e:f7:db:53:ea:ae:63:5a:
- 19:20:30:2b:f1:d0:a3:0e:0d:4c:c0:c9:7e:9b:b5:
- 0b:db:51:6a:e7:0e:74:69:ef
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- d9:93:84:69:52:8d:5a:7e:c4:b7:04:54:a0:47:32:04:c7:be:
- 7b:94:1b:f9:b6:c5:88:84:a1:b4:22:4f:3b:28:ae:29:90:f1:
- e4:25:f0:b9:e6:a0:dd:0e:0c:15:a9:6c:e4:8a:fa:a0:42:a7:
- f9:4e:b7:0b:53:c1:ab:cb:a7:83:4c:0b:03:f0:64:95:75:5f:
- 09:dc:2c:a2:19:d6:51:e8:e4:86:7f:50:60:69:01:64:a5:fd:
- 0c:bb:0e:a0:cb:63:9c:b5:2c:22:63:f6:a4:e2:b1:9b:62:a5:
- 8c:c7:e5:a3:93:d8:18:6a:f2:95:b6:53:6a:8d:be:b0:ce:fa:
- e9:71
------BEGIN CERTIFICATE-----
-MIICUDCCAbmgAwIBAgIBNjANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
-A1UEAxMMQ2VydCBDaGFpbiA4MB4XDTA5MDMyNDA3MDk1NVoXDTEwMDMyNDA3MDk1
-NVowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gOTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA4cgyQl+oU7Mio1iafB7+MxJkXD5FGFsjrHlDRddk
-b3zko5Vc+eHEsWNDnH4Qgap/3rW3haa1YDklIkhkxVQabrEikPOMF4XCvhyBqqZ7
-FLR6E7KUckLvd8wwpMhcgLJHLvfbU+quY1oZIDAr8dCjDg1MwMl+m7UL21Fq5w50
-ae8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
-MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEA2ZOEaVKNWn7EtwRU
-oEcyBMe+e5Qb+bbFiIShtCJPOyiuKZDx5CXwueag3Q4MFals5Ir6oEKn+U63C1PB
-q8ung0wLA/BklXVfCdwsohnWUejkhn9QYGkBZKX9DLsOoMtjnLUsImP2pOKxm2Kl
-jMflo5PYGGrylbZTao2+sM766XE=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDhyDJCX6hTsyKjWJp8Hv4zEmRcPkUYWyOseUNF12RvfOSjlVz5
-4cSxY0OcfhCBqn/etbeFprVgOSUiSGTFVBpusSKQ84wXhcK+HIGqpnsUtHoTspRy
-Qu93zDCkyFyAskcu99tT6q5jWhkgMCvx0KMODUzAyX6btQvbUWrnDnRp7wIDAQAB
-AoGABu56fIcrR8aMHa+urnjVHQRHiH1w6ZqCsdzXL+G496NB8bO4MwO3YirF/Jvy
-LcjqPBAgHj5L+zRF65OFZHl8hjKtKxeRvZcFe2XhUwPCN/HJv6OPUSUSIGMxL+XL
-4G62lt1tFHVZRjy9mLyqOg2SNwun6c3+dOySdvDY6vixxgECQQD32q9mwkHx8NqQ
-2GTGWRNgIDsCR9bnmy1gGKxzKhQLdg0cNwmQrfTCgHXwfeBUr1eSXW6RqTx/WGlA
-LqFdyiTBAkEA6TPOoAW+EaXPxx21MmzbqqgK6GqLh7NHM2Z2rkqR++933jGJqS1F
-nr4jmWLoSQX017IPz/mlDxlL++CvWIXKrwJAHXMbgj80rLWskqdTmgm9dp99w3Cb
-xVs30gI8g1aNmSsGtcKIXWt9+Jpg6RlbzVQkOJznZWFRceQkZV7lB4rcQQJARfTw
-qziNyCWBqy3SSYo2a391pjswGElDtruqJqbgHD++Kb2amlGmbPSFIWJ2ZFGRHZOh
-ArbVOS5RiQHiGCAqqQJBAMIp5kevQOAr/xYC8BLB6SD7XtfLKTJnZSHy7pWy6xeJ
-ffn7QLqwUWMcyrvja+CQgBTKx7u8/MKLSgqohWguWEM=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD
-VQQDExNDZXJ0IENoYWluIE5vIEFJQSAxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQDNNrJ+X/+2VFhuPKiMLMA1EN/YFIpD6iI8mddzEatkxkmVWdfEZNmjoPlo
-i93iobvhqujqrkZx+Fw1s6wS59dBPUU0P240jkFfvD4QUjMuR4uI1OjMXXtmldUN
-jB+R6YXfoGhAgZeR8IonaQZDe1Lqcn4boiYu8eKSwq8bJ8FskwIDAQABoAAwDQYJ
-KoZIhvcNAQEFBQADgYEAzALn2w53TUTmfkTbyT5GUpxkB8qi07U9R1WrQf0qRLT4
-0NPdNJaZTS3QoqJAcXXcfpMxdcTO+qgQbESu/StvBlnN6Y5CWIZhy/yL0jg/Fwrb
-dAlIIVfbgcHpjTwMNdPyMfHy96AgOH8QAKXSwojzadpt4dSh9rSWP2GTKSdS+NQ=
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 49 (0x31)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 24 07:21:43 2009 GMT
- Not After : Mar 24 07:21:43 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 1
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:cd:36:b2:7e:5f:ff:b6:54:58:6e:3c:a8:8c:2c:
- c0:35:10:df:d8:14:8a:43:ea:22:3c:99:d7:73:11:
- ab:64:c6:49:95:59:d7:c4:64:d9:a3:a0:f9:68:8b:
- dd:e2:a1:bb:e1:aa:e8:ea:ae:46:71:f8:5c:35:b3:
- ac:12:e7:d7:41:3d:45:34:3f:6e:34:8e:41:5f:bc:
- 3e:10:52:33:2e:47:8b:88:d4:e8:cc:5d:7b:66:95:
- d5:0d:8c:1f:91:e9:85:df:a0:68:40:81:97:91:f0:
- 8a:27:69:06:43:7b:52:ea:72:7e:1b:a2:26:2e:f1:
- e2:92:c2:af:1b:27:c1:6c:93
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 06:45:50:fc:2e:79:07:60:e0:bb:b7:f5:31:31:b5:86:e5:22:
- 63:6e:69:ee:81:4e:6e:c1:7c:ae:14:8f:78:74:1a:c6:c2:d7:
- 23:4f:e4:c7:5c:23:a6:74:0f:49:d3:c5:13:2d:93:b1:80:d9:
- b3:e7:51:ac:44:37:08:56:e3:9a:a9:aa:45:47:a0:39:de:a4:
- cf:f0:1f:06:2c:a1:f4:ff:db:74:00:e6:eb:bf:ed:3c:10:69:
- 8a:f5:96:93:71:08:c2:91:92:f4:8f:f5:f8:3c:41:68:6a:b1:
- 71:19:a7:45:fc:72:32:6c:49:35:18:ac:fa:9b:f1:47:46:d6:
- b5:50:83:83:e1:cb:6d:88:73:63:bc:b7:19:29:2f:47:ea:78:
- a3:28:77:41:c7:7d:36:d9:69:17:b3:b2:60:04:dc:b4:30:a3:
- 86:a4:99:80:0f:5e:0c:70:54:aa:92:bc:1c:4c:70:9e:0a:63:
- 73:26:53:8a:31:5f:aa:12:aa:c1:62:88:0a:24:0e:77:44:85:
- 12:3c:86:47:81:3a:52:dd:21:ca:58:1d:16:08:02:af:c0:58:
- 39:1e:31:52:ed:d5:16:08:2a:2d:3d:40:01:7c:f1:69:13:a0:
- 5e:e5:cd:6f:d6:4a:62:68:7d:15:db:a7:c2:fd:b3:ac:34:c9:
- ed:32:a8:2d:3b:6d:c7:aa:0b:91:a5:11:48:d2:25:4d:74:f6:
- d0:82:1a:6a:4c:e8:10:73:8e:d4:11:45:18:f8:62:4f:c5:3b:
- ac:16:0f:ad:6e:21:86:16:f8:49:e7:b9:f9:41:64:5e:dc:0b:
- 35:0b:d5:b1:46:84:ae:62:99:69:2f:77:db:73:25:18:f9:24:
- 92:ff:05:23:6d:53:82:16:ec:0e:ae:e5:a9:07:10:95:f5:09:
- 99:d4:82:8c:e9:2c:bf:88:48:92:3f:74:b6:e6:6d:e1:f5:8c:
- 37:d7:81:d0:31:e0:85:e0:5a:97:39:bb:29:e7:97:9f:d5:eb:
- ac:6f:fd:bf:80:24:e5:cc:4e:c8:5f:dc:aa:51:7d:25:6e:7e:
- 83:d5:d6:cf:1c:8a:3d:fa:db:e6:c1:b6:1c:ef:34:4f:1e:51:
- 1c:2b:ae:c9:b5:36:93:c4:ec:04:0f:78:19:0f:f2:0b:c0:78:
- f2:18:3c:2f:b2:f7:07:58:7b:3b:11:fa:4d:50:e2:95:01:63:
- cb:84:02:95:08:4c:87:38:14:50:23:9e:81:3e:0a:95:a6:ab:
- d0:26:3e:75:cd:d8:4c:f3:5a:40:71:b9:07:41:3b:2f:4f:f1:
- 11:fa:e3:dc:07:c9:b5:b1:a9:9c:11:b5:07:cc:40:f0:53:5d:
- 8f:8e:21:89:1b:ca:f8:60
------BEGIN CERTIFICATE-----
-MIID4TCCAcmgAwIBAgIBMTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMyNDA3MjE0M1oXDTEw
-MDMyNDA3MjE0M1owWDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xHDAaBgNVBAMTE0NlcnQgQ2hhaW4gTm8g
-QUlBIDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM02sn5f/7ZUWG48qIws
-wDUQ39gUikPqIjyZ13MRq2TGSZVZ18Rk2aOg+WiL3eKhu+Gq6OquRnH4XDWzrBLn
-10E9RTQ/bjSOQV+8PhBSMy5Hi4jU6Mxde2aV1Q2MH5Hphd+gaECBl5HwiidpBkN7
-UupyfhuiJi7x4pLCrxsnwWyTAgMBAAGjODA2MDQGCCsGAQUFBwEBBCgwJjAkBggr
-BgEFBQcwAYYYaHR0cDovLzEyNy4wLjAuMTo4OS8wMDAyMA0GCSqGSIb3DQEBBQUA
-A4ICAQAGRVD8LnkHYOC7t/UxMbWG5SJjbmnugU5uwXyuFI94dBrGwtcjT+THXCOm
-dA9J08UTLZOxgNmz51GsRDcIVuOaqapFR6A53qTP8B8GLKH0/9t0AObrv+08EGmK
-9ZaTcQjCkZL0j/X4PEFoarFxGadF/HIybEk1GKz6m/FHRta1UIOD4cttiHNjvLcZ
-KS9H6nijKHdBx3022WkXs7JgBNy0MKOGpJmAD14McFSqkrwcTHCeCmNzJlOKMV+q
-EqrBYogKJA53RIUSPIZHgTpS3SHKWB0WCAKvwFg5HjFS7dUWCCotPUABfPFpE6Be
-5c1v1kpiaH0V26fC/bOsNMntMqgtO23HqguRpRFI0iVNdPbQghpqTOgQc47UEUUY
-+GJPxTusFg+tbiGGFvhJ57n5QWRe3As1C9WxRoSuYplpL3fbcyUY+SSS/wUjbVOC
-FuwOruWpBxCV9QmZ1IKM6Sy/iEiSP3S25m3h9Yw314HQMeCF4FqXObsp55ef1eus
-b/2/gCTlzE7IX9yqUX0lbn6D1dbPHIo9+tvmwbYc7zRPHlEcK67JtTaTxOwED3gZ
-D/ILwHjyGDwvsvcHWHs7EfpNUOKVAWPLhAKVCEyHOBRQI56BPgqVpqvQJj51zdhM
-81pAcbkHQTsvT/ER+uPcB8m1samcEbUHzEDwU12PjiGJG8r4YA==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDNNrJ+X/+2VFhuPKiMLMA1EN/YFIpD6iI8mddzEatkxkmVWdfE
-ZNmjoPloi93iobvhqujqrkZx+Fw1s6wS59dBPUU0P240jkFfvD4QUjMuR4uI1OjM
-XXtmldUNjB+R6YXfoGhAgZeR8IonaQZDe1Lqcn4boiYu8eKSwq8bJ8FskwIDAQAB
-AoGBAKtzAVm4FspcWa1wHFlQoh0zxfCf6IypNoVu+qP2pT2CtMOE1lIM+BBPU1DX
-WkAYZAI8anB3vf9GQrPTMvZwoFMub7ifTsgBe+gJzbWKpfuDYRmi8figArTopirg
-yphtF+wZd5x0Yas0Ak+mxfojUuWF9Scv2p3yiope5KYkC9/xAkEA/KqYc1ucAzsV
-qIfZDWv/971IcJacWFm+l1M/jZB62Cimtkyw4zvPV6O6QOOMqJMyBJPE7AWBEGBS
-G7kO6yqjhwJBAM/r01/KtZErJL/fZn+bXJxxYgIZ0oBqxEigcMLiRSjyDiVwyR4N
-0BeWrI0IoVQpJeWCq0uL/cKmA/oMcDtriZUCQCB4M9svPJ9VqnTb8FK/PEez9Wky
-kajw74M22YXxuTeqEbJ/rIOnHgAfNEI+e8b2E4lvC/Fgy7M1DZgucfJaqmUCQDb7
-4zr6zUclhKNk/aMTP8tzRHrPv1YMZfnay9cNpUJtuIX4LIdRGc2TH/Bv7tHly8rE
-4m2pCKNX6cdPUMK17n0CQBt2Y0RX3Q7OoJqzbi63JtP4eYwdaI28xnncPMhvwWji
-arwmzoNeD7T7tkOEZOC+rlhXZaeZLI6LYUyC5ouEn3M=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBrDCCARUCAQAwbDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMR0wGwYD
-VQQDExRDZXJ0IENoYWluIE5vIEFJQSAxMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEA3wcv7lR2SVKfFnoKOS9EbRdnymoM10LCRWD5t6Li6i9TFGkCVwZ+RLbH
-a59BuBwqF2s4pYnA7OJMwFmXbI0Xz+WGPTuxaZCA/oR7N065HV6Y/EY4x/EmJH16
-/PrXUVnRul8HhZ5D3/1uXzXIpP4kol6KuwG1XcXLDkD16UwLAEMCAwEAAaAAMA0G
-CSqGSIb3DQEBBQUAA4GBAC3Hy+pM3gfT72/XQizjzulBIwppfiqSKChXX+SmGIIL
-LDVcCXNQYvqvYJqXvNSHzZPy5sOdTPibkNU9nWj0jABa9PdhTmwDeb724HttVBvN
-7/h/hYaowlrxTgqJH/LzXjT2AGYGTixnuCphuom94tRnD2yWaKYAGq8xc/kOIkiZ
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 64 (0x40)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 9
- Validity
- Not Before: Mar 24 07:21:53 2009 GMT
- Not After : Mar 24 07:21:53 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 10
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:df:07:2f:ee:54:76:49:52:9f:16:7a:0a:39:2f:
- 44:6d:17:67:ca:6a:0c:d7:42:c2:45:60:f9:b7:a2:
- e2:ea:2f:53:14:69:02:57:06:7e:44:b6:c7:6b:9f:
- 41:b8:1c:2a:17:6b:38:a5:89:c0:ec:e2:4c:c0:59:
- 97:6c:8d:17:cf:e5:86:3d:3b:b1:69:90:80:fe:84:
- 7b:37:4e:b9:1d:5e:98:fc:46:38:c7:f1:26:24:7d:
- 7a:fc:fa:d7:51:59:d1:ba:5f:07:85:9e:43:df:fd:
- 6e:5f:35:c8:a4:fe:24:a2:5e:8a:bb:01:b5:5d:c5:
- cb:0e:40:f5:e9:4c:0b:00:43
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 6f:3d:1c:f3:6a:7d:23:49:43:c3:dd:41:43:81:42:f4:60:bf:
- 87:d4:5f:83:96:1c:6a:c3:06:28:e5:76:fb:5c:17:fc:60:1c:
- 04:07:03:99:92:d4:01:ac:97:81:0c:2a:7c:67:18:88:60:88:
- dc:a9:35:c1:89:75:d8:0b:0a:c3:ff:43:4a:5a:93:3a:d3:67:
- b2:ce:8d:8a:8c:19:b5:23:b5:ed:b9:df:26:52:70:09:41:4e:
- 68:1a:54:08:74:c8:ff:bf:03:70:f1:9b:ef:65:2e:e2:23:74:
- 12:77:c4:25:de:fe:58:a9:a9:fa:d2:fb:4b:40:70:24:31:2b:
- bc:64
------BEGIN CERTIFICATE-----
-MIICXzCCAcigAwIBAgIBQDANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
-A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgOTAeFw0wOTAzMjQwNzIxNTNaFw0xMDAz
-MjQwNzIxNTNaMFkxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
-FAYDVQQKEw1TYW1zdW5nIEVsZWMuMR0wGwYDVQQDExRDZXJ0IENoYWluIE5vIEFJ
-QSAxMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3wcv7lR2SVKfFnoKOS9E
-bRdnymoM10LCRWD5t6Li6i9TFGkCVwZ+RLbHa59BuBwqF2s4pYnA7OJMwFmXbI0X
-z+WGPTuxaZCA/oR7N065HV6Y/EY4x/EmJH16/PrXUVnRul8HhZ5D3/1uXzXIpP4k
-ol6KuwG1XcXLDkD16UwLAEMCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsG
-AQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQAD
-gYEAbz0c82p9I0lDw91BQ4FC9GC/h9Rfg5YcasMGKOV2+1wX/GAcBAcDmZLUAayX
-gQwqfGcYiGCI3Kk1wYl12AsKw/9DSlqTOtNnss6NiowZtSO17bnfJlJwCUFOaBpU
-CHTI/78DcPGb72Uu4iN0EnfEJd7+WKmp+tL7S0BwJDErvGQ=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDfBy/uVHZJUp8Wego5L0RtF2fKagzXQsJFYPm3ouLqL1MUaQJX
-Bn5Etsdrn0G4HCoXazilicDs4kzAWZdsjRfP5YY9O7FpkID+hHs3TrkdXpj8RjjH
-8SYkfXr8+tdRWdG6XweFnkPf/W5fNcik/iSiXoq7AbVdxcsOQPXpTAsAQwIDAQAB
-AoGBALSKYOaRQN/CHj5XtIbuGHonBEH670IiLJl1EzDwjrf8b0iKaPaBrx14yJ36
-YXzkb75dcZGvnZkk5/SdkdKxtJ93Y83Gan34fWXWZFurdBs6B26v4wVAaRYofR53
-/75CnfCDelDH5HgtHj8tw/F4zBIxC3r7CsFn04lKQM+mEd1hAkEA+rYoUSTA9RPB
-1Ki1gRiwph3Zan5Tsgt2qngWU0Ek/wsqKkwSeRgHZ5AkpsunKal7bGKMHA3yPo02
-E2EDEHLmTQJBAOO7ifiUoN88roep9pl0diYfLclTUakPViDlzIO7gulvNR0mq43D
-BH1JAUVMU19A8VbilKnUS2q6bqpqaCih6M8CQHUFnV/ypdY++JRIgx/U5G9FM3xP
-psVOMH91OgZ2O8yH65B+nYjEPICMeW8ZU9dQcnmurfNSVyX3R6xX9dQxrWkCQHLC
-1TqBm7gjmkgfbHfUap23ZJlp9WLeqaaWZ0OTQNtmATwZeqZLun1wRsWnOvRrg7Mn
-J4eVxhOYs6AJU0f2n50CQHfQU3xMJiTFfLvO8FV4fD39w141xYooC2glDWPFns+b
-v3Wkd9M6Nuv+gOB9vdG9I5+X9XSkKonkmcwU9Odjv8k=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD
-VQQDExNDZXJ0IENoYWluIE5vIEFJQSAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQDTOaekGWEoNU/wm/C4jVXp2k01nj1swDCxi8BQpAhq1uP68/HLnxQutsvS
-Fz29izGOyJUT8PwDQjACmGzuKunBKp954Ak1p269cGKuCVNUqWI2I7cVmAHGxVJH
-oYzB3nxNhjjQEiRXdpm6HyNiIKV5EqKakLiqUJZZFu0pdJ1nUwIDAQABoAAwDQYJ
-KoZIhvcNAQEFBQADgYEAuEP1aoTsRfFjG8te5yZEEbD7I8uPVin7G0GUCxYE2oof
-p6C0vCW1CDvSJJ1vQJTF3v26PpKLROqpsiNKpr1uq/R12HanmTdBOgCb/2psEt5Q
-sljxJFtog+PwiGdVlUB0QIZDuUeJom/IvoQ3CxfjZsm9b98jtlCw9ccCJhTKtgI=
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 56 (0x38)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 1
- Validity
- Not Before: Mar 24 07:21:45 2009 GMT
- Not After : Mar 24 07:21:45 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 2
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:d3:39:a7:a4:19:61:28:35:4f:f0:9b:f0:b8:8d:
- 55:e9:da:4d:35:9e:3d:6c:c0:30:b1:8b:c0:50:a4:
- 08:6a:d6:e3:fa:f3:f1:cb:9f:14:2e:b6:cb:d2:17:
- 3d:bd:8b:31:8e:c8:95:13:f0:fc:03:42:30:02:98:
- 6c:ee:2a:e9:c1:2a:9f:79:e0:09:35:a7:6e:bd:70:
- 62:ae:09:53:54:a9:62:36:23:b7:15:98:01:c6:c5:
- 52:47:a1:8c:c1:de:7c:4d:86:38:d0:12:24:57:76:
- 99:ba:1f:23:62:20:a5:79:12:a2:9a:90:b8:aa:50:
- 96:59:16:ed:29:74:9d:67:53
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 29:8e:68:80:e0:f2:ce:29:e5:70:95:67:0d:51:4a:a8:a0:9c:
- 9f:4f:2f:3a:83:40:67:6e:01:cb:21:bf:4a:a7:16:3d:df:f8:
- 2b:ca:6d:86:92:cc:46:99:99:b5:11:09:4d:25:c7:15:5f:64:
- 66:1a:18:69:ce:37:86:96:ab:e6:2e:3d:63:a3:cf:14:91:3b:
- 19:fc:79:a7:37:60:eb:51:12:3f:4d:3b:07:6c:0e:ae:69:2c:
- 07:4d:6a:ca:5d:97:e5:f0:24:96:7e:fa:f3:83:ec:53:7a:b1:
- 53:cb:42:c5:15:b0:04:9f:36:5c:d0:d5:92:49:38:e5:a5:ef:
- 91:d2
------BEGIN CERTIFICATE-----
-MIICXjCCAcegAwIBAgIBODANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
-A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMTAeFw0wOTAzMjQwNzIxNDVaFw0xMDAz
-MjQwNzIxNDVaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
-FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
-QSAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTOaekGWEoNU/wm/C4jVXp
-2k01nj1swDCxi8BQpAhq1uP68/HLnxQutsvSFz29izGOyJUT8PwDQjACmGzuKunB
-Kp954Ak1p269cGKuCVNUqWI2I7cVmAHGxVJHoYzB3nxNhjjQEiRXdpm6HyNiIKV5
-EqKakLiqUJZZFu0pdJ1nUwIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
-BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
-gQApjmiA4PLOKeVwlWcNUUqooJyfTy86g0BnbgHLIb9KpxY93/grym2GksxGmZm1
-EQlNJccVX2RmGhhpzjeGlqvmLj1jo88UkTsZ/HmnN2DrURI/TTsHbA6uaSwHTWrK
-XZfl8CSWfvrzg+xTerFTy0LFFbAEnzZc0NWSSTjlpe+R0g==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDTOaekGWEoNU/wm/C4jVXp2k01nj1swDCxi8BQpAhq1uP68/HL
-nxQutsvSFz29izGOyJUT8PwDQjACmGzuKunBKp954Ak1p269cGKuCVNUqWI2I7cV
-mAHGxVJHoYzB3nxNhjjQEiRXdpm6HyNiIKV5EqKakLiqUJZZFu0pdJ1nUwIDAQAB
-AoGASSfMwe7wUWa1exXnN2Pr/4RV/V4C1Cl0M+m8/7DwIWCvsPjQI7/C07MHwInA
-HmeZEGS0DSYHgnFoA14bTBmcv2Jh+XJRsjN8Qari8gsfoC3+gTT1CuvrVxP55xM7
-w5c/hUKBIbhyAMHfcS/lqV+o+1ahxSMtbHWkKZYL/i3h/oECQQD/lt6wu0Ne2jwy
-iHchL6l+Sz5bMpW9Qx23WpwiGPOlh3YzwDZHZRNmkJbXI3sIXvC8mjSOhyxI33iB
-NlpoZEIhAkEA05CJc53tiIBqg4YzlxKw5u/oeR0qvGFJFP6D8UnRTSet0R/hnlAX
-VVns28irMOGZ3gRLskRxv0EMRoViO+Ji8wJBAJO3qYrxH/XRIZt/HYLznf0dFbP1
-n29cO+99keFvFFol2V39iCFpPHY5uMQsgG4NGQuYACoj26deaLIdLNFKqKECQD4A
-4ze+NipGMHFBeIczFCNqdkBgmvDAtlFv0i16C9xH37olVNM3986s3yz+n6VgyN53
-ddPWGVwK7VURrFuOmp8CQEEDc0bBtkJgXfObV2PYGJRVuGGP6S1RqL+7VNfmu5/+
-ZJAdwJZOdl3PDL8b9XNSgayuBCK6Wwt3GGzdtvqz76s=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD
-VQQDExNDZXJ0IENoYWluIE5vIEFJQSAzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQCjhFcier8v7KbTxvLhFJKOnbFa8m+Zn1MI0fnvANqnLcNkbzHfTEkgBoiS
-18b/DJlJ0MVXu+qHTQasaDVqPiNs3S9OfPyc5tAdZeSHeX7ZwB7Ne/WBv3mK2G6U
-IvF5ptxS6u3m94YxXbc5/M1z7Q0f8sp5uiUe9LlsvCgIqUaqHQIDAQABoAAwDQYJ
-KoZIhvcNAQEFBQADgYEAKD2wV5jk1IjZY09e6qCrmlqDo0ma4FPHXXTkHHrah3qW
-ThqhAGLs6tukFkzqKiPRx9yxL8Pp+TtLtaPmLO+nX8QbEABXArgJIVrIeuPQPwbW
-L8OL2+glnnygdWD2yzNXSddn8k2HpZS1IWhjRg8vUTied9rhwzPq1N4uk79TQAU=
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 57 (0x39)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 2
- Validity
- Not Before: Mar 24 07:21:47 2009 GMT
- Not After : Mar 24 07:21:47 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 3
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:a3:84:57:22:7a:bf:2f:ec:a6:d3:c6:f2:e1:14:
- 92:8e:9d:b1:5a:f2:6f:99:9f:53:08:d1:f9:ef:00:
- da:a7:2d:c3:64:6f:31:df:4c:49:20:06:88:92:d7:
- c6:ff:0c:99:49:d0:c5:57:bb:ea:87:4d:06:ac:68:
- 35:6a:3e:23:6c:dd:2f:4e:7c:fc:9c:e6:d0:1d:65:
- e4:87:79:7e:d9:c0:1e:cd:7b:f5:81:bf:79:8a:d8:
- 6e:94:22:f1:79:a6:dc:52:ea:ed:e6:f7:86:31:5d:
- b7:39:fc:cd:73:ed:0d:1f:f2:ca:79:ba:25:1e:f4:
- b9:6c:bc:28:08:a9:46:aa:1d
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 05:E8:B5:E4:89:7E:CD:72:28:E1:08:B5:B2:9F:8E:A2:13:2B:2C:A7
- X509v3 Authority Key Identifier:
- DirName:/C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 1
- serial:38
-
- Signature Algorithm: sha1WithRSAEncryption
- 36:e5:af:2d:c4:bd:c1:16:27:74:f0:0a:a5:12:4c:da:d6:e2:
- 60:98:ee:3d:7a:d1:55:a0:ed:57:fd:6b:9b:fc:19:4b:f3:b2:
- 41:19:a7:6c:f7:15:63:68:18:09:6d:db:23:f9:e1:2a:d6:75:
- e5:18:46:2b:82:57:4e:1a:f8:03:fa:3d:7c:aa:70:8e:17:25:
- c6:b2:ab:ca:94:90:fd:2a:69:53:f5:11:81:68:06:f8:2d:5d:
- 92:39:b4:96:f0:d0:b5:03:c2:15:26:f4:e9:c0:9a:28:39:dd:
- 67:ea:a6:9f:27:44:69:2e:95:e0:a1:03:f6:3c:a1:f7:92:f4:
- a2:b8
------BEGIN CERTIFICATE-----
-MIIC7jCCAlegAwIBAgIBOTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
-A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMjAeFw0wOTAzMjQwNzIxNDdaFw0xMDAz
-MjQwNzIxNDdaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
-FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
-QSAzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjhFcier8v7KbTxvLhFJKO
-nbFa8m+Zn1MI0fnvANqnLcNkbzHfTEkgBoiS18b/DJlJ0MVXu+qHTQasaDVqPiNs
-3S9OfPyc5tAdZeSHeX7ZwB7Ne/WBv3mK2G6UIvF5ptxS6u3m94YxXbc5/M1z7Q0f
-8sp5uiUe9LlsvCgIqUaqHQIDAQABo4HHMIHEMAkGA1UdEwQCMAAwLAYJYIZIAYb4
-QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQF
-6LXkiX7NcijhCLWyn46iEysspzBqBgNVHSMEYzBhoVykWjBYMQswCQYDVQQGEwJL
-UjETMBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEc
-MBoGA1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMYIBODANBgkqhkiG9w0BAQUFAAOB
-gQA25a8txL3BFid08AqlEkza1uJgmO49etFVoO1X/Wub/BlL87JBGads9xVjaBgJ
-bdsj+eEq1nXlGEYrgldOGvgD+j18qnCOFyXGsqvKlJD9KmlT9RGBaAb4LV2SObSW
-8NC1A8IVJvTpwJooOd1n6qafJ0RpLpXgoQP2PKH3kvSiuA==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCjhFcier8v7KbTxvLhFJKOnbFa8m+Zn1MI0fnvANqnLcNkbzHf
-TEkgBoiS18b/DJlJ0MVXu+qHTQasaDVqPiNs3S9OfPyc5tAdZeSHeX7ZwB7Ne/WB
-v3mK2G6UIvF5ptxS6u3m94YxXbc5/M1z7Q0f8sp5uiUe9LlsvCgIqUaqHQIDAQAB
-AoGAbD/eV2sfSqDGSIj6nVs7MsLeeLDqhK7fD4XCiiDsn6RCKCkcwREFj/gDTgMf
-MBWtHRriqhQzTOMHOfe69NyyIf7eXihRjkX7Ist+gi1wiKqdr0ECECC3sGdWR/pu
-wLBDtC2ynqiezbxog+/3C3YWs0+DTsnn87aOeKbIIfoMSFkCQQDNBAqw/BKw4dDd
-msMGJqbI3UIobZVOEXLwTi3ZWwDMIM+HMJPyT62U67cCg35M4L/EMxYBYMhqdS3f
-tixN9+bLAkEAzC5ZxDEG4S3j44m1Ff58qBStbV4SBlM18jZgjEVqeYlqStWq8U7J
-lJLpa3F8C26bUNWXTwl7i5BIykpGjZ0ttwJAAdIVXjj+2X9H4Y/sR3O0a3g7jCxc
-9RKGmMe49IMwYJ+x+BtgVPiMLBRjzavpRTmBunZRrbV0Ui20OJZfklmvPQJBAIiX
-EVIgAhwtmOAkxVGbV0UR4Brj7Wbxz4rjOZ9c6Ke5d7PsUFjxfgS4axKHbpYvPhPL
-b1deXpm0wh0hpyUhWu0CQQCX+HNWjZ/3oGTxWHVWhj7Q1J18CyxDj7SISA87mv84
-QZuso4AGYpbuZUdWr2cJcBvbP+ZX7DCjsr+5Ns/3Foqq
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD
-VQQDExNDZXJ0IENoYWluIE5vIEFJQSA0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQDLjdBvdPcqlkda+ePVcjqBlMcP4qKbEU6SFWHcP7j9n7iuGFQlyuAaj0n3
-4YFkdkdatLydEQltx3EDzTirhV9pWu1rqjKnhbR1mqrc7O6dTgNR446miYLjJhNC
-mYcEX1lYQ4ky7do06bLKM68p6yAL50oQDD8AlHU2xfhNS6SIlQIDAQABoAAwDQYJ
-KoZIhvcNAQEFBQADgYEAgVwPigLP9cqlHrcmhsgMxqsmem1hsw2tmMBK3kccxat+
-c/sHgX5E5MHrUPta5NTlhsiA+A4PABY7Jr/WpGww3/iXJr5UUq+lLpTRg2wYL57c
-FzieD8na8Pve5KLhgdPwAwuQjLjV8ZlADIGUSoqEMBbT4oSxXoPXKHZJHbQyUrI=
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 58 (0x3a)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 3
- Validity
- Not Before: Mar 24 07:21:48 2009 GMT
- Not After : Mar 24 07:21:48 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 4
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:cb:8d:d0:6f:74:f7:2a:96:47:5a:f9:e3:d5:72:
- 3a:81:94:c7:0f:e2:a2:9b:11:4e:92:15:61:dc:3f:
- b8:fd:9f:b8:ae:18:54:25:ca:e0:1a:8f:49:f7:e1:
- 81:64:76:47:5a:b4:bc:9d:11:09:6d:c7:71:03:cd:
- 38:ab:85:5f:69:5a:ed:6b:aa:32:a7:85:b4:75:9a:
- aa:dc:ec:ee:9d:4e:03:51:e3:8e:a6:89:82:e3:26:
- 13:42:99:87:04:5f:59:58:43:89:32:ed:da:34:e9:
- b2:ca:33:af:29:eb:20:0b:e7:4a:10:0c:3f:00:94:
- 75:36:c5:f8:4d:4b:a4:88:95
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 6f:51:b6:28:15:d9:aa:56:70:0d:2a:f0:52:8b:c4:53:47:68:
- 78:fe:fe:89:c2:3b:87:23:40:87:04:02:67:74:4d:3c:cc:39:
- 48:30:f6:9c:12:74:be:48:26:5a:7c:a1:bf:d0:fa:19:89:63:
- 66:fe:44:2d:f5:e5:e8:9f:57:c5:20:fe:f0:10:2f:f0:6d:16:
- ef:a0:2b:db:95:05:72:cb:63:e4:2b:28:38:8f:aa:b9:51:f2:
- 88:19:0e:c1:c8:e7:0d:66:b8:13:f2:13:2d:ee:f0:dd:98:56:
- 04:af:c6:c8:81:07:ce:44:f5:23:7b:a4:72:32:4d:43:a9:61:
- 72:d6
------BEGIN CERTIFICATE-----
-MIICXjCCAcegAwIBAgIBOjANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
-A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMzAeFw0wOTAzMjQwNzIxNDhaFw0xMDAz
-MjQwNzIxNDhaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
-FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
-QSA0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLjdBvdPcqlkda+ePVcjqB
-lMcP4qKbEU6SFWHcP7j9n7iuGFQlyuAaj0n34YFkdkdatLydEQltx3EDzTirhV9p
-Wu1rqjKnhbR1mqrc7O6dTgNR446miYLjJhNCmYcEX1lYQ4ky7do06bLKM68p6yAL
-50oQDD8AlHU2xfhNS6SIlQIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
-BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
-gQBvUbYoFdmqVnANKvBSi8RTR2h4/v6JwjuHI0CHBAJndE08zDlIMPacEnS+SCZa
-fKG/0PoZiWNm/kQt9eXon1fFIP7wEC/wbRbvoCvblQVyy2PkKyg4j6q5UfKIGQ7B
-yOcNZrgT8hMt7vDdmFYEr8bIgQfORPUje6RyMk1DqWFy1g==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDLjdBvdPcqlkda+ePVcjqBlMcP4qKbEU6SFWHcP7j9n7iuGFQl
-yuAaj0n34YFkdkdatLydEQltx3EDzTirhV9pWu1rqjKnhbR1mqrc7O6dTgNR446m
-iYLjJhNCmYcEX1lYQ4ky7do06bLKM68p6yAL50oQDD8AlHU2xfhNS6SIlQIDAQAB
-AoGBAJMGntwypujq3SV4Q7mDpYC9Xr85muvYp2Da8vFsUYlYGcQeLIGTtSVaBDp4
-dsaCrG13CJmGmcHigd4WGG3DizK7HnlOU6GuKdJfISJAT0Di/oSnH1gpIxGzxsA0
-IAjrncQT0yPcXtS/YXv4VMhOHdWTmaZvsuP0aJjd04hg/yyhAkEA623ruT6oKxk6
-5QeO8OFhUxi9ahgzQYHfHU9bXshRoCVA9OE9EzxyYvQRJa4s2WcJoRmFpwTPQoUW
-iZnhKBBr2QJBAN1W56AFsqtNY33joZA1GIjZEhgbeZF1w+VUUcYWQ8wvOFYYq71S
-lmw2QpZdAhgFtQ5Sy31xVbbp7USrAoXNOR0CQCyyD6B5jr+v6Ih2qOJ+R1XZSoyL
-z59OIqeT20rhSO3YZL6YzFmMjkLPBzpaGNWlRCS7ja4psZd1YNP6zM4oX/ECQB0u
-F9tA5Q0wZq1yFRqt5U4lT/1doelLXUgelalHxihlEUhIeFu9R5d8j8rC+EOyfOwm
-fi1Lg8FZla433V1GcQECQQCDC1toUTOs6zQMR8Qjbg806oEeNCrXCuRSvER9F216
-W/gfkyu3O7ZMyTLDzssExEBemXqIwP7cPvi4AudCR+rF
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD
-VQQDExNDZXJ0IENoYWluIE5vIEFJQSA1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQDbDHCjS40S+kdfXzpBkRh6m+OvmVZwlnF90Hzu2dI6kMtCyOsGpYEko9Ce
-0DMEiFCk4jI3GrikP3dWtD+pzCd+ycmJHspktk7m/PoXzjuUf7IUb0CteHXzCb5i
-Db6vQGHcFkuUTIsWznlfl1lWGYoj6iF8PQJTCTIXtifubjEeTQIDAQABoAAwDQYJ
-KoZIhvcNAQEFBQADgYEArvxoIPSE97c62AF3OvMdckVtQeJLJqqBfNYXoLwlzoEo
-h56Sn+WtrrLEcqp1wt196Wn0BOFjZIzVSMEyNSX5WZ7m5CQskdHHeXjQ9lOkKU7e
-Z58GLZL8g+8Z7hJitgAUFdVeDDt4yxRI5KTWeSNziKL2Nt9qnqf/KNZa7E6qbPU=
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 59 (0x3b)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 4
- Validity
- Not Before: Mar 24 07:21:49 2009 GMT
- Not After : Mar 24 07:21:49 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 5
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:db:0c:70:a3:4b:8d:12:fa:47:5f:5f:3a:41:91:
- 18:7a:9b:e3:af:99:56:70:96:71:7d:d0:7c:ee:d9:
- d2:3a:90:cb:42:c8:eb:06:a5:81:24:a3:d0:9e:d0:
- 33:04:88:50:a4:e2:32:37:1a:b8:a4:3f:77:56:b4:
- 3f:a9:cc:27:7e:c9:c9:89:1e:ca:64:b6:4e:e6:fc:
- fa:17:ce:3b:94:7f:b2:14:6f:40:ad:78:75:f3:09:
- be:62:0d:be:af:40:61:dc:16:4b:94:4c:8b:16:ce:
- 79:5f:97:59:56:19:8a:23:ea:21:7c:3d:02:53:09:
- 32:17:b6:27:ee:6e:31:1e:4d
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 86:d9:2f:aa:12:1f:31:35:60:68:49:8c:4e:75:b3:5e:8f:f2:
- 81:69:79:7f:92:ca:32:ca:cf:a3:45:d0:8a:2c:d6:8b:9a:e6:
- a8:3d:19:66:ee:3b:03:25:4b:ed:56:c2:49:09:99:98:b3:9f:
- 13:11:ee:b5:ad:00:b8:36:31:6e:91:f6:fd:f3:95:7e:90:b9:
- 0b:26:ab:06:72:cf:57:33:3c:88:4e:aa:c4:bb:89:a5:60:95:
- 11:b5:e6:eb:1f:8f:fb:b0:f0:c5:78:be:6a:7f:39:29:e4:5b:
- 7b:28:16:d2:b6:bf:38:af:25:de:7b:22:23:d3:23:ca:03:0d:
- c6:08
------BEGIN CERTIFICATE-----
-MIICXjCCAcegAwIBAgIBOzANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
-A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNDAeFw0wOTAzMjQwNzIxNDlaFw0xMDAz
-MjQwNzIxNDlaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
-FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
-QSA1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbDHCjS40S+kdfXzpBkRh6
-m+OvmVZwlnF90Hzu2dI6kMtCyOsGpYEko9Ce0DMEiFCk4jI3GrikP3dWtD+pzCd+
-ycmJHspktk7m/PoXzjuUf7IUb0CteHXzCb5iDb6vQGHcFkuUTIsWznlfl1lWGYoj
-6iF8PQJTCTIXtifubjEeTQIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
-BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
-gQCG2S+qEh8xNWBoSYxOdbNej/KBaXl/ksoyys+jRdCKLNaLmuaoPRlm7jsDJUvt
-VsJJCZmYs58TEe61rQC4NjFukfb985V+kLkLJqsGcs9XMzyITqrEu4mlYJURtebr
-H4/7sPDFeL5qfzkp5Ft7KBbStr84ryXeeyIj0yPKAw3GCA==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDbDHCjS40S+kdfXzpBkRh6m+OvmVZwlnF90Hzu2dI6kMtCyOsG
-pYEko9Ce0DMEiFCk4jI3GrikP3dWtD+pzCd+ycmJHspktk7m/PoXzjuUf7IUb0Ct
-eHXzCb5iDb6vQGHcFkuUTIsWznlfl1lWGYoj6iF8PQJTCTIXtifubjEeTQIDAQAB
-AoGBANOC9ZiYMUar6RMMbsI1CsAJmxdKJw9cFYZ5NMmmBruKaNq6C0dFtKfejmlr
-fHfZ8JTl3bsb0EK5DdDpB7g7a73WT1338htfrH+3e0LRsj0hU7SidXOgb0Cw922d
-nRW53198ARkPc3b20uuFI71+4x8Vs5KDHiYNs644IpKD+2o5AkEA8WdqEkLaY3Wm
-muV5l9SZ5bKFDv+lWV7AQTjUGslJOxlq3AwB4hBK5CJiiybYyTcV3e4jWJZfnN/t
-J5NSeXVY9wJBAOhK/yp/UqblY96LgrlrfX7qQ+u6/drPHwp6JvlAGFyPzjN5WAO5
-i/9FZdKmjIvQOBu1OjvKjS5B/CpM4cTcVdsCQQDvEZJLaWesDgyj49RKV+LdRrFd
-TDHtUtek/+mWaXcbjy1zpHSM88OnMKJU2nDgvKvsMHVSuwEPc/gCNHT+Ege7AkAv
-/B4Nx1NpioVA2YzdhKjd6MKzFWOPKa392hHm9yiRJluwImbeDhwvVUSdaS4rS43r
-m1o2M7dKUPMoQc15fxJ1AkEAq8F4Ij94qy+eGc25H4ZkGOZTdr6iyn9ffncEqf42
-xvLu/L+RSuPu4VozAqzlXUWSi5Msnmxx0GaRtKJXZ/7AuQ==
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD
-VQQDExNDZXJ0IENoYWluIE5vIEFJQSA2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQCWTobpyriDSEdy+q0BqCbAxgkQ7zfgYuZr4ZedFcLliPruUIH/6/tIgG/b
-QbdRWGTrjbcvAxoLNttTHRl8Sfl2DDk280/p9seQXwLd3OdRwkTMn4dME9TlkRxK
-7TOigHbIVn78yXMreNl+o7IjzWnKoaeM44yXPnGsyARWvZfN0QIDAQABoAAwDQYJ
-KoZIhvcNAQEFBQADgYEAQ9NTrKzNXwwH6oENb9jaNK6RKMaTzjpw+wLwVYEwy6zy
-cdewGroTrbWeDxUtHDPdxITo54b8HVJcPGytQtlSgpJHK9JxLlm1EBWMzAaRPMsK
-HUcL9JP716Saga0FddWLTrn5WWCQuqfZF31nBappGmXY0L+gl7vRpIMu6toCdAI=
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 60 (0x3c)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 5
- Validity
- Not Before: Mar 24 07:21:50 2009 GMT
- Not After : Mar 24 07:21:50 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 6
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:96:4e:86:e9:ca:b8:83:48:47:72:fa:ad:01:a8:
- 26:c0:c6:09:10:ef:37:e0:62:e6:6b:e1:97:9d:15:
- c2:e5:88:fa:ee:50:81:ff:eb:fb:48:80:6f:db:41:
- b7:51:58:64:eb:8d:b7:2f:03:1a:0b:36:db:53:1d:
- 19:7c:49:f9:76:0c:39:36:f3:4f:e9:f6:c7:90:5f:
- 02:dd:dc:e7:51:c2:44:cc:9f:87:4c:13:d4:e5:91:
- 1c:4a:ed:33:a2:80:76:c8:56:7e:fc:c9:73:2b:78:
- d9:7e:a3:b2:23:cd:69:ca:a1:a7:8c:e3:8c:97:3e:
- 71:ac:c8:04:56:bd:97:cd:d1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 6f:e5:2b:c2:3c:65:22:24:f1:1c:a4:c4:c1:35:73:40:a0:8a:
- f0:13:06:c7:46:19:83:51:e0:c6:9f:d8:49:93:59:41:3f:71:
- 2d:31:67:55:98:49:42:aa:07:42:81:b5:4f:29:11:36:3f:23:
- 47:75:75:89:18:95:a4:ea:af:9f:4f:b2:0e:0b:21:4e:74:4f:
- 2c:18:74:c9:05:21:55:e7:e7:b2:85:9a:4f:70:ce:d1:89:1d:
- 9e:f8:02:30:d0:60:c5:2a:78:87:67:9e:04:3e:8a:7b:f9:df:
- 0b:4e:41:3a:81:fa:35:fa:d7:77:5f:7c:1f:cc:59:da:94:9b:
- 94:55
------BEGIN CERTIFICATE-----
-MIICXjCCAcegAwIBAgIBPDANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
-A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNTAeFw0wOTAzMjQwNzIxNTBaFw0xMDAz
-MjQwNzIxNTBaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
-FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
-QSA2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWTobpyriDSEdy+q0BqCbA
-xgkQ7zfgYuZr4ZedFcLliPruUIH/6/tIgG/bQbdRWGTrjbcvAxoLNttTHRl8Sfl2
-DDk280/p9seQXwLd3OdRwkTMn4dME9TlkRxK7TOigHbIVn78yXMreNl+o7IjzWnK
-oaeM44yXPnGsyARWvZfN0QIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
-BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
-gQBv5SvCPGUiJPEcpMTBNXNAoIrwEwbHRhmDUeDGn9hJk1lBP3EtMWdVmElCqgdC
-gbVPKRE2PyNHdXWJGJWk6q+fT7IOCyFOdE8sGHTJBSFV5+eyhZpPcM7RiR2e+AIw
-0GDFKniHZ54EPop7+d8LTkE6gfo1+td3X3wfzFnalJuUVQ==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCWTobpyriDSEdy+q0BqCbAxgkQ7zfgYuZr4ZedFcLliPruUIH/
-6/tIgG/bQbdRWGTrjbcvAxoLNttTHRl8Sfl2DDk280/p9seQXwLd3OdRwkTMn4dM
-E9TlkRxK7TOigHbIVn78yXMreNl+o7IjzWnKoaeM44yXPnGsyARWvZfN0QIDAQAB
-AoGAXqPJPRIAxeDP5CzEnGN1KzJGaRxG0YlUTp836JfYJNDwNvgIMs0yZn9Abwzc
-0WJYAR01N2u7jU4YISgUcPbfFCcoH0f7p5xknHee9CYXt+YkNT52YNdungP60I4m
-1EQID3Xn4/h0+vsb6ZnlUMWUFfxhfBtixvwQZuZrtixbLfECQQDGym+ysZvvxyA5
-SfiH8Ixs93hixX5csyFyDieNFntI/otZt3R+RKSHSODGAXbPgOzIWrfD91/YA6R2
-LotEJFJtAkEAwZAdZ2xvV2uVuOxre5CZtXw1dMLZolC2thAmrqoAdMek1UcSK8wI
-ZdmE9XneAKcQx3esR0AvTIbKx24/6DFqdQJAOiN0fX+CSqMjIn4myKMqfqf1tnVq
-GnRtQK0xFgtQLS381VVZJaCvub0vt9kvxUpAdexKOG79wfB2xfWg12IEFQJBAKnV
-qGcZtqvuwuUJ09kMbEHYJRM48DpCNb6Td01j7piIn7Fe9aumD2xGKio07ryF2ewa
-rfeqcpXj40KPEtXJng0CQEPJULeB6FKRqzGWsyIe4u7ow2MjMIou7m66HyjvjkHP
-6Rg5DA0dSEjwJeMFQ8AklKPtLyuIyrkFunjctYXx0Cg=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD
-VQQDExNDZXJ0IENoYWluIE5vIEFJQSA3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQC0W/5IECvrWK/GDlcqpVzMV4VE8tnRQ4TTQIv3euDosZ3o9LFFxmcUm6Wo
-4o/LMabbYZANqgqeJtxLCzOifAdyke5q7Hc09H6lDjkTqNWGhhJbpIs4kVckjak7
-+PGmSIkgqVuz/spW8MrR7JmcV2rfjiOhfr5ffM+p2z+43KGaOQIDAQABoAAwDQYJ
-KoZIhvcNAQEFBQADgYEAA0W3BM0qKXbW57gq2ZOo6/ZRYMqv0snG1Nc7mjlQrXRO
-fojBgWh3k1olzNv1XVmLI/jo9fs9E7Xcuvipiv9KMb5ba7oBzWXx8fKvyjbVX8qL
-G/tlyNiuX4pRbYHdh3C+zkkgItktl/DmxF344t/8Jdm/m28opW7cH0e2Zpp14ts=
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 61 (0x3d)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 6
- Validity
- Not Before: Mar 24 07:21:51 2009 GMT
- Not After : Mar 24 07:21:51 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 7
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b4:5b:fe:48:10:2b:eb:58:af:c6:0e:57:2a:a5:
- 5c:cc:57:85:44:f2:d9:d1:43:84:d3:40:8b:f7:7a:
- e0:e8:b1:9d:e8:f4:b1:45:c6:67:14:9b:a5:a8:e2:
- 8f:cb:31:a6:db:61:90:0d:aa:0a:9e:26:dc:4b:0b:
- 33:a2:7c:07:72:91:ee:6a:ec:77:34:f4:7e:a5:0e:
- 39:13:a8:d5:86:86:12:5b:a4:8b:38:91:57:24:8d:
- a9:3b:f8:f1:a6:48:89:20:a9:5b:b3:fe:ca:56:f0:
- ca:d1:ec:99:9c:57:6a:df:8e:23:a1:7e:be:5f:7c:
- cf:a9:db:3f:b8:dc:a1:9a:39
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 1d:2e:83:cb:9e:92:3e:d2:0a:fb:74:87:66:3d:57:84:09:11:
- 4a:2a:68:0e:da:9e:4d:7b:25:af:56:fa:3c:d5:4c:02:fe:43:
- dd:c3:66:c9:5d:55:50:40:15:8f:06:74:13:83:27:c5:19:7e:
- 55:f3:fa:26:ec:3e:c0:1a:5d:20:ee:09:af:38:83:f8:0e:da:
- bf:07:87:07:a5:70:79:21:2c:38:5b:e0:f8:d1:57:0f:9b:d1:
- ee:a3:86:02:b5:e0:5b:64:08:5f:64:8b:43:65:ac:60:8a:c9:
- 6f:47:37:66:61:c1:74:b0:74:0a:24:12:36:c1:28:58:b6:04:
- 9b:4c
------BEGIN CERTIFICATE-----
-MIICXjCCAcegAwIBAgIBPTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
-A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNjAeFw0wOTAzMjQwNzIxNTFaFw0xMDAz
-MjQwNzIxNTFaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
-FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
-QSA3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0W/5IECvrWK/GDlcqpVzM
-V4VE8tnRQ4TTQIv3euDosZ3o9LFFxmcUm6Wo4o/LMabbYZANqgqeJtxLCzOifAdy
-ke5q7Hc09H6lDjkTqNWGhhJbpIs4kVckjak7+PGmSIkgqVuz/spW8MrR7JmcV2rf
-jiOhfr5ffM+p2z+43KGaOQIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
-BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
-gQAdLoPLnpI+0gr7dIdmPVeECRFKKmgO2p5NeyWvVvo81UwC/kPdw2bJXVVQQBWP
-BnQTgyfFGX5V8/om7D7AGl0g7gmvOIP4Dtq/B4cHpXB5ISw4W+D40VcPm9Huo4YC
-teBbZAhfZItDZaxgislvRzdmYcF0sHQKJBI2wShYtgSbTA==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC0W/5IECvrWK/GDlcqpVzMV4VE8tnRQ4TTQIv3euDosZ3o9LFF
-xmcUm6Wo4o/LMabbYZANqgqeJtxLCzOifAdyke5q7Hc09H6lDjkTqNWGhhJbpIs4
-kVckjak7+PGmSIkgqVuz/spW8MrR7JmcV2rfjiOhfr5ffM+p2z+43KGaOQIDAQAB
-AoGAKiqfxoVRX1J6tdlAc835ZiTIGZiVaCFa+nDKyG9ICd8Mxhv/HgsGqoDBODzP
-1XekRQIIRcmNdfAr7LePuNs6eh/qm98UulUr6zpEMXu8/DIqI6Lf4F8GMwMaD2lx
-qmnQK+fziDrhrw10Y1ijy/ttEg6wDwCeQJJs/Iz3ncOEIMkCQQDo93B/RhJas6Gd
-bIC5IIe5pwvyOzmkn6dOWCIZDU5WXJ3A2gtNDdhO6MunaFCA2i+R4RSu8dDQjUXC
-dtthEfVfAkEAxjEGfrEg1NW7ug6CB2yvJiKzoHn6mVWUapKWfbstaodOrU1+WWtU
-CpWn0cm6ytGOeSI1Ylc2vnp667QikWq/ZwJBAKvV97CpKtikLs1DPx9OE06pHHKr
-pLT83hc3gs8ftWyWG/Yn3rYTRD3QEIeGtfqU9QmREASKcQ+jZJUvvlk3OdkCQArY
-9hULFtPvWtYFI0LKxQ9eSNyYsImh8Hygx1HcY9D31OuRWUAFqtTlegj2dJ3TOGwS
-3j8irOFiDMZH1riE0jMCQDtk5fJZd61phQ25I4mkBf4+8qCOiiWneuapdJlX1r+C
-5GmsM9fDr/m+pBNAbQP2vR+38wSHEuEt0U9MC7NEAHU=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD
-VQQDExNDZXJ0IENoYWluIE5vIEFJQSA4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQC8dmzRZbvDmPpNGTSmQ4rBHf8ETPnJv8XZTAiUokxVMQloOjVhxi59anqH
-iLohTF5eKNnT/QG8TuJVqNfVoHLRtftv+Mp69+aJsD7Jg+X9jan8Cv2g3aIzF06g
-Djcisu8n5GfVWICLFqGiVsNzaX3uR9mvTRl+nysIrUtRB0CZ8QIDAQABoAAwDQYJ
-KoZIhvcNAQEFBQADgYEACgjxLIxQBVD3sgcHFUzN1o7ibcA1Y82FC3HIowZfs/n9
-VPj7EhZ1J+PVZzszjjsTLHp3hjVn9g+gYVpen0MYVTbIn4733qaA7vImfv3DCN4B
-Wk75YhVBRuvJSbIKplQeJPyDGXdMfrtLQ6dYiHImkVHwkp1kueq9H5jU6TUrDd8=
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 62 (0x3e)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 7
- Validity
- Not Before: Mar 24 07:21:52 2009 GMT
- Not After : Mar 24 07:21:52 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 8
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:bc:76:6c:d1:65:bb:c3:98:fa:4d:19:34:a6:43:
- 8a:c1:1d:ff:04:4c:f9:c9:bf:c5:d9:4c:08:94:a2:
- 4c:55:31:09:68:3a:35:61:c6:2e:7d:6a:7a:87:88:
- ba:21:4c:5e:5e:28:d9:d3:fd:01:bc:4e:e2:55:a8:
- d7:d5:a0:72:d1:b5:fb:6f:f8:ca:7a:f7:e6:89:b0:
- 3e:c9:83:e5:fd:8d:a9:fc:0a:fd:a0:dd:a2:33:17:
- 4e:a0:0e:37:22:b2:ef:27:e4:67:d5:58:80:8b:16:
- a1:a2:56:c3:73:69:7d:ee:47:d9:af:4d:19:7e:9f:
- 2b:08:ad:4b:51:07:40:99:f1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 40:8d:52:73:c3:85:6b:6c:4f:54:51:06:eb:d8:cd:40:5d:3d:
- 89:c2:06:4d:c6:70:5e:cc:64:40:3f:bb:3e:d4:52:b0:8d:57:
- 77:f3:1f:63:89:b3:21:b0:72:c6:ef:97:77:06:90:6f:fd:e8:
- c3:d4:d6:13:f7:18:a8:eb:1e:87:b8:98:20:4a:0b:58:74:81:
- 59:eb:6e:50:f3:68:b2:e2:8c:a2:4b:92:c5:fa:e1:4f:43:ae:
- 51:ca:a6:c7:2c:40:16:2f:24:d3:a2:91:d5:45:7d:a7:3c:6e:
- 65:74:a7:b0:a6:a0:07:d7:1d:3a:2e:51:6e:de:7f:e6:5b:73:
- e2:7d
------BEGIN CERTIFICATE-----
-MIICXjCCAcegAwIBAgIBPjANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
-A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNzAeFw0wOTAzMjQwNzIxNTJaFw0xMDAz
-MjQwNzIxNTJaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
-FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
-QSA4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8dmzRZbvDmPpNGTSmQ4rB
-Hf8ETPnJv8XZTAiUokxVMQloOjVhxi59anqHiLohTF5eKNnT/QG8TuJVqNfVoHLR
-tftv+Mp69+aJsD7Jg+X9jan8Cv2g3aIzF06gDjcisu8n5GfVWICLFqGiVsNzaX3u
-R9mvTRl+nysIrUtRB0CZ8QIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
-BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
-gQBAjVJzw4VrbE9UUQbr2M1AXT2JwgZNxnBezGRAP7s+1FKwjVd38x9jibMhsHLG
-75d3BpBv/ejD1NYT9xio6x6HuJggSgtYdIFZ625Q82iy4oyiS5LF+uFPQ65RyqbH
-LEAWLyTTopHVRX2nPG5ldKewpqAH1x06LlFu3n/mW3PifQ==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC8dmzRZbvDmPpNGTSmQ4rBHf8ETPnJv8XZTAiUokxVMQloOjVh
-xi59anqHiLohTF5eKNnT/QG8TuJVqNfVoHLRtftv+Mp69+aJsD7Jg+X9jan8Cv2g
-3aIzF06gDjcisu8n5GfVWICLFqGiVsNzaX3uR9mvTRl+nysIrUtRB0CZ8QIDAQAB
-AoGAeD+3vwQCghMh4f+rMEr4RbA1/zB+UNQkEToKX4wO2Gypa+94ECK7lxpRhBkh
-ag2oSLwYAML2UIiksbNBw/TUTRJUIvVFGNj01ZAY/ToySwZyB+iGVvYLs14CWCh+
-lIG8Yv6jeioXW6lUYuKGX/8MgKxsYqdjTuNDBUTU/wYHZgECQQDezuG53RnhW+cv
-612+metzu3+9tnz1YME9d+xJSHehNG+44ZojxIujYaZpwq4riPfPp61JKJmJ9A1p
-QUDQfLeZAkEA2Im5unIRak409a6uNlZ4ga6ISROewyoGe+pzch7trOGgcmcTy3mA
-ZqmmRcolcpQ8Zvk/8pEbgSWwh1GxOuOMGQJBALwEyOcXdad+7nC5pboaGV7ocrud
-K4XFyEwezv5ocMtQfJb/iht02IFe/hdxeZizVKufS9PYtvh7QnX34sIM/MECQGHy
-Cjy3lAEN1w66MLsLaf7ev26unUWSINS0O/wG2WM1u6mDzoRfNSE646b1xPKK8rdx
-Tuedk19bePn8jbohayECQQDWDO5OcgeD/3Yyy5ybll7UC+8O1RWHx/aYV6xI1Nbm
-G4UsxB6jeEoHUD68YQ/LCaphFsrcYDK9KCaFn9qqcGeJ
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD
-VQQDExNDZXJ0IENoYWluIE5vIEFJQSA5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQCocGkc8UikcaUr0NjxAB/KKhfQP08fQ6AEUj4oczsgA5ZHmRnclTVBrwNO
-CAHB1QhlTHWfKXPTq7P1nOfgc6hOvv2GZ/f0IEJ2OYWUkbhsdADIyIvRJDiS3XR2
-6Mpp9paqKRsyTtdlTdyHTP9g3ESlBmAqL0jmoJyT6yT/dKXQEwIDAQABoAAwDQYJ
-KoZIhvcNAQEFBQADgYEAbWNnnytyqTafHeNCAQVVBsNuHKJhmNfYVfmrghQCPNzd
-TAJ1uAbbwN8kLFYbQ8qS0Va+yeSbgzqXRfn8WIpPbgYVMU+KPkVtJd9fjRJpFJbg
-Blr6TnXY+2PiGvzptLcPzE5u4un7cNyl+rc1rVzmCS26Gj6e7C7ysAHzedapDvI=
------END CERTIFICATE REQUEST-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 63 (0x3f)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 8
- Validity
- Not Before: Mar 24 07:21:52 2009 GMT
- Not After : Mar 24 07:21:52 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 9
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:a8:70:69:1c:f1:48:a4:71:a5:2b:d0:d8:f1:00:
- 1f:ca:2a:17:d0:3f:4f:1f:43:a0:04:52:3e:28:73:
- 3b:20:03:96:47:99:19:dc:95:35:41:af:03:4e:08:
- 01:c1:d5:08:65:4c:75:9f:29:73:d3:ab:b3:f5:9c:
- e7:e0:73:a8:4e:be:fd:86:67:f7:f4:20:42:76:39:
- 85:94:91:b8:6c:74:00:c8:c8:8b:d1:24:38:92:dd:
- 74:76:e8:ca:69:f6:96:aa:29:1b:32:4e:d7:65:4d:
- dc:87:4c:ff:60:dc:44:a5:06:60:2a:2f:48:e6:a0:
- 9c:93:eb:24:ff:74:a5:d0:13
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 8f:6f:4d:2a:68:f1:d5:08:43:43:3f:5a:53:d8:fe:71:93:e8:
- 08:e5:a3:4f:dc:b2:9b:20:89:7c:dd:b0:57:7f:f7:1f:45:09:
- 78:c0:ba:99:0e:ab:fe:a5:1c:de:37:f6:dd:9a:b2:f1:9f:f0:
- 15:19:4b:6c:32:dc:5f:8e:af:4f:3f:fe:a3:67:ae:78:ba:af:
- cd:41:fd:c9:31:ca:ce:7e:82:2e:c6:40:4d:94:b9:cd:fa:d5:
- a1:b3:b6:10:47:2d:75:f1:37:3f:e9:62:81:a3:ff:7f:72:04:
- f7:26:6d:d4:c0:22:38:a1:6c:64:10:66:fe:0d:95:e7:2e:64:
- c8:d5
------BEGIN CERTIFICATE-----
-MIICXjCCAcegAwIBAgIBPzANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
-A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgODAeFw0wOTAzMjQwNzIxNTJaFw0xMDAz
-MjQwNzIxNTJaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
-FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
-QSA5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCocGkc8UikcaUr0NjxAB/K
-KhfQP08fQ6AEUj4oczsgA5ZHmRnclTVBrwNOCAHB1QhlTHWfKXPTq7P1nOfgc6hO
-vv2GZ/f0IEJ2OYWUkbhsdADIyIvRJDiS3XR26Mpp9paqKRsyTtdlTdyHTP9g3ESl
-BmAqL0jmoJyT6yT/dKXQEwIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
-BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
-gQCPb00qaPHVCENDP1pT2P5xk+gI5aNP3LKbIIl83bBXf/cfRQl4wLqZDqv+pRze
-N/bdmrLxn/AVGUtsMtxfjq9PP/6jZ654uq/NQf3JMcrOfoIuxkBNlLnN+tWhs7YQ
-Ry118Tc/6WKBo/9/cgT3Jm3UwCI4oWxkEGb+DZXnLmTI1Q==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCocGkc8UikcaUr0NjxAB/KKhfQP08fQ6AEUj4oczsgA5ZHmRnc
-lTVBrwNOCAHB1QhlTHWfKXPTq7P1nOfgc6hOvv2GZ/f0IEJ2OYWUkbhsdADIyIvR
-JDiS3XR26Mpp9paqKRsyTtdlTdyHTP9g3ESlBmAqL0jmoJyT6yT/dKXQEwIDAQAB
-AoGBAJigAx7uo1wefgQN4gW+jw+oxJs2QoOZy00fGKOehlyj43BNEloF+ZPi+aOj
-LbRtTIY9mfb2oLWUSCSuYI3JPx9jIsNMeCgn+/Eo96mjOPvifKgz0D4tNPsGTmf5
-PSEDPdN6NdpIuPoCyn8dTEseL99FDe4JNu1Hotm6xzyl0m+BAkEA0s2LJKsQZKFw
-APuwpvLXiLE2n3jxZzxNTJY4X3TGkcDPkkh7LJLo/39KkGZ6jke73IY5UCYXKrSU
-t1UlPMTx2wJBAMyNnx2o4c0P3KRyOICS45q+9CMbASIN7aSxNg3Y/bb9R0sVQbXc
-C8HpfUN2erpMy2oCjcIt/aU47tTCrkJvfCkCQC+KY2L1oVDQh63xFTnRcoJFVQhK
-AkdB9jzbdAMzFsUwMp/O8NhwmVNlpa9DLUiBLQDi1HIa5Qagixl9flRiJhkCQGB6
-n8T+hdoRlDEgCpRiM+YmEMKKFyO3zBG039jyMuDfX4QDd6XOLuF8Pm/WbxZ16C+N
-Gs2uoYcPbl59oHGHYdkCQFYRupnzOGMA6qLlP/moi0j7OzOK0JpMLCvkGg5GcNVl
-MD2Jgl3O/7JVWQQ/21rS6BLbQHr4Uty6T79bHu6ZeYY=
------END RSA PRIVATE KEY-----
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./demoCA # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cacert.pem # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cakey.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./cert_chain # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cert_chain9.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cert_chain9.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./cert_chain # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cert_chain1.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cert_chain1.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./cert_chain # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cert_chain2.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cert_chain2.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./cert_chain # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cert_chain3.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cert_chain3.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./cert_chain # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cert_chain4.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cert_chain4.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./cert_chain # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cert_chain5.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cert_chain5.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./cert_chain # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cert_chain6.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cert_chain6.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./cert_chain # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cert_chain7.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cert_chain7.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./cert_chain # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cert_chain8.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cert_chain8.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./cert_chain # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cert_chain_no_aia9.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cert_chain_no_aia9.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./cert_chain # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cert_chain_no_aia1.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cert_chain_no_aia1.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./cert_chain # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cert_chain_no_aia2.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cert_chain_no_aia2.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./cert_chain # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cert_chain_no_aia3.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cert_chain_no_aia3.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./cert_chain # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cert_chain_no_aia4.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cert_chain_no_aia4.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./cert_chain # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cert_chain_no_aia5.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cert_chain_no_aia5.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./cert_chain # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cert_chain_no_aia6.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cert_chain_no_aia6.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./cert_chain # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cert_chain_no_aia7.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cert_chain_no_aia7.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./cert_chain # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cert_chain_no_aia8.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cert_chain_no_aia8.pem # The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+++ /dev/null
-V 100306080002Z 01 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100309031315Z 02 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Certificate for OCSP Client test - IP address as AIA
-V 100309060955Z 03 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100309061108Z 04 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100309061223Z 05 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100310001031Z 06 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100310001451Z 07 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100310080409Z 08 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100311104952Z 09 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100313011918Z 0A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100313022703Z 0B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100313023759Z 0C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100313023935Z 0D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311031642Z 0E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate
-V 190311031818Z 0F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First Test Certificate
-V 190311032356Z 10 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311032410Z 11 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311032420Z 12 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311032430Z 13 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311032440Z 14 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100314113542Z 15 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100314134812Z 16 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100316053643Z 17 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100316053834Z 18 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100316061833Z 19 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate
-V 100316114226Z 1A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316115653Z 1B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316121050Z 1C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316121256Z 1D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316121311Z 1E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316121809Z 1F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316122916Z 20 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316123325Z 21 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316125036Z 22 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316125902Z 23 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316125924Z 24 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316125941Z 25 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316140429Z 26 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field
-V 190314230611Z 27 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field
-V 190314230854Z 28 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder's certificate with delegation
-V 190314233211Z 29 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Seventh OCSP Client certificate
-V 100324064920Z 2A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
-V 100324070428Z 2B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
-V 100324070457Z 2C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
-V 100324070709Z 2D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
-V 100324070746Z 2E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
-V 100324070944Z 2F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 2
-V 100324070946Z 30 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 3
-V 100324070947Z 31 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 4
-V 100324070948Z 32 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 5
-V 100324070951Z 33 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 6
-V 100324070953Z 34 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 7
-V 100324070954Z 35 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 8
-V 100324070955Z 36 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 9
-V 100324070956Z 37 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 10
-V 100324072145Z 38 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 2
-V 100324072147Z 39 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 3
-V 100324072148Z 3A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 4
-V 100324072149Z 3B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 5
-V 100324072150Z 3C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 6
-V 100324072151Z 3D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 7
-V 100324072152Z 3E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 8
-V 100324072152Z 3F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 9
-V 100324072153Z 40 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 10
+++ /dev/null
-unique_subject = no
+++ /dev/null
-unique_subject = no
+++ /dev/null
-V 100306080002Z 01 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100309031315Z 02 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Certificate for OCSP Client test - IP address as AIA
-V 100309060955Z 03 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100309061108Z 04 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100309061223Z 05 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100310001031Z 06 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100310001451Z 07 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100310080409Z 08 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100311104952Z 09 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100313011918Z 0A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100313022703Z 0B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100313023759Z 0C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100313023935Z 0D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311031642Z 0E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate
-V 190311031818Z 0F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First Test Certificate
-V 190311032356Z 10 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311032410Z 11 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311032420Z 12 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311032430Z 13 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311032440Z 14 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100314113542Z 15 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100314134812Z 16 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100316053643Z 17 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100316053834Z 18 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100316061833Z 19 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate
-V 100316114226Z 1A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316115653Z 1B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316121050Z 1C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316121256Z 1D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316121311Z 1E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316121809Z 1F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316122916Z 20 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316123325Z 21 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316125036Z 22 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316125902Z 23 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316125924Z 24 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316125941Z 25 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316140429Z 26 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field
-V 190314230611Z 27 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field
-V 190314230854Z 28 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder's certificate with delegation
-V 190314233211Z 29 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Seventh OCSP Client certificate
-V 100324064920Z 2A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
-V 100324070428Z 2B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
-V 100324070457Z 2C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
-V 100324070709Z 2D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
-V 100324070746Z 2E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1
-V 100324070944Z 2F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 2
-V 100324070946Z 30 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 3
-V 100324070947Z 31 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 4
-V 100324070948Z 32 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 5
-V 100324070951Z 33 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 6
-V 100324070953Z 34 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 7
-V 100324070954Z 35 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 8
-V 100324070955Z 36 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 9
-V 100324070956Z 37 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 10
-V 100324072145Z 38 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 2
-V 100324072147Z 39 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 3
-V 100324072148Z 3A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 4
-V 100324072149Z 3B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 5
-V 100324072150Z 3C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 6
-V 100324072151Z 3D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 7
-V 100324072152Z 3E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 8
-V 100324072152Z 3F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 9
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 47 (0x2f)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 1
- Validity
- Not Before: Mar 24 07:09:44 2009 GMT
- Not After : Mar 24 07:09:44 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 2
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:db:5e:a6:ab:60:f3:85:f6:0d:07:17:8c:ae:52:
- 78:13:75:21:8c:d3:4a:20:d1:0d:8a:e2:34:95:ff:
- d2:31:29:e7:62:e9:ac:ce:5e:a6:dd:f7:a0:38:f3:
- 96:b2:24:06:b6:c8:c6:06:57:ba:f0:f0:69:08:7a:
- c1:bf:87:cb:06:2b:7a:fc:81:26:36:81:46:04:9b:
- 99:1f:1f:0e:36:05:af:7d:f2:57:fb:26:1d:a5:a3:
- 5b:af:70:1d:6f:55:2b:d6:df:3b:dd:4b:51:1e:17:
- a6:89:94:5e:16:9c:08:fd:d9:5c:1e:ad:79:f1:5b:
- 42:c2:37:59:73:d9:e5:b5:65
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- c1:6c:a1:95:34:3e:32:74:35:1a:cb:76:24:cb:1b:e2:a0:ff:
- 6a:78:ef:8d:7f:dd:40:3f:39:85:aa:19:a9:e5:ce:ca:c4:2d:
- b8:6c:6d:d4:e9:b1:a2:45:94:16:d7:8b:23:3a:d3:7f:6d:b0:
- 8a:7c:ed:2e:6c:e3:ba:dc:3c:25:4b:13:f4:28:a4:f9:87:b4:
- 69:b5:51:4d:da:d4:7e:9e:0f:99:6e:1a:5a:5f:b5:dc:f2:7b:
- d5:8f:57:39:61:e3:a8:2e:bc:8a:b7:9d:d3:21:58:81:12:b9:
- e5:bc:b9:fc:bd:39:2d:e8:8b:c0:49:bc:ba:16:ee:43:58:d9:
- 93:82
------BEGIN CERTIFICATE-----
-MIICUDCCAbmgAwIBAgIBLzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
-A1UEAxMMQ2VydCBDaGFpbiAxMB4XDTA5MDMyNDA3MDk0NFoXDTEwMDMyNDA3MDk0
-NFowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gMjCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA216mq2DzhfYNBxeMrlJ4E3UhjNNKINENiuI0lf/S
-MSnnYumszl6m3fegOPOWsiQGtsjGBle68PBpCHrBv4fLBit6/IEmNoFGBJuZHx8O
-NgWvffJX+yYdpaNbr3Adb1Ur1t873UtRHhemiZReFpwI/dlcHq158VtCwjdZc9nl
-tWUCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
-MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAwWyhlTQ+MnQ1Gst2
-JMsb4qD/anjvjX/dQD85haoZqeXOysQtuGxt1OmxokWUFteLIzrTf22winztLmzj
-utw8JUsT9Cik+Ye0abVRTdrUfp4PmW4aWl+13PJ71Y9XOWHjqC68ired0yFYgRK5
-5by5/L05LeiLwEm8uhbuQ1jZk4I=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 48 (0x30)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 2
- Validity
- Not Before: Mar 24 07:09:46 2009 GMT
- Not After : Mar 24 07:09:46 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 3
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c6:3d:c7:e5:0f:c7:59:28:aa:b6:fc:5e:d0:0d:
- 95:6d:df:8c:82:42:6d:ef:a9:ad:51:ac:73:c1:e1:
- 0a:a1:8e:80:6e:ac:0a:35:55:61:3d:44:32:46:d9:
- f7:03:4b:31:b0:e2:a2:b3:f8:91:4b:e3:5c:1d:5c:
- e0:48:51:51:9a:06:41:1a:e2:4c:45:5c:c0:2a:86:
- 44:44:ce:01:02:56:e6:9b:4b:8d:5e:49:a7:f9:40:
- 1b:00:93:91:d6:2e:24:9f:1f:04:59:eb:68:51:fe:
- 74:ba:12:b0:b8:7d:7b:c2:95:ff:a6:a7:fd:de:8a:
- a1:69:fb:80:85:a5:a6:43:4f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 87:26:72:c1:5b:e8:04:3a:3f:c5:65:24:17:7a:e5:40:67:f3:
- 1e:cd:91:0c:75:bd:aa:14:61:d1:1a:2c:d7:11:21:bb:a3:70:
- 92:54:e5:3d:30:d1:b5:50:73:72:1b:72:e8:47:b0:af:a9:85:
- f5:e4:d5:53:d5:db:4d:88:48:00:4c:69:32:ab:f2:a8:d0:57:
- 90:c6:24:fc:7b:77:de:6c:dd:c5:c9:6e:5b:21:15:73:4d:4d:
- f7:a3:ca:31:60:84:24:e9:4d:21:fc:88:ce:13:99:35:76:4c:
- e7:26:47:43:a7:eb:79:bd:7e:aa:80:48:ad:5c:46:ae:ab:74:
- 9e:29
------BEGIN CERTIFICATE-----
-MIICUDCCAbmgAwIBAgIBMDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
-A1UEAxMMQ2VydCBDaGFpbiAyMB4XDTA5MDMyNDA3MDk0NloXDTEwMDMyNDA3MDk0
-NlowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gMzCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAxj3H5Q/HWSiqtvxe0A2Vbd+MgkJt76mtUaxzweEK
-oY6AbqwKNVVhPUQyRtn3A0sxsOKis/iRS+NcHVzgSFFRmgZBGuJMRVzAKoZERM4B
-Albmm0uNXkmn+UAbAJOR1i4knx8EWetoUf50uhKwuH17wpX/pqf93oqhafuAhaWm
-Q08CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
-MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAhyZywVvoBDo/xWUk
-F3rlQGfzHs2RDHW9qhRh0Ros1xEhu6NwklTlPTDRtVBzchty6Eewr6mF9eTVU9Xb
-TYhIAExpMqvyqNBXkMYk/Ht33mzdxcluWyEVc01N96PKMWCEJOlNIfyIzhOZNXZM
-5yZHQ6freb1+qoBIrVxGrqt0nik=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 49 (0x31)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 3
- Validity
- Not Before: Mar 24 07:09:47 2009 GMT
- Not After : Mar 24 07:09:47 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 4
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:ba:05:30:f6:65:6f:c6:e4:54:00:71:1c:85:6c:
- 5e:5a:42:67:df:66:e2:a3:69:be:85:d9:84:c0:8b:
- 1b:bd:4d:f2:ef:df:01:d3:65:33:f9:66:9a:08:79:
- e1:21:6e:8a:e6:3c:dc:96:f2:43:e9:32:68:9d:06:
- 06:d7:fc:fb:d2:da:58:16:81:19:cc:d7:43:20:f4:
- 85:c1:03:9b:34:c0:6c:7a:a1:19:5d:4f:41:8c:fb:
- 74:7d:4c:86:c8:6f:f9:f2:c8:d4:38:cc:c0:44:0b:
- c0:b0:0d:48:2b:2c:c6:9f:92:21:2d:80:dd:4b:bd:
- da:e2:7d:ad:f5:5d:a7:a5:7f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- b6:bc:69:88:2c:7a:dd:69:8b:90:cf:a8:ec:33:db:ad:10:06:
- ad:d2:94:ee:cf:d3:33:97:ac:60:38:e0:5a:a4:7b:d0:ca:a7:
- 5c:19:be:93:1c:61:85:14:08:f0:35:44:99:d4:7e:b0:fb:be:
- 4e:5c:18:a9:b9:b5:9a:91:4e:d1:e1:44:8d:ec:ca:4e:eb:6e:
- 17:27:76:0d:57:ad:cf:32:e4:a5:bc:b6:ad:22:e5:27:6d:11:
- 81:4d:4c:09:14:ea:11:7c:81:14:5e:fb:95:4d:f3:1d:5d:d0:
- f9:b6:45:e7:c5:c6:40:21:64:60:2e:71:1f:32:dc:21:fe:5c:
- 45:da
------BEGIN CERTIFICATE-----
-MIICUDCCAbmgAwIBAgIBMTANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
-A1UEAxMMQ2VydCBDaGFpbiAzMB4XDTA5MDMyNDA3MDk0N1oXDTEwMDMyNDA3MDk0
-N1owUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNDCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAugUw9mVvxuRUAHEchWxeWkJn32bio2m+hdmEwIsb
-vU3y798B02Uz+WaaCHnhIW6K5jzclvJD6TJonQYG1/z70tpYFoEZzNdDIPSFwQOb
-NMBseqEZXU9BjPt0fUyGyG/58sjUOMzARAvAsA1IKyzGn5IhLYDdS73a4n2t9V2n
-pX8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
-MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAtrxpiCx63WmLkM+o
-7DPbrRAGrdKU7s/TM5esYDjgWqR70MqnXBm+kxxhhRQI8DVEmdR+sPu+TlwYqbm1
-mpFO0eFEjezKTutuFyd2DVetzzLkpby2rSLlJ20RgU1MCRTqEXyBFF77lU3zHV3Q
-+bZF58XGQCFkYC5xHzLcIf5cRdo=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 50 (0x32)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 4
- Validity
- Not Before: Mar 24 07:09:48 2009 GMT
- Not After : Mar 24 07:09:48 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 5
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:af:66:e0:c1:2e:f9:75:ed:0b:27:b3:3a:c9:1d:
- 9f:39:21:f9:14:ee:1c:a4:ee:c3:f0:24:a6:c7:43:
- dd:f9:03:d0:44:01:e5:19:e9:7b:26:65:3c:3d:3d:
- 9a:b9:69:2a:00:46:0e:cb:20:98:c6:9d:37:7e:0c:
- 90:a6:d7:b0:54:2b:4b:f3:3e:9b:19:33:a1:34:eb:
- 62:e3:b9:bb:fe:cc:ca:3a:d9:fc:71:0a:65:ef:30:
- f3:f4:1b:55:f0:8b:b9:12:d8:50:25:25:ac:5d:63:
- 9f:d1:c5:21:f2:5a:04:b1:2a:34:a0:12:60:0f:8a:
- 3e:ab:a2:87:e5:5b:d6:48:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 9f:b3:eb:f1:0b:e7:fa:c3:f0:6a:3b:ba:67:c3:ae:48:51:63:
- 2c:7a:b9:c7:cd:d9:92:46:75:40:a5:a2:d6:ba:8e:a1:cb:c7:
- fd:5d:98:f7:2a:e5:0a:06:49:42:8a:e0:09:b1:eb:18:9c:c9:
- 1b:e5:d1:4f:a0:0a:a6:14:68:54:7a:b7:9b:f6:44:c5:d8:a1:
- 21:99:c9:49:db:64:a5:53:48:5f:b6:d3:ba:fa:73:67:10:10:
- 5e:12:45:f8:27:a8:e0:fb:7c:16:73:fb:98:e1:3e:35:f3:de:
- 7c:b7:1c:42:2d:d2:9b:8e:03:f5:5f:c7:2f:51:b1:ff:73:45:
- d2:70
------BEGIN CERTIFICATE-----
-MIICUDCCAbmgAwIBAgIBMjANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
-A1UEAxMMQ2VydCBDaGFpbiA0MB4XDTA5MDMyNDA3MDk0OFoXDTEwMDMyNDA3MDk0
-OFowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAr2bgwS75de0LJ7M6yR2fOSH5FO4cpO7D8CSmx0Pd
-+QPQRAHlGel7JmU8PT2auWkqAEYOyyCYxp03fgyQptewVCtL8z6bGTOhNOti47m7
-/szKOtn8cQpl7zDz9BtV8Iu5EthQJSWsXWOf0cUh8loEsSo0oBJgD4o+q6KH5VvW
-SL8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
-MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAn7Pr8Qvn+sPwaju6
-Z8OuSFFjLHq5x83ZkkZ1QKWi1rqOocvH/V2Y9yrlCgZJQorgCbHrGJzJG+XRT6AK
-phRoVHq3m/ZExdihIZnJSdtkpVNIX7bTuvpzZxAQXhJF+Ceo4Pt8FnP7mOE+NfPe
-fLccQi3Sm44D9V/HL1Gx/3NF0nA=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 51 (0x33)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 5
- Validity
- Not Before: Mar 24 07:09:51 2009 GMT
- Not After : Mar 24 07:09:51 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 6
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:ce:12:20:d1:14:60:01:47:aa:4c:66:1b:4c:4f:
- 87:2f:ec:af:fc:11:41:bd:d9:98:7a:b8:e1:dd:59:
- d0:c0:9e:40:d2:b7:8b:c7:8a:65:ea:0d:0c:36:f1:
- e6:45:61:dc:6f:08:27:62:d0:78:1b:26:71:d4:fe:
- 0b:9f:ea:86:1b:43:c7:08:d6:c5:eb:5b:11:c9:8b:
- 83:8e:a7:05:0d:5c:6c:ce:ab:70:e0:7d:05:ea:06:
- 39:f9:8c:94:56:56:37:62:b3:18:77:bd:e1:5b:53:
- a1:07:4d:c7:cc:c6:4c:2e:ef:aa:83:19:b5:ac:e3:
- 72:2b:0d:72:7a:0a:ca:81:6f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 47:f3:03:ee:f0:fe:31:bb:01:47:ca:0e:69:65:a2:f8:4a:6f:
- ca:6c:86:80:42:e3:87:49:22:b9:15:f0:da:b6:ca:d9:8b:7f:
- f9:38:c0:72:d0:d1:b3:44:8d:95:5e:ab:e7:ad:37:34:ba:8b:
- 2f:11:64:b5:20:09:70:fe:cf:6d:3e:d3:7f:f7:f1:ae:31:74:
- aa:ae:a7:0b:65:4e:e0:0b:80:87:25:d0:0c:bc:db:f5:ac:0c:
- 18:8e:4b:c2:42:88:e6:29:4f:2e:6e:df:72:f4:2f:27:39:b8:
- e4:dc:64:1a:d7:c8:f3:f8:42:53:60:53:24:d7:38:75:50:bc:
- d1:30
------BEGIN CERTIFICATE-----
-MIICUDCCAbmgAwIBAgIBMzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
-A1UEAxMMQ2VydCBDaGFpbiA1MB4XDTA5MDMyNDA3MDk1MVoXDTEwMDMyNDA3MDk1
-MVowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNjCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAzhIg0RRgAUeqTGYbTE+HL+yv/BFBvdmYerjh3VnQ
-wJ5A0reLx4pl6g0MNvHmRWHcbwgnYtB4GyZx1P4Ln+qGG0PHCNbF61sRyYuDjqcF
-DVxszqtw4H0F6gY5+YyUVlY3YrMYd73hW1OhB03HzMZMLu+qgxm1rONyKw1yegrK
-gW8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
-MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAR/MD7vD+MbsBR8oO
-aWWi+EpvymyGgELjh0kiuRXw2rbK2Yt/+TjActDRs0SNlV6r5603NLqLLxFktSAJ
-cP7PbT7Tf/fxrjF0qq6nC2VO4AuAhyXQDLzb9awMGI5LwkKI5ilPLm7fcvQvJzm4
-5NxkGtfI8/hCU2BTJNc4dVC80TA=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 52 (0x34)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 6
- Validity
- Not Before: Mar 24 07:09:53 2009 GMT
- Not After : Mar 24 07:09:53 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 7
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:d5:c2:18:f3:fc:0a:3c:4e:f7:2b:c6:fd:1f:d7:
- 13:bb:35:74:6e:ca:5d:ab:09:67:21:d0:ed:a7:e8:
- 99:7e:79:52:b8:32:3d:2b:5f:1b:78:0e:aa:2b:b6:
- e7:03:ec:f5:7e:b4:54:3b:87:d9:02:1e:c7:e6:04:
- cf:27:7b:36:e6:2f:8e:8e:94:f7:5b:c6:6e:51:2c:
- de:17:da:04:45:ea:31:d0:95:c4:50:3c:16:8e:21:
- c7:f0:0e:b5:86:c8:58:48:a6:0d:4d:a2:a6:8c:81:
- 7a:67:89:43:56:1c:ca:e3:69:8a:08:05:57:b7:6d:
- 03:c2:04:af:7b:61:ee:84:27
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 49:e7:f8:dc:ad:06:43:cb:d8:67:e6:e7:c0:7e:dd:a8:21:cd:
- b9:53:a8:d8:7a:24:df:dc:9c:bb:55:1d:d8:ca:44:0b:0f:fb:
- f8:db:61:2a:97:79:21:e6:96:2a:8c:76:c4:eb:ad:77:45:53:
- f5:e2:de:29:7d:29:88:3a:d4:a3:a8:5a:dc:37:24:43:d1:57:
- a5:5b:0b:3e:05:2d:0a:1a:0e:18:37:50:cc:36:54:85:37:28:
- 50:c8:61:c7:94:48:a0:60:ab:68:b0:b2:a8:61:14:5e:4a:dd:
- 04:8a:1a:69:01:45:e2:c6:e2:cb:15:e6:01:49:98:3c:5a:5d:
- 2a:d4
------BEGIN CERTIFICATE-----
-MIICUDCCAbmgAwIBAgIBNDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
-A1UEAxMMQ2VydCBDaGFpbiA2MB4XDTA5MDMyNDA3MDk1M1oXDTEwMDMyNDA3MDk1
-M1owUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNzCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA1cIY8/wKPE73K8b9H9cTuzV0bspdqwlnIdDtp+iZ
-fnlSuDI9K18beA6qK7bnA+z1frRUO4fZAh7H5gTPJ3s25i+OjpT3W8ZuUSzeF9oE
-Reox0JXEUDwWjiHH8A61hshYSKYNTaKmjIF6Z4lDVhzK42mKCAVXt20DwgSve2Hu
-hCcCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
-MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEASef43K0GQ8vYZ+bn
-wH7dqCHNuVOo2Hok39ycu1Ud2MpECw/7+NthKpd5IeaWKox2xOutd0VT9eLeKX0p
-iDrUo6ha3DckQ9FXpVsLPgUtChoOGDdQzDZUhTcoUMhhx5RIoGCraLCyqGEUXkrd
-BIoaaQFF4sbiyxXmAUmYPFpdKtQ=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 53 (0x35)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 7
- Validity
- Not Before: Mar 24 07:09:54 2009 GMT
- Not After : Mar 24 07:09:54 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 8
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:e4:e0:c4:dc:86:00:94:69:b1:d5:88:72:c8:c2:
- 52:c0:56:62:0e:f6:80:a2:ef:8e:68:f9:da:d9:85:
- 01:59:04:5e:f7:fc:23:16:dc:ff:2d:52:0a:8c:81:
- 96:fa:24:1d:4b:89:60:2c:25:1a:eb:4e:a6:21:c5:
- 1f:5b:87:d6:65:8c:d7:e1:a2:55:67:7e:01:7c:28:
- 84:d7:23:56:f4:f8:e1:9c:a4:1f:74:fe:6b:c0:14:
- cc:fd:05:7b:ba:f6:b0:e3:f5:7e:46:ce:70:39:5c:
- 93:43:01:f8:ad:38:a6:0c:71:60:9e:0b:0d:bf:42:
- 6c:d3:9e:21:4c:55:ed:74:73
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- be:aa:0c:d9:b6:cc:d6:e1:47:ca:cb:6a:36:5e:67:43:f6:8e:
- ab:d9:2a:5c:9d:e0:74:f5:55:70:80:8e:2f:f8:16:4c:2d:4c:
- 9c:94:80:6b:6b:c0:7a:e4:0f:f4:60:64:10:ba:93:f5:2a:39:
- 0f:5f:06:8a:d4:75:5b:b2:c4:92:25:ad:21:fa:98:75:54:48:
- b5:d6:80:c6:9d:96:af:bf:fd:f4:57:80:cf:03:5c:dc:2b:b3:
- f6:a2:7a:8e:8d:a5:01:92:53:e4:b7:77:99:1b:71:04:97:66:
- 57:a1:28:9d:3b:f8:ac:2e:15:18:17:2e:5d:0b:47:49:3b:65:
- 88:fc
------BEGIN CERTIFICATE-----
-MIICUDCCAbmgAwIBAgIBNTANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
-A1UEAxMMQ2VydCBDaGFpbiA3MB4XDTA5MDMyNDA3MDk1NFoXDTEwMDMyNDA3MDk1
-NFowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gODCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA5ODE3IYAlGmx1YhyyMJSwFZiDvaAou+OaPna2YUB
-WQRe9/wjFtz/LVIKjIGW+iQdS4lgLCUa606mIcUfW4fWZYzX4aJVZ34BfCiE1yNW
-9PjhnKQfdP5rwBTM/QV7uvaw4/V+Rs5wOVyTQwH4rTimDHFgngsNv0Js054hTFXt
-dHMCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
-MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAvqoM2bbM1uFHystq
-Nl5nQ/aOq9kqXJ3gdPVVcICOL/gWTC1MnJSAa2vAeuQP9GBkELqT9So5D18GitR1
-W7LEkiWtIfqYdVRItdaAxp2Wr7/99FeAzwNc3Cuz9qJ6jo2lAZJT5Ld3mRtxBJdm
-V6EonTv4rC4VGBcuXQtHSTtliPw=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 54 (0x36)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 8
- Validity
- Not Before: Mar 24 07:09:55 2009 GMT
- Not After : Mar 24 07:09:55 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 9
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:e1:c8:32:42:5f:a8:53:b3:22:a3:58:9a:7c:1e:
- fe:33:12:64:5c:3e:45:18:5b:23:ac:79:43:45:d7:
- 64:6f:7c:e4:a3:95:5c:f9:e1:c4:b1:63:43:9c:7e:
- 10:81:aa:7f:de:b5:b7:85:a6:b5:60:39:25:22:48:
- 64:c5:54:1a:6e:b1:22:90:f3:8c:17:85:c2:be:1c:
- 81:aa:a6:7b:14:b4:7a:13:b2:94:72:42:ef:77:cc:
- 30:a4:c8:5c:80:b2:47:2e:f7:db:53:ea:ae:63:5a:
- 19:20:30:2b:f1:d0:a3:0e:0d:4c:c0:c9:7e:9b:b5:
- 0b:db:51:6a:e7:0e:74:69:ef
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- d9:93:84:69:52:8d:5a:7e:c4:b7:04:54:a0:47:32:04:c7:be:
- 7b:94:1b:f9:b6:c5:88:84:a1:b4:22:4f:3b:28:ae:29:90:f1:
- e4:25:f0:b9:e6:a0:dd:0e:0c:15:a9:6c:e4:8a:fa:a0:42:a7:
- f9:4e:b7:0b:53:c1:ab:cb:a7:83:4c:0b:03:f0:64:95:75:5f:
- 09:dc:2c:a2:19:d6:51:e8:e4:86:7f:50:60:69:01:64:a5:fd:
- 0c:bb:0e:a0:cb:63:9c:b5:2c:22:63:f6:a4:e2:b1:9b:62:a5:
- 8c:c7:e5:a3:93:d8:18:6a:f2:95:b6:53:6a:8d:be:b0:ce:fa:
- e9:71
------BEGIN CERTIFICATE-----
-MIICUDCCAbmgAwIBAgIBNjANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
-A1UEAxMMQ2VydCBDaGFpbiA4MB4XDTA5MDMyNDA3MDk1NVoXDTEwMDMyNDA3MDk1
-NVowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gOTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA4cgyQl+oU7Mio1iafB7+MxJkXD5FGFsjrHlDRddk
-b3zko5Vc+eHEsWNDnH4Qgap/3rW3haa1YDklIkhkxVQabrEikPOMF4XCvhyBqqZ7
-FLR6E7KUckLvd8wwpMhcgLJHLvfbU+quY1oZIDAr8dCjDg1MwMl+m7UL21Fq5w50
-ae8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
-MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEA2ZOEaVKNWn7EtwRU
-oEcyBMe+e5Qb+bbFiIShtCJPOyiuKZDx5CXwueag3Q4MFals5Ir6oEKn+U63C1PB
-q8ung0wLA/BklXVfCdwsohnWUejkhn9QYGkBZKX9DLsOoMtjnLUsImP2pOKxm2Kl
-jMflo5PYGGrylbZTao2+sM766XE=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 55 (0x37)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 9
- Validity
- Not Before: Mar 24 07:09:56 2009 GMT
- Not After : Mar 24 07:09:56 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 10
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:da:7a:ea:e9:4d:f1:46:ae:bd:f9:0c:81:de:fd:
- f4:cf:13:fc:74:54:1b:f7:fb:d3:b0:f6:ae:32:fe:
- 17:0d:df:91:e2:77:c7:b7:64:8b:53:48:b2:50:c6:
- 10:d3:4d:c2:c2:9e:53:d1:af:3b:fe:d0:c3:64:bf:
- 95:48:a3:5e:85:29:f7:c3:19:4c:54:09:7a:42:81:
- bc:b9:f0:63:eb:0a:90:3c:9d:fa:25:b8:ee:80:50:
- c1:b9:c2:8d:28:eb:a4:1b:88:b5:2f:0c:30:04:8c:
- 97:a8:a9:9a:27:7c:5a:79:03:49:fc:ec:81:39:61:
- 1c:52:9b:97:9a:f0:54:db:2f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 81:7f:37:9d:a6:8f:7d:f1:03:b0:78:a3:44:7e:c1:31:27:f0:
- 73:51:eb:55:76:3f:1b:a5:59:0f:5b:ab:2f:ff:72:9d:8a:46:
- af:30:a4:c1:6a:25:1c:04:b9:22:14:b8:39:52:f1:4f:f0:24:
- eb:f0:5f:62:79:24:c2:ec:84:92:87:5d:9c:05:87:e8:b1:71:
- a7:30:fc:03:2d:9f:c5:3b:7c:58:7e:7a:86:75:50:ad:14:5e:
- f9:69:c4:49:1e:58:33:da:5f:eb:bc:c5:ac:10:2a:dd:3c:87:
- 1c:0f:aa:37:93:c0:68:4c:3d:b4:0c:30:78:63:af:8a:f4:80:
- e8:8e
------BEGIN CERTIFICATE-----
-MIICUTCCAbqgAwIBAgIBNzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG
-A1UEAxMMQ2VydCBDaGFpbiA5MB4XDTA5MDMyNDA3MDk1NloXDTEwMDMyNDA3MDk1
-NlowUjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xFjAUBgNVBAMTDUNlcnQgQ2hhaW4gMTAwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBANp66ulN8UauvfkMgd799M8T/HRUG/f707D2rjL+
-Fw3fkeJ3x7dki1NIslDGENNNwsKeU9GvO/7Qw2S/lUijXoUp98MZTFQJekKBvLnw
-Y+sKkDyd+iW47oBQwbnCjSjrpBuItS8MMASMl6ipmid8WnkDSfzsgTlhHFKbl5rw
-VNsvAgMBAAGjODA2MDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDov
-LzEyNy4wLjAuMTo4OS8wMDAyMA0GCSqGSIb3DQEBBQUAA4GBAIF/N52mj33xA7B4
-o0R+wTEn8HNR61V2PxulWQ9bqy//cp2KRq8wpMFqJRwEuSIUuDlS8U/wJOvwX2J5
-JMLshJKHXZwFh+ixcacw/AMtn8U7fFh+eoZ1UK0UXvlpxEkeWDPaX+u8xawQKt08
-hxwPqjeTwGhMPbQMMHhjr4r0gOiO
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 56 (0x38)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 1
- Validity
- Not Before: Mar 24 07:21:45 2009 GMT
- Not After : Mar 24 07:21:45 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 2
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:d3:39:a7:a4:19:61:28:35:4f:f0:9b:f0:b8:8d:
- 55:e9:da:4d:35:9e:3d:6c:c0:30:b1:8b:c0:50:a4:
- 08:6a:d6:e3:fa:f3:f1:cb:9f:14:2e:b6:cb:d2:17:
- 3d:bd:8b:31:8e:c8:95:13:f0:fc:03:42:30:02:98:
- 6c:ee:2a:e9:c1:2a:9f:79:e0:09:35:a7:6e:bd:70:
- 62:ae:09:53:54:a9:62:36:23:b7:15:98:01:c6:c5:
- 52:47:a1:8c:c1:de:7c:4d:86:38:d0:12:24:57:76:
- 99:ba:1f:23:62:20:a5:79:12:a2:9a:90:b8:aa:50:
- 96:59:16:ed:29:74:9d:67:53
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 29:8e:68:80:e0:f2:ce:29:e5:70:95:67:0d:51:4a:a8:a0:9c:
- 9f:4f:2f:3a:83:40:67:6e:01:cb:21:bf:4a:a7:16:3d:df:f8:
- 2b:ca:6d:86:92:cc:46:99:99:b5:11:09:4d:25:c7:15:5f:64:
- 66:1a:18:69:ce:37:86:96:ab:e6:2e:3d:63:a3:cf:14:91:3b:
- 19:fc:79:a7:37:60:eb:51:12:3f:4d:3b:07:6c:0e:ae:69:2c:
- 07:4d:6a:ca:5d:97:e5:f0:24:96:7e:fa:f3:83:ec:53:7a:b1:
- 53:cb:42:c5:15:b0:04:9f:36:5c:d0:d5:92:49:38:e5:a5:ef:
- 91:d2
------BEGIN CERTIFICATE-----
-MIICXjCCAcegAwIBAgIBODANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
-A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMTAeFw0wOTAzMjQwNzIxNDVaFw0xMDAz
-MjQwNzIxNDVaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
-FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
-QSAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTOaekGWEoNU/wm/C4jVXp
-2k01nj1swDCxi8BQpAhq1uP68/HLnxQutsvSFz29izGOyJUT8PwDQjACmGzuKunB
-Kp954Ak1p269cGKuCVNUqWI2I7cVmAHGxVJHoYzB3nxNhjjQEiRXdpm6HyNiIKV5
-EqKakLiqUJZZFu0pdJ1nUwIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
-BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
-gQApjmiA4PLOKeVwlWcNUUqooJyfTy86g0BnbgHLIb9KpxY93/grym2GksxGmZm1
-EQlNJccVX2RmGhhpzjeGlqvmLj1jo88UkTsZ/HmnN2DrURI/TTsHbA6uaSwHTWrK
-XZfl8CSWfvrzg+xTerFTy0LFFbAEnzZc0NWSSTjlpe+R0g==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 57 (0x39)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 2
- Validity
- Not Before: Mar 24 07:21:47 2009 GMT
- Not After : Mar 24 07:21:47 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 3
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:a3:84:57:22:7a:bf:2f:ec:a6:d3:c6:f2:e1:14:
- 92:8e:9d:b1:5a:f2:6f:99:9f:53:08:d1:f9:ef:00:
- da:a7:2d:c3:64:6f:31:df:4c:49:20:06:88:92:d7:
- c6:ff:0c:99:49:d0:c5:57:bb:ea:87:4d:06:ac:68:
- 35:6a:3e:23:6c:dd:2f:4e:7c:fc:9c:e6:d0:1d:65:
- e4:87:79:7e:d9:c0:1e:cd:7b:f5:81:bf:79:8a:d8:
- 6e:94:22:f1:79:a6:dc:52:ea:ed:e6:f7:86:31:5d:
- b7:39:fc:cd:73:ed:0d:1f:f2:ca:79:ba:25:1e:f4:
- b9:6c:bc:28:08:a9:46:aa:1d
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 05:E8:B5:E4:89:7E:CD:72:28:E1:08:B5:B2:9F:8E:A2:13:2B:2C:A7
- X509v3 Authority Key Identifier:
- DirName:/C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 1
- serial:38
-
- Signature Algorithm: sha1WithRSAEncryption
- 36:e5:af:2d:c4:bd:c1:16:27:74:f0:0a:a5:12:4c:da:d6:e2:
- 60:98:ee:3d:7a:d1:55:a0:ed:57:fd:6b:9b:fc:19:4b:f3:b2:
- 41:19:a7:6c:f7:15:63:68:18:09:6d:db:23:f9:e1:2a:d6:75:
- e5:18:46:2b:82:57:4e:1a:f8:03:fa:3d:7c:aa:70:8e:17:25:
- c6:b2:ab:ca:94:90:fd:2a:69:53:f5:11:81:68:06:f8:2d:5d:
- 92:39:b4:96:f0:d0:b5:03:c2:15:26:f4:e9:c0:9a:28:39:dd:
- 67:ea:a6:9f:27:44:69:2e:95:e0:a1:03:f6:3c:a1:f7:92:f4:
- a2:b8
------BEGIN CERTIFICATE-----
-MIIC7jCCAlegAwIBAgIBOTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
-A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMjAeFw0wOTAzMjQwNzIxNDdaFw0xMDAz
-MjQwNzIxNDdaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
-FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
-QSAzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjhFcier8v7KbTxvLhFJKO
-nbFa8m+Zn1MI0fnvANqnLcNkbzHfTEkgBoiS18b/DJlJ0MVXu+qHTQasaDVqPiNs
-3S9OfPyc5tAdZeSHeX7ZwB7Ne/WBv3mK2G6UIvF5ptxS6u3m94YxXbc5/M1z7Q0f
-8sp5uiUe9LlsvCgIqUaqHQIDAQABo4HHMIHEMAkGA1UdEwQCMAAwLAYJYIZIAYb4
-QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQF
-6LXkiX7NcijhCLWyn46iEysspzBqBgNVHSMEYzBhoVykWjBYMQswCQYDVQQGEwJL
-UjETMBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEc
-MBoGA1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMYIBODANBgkqhkiG9w0BAQUFAAOB
-gQA25a8txL3BFid08AqlEkza1uJgmO49etFVoO1X/Wub/BlL87JBGads9xVjaBgJ
-bdsj+eEq1nXlGEYrgldOGvgD+j18qnCOFyXGsqvKlJD9KmlT9RGBaAb4LV2SObSW
-8NC1A8IVJvTpwJooOd1n6qafJ0RpLpXgoQP2PKH3kvSiuA==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 58 (0x3a)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 3
- Validity
- Not Before: Mar 24 07:21:48 2009 GMT
- Not After : Mar 24 07:21:48 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 4
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:cb:8d:d0:6f:74:f7:2a:96:47:5a:f9:e3:d5:72:
- 3a:81:94:c7:0f:e2:a2:9b:11:4e:92:15:61:dc:3f:
- b8:fd:9f:b8:ae:18:54:25:ca:e0:1a:8f:49:f7:e1:
- 81:64:76:47:5a:b4:bc:9d:11:09:6d:c7:71:03:cd:
- 38:ab:85:5f:69:5a:ed:6b:aa:32:a7:85:b4:75:9a:
- aa:dc:ec:ee:9d:4e:03:51:e3:8e:a6:89:82:e3:26:
- 13:42:99:87:04:5f:59:58:43:89:32:ed:da:34:e9:
- b2:ca:33:af:29:eb:20:0b:e7:4a:10:0c:3f:00:94:
- 75:36:c5:f8:4d:4b:a4:88:95
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 6f:51:b6:28:15:d9:aa:56:70:0d:2a:f0:52:8b:c4:53:47:68:
- 78:fe:fe:89:c2:3b:87:23:40:87:04:02:67:74:4d:3c:cc:39:
- 48:30:f6:9c:12:74:be:48:26:5a:7c:a1:bf:d0:fa:19:89:63:
- 66:fe:44:2d:f5:e5:e8:9f:57:c5:20:fe:f0:10:2f:f0:6d:16:
- ef:a0:2b:db:95:05:72:cb:63:e4:2b:28:38:8f:aa:b9:51:f2:
- 88:19:0e:c1:c8:e7:0d:66:b8:13:f2:13:2d:ee:f0:dd:98:56:
- 04:af:c6:c8:81:07:ce:44:f5:23:7b:a4:72:32:4d:43:a9:61:
- 72:d6
------BEGIN CERTIFICATE-----
-MIICXjCCAcegAwIBAgIBOjANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
-A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMzAeFw0wOTAzMjQwNzIxNDhaFw0xMDAz
-MjQwNzIxNDhaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
-FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
-QSA0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLjdBvdPcqlkda+ePVcjqB
-lMcP4qKbEU6SFWHcP7j9n7iuGFQlyuAaj0n34YFkdkdatLydEQltx3EDzTirhV9p
-Wu1rqjKnhbR1mqrc7O6dTgNR446miYLjJhNCmYcEX1lYQ4ky7do06bLKM68p6yAL
-50oQDD8AlHU2xfhNS6SIlQIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
-BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
-gQBvUbYoFdmqVnANKvBSi8RTR2h4/v6JwjuHI0CHBAJndE08zDlIMPacEnS+SCZa
-fKG/0PoZiWNm/kQt9eXon1fFIP7wEC/wbRbvoCvblQVyy2PkKyg4j6q5UfKIGQ7B
-yOcNZrgT8hMt7vDdmFYEr8bIgQfORPUje6RyMk1DqWFy1g==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 59 (0x3b)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 4
- Validity
- Not Before: Mar 24 07:21:49 2009 GMT
- Not After : Mar 24 07:21:49 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 5
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:db:0c:70:a3:4b:8d:12:fa:47:5f:5f:3a:41:91:
- 18:7a:9b:e3:af:99:56:70:96:71:7d:d0:7c:ee:d9:
- d2:3a:90:cb:42:c8:eb:06:a5:81:24:a3:d0:9e:d0:
- 33:04:88:50:a4:e2:32:37:1a:b8:a4:3f:77:56:b4:
- 3f:a9:cc:27:7e:c9:c9:89:1e:ca:64:b6:4e:e6:fc:
- fa:17:ce:3b:94:7f:b2:14:6f:40:ad:78:75:f3:09:
- be:62:0d:be:af:40:61:dc:16:4b:94:4c:8b:16:ce:
- 79:5f:97:59:56:19:8a:23:ea:21:7c:3d:02:53:09:
- 32:17:b6:27:ee:6e:31:1e:4d
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 86:d9:2f:aa:12:1f:31:35:60:68:49:8c:4e:75:b3:5e:8f:f2:
- 81:69:79:7f:92:ca:32:ca:cf:a3:45:d0:8a:2c:d6:8b:9a:e6:
- a8:3d:19:66:ee:3b:03:25:4b:ed:56:c2:49:09:99:98:b3:9f:
- 13:11:ee:b5:ad:00:b8:36:31:6e:91:f6:fd:f3:95:7e:90:b9:
- 0b:26:ab:06:72:cf:57:33:3c:88:4e:aa:c4:bb:89:a5:60:95:
- 11:b5:e6:eb:1f:8f:fb:b0:f0:c5:78:be:6a:7f:39:29:e4:5b:
- 7b:28:16:d2:b6:bf:38:af:25:de:7b:22:23:d3:23:ca:03:0d:
- c6:08
------BEGIN CERTIFICATE-----
-MIICXjCCAcegAwIBAgIBOzANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
-A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNDAeFw0wOTAzMjQwNzIxNDlaFw0xMDAz
-MjQwNzIxNDlaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
-FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
-QSA1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbDHCjS40S+kdfXzpBkRh6
-m+OvmVZwlnF90Hzu2dI6kMtCyOsGpYEko9Ce0DMEiFCk4jI3GrikP3dWtD+pzCd+
-ycmJHspktk7m/PoXzjuUf7IUb0CteHXzCb5iDb6vQGHcFkuUTIsWznlfl1lWGYoj
-6iF8PQJTCTIXtifubjEeTQIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
-BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
-gQCG2S+qEh8xNWBoSYxOdbNej/KBaXl/ksoyys+jRdCKLNaLmuaoPRlm7jsDJUvt
-VsJJCZmYs58TEe61rQC4NjFukfb985V+kLkLJqsGcs9XMzyITqrEu4mlYJURtebr
-H4/7sPDFeL5qfzkp5Ft7KBbStr84ryXeeyIj0yPKAw3GCA==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 60 (0x3c)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 5
- Validity
- Not Before: Mar 24 07:21:50 2009 GMT
- Not After : Mar 24 07:21:50 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 6
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:96:4e:86:e9:ca:b8:83:48:47:72:fa:ad:01:a8:
- 26:c0:c6:09:10:ef:37:e0:62:e6:6b:e1:97:9d:15:
- c2:e5:88:fa:ee:50:81:ff:eb:fb:48:80:6f:db:41:
- b7:51:58:64:eb:8d:b7:2f:03:1a:0b:36:db:53:1d:
- 19:7c:49:f9:76:0c:39:36:f3:4f:e9:f6:c7:90:5f:
- 02:dd:dc:e7:51:c2:44:cc:9f:87:4c:13:d4:e5:91:
- 1c:4a:ed:33:a2:80:76:c8:56:7e:fc:c9:73:2b:78:
- d9:7e:a3:b2:23:cd:69:ca:a1:a7:8c:e3:8c:97:3e:
- 71:ac:c8:04:56:bd:97:cd:d1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 6f:e5:2b:c2:3c:65:22:24:f1:1c:a4:c4:c1:35:73:40:a0:8a:
- f0:13:06:c7:46:19:83:51:e0:c6:9f:d8:49:93:59:41:3f:71:
- 2d:31:67:55:98:49:42:aa:07:42:81:b5:4f:29:11:36:3f:23:
- 47:75:75:89:18:95:a4:ea:af:9f:4f:b2:0e:0b:21:4e:74:4f:
- 2c:18:74:c9:05:21:55:e7:e7:b2:85:9a:4f:70:ce:d1:89:1d:
- 9e:f8:02:30:d0:60:c5:2a:78:87:67:9e:04:3e:8a:7b:f9:df:
- 0b:4e:41:3a:81:fa:35:fa:d7:77:5f:7c:1f:cc:59:da:94:9b:
- 94:55
------BEGIN CERTIFICATE-----
-MIICXjCCAcegAwIBAgIBPDANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
-A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNTAeFw0wOTAzMjQwNzIxNTBaFw0xMDAz
-MjQwNzIxNTBaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
-FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
-QSA2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWTobpyriDSEdy+q0BqCbA
-xgkQ7zfgYuZr4ZedFcLliPruUIH/6/tIgG/bQbdRWGTrjbcvAxoLNttTHRl8Sfl2
-DDk280/p9seQXwLd3OdRwkTMn4dME9TlkRxK7TOigHbIVn78yXMreNl+o7IjzWnK
-oaeM44yXPnGsyARWvZfN0QIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
-BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
-gQBv5SvCPGUiJPEcpMTBNXNAoIrwEwbHRhmDUeDGn9hJk1lBP3EtMWdVmElCqgdC
-gbVPKRE2PyNHdXWJGJWk6q+fT7IOCyFOdE8sGHTJBSFV5+eyhZpPcM7RiR2e+AIw
-0GDFKniHZ54EPop7+d8LTkE6gfo1+td3X3wfzFnalJuUVQ==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 61 (0x3d)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 6
- Validity
- Not Before: Mar 24 07:21:51 2009 GMT
- Not After : Mar 24 07:21:51 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 7
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b4:5b:fe:48:10:2b:eb:58:af:c6:0e:57:2a:a5:
- 5c:cc:57:85:44:f2:d9:d1:43:84:d3:40:8b:f7:7a:
- e0:e8:b1:9d:e8:f4:b1:45:c6:67:14:9b:a5:a8:e2:
- 8f:cb:31:a6:db:61:90:0d:aa:0a:9e:26:dc:4b:0b:
- 33:a2:7c:07:72:91:ee:6a:ec:77:34:f4:7e:a5:0e:
- 39:13:a8:d5:86:86:12:5b:a4:8b:38:91:57:24:8d:
- a9:3b:f8:f1:a6:48:89:20:a9:5b:b3:fe:ca:56:f0:
- ca:d1:ec:99:9c:57:6a:df:8e:23:a1:7e:be:5f:7c:
- cf:a9:db:3f:b8:dc:a1:9a:39
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 1d:2e:83:cb:9e:92:3e:d2:0a:fb:74:87:66:3d:57:84:09:11:
- 4a:2a:68:0e:da:9e:4d:7b:25:af:56:fa:3c:d5:4c:02:fe:43:
- dd:c3:66:c9:5d:55:50:40:15:8f:06:74:13:83:27:c5:19:7e:
- 55:f3:fa:26:ec:3e:c0:1a:5d:20:ee:09:af:38:83:f8:0e:da:
- bf:07:87:07:a5:70:79:21:2c:38:5b:e0:f8:d1:57:0f:9b:d1:
- ee:a3:86:02:b5:e0:5b:64:08:5f:64:8b:43:65:ac:60:8a:c9:
- 6f:47:37:66:61:c1:74:b0:74:0a:24:12:36:c1:28:58:b6:04:
- 9b:4c
------BEGIN CERTIFICATE-----
-MIICXjCCAcegAwIBAgIBPTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
-A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNjAeFw0wOTAzMjQwNzIxNTFaFw0xMDAz
-MjQwNzIxNTFaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
-FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
-QSA3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0W/5IECvrWK/GDlcqpVzM
-V4VE8tnRQ4TTQIv3euDosZ3o9LFFxmcUm6Wo4o/LMabbYZANqgqeJtxLCzOifAdy
-ke5q7Hc09H6lDjkTqNWGhhJbpIs4kVckjak7+PGmSIkgqVuz/spW8MrR7JmcV2rf
-jiOhfr5ffM+p2z+43KGaOQIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
-BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
-gQAdLoPLnpI+0gr7dIdmPVeECRFKKmgO2p5NeyWvVvo81UwC/kPdw2bJXVVQQBWP
-BnQTgyfFGX5V8/om7D7AGl0g7gmvOIP4Dtq/B4cHpXB5ISw4W+D40VcPm9Huo4YC
-teBbZAhfZItDZaxgislvRzdmYcF0sHQKJBI2wShYtgSbTA==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 62 (0x3e)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 7
- Validity
- Not Before: Mar 24 07:21:52 2009 GMT
- Not After : Mar 24 07:21:52 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 8
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:bc:76:6c:d1:65:bb:c3:98:fa:4d:19:34:a6:43:
- 8a:c1:1d:ff:04:4c:f9:c9:bf:c5:d9:4c:08:94:a2:
- 4c:55:31:09:68:3a:35:61:c6:2e:7d:6a:7a:87:88:
- ba:21:4c:5e:5e:28:d9:d3:fd:01:bc:4e:e2:55:a8:
- d7:d5:a0:72:d1:b5:fb:6f:f8:ca:7a:f7:e6:89:b0:
- 3e:c9:83:e5:fd:8d:a9:fc:0a:fd:a0:dd:a2:33:17:
- 4e:a0:0e:37:22:b2:ef:27:e4:67:d5:58:80:8b:16:
- a1:a2:56:c3:73:69:7d:ee:47:d9:af:4d:19:7e:9f:
- 2b:08:ad:4b:51:07:40:99:f1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 40:8d:52:73:c3:85:6b:6c:4f:54:51:06:eb:d8:cd:40:5d:3d:
- 89:c2:06:4d:c6:70:5e:cc:64:40:3f:bb:3e:d4:52:b0:8d:57:
- 77:f3:1f:63:89:b3:21:b0:72:c6:ef:97:77:06:90:6f:fd:e8:
- c3:d4:d6:13:f7:18:a8:eb:1e:87:b8:98:20:4a:0b:58:74:81:
- 59:eb:6e:50:f3:68:b2:e2:8c:a2:4b:92:c5:fa:e1:4f:43:ae:
- 51:ca:a6:c7:2c:40:16:2f:24:d3:a2:91:d5:45:7d:a7:3c:6e:
- 65:74:a7:b0:a6:a0:07:d7:1d:3a:2e:51:6e:de:7f:e6:5b:73:
- e2:7d
------BEGIN CERTIFICATE-----
-MIICXjCCAcegAwIBAgIBPjANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
-A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNzAeFw0wOTAzMjQwNzIxNTJaFw0xMDAz
-MjQwNzIxNTJaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
-FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
-QSA4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8dmzRZbvDmPpNGTSmQ4rB
-Hf8ETPnJv8XZTAiUokxVMQloOjVhxi59anqHiLohTF5eKNnT/QG8TuJVqNfVoHLR
-tftv+Mp69+aJsD7Jg+X9jan8Cv2g3aIzF06gDjcisu8n5GfVWICLFqGiVsNzaX3u
-R9mvTRl+nysIrUtRB0CZ8QIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
-BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
-gQBAjVJzw4VrbE9UUQbr2M1AXT2JwgZNxnBezGRAP7s+1FKwjVd38x9jibMhsHLG
-75d3BpBv/ejD1NYT9xio6x6HuJggSgtYdIFZ625Q82iy4oyiS5LF+uFPQ65RyqbH
-LEAWLyTTopHVRX2nPG5ldKewpqAH1x06LlFu3n/mW3PifQ==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 63 (0x3f)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 8
- Validity
- Not Before: Mar 24 07:21:52 2009 GMT
- Not After : Mar 24 07:21:52 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 9
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:a8:70:69:1c:f1:48:a4:71:a5:2b:d0:d8:f1:00:
- 1f:ca:2a:17:d0:3f:4f:1f:43:a0:04:52:3e:28:73:
- 3b:20:03:96:47:99:19:dc:95:35:41:af:03:4e:08:
- 01:c1:d5:08:65:4c:75:9f:29:73:d3:ab:b3:f5:9c:
- e7:e0:73:a8:4e:be:fd:86:67:f7:f4:20:42:76:39:
- 85:94:91:b8:6c:74:00:c8:c8:8b:d1:24:38:92:dd:
- 74:76:e8:ca:69:f6:96:aa:29:1b:32:4e:d7:65:4d:
- dc:87:4c:ff:60:dc:44:a5:06:60:2a:2f:48:e6:a0:
- 9c:93:eb:24:ff:74:a5:d0:13
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 8f:6f:4d:2a:68:f1:d5:08:43:43:3f:5a:53:d8:fe:71:93:e8:
- 08:e5:a3:4f:dc:b2:9b:20:89:7c:dd:b0:57:7f:f7:1f:45:09:
- 78:c0:ba:99:0e:ab:fe:a5:1c:de:37:f6:dd:9a:b2:f1:9f:f0:
- 15:19:4b:6c:32:dc:5f:8e:af:4f:3f:fe:a3:67:ae:78:ba:af:
- cd:41:fd:c9:31:ca:ce:7e:82:2e:c6:40:4d:94:b9:cd:fa:d5:
- a1:b3:b6:10:47:2d:75:f1:37:3f:e9:62:81:a3:ff:7f:72:04:
- f7:26:6d:d4:c0:22:38:a1:6c:64:10:66:fe:0d:95:e7:2e:64:
- c8:d5
------BEGIN CERTIFICATE-----
-MIICXjCCAcegAwIBAgIBPzANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
-A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgODAeFw0wOTAzMjQwNzIxNTJaFw0xMDAz
-MjQwNzIxNTJaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
-FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ
-QSA5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCocGkc8UikcaUr0NjxAB/K
-KhfQP08fQ6AEUj4oczsgA5ZHmRnclTVBrwNOCAHB1QhlTHWfKXPTq7P1nOfgc6hO
-vv2GZ/f0IEJ2OYWUkbhsdADIyIvRJDiS3XR26Mpp9paqKRsyTtdlTdyHTP9g3ESl
-BmAqL0jmoJyT6yT/dKXQEwIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
-BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB
-gQCPb00qaPHVCENDP1pT2P5xk+gI5aNP3LKbIIl83bBXf/cfRQl4wLqZDqv+pRze
-N/bdmrLxn/AVGUtsMtxfjq9PP/6jZ654uq/NQf3JMcrOfoIuxkBNlLnN+tWhs7YQ
-Ry118Tc/6WKBo/9/cgT3Jm3UwCI4oWxkEGb+DZXnLmTI1Q==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 64 (0x40)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 9
- Validity
- Not Before: Mar 24 07:21:53 2009 GMT
- Not After : Mar 24 07:21:53 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 10
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:df:07:2f:ee:54:76:49:52:9f:16:7a:0a:39:2f:
- 44:6d:17:67:ca:6a:0c:d7:42:c2:45:60:f9:b7:a2:
- e2:ea:2f:53:14:69:02:57:06:7e:44:b6:c7:6b:9f:
- 41:b8:1c:2a:17:6b:38:a5:89:c0:ec:e2:4c:c0:59:
- 97:6c:8d:17:cf:e5:86:3d:3b:b1:69:90:80:fe:84:
- 7b:37:4e:b9:1d:5e:98:fc:46:38:c7:f1:26:24:7d:
- 7a:fc:fa:d7:51:59:d1:ba:5f:07:85:9e:43:df:fd:
- 6e:5f:35:c8:a4:fe:24:a2:5e:8a:bb:01:b5:5d:c5:
- cb:0e:40:f5:e9:4c:0b:00:43
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:89/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 6f:3d:1c:f3:6a:7d:23:49:43:c3:dd:41:43:81:42:f4:60:bf:
- 87:d4:5f:83:96:1c:6a:c3:06:28:e5:76:fb:5c:17:fc:60:1c:
- 04:07:03:99:92:d4:01:ac:97:81:0c:2a:7c:67:18:88:60:88:
- dc:a9:35:c1:89:75:d8:0b:0a:c3:ff:43:4a:5a:93:3a:d3:67:
- b2:ce:8d:8a:8c:19:b5:23:b5:ed:b9:df:26:52:70:09:41:4e:
- 68:1a:54:08:74:c8:ff:bf:03:70:f1:9b:ef:65:2e:e2:23:74:
- 12:77:c4:25:de:fe:58:a9:a9:fa:d2:fb:4b:40:70:24:31:2b:
- bc:64
------BEGIN CERTIFICATE-----
-MIICXzCCAcigAwIBAgIBQDANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG
-A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgOTAeFw0wOTAzMjQwNzIxNTNaFw0xMDAz
-MjQwNzIxNTNaMFkxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw
-FAYDVQQKEw1TYW1zdW5nIEVsZWMuMR0wGwYDVQQDExRDZXJ0IENoYWluIE5vIEFJ
-QSAxMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3wcv7lR2SVKfFnoKOS9E
-bRdnymoM10LCRWD5t6Li6i9TFGkCVwZ+RLbHa59BuBwqF2s4pYnA7OJMwFmXbI0X
-z+WGPTuxaZCA/oR7N065HV6Y/EY4x/EmJH16/PrXUVnRul8HhZ5D3/1uXzXIpP4k
-ol6KuwG1XcXLDkD16UwLAEMCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsG
-AQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQAD
-gYEAbz0c82p9I0lDw91BQ4FC9GC/h9Rfg5YcasMGKOV2+1wX/GAcBAcDmZLUAayX
-gQwqfGcYiGCI3Kk1wYl12AsKw/9DSlqTOtNnss6NiowZtSO17bnfJlJwCUFOaBpU
-CHTI/78DcPGb72Uu4iN0EnfEJd7+WKmp+tL7S0BwJDErvGQ=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDHtcvaTeUMUcVz+dHjdBtbrGkyFTG8b0rzOtvri2AaBfwHDRyh
-/PcgLmWVGGHy7jh+jekP+6HnU01q/sSzObtv+RSxrxMlDPOyDOhj34jbVU3SlWGt
-R/3lBP1s78vaz04a4ZgP3X4BMBXEFenNuvb4gUs1FS6RBWTThsWeDa1eaQIDAQAB
-AoGBAITKrA6vRsLnSGyyS057cImHXbdQgm6ybdrHY13+odsL6aXioQxRAR1j3GXD
-/bUjk2sK/1KCVghTyqF/X9lwZOGFOM5XsyptHxF/afgBljGzZwW21GBG4hSfSOjm
-+yL2Xhlejol1GbC3D9jLksxrfcKuVFkXbBJVYp1dQ+9wBWvRAkEA8AwIpeMYz4/B
-W83f2FnK81ETeO8DKldFQADlgv4q3F/un2oSCxBglyyq0i7JjdK2/kgxHN62zsxZ
-LeDZUr1z5QJBANT7gO03J8jODO8wqqaS63T/0vxoMHrAF/l/NC0Fpk5AZutDvsn9
-yWLy0PNwJlLzKo8XBCjIY9wVxiwS9/Ic4DUCQFWUpLyns1/Eq7YUNvsGQFHxFNUn
-uWQuCvVfnHPQM+2vkf5prZceNqGO/jPDFH6ooi8UA9Z8HIar2ht+L1zNSHUCQQDI
-Ifk5bv2sfKq8zH9e/WnRzF7nHcSIZB9jLDvMHqXynCPZ6RPL3PWzTDY6uuTYR3Vz
-dg5LgFoNwkwwuDZTRP0NAkAUHcJbjs2ey95utZ/to9Cl+ztaJWoa83dSQCx978l0
-a9O/kVYympJTHCnL8mU9QqePQvJjtgBY4ypcsaJ2luFV
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDaeurpTfFGrr35DIHe/fTPE/x0VBv3+9Ow9q4y/hcN35Hid8e3
-ZItTSLJQxhDTTcLCnlPRrzv+0MNkv5VIo16FKffDGUxUCXpCgby58GPrCpA8nfol
-uO6AUMG5wo0o66QbiLUvDDAEjJeoqZonfFp5A0n87IE5YRxSm5ea8FTbLwIDAQAB
-AoGBALyImbKeifi+zjzeKCwv5lPUIWSZOFF0xKbPGF/0mBxms1NEndmKMBi8gPPn
-F5ngXpLnYdluaE1qBVMpaD94ixSyDPpma813+TpeuTiyBsTDEWuBmRFkqNLP/G4d
-r6t5QI70416sfeMoDHwLygrFAGhQ+Kd1E7PtuSP+zcEWhK2BAkEA+FPGot/RW5Nv
-geG7v5FlU2Qu/uJHbR4f7yVbHopYh94ulJM3EyLvqbzNguS9RztcdQxt18IBoRLu
-Q1a5bdhrIQJBAOE7DnRG/n5AQpmAMObQaMp9sXafVly3KltLiEkJEImGdgg2H43y
-tf+1mfBoFpGF7tI574bprFT+p/IpG4D+TE8CQFWhVeK+OUxRx+bKt1o0wfMCne4I
-i0bGV464m/YpEKQxanCTXy97IZevYlKbm+VfQ9+c3JfE75jilUSlOCX3teECQQDb
-l1CIXY9SWCSWtDz5TMheZB3ZoY/55TsOt52wV34gF1CMwPgS1UhMfyoPEeyvBP3L
-SWEXEExMsdvcZefC5CxRAkEArkFcrJ8KTJii0neLhFi1UkuKdoGxeVx9TGikV/fr
-wXVLTrG/SyVKjWH+qMyN4B1i23MQsdBtnL6e1+q4tXcwTQ==
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQDbXqarYPOF9g0HF4yuUngTdSGM00og0Q2K4jSV/9IxKedi6azO
-Xqbd96A485ayJAa2yMYGV7rw8GkIesG/h8sGK3r8gSY2gUYEm5kfHw42Ba998lf7
-Jh2lo1uvcB1vVSvW3zvdS1EeF6aJlF4WnAj92VwerXnxW0LCN1lz2eW1ZQIDAQAB
-AoGAfGJmzrXiXwrsyCCqPA222BGKPHdxiLoAm8c3WfX8ELRZ5tPoj/tLUoCd8Kzt
-vYR/6hRddCs6bHNkmtJAGYG9s20fU7o6TrFJd/l4qjYVNl9cxKaWoMXN3xmANrFD
-3ZiXOotSQrNCqJdllg6AvezCNRL1yDGppWXAL7TM2OGxTAECQQDwYJPFSid+CMR3
-fQTvQBsmdsrUSHaDIENMYHAfq2BqWYIkNRL2PHmhfiQ5yepi1MzQ2clq+2Gbvl8K
-zmMkiEcFAkEA6aCMYZkXCM33+lRnBd447qGpj0uYgH+VGmq9WPhugfag/UtdVfsL
-H3pBnMcfLctot4dFgFGKaAOpMDRVVZBC4QJABQwCDkJgUeUdOuUFFYDjEQutdoeO
-9XHX9+KOeBvBCnqWoOv8We8rHpjnac8zfJ+7LSdlczmT8xEsLa3npvy1gQJAXaBR
-oetQJ98jOdcJUni0KC3xXdPV0elPP773Eui8oKjN67SAOyzYUE0WblX+UMPru2Ei
-oUIMTZLqAr92U0v1AQJAchSMGsAOQ113Ck4O5AWOkegz9EZFkCs9g1kmNxBmLVtv
-11Jw1oMbJG+03OnXyf55zRroTCXqqt8GZUSQrVOg9A==
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDGPcflD8dZKKq2/F7QDZVt34yCQm3vqa1RrHPB4QqhjoBurAo1
-VWE9RDJG2fcDSzGw4qKz+JFL41wdXOBIUVGaBkEa4kxFXMAqhkREzgECVuabS41e
-Saf5QBsAk5HWLiSfHwRZ62hR/nS6ErC4fXvClf+mp/3eiqFp+4CFpaZDTwIDAQAB
-AoGBAIJPyj7AiIILQWzXqFuLElcPRAW8NRf9qXiuq8kebSaVzcbyQCOe5DSpx4Lb
-dIwtuZRU5i73jkscQUjr7GKdUc2NHvCDQzjnk7S5uu8NFiHXqVXDJxHwAZI0svzD
-vFilu2E3r9Wj7dZa7l4uSEXLyagdwo0bD2xcrdwnyu5qLTuBAkEA7CUIGOEAK7ly
-Xweti+/fnni6cznMmWi1DDeM39GtbxHI3oPa2d7Ddkn5ZWRtFbIepLWi5+k6Xzpz
-fkCaA3js9wJBANbo4y/L/QKNhASI70DlKwFiJr+4RmQ1739l2BDHW+8crw+sM3VZ
-exVtHHKw6U6wqLMvzaojVZwnEJo05uWQ/mkCQGU7jtgThN45ttUUVoq5/3RRLyT8
-b0CIyax+F+9PVPlbd3AkuGpT/Bk2pyqXPchiPo6/qyGeMz7lsOM70IqSiYsCQGUU
-6u6rSpityT98zNPANmcTLFiWqv0tZTWNyH+z1Sj1W93KR/XVHZBpXq0PSt1JOD/3
-pwt0TSsCMMvnQAcQGKkCQCXU5eHdRmhCp9Eei5+fI+XUhBLkqzyrqlK1NVijgXTE
-kSXhaQWG9iLDDNgSkO6ofCPOTwcfIteXnc1OjGB/0Jk=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC6BTD2ZW/G5FQAcRyFbF5aQmffZuKjab6F2YTAixu9TfLv3wHT
-ZTP5ZpoIeeEhbormPNyW8kPpMmidBgbX/PvS2lgWgRnM10Mg9IXBA5s0wGx6oRld
-T0GM+3R9TIbIb/nyyNQ4zMBEC8CwDUgrLMafkiEtgN1Lvdrifa31XaelfwIDAQAB
-AoGAV3w1iMwwA5RCxWptBXrv7PcqLvEOSdhjmEOyoXNK+n78cD+rdiY0iWjtrGrV
-rIl2nc2l2P/bXIMunBrHgTEjpTtQQIr1n8xqCJeyLXaVaCi2rjLYSdvxC+lABoMc
-/+pODEWl1VJdEckXg9w8Jr7VY0toc3zeKbsZJuGr2O559xECQQDiYqx/fFhMb6tN
-+/LkhLCCgeHbURSW7UABiOocNE2crznHfZcWSD04GLH/UgwhP3RJ6CHcOtmXSD11
-ZQkNugZ9AkEA0lq+2QxhcFDAeJWfeFFZLw8I67xRY6tlZIiOQyWnRFVh6eHPvduU
-BfYxBU6FA9G0MAWgGxgZqtOLxqnQIuuQqwJBALlnSJCsHICVH/2hLv66MPjhOEDu
-uWcV7MqU/+6TY1DELRTVJWzJQuHzT6uj3W1JU4rHwxtjUxrTvgmr8ms8g90CQCGE
-2kJlyaUHCRRt6yJV/BsWjzpZILL8HcT+SYUDm/q0jEyjceHz+ktU5ozM7T8ljEvW
-qaOHnJdu7Cf06TiXRs8CQGMP4OjEfVMq+JxG5puFaa8e1fbSjiTP4EsUgRcE1Bzj
-UqT7VwOrJZXFTYK7Z9ZyG7z03WpVeucertzdRNNby9A=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQCvZuDBLvl17QsnszrJHZ85IfkU7hyk7sPwJKbHQ935A9BEAeUZ
-6XsmZTw9PZq5aSoARg7LIJjGnTd+DJCm17BUK0vzPpsZM6E062Ljubv+zMo62fxx
-CmXvMPP0G1Xwi7kS2FAlJaxdY5/RxSHyWgSxKjSgEmAPij6rooflW9ZIvwIDAQAB
-AoGAUnAV3nYHhSdeANC6JmAnv6B6Ax5OlC4sJSf0wt7g6vKh5fTGCsGzwb3+7AGS
-QOZueSZ0OYAejerCdBnPurrRAlZLifGptbvinAu9lRDpmaF2HUmQa4Dc0c+Y1Roa
-pzWnPzMWlBrhmWqmK/DwZNJ+Vusufv3yO8epjsOGCgUVUiECQQDnRPDf0KyJlzC5
-Xc9Dc3/pdn0D6La3IChyLiPo10rg5dBN/mTCnlPxnvauiTQkyPS7j+2n2oUKwcEE
-jVuwKf/ZAkEAwiiNEsejDkTLHIwDVkNa14+Glh3s0Ct5ajFv1HslQesKElMnjKVy
-ab7YAQBij9Ty24p3K6mdGWY5Nwe02JNGVwJBAK++OfU61AJyu/oBCaHOQWOeQP4Z
-d8/NRi8OVQd5o1MoEJVUPimOu2efTwHvDYruktt9UjH94p/8ALt+2DAUmnECQQCw
-EyhEdKlJYle0DsFj9Hcob2+FKaQ98H8OL8ETt43FJsqebay7HrsQbNLkrZ20hFCt
-ifeisBHZG9wdLK7zjTPHAkEAnGsXnM+YYDlm4OwChrpq0qcuud5uOgx4RuCniEol
-mij1xTDGrJGLEBkFhZ+KwOLoaM8m7javKXQejqTeE6E8Fg==
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDOEiDRFGABR6pMZhtMT4cv7K/8EUG92Zh6uOHdWdDAnkDSt4vH
-imXqDQw28eZFYdxvCCdi0HgbJnHU/guf6oYbQ8cI1sXrWxHJi4OOpwUNXGzOq3Dg
-fQXqBjn5jJRWVjdisxh3veFbU6EHTcfMxkwu76qDGbWs43IrDXJ6CsqBbwIDAQAB
-AoGAWzE2iI/ltGtMd6av6eM/xfuOHZRdbXB/w79RZK08biEaOqWzG8ipNRw1DZOa
-/ZVDAXewRlBO9mTa9xC9gDU+xsKywipWyRPnv5Yy7qfT+NP/JZCvwlL7qhqtHXzt
-KPpJ5GRxcJ+o05CartwA7fCXdv9T/qF02O2nZxCIYOpFRwECQQDqMoXwT37xvE5/
-/efvGAlBQGCj02YdjBxWRwx5iq1HeU5H4tqTKrfUWyI1m3cZFXUzjz0iH/SoK2jL
-7IwMwl9BAkEA4UFIcDVADwJMuLPqKuIDB49rXY+BO9mno9hfgcZ4Y/fWZcF+lJtR
-Mw8H+PsCkObu603wxiQGWIsyZPorDTZkrwJAU7S7Kqk/NieX5ydZPpvYsvnPkL5+
-QRFTD4NVchue020IDamHdhJOohfwojhu2QhSW5tWvlutlm3thvWFGQpgAQJBAIHz
-uMfLYM6H5B025qSgyWCmNCnA7azKr/VNkiP7jV8XD2CbFdzEEj9jr5TLszpHkJS9
-3WdiRyrz+znYPdgchk8CQQCzC1Z/NbGXu7H/OjsMD6SNgpZDmqctdXjn6jKjZr7c
-vtyoo2WkJtkREWzWPd+pEDxJCsAuxMCtVifJYLkMCa+w
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDVwhjz/Ao8Tvcrxv0f1xO7NXRuyl2rCWch0O2n6Jl+eVK4Mj0r
-Xxt4DqortucD7PV+tFQ7h9kCHsfmBM8nezbmL46OlPdbxm5RLN4X2gRF6jHQlcRQ
-PBaOIcfwDrWGyFhIpg1NoqaMgXpniUNWHMrjaYoIBVe3bQPCBK97Ye6EJwIDAQAB
-AoGAb2ARplalcqTmTm4BB20F/94rS2qvgWWF0e3NVlZwW6CVRBoRGx8T7eseKWbE
-WZxGkX0eAmKW5G7rUuMgmH6vrC2NjFBNvfMLPK3kVxhQVx3Rwu9nN2/u2olzBcMt
-epGj0Yyu7kRHol/ld1+DmoBUOYb6BlOpDyGWdFFa4eW1IhECQQD8s/SXIMXIHBF8
-tUd7rPXm6e96php4M2jaY1ezB5MO7laNivcCioIHihWgEY+BrzuH8moeJbLL1TtJ
-KhzysxmPAkEA2IwQYLVOCfKegG7yzgkbrrzwdWNi0i6P2LAl96kFWzf6DcUTuHun
-GYGMv1yCMj/jzZ+k0VTMWETgJKRzFZUv6QJBAKlxYQgVCYlsiK0+QHhFOX1kTxfG
-WOlQT3ZgNmXtJkZUueSe0ZH6ncXAaU+zdq5WeWxmt5EPZhwXFnGws0hpnzECQQCL
-QIbHqc+lVf/XV4GMPQ8wLw/ybRb/UjHuhlfkCy0Gm9iRQkqMN/gcztJTvIl9BtjX
-QfIbKwy9No1tAtN+7ZEBAkEA8T3mn9G2pTg/49iBP0TW1fJBsdacWj8ZK1D3egto
-JR7qKqVyQTifeJpeATTX/vvuTu0ikbshLotT/UBGy8dBtw==
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDk4MTchgCUabHViHLIwlLAVmIO9oCi745o+drZhQFZBF73/CMW
-3P8tUgqMgZb6JB1LiWAsJRrrTqYhxR9bh9ZljNfholVnfgF8KITXI1b0+OGcpB90
-/mvAFMz9BXu69rDj9X5GznA5XJNDAfitOKYMcWCeCw2/QmzTniFMVe10cwIDAQAB
-AoGALlxlI/I0zds2/XTdI1NRZcpZpIRD/D0gEJ2DugnaAwkCn6LADNKJEcoLfviE
-93g3QuS5yVdew4kz16VRO74hLCCjm7M++isvLhljozWAotBVfllQ8g9HcCuG551y
-y2vTDbrKUfeNUELBd2DKjYMN4K3gJRzPcjh6eQvZ238fl8ECQQD6cRMUPzdKLwQp
-dlTQ5dBeLJ14cn9zoFkBkgoF1JGXtDxhs+5elZQPS+skPoDy+ergjOMN8ixSaQ6T
-FJ/X73STAkEA6fUtQ2x/Q+YJcoRr5EEKqtyEPIZEeACAzRdxps1PAI++vafjk3x2
-5v/pTcpAEMSRzjZtlQTqC+fkx2vMANDMoQJAMPx7IeO3meAWbVHDB1Vca39Ike27
-dk9v+XmqUjeg/s53XRkH0CJr4o4UAXPkXyJ5SdDk/K5Y8wmvmx9WoLMq1wJBAMKy
-SX/Bq8tKhXQqpUrnocP9DYL8zb/70zRaHTeNxgAWn8pfDDFxs9WbBIG7HUOXAivU
-+a64zzknOymGGNhY6uECQE+NCMEicPRY8yNuNX2Ygr0Uxwbb0we55N8GA24Prkrl
-crhKfL6y0MdsHAgnIRaGV2+mpehS9TbVlx31AdFrugE=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDhyDJCX6hTsyKjWJp8Hv4zEmRcPkUYWyOseUNF12RvfOSjlVz5
-4cSxY0OcfhCBqn/etbeFprVgOSUiSGTFVBpusSKQ84wXhcK+HIGqpnsUtHoTspRy
-Qu93zDCkyFyAskcu99tT6q5jWhkgMCvx0KMODUzAyX6btQvbUWrnDnRp7wIDAQAB
-AoGABu56fIcrR8aMHa+urnjVHQRHiH1w6ZqCsdzXL+G496NB8bO4MwO3YirF/Jvy
-LcjqPBAgHj5L+zRF65OFZHl8hjKtKxeRvZcFe2XhUwPCN/HJv6OPUSUSIGMxL+XL
-4G62lt1tFHVZRjy9mLyqOg2SNwun6c3+dOySdvDY6vixxgECQQD32q9mwkHx8NqQ
-2GTGWRNgIDsCR9bnmy1gGKxzKhQLdg0cNwmQrfTCgHXwfeBUr1eSXW6RqTx/WGlA
-LqFdyiTBAkEA6TPOoAW+EaXPxx21MmzbqqgK6GqLh7NHM2Z2rkqR++933jGJqS1F
-nr4jmWLoSQX017IPz/mlDxlL++CvWIXKrwJAHXMbgj80rLWskqdTmgm9dp99w3Cb
-xVs30gI8g1aNmSsGtcKIXWt9+Jpg6RlbzVQkOJznZWFRceQkZV7lB4rcQQJARfTw
-qziNyCWBqy3SSYo2a391pjswGElDtruqJqbgHD++Kb2amlGmbPSFIWJ2ZFGRHZOh
-ArbVOS5RiQHiGCAqqQJBAMIp5kevQOAr/xYC8BLB6SD7XtfLKTJnZSHy7pWy6xeJ
-ffn7QLqwUWMcyrvja+CQgBTKx7u8/MKLSgqohWguWEM=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDNNrJ+X/+2VFhuPKiMLMA1EN/YFIpD6iI8mddzEatkxkmVWdfE
-ZNmjoPloi93iobvhqujqrkZx+Fw1s6wS59dBPUU0P240jkFfvD4QUjMuR4uI1OjM
-XXtmldUNjB+R6YXfoGhAgZeR8IonaQZDe1Lqcn4boiYu8eKSwq8bJ8FskwIDAQAB
-AoGBAKtzAVm4FspcWa1wHFlQoh0zxfCf6IypNoVu+qP2pT2CtMOE1lIM+BBPU1DX
-WkAYZAI8anB3vf9GQrPTMvZwoFMub7ifTsgBe+gJzbWKpfuDYRmi8figArTopirg
-yphtF+wZd5x0Yas0Ak+mxfojUuWF9Scv2p3yiope5KYkC9/xAkEA/KqYc1ucAzsV
-qIfZDWv/971IcJacWFm+l1M/jZB62Cimtkyw4zvPV6O6QOOMqJMyBJPE7AWBEGBS
-G7kO6yqjhwJBAM/r01/KtZErJL/fZn+bXJxxYgIZ0oBqxEigcMLiRSjyDiVwyR4N
-0BeWrI0IoVQpJeWCq0uL/cKmA/oMcDtriZUCQCB4M9svPJ9VqnTb8FK/PEez9Wky
-kajw74M22YXxuTeqEbJ/rIOnHgAfNEI+e8b2E4lvC/Fgy7M1DZgucfJaqmUCQDb7
-4zr6zUclhKNk/aMTP8tzRHrPv1YMZfnay9cNpUJtuIX4LIdRGc2TH/Bv7tHly8rE
-4m2pCKNX6cdPUMK17n0CQBt2Y0RX3Q7OoJqzbi63JtP4eYwdaI28xnncPMhvwWji
-arwmzoNeD7T7tkOEZOC+rlhXZaeZLI6LYUyC5ouEn3M=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDfBy/uVHZJUp8Wego5L0RtF2fKagzXQsJFYPm3ouLqL1MUaQJX
-Bn5Etsdrn0G4HCoXazilicDs4kzAWZdsjRfP5YY9O7FpkID+hHs3TrkdXpj8RjjH
-8SYkfXr8+tdRWdG6XweFnkPf/W5fNcik/iSiXoq7AbVdxcsOQPXpTAsAQwIDAQAB
-AoGBALSKYOaRQN/CHj5XtIbuGHonBEH670IiLJl1EzDwjrf8b0iKaPaBrx14yJ36
-YXzkb75dcZGvnZkk5/SdkdKxtJ93Y83Gan34fWXWZFurdBs6B26v4wVAaRYofR53
-/75CnfCDelDH5HgtHj8tw/F4zBIxC3r7CsFn04lKQM+mEd1hAkEA+rYoUSTA9RPB
-1Ki1gRiwph3Zan5Tsgt2qngWU0Ek/wsqKkwSeRgHZ5AkpsunKal7bGKMHA3yPo02
-E2EDEHLmTQJBAOO7ifiUoN88roep9pl0diYfLclTUakPViDlzIO7gulvNR0mq43D
-BH1JAUVMU19A8VbilKnUS2q6bqpqaCih6M8CQHUFnV/ypdY++JRIgx/U5G9FM3xP
-psVOMH91OgZ2O8yH65B+nYjEPICMeW8ZU9dQcnmurfNSVyX3R6xX9dQxrWkCQHLC
-1TqBm7gjmkgfbHfUap23ZJlp9WLeqaaWZ0OTQNtmATwZeqZLun1wRsWnOvRrg7Mn
-J4eVxhOYs6AJU0f2n50CQHfQU3xMJiTFfLvO8FV4fD39w141xYooC2glDWPFns+b
-v3Wkd9M6Nuv+gOB9vdG9I5+X9XSkKonkmcwU9Odjv8k=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDTOaekGWEoNU/wm/C4jVXp2k01nj1swDCxi8BQpAhq1uP68/HL
-nxQutsvSFz29izGOyJUT8PwDQjACmGzuKunBKp954Ak1p269cGKuCVNUqWI2I7cV
-mAHGxVJHoYzB3nxNhjjQEiRXdpm6HyNiIKV5EqKakLiqUJZZFu0pdJ1nUwIDAQAB
-AoGASSfMwe7wUWa1exXnN2Pr/4RV/V4C1Cl0M+m8/7DwIWCvsPjQI7/C07MHwInA
-HmeZEGS0DSYHgnFoA14bTBmcv2Jh+XJRsjN8Qari8gsfoC3+gTT1CuvrVxP55xM7
-w5c/hUKBIbhyAMHfcS/lqV+o+1ahxSMtbHWkKZYL/i3h/oECQQD/lt6wu0Ne2jwy
-iHchL6l+Sz5bMpW9Qx23WpwiGPOlh3YzwDZHZRNmkJbXI3sIXvC8mjSOhyxI33iB
-NlpoZEIhAkEA05CJc53tiIBqg4YzlxKw5u/oeR0qvGFJFP6D8UnRTSet0R/hnlAX
-VVns28irMOGZ3gRLskRxv0EMRoViO+Ji8wJBAJO3qYrxH/XRIZt/HYLznf0dFbP1
-n29cO+99keFvFFol2V39iCFpPHY5uMQsgG4NGQuYACoj26deaLIdLNFKqKECQD4A
-4ze+NipGMHFBeIczFCNqdkBgmvDAtlFv0i16C9xH37olVNM3986s3yz+n6VgyN53
-ddPWGVwK7VURrFuOmp8CQEEDc0bBtkJgXfObV2PYGJRVuGGP6S1RqL+7VNfmu5/+
-ZJAdwJZOdl3PDL8b9XNSgayuBCK6Wwt3GGzdtvqz76s=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCjhFcier8v7KbTxvLhFJKOnbFa8m+Zn1MI0fnvANqnLcNkbzHf
-TEkgBoiS18b/DJlJ0MVXu+qHTQasaDVqPiNs3S9OfPyc5tAdZeSHeX7ZwB7Ne/WB
-v3mK2G6UIvF5ptxS6u3m94YxXbc5/M1z7Q0f8sp5uiUe9LlsvCgIqUaqHQIDAQAB
-AoGAbD/eV2sfSqDGSIj6nVs7MsLeeLDqhK7fD4XCiiDsn6RCKCkcwREFj/gDTgMf
-MBWtHRriqhQzTOMHOfe69NyyIf7eXihRjkX7Ist+gi1wiKqdr0ECECC3sGdWR/pu
-wLBDtC2ynqiezbxog+/3C3YWs0+DTsnn87aOeKbIIfoMSFkCQQDNBAqw/BKw4dDd
-msMGJqbI3UIobZVOEXLwTi3ZWwDMIM+HMJPyT62U67cCg35M4L/EMxYBYMhqdS3f
-tixN9+bLAkEAzC5ZxDEG4S3j44m1Ff58qBStbV4SBlM18jZgjEVqeYlqStWq8U7J
-lJLpa3F8C26bUNWXTwl7i5BIykpGjZ0ttwJAAdIVXjj+2X9H4Y/sR3O0a3g7jCxc
-9RKGmMe49IMwYJ+x+BtgVPiMLBRjzavpRTmBunZRrbV0Ui20OJZfklmvPQJBAIiX
-EVIgAhwtmOAkxVGbV0UR4Brj7Wbxz4rjOZ9c6Ke5d7PsUFjxfgS4axKHbpYvPhPL
-b1deXpm0wh0hpyUhWu0CQQCX+HNWjZ/3oGTxWHVWhj7Q1J18CyxDj7SISA87mv84
-QZuso4AGYpbuZUdWr2cJcBvbP+ZX7DCjsr+5Ns/3Foqq
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDLjdBvdPcqlkda+ePVcjqBlMcP4qKbEU6SFWHcP7j9n7iuGFQl
-yuAaj0n34YFkdkdatLydEQltx3EDzTirhV9pWu1rqjKnhbR1mqrc7O6dTgNR446m
-iYLjJhNCmYcEX1lYQ4ky7do06bLKM68p6yAL50oQDD8AlHU2xfhNS6SIlQIDAQAB
-AoGBAJMGntwypujq3SV4Q7mDpYC9Xr85muvYp2Da8vFsUYlYGcQeLIGTtSVaBDp4
-dsaCrG13CJmGmcHigd4WGG3DizK7HnlOU6GuKdJfISJAT0Di/oSnH1gpIxGzxsA0
-IAjrncQT0yPcXtS/YXv4VMhOHdWTmaZvsuP0aJjd04hg/yyhAkEA623ruT6oKxk6
-5QeO8OFhUxi9ahgzQYHfHU9bXshRoCVA9OE9EzxyYvQRJa4s2WcJoRmFpwTPQoUW
-iZnhKBBr2QJBAN1W56AFsqtNY33joZA1GIjZEhgbeZF1w+VUUcYWQ8wvOFYYq71S
-lmw2QpZdAhgFtQ5Sy31xVbbp7USrAoXNOR0CQCyyD6B5jr+v6Ih2qOJ+R1XZSoyL
-z59OIqeT20rhSO3YZL6YzFmMjkLPBzpaGNWlRCS7ja4psZd1YNP6zM4oX/ECQB0u
-F9tA5Q0wZq1yFRqt5U4lT/1doelLXUgelalHxihlEUhIeFu9R5d8j8rC+EOyfOwm
-fi1Lg8FZla433V1GcQECQQCDC1toUTOs6zQMR8Qjbg806oEeNCrXCuRSvER9F216
-W/gfkyu3O7ZMyTLDzssExEBemXqIwP7cPvi4AudCR+rF
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDbDHCjS40S+kdfXzpBkRh6m+OvmVZwlnF90Hzu2dI6kMtCyOsG
-pYEko9Ce0DMEiFCk4jI3GrikP3dWtD+pzCd+ycmJHspktk7m/PoXzjuUf7IUb0Ct
-eHXzCb5iDb6vQGHcFkuUTIsWznlfl1lWGYoj6iF8PQJTCTIXtifubjEeTQIDAQAB
-AoGBANOC9ZiYMUar6RMMbsI1CsAJmxdKJw9cFYZ5NMmmBruKaNq6C0dFtKfejmlr
-fHfZ8JTl3bsb0EK5DdDpB7g7a73WT1338htfrH+3e0LRsj0hU7SidXOgb0Cw922d
-nRW53198ARkPc3b20uuFI71+4x8Vs5KDHiYNs644IpKD+2o5AkEA8WdqEkLaY3Wm
-muV5l9SZ5bKFDv+lWV7AQTjUGslJOxlq3AwB4hBK5CJiiybYyTcV3e4jWJZfnN/t
-J5NSeXVY9wJBAOhK/yp/UqblY96LgrlrfX7qQ+u6/drPHwp6JvlAGFyPzjN5WAO5
-i/9FZdKmjIvQOBu1OjvKjS5B/CpM4cTcVdsCQQDvEZJLaWesDgyj49RKV+LdRrFd
-TDHtUtek/+mWaXcbjy1zpHSM88OnMKJU2nDgvKvsMHVSuwEPc/gCNHT+Ege7AkAv
-/B4Nx1NpioVA2YzdhKjd6MKzFWOPKa392hHm9yiRJluwImbeDhwvVUSdaS4rS43r
-m1o2M7dKUPMoQc15fxJ1AkEAq8F4Ij94qy+eGc25H4ZkGOZTdr6iyn9ffncEqf42
-xvLu/L+RSuPu4VozAqzlXUWSi5Msnmxx0GaRtKJXZ/7AuQ==
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCWTobpyriDSEdy+q0BqCbAxgkQ7zfgYuZr4ZedFcLliPruUIH/
-6/tIgG/bQbdRWGTrjbcvAxoLNttTHRl8Sfl2DDk280/p9seQXwLd3OdRwkTMn4dM
-E9TlkRxK7TOigHbIVn78yXMreNl+o7IjzWnKoaeM44yXPnGsyARWvZfN0QIDAQAB
-AoGAXqPJPRIAxeDP5CzEnGN1KzJGaRxG0YlUTp836JfYJNDwNvgIMs0yZn9Abwzc
-0WJYAR01N2u7jU4YISgUcPbfFCcoH0f7p5xknHee9CYXt+YkNT52YNdungP60I4m
-1EQID3Xn4/h0+vsb6ZnlUMWUFfxhfBtixvwQZuZrtixbLfECQQDGym+ysZvvxyA5
-SfiH8Ixs93hixX5csyFyDieNFntI/otZt3R+RKSHSODGAXbPgOzIWrfD91/YA6R2
-LotEJFJtAkEAwZAdZ2xvV2uVuOxre5CZtXw1dMLZolC2thAmrqoAdMek1UcSK8wI
-ZdmE9XneAKcQx3esR0AvTIbKx24/6DFqdQJAOiN0fX+CSqMjIn4myKMqfqf1tnVq
-GnRtQK0xFgtQLS381VVZJaCvub0vt9kvxUpAdexKOG79wfB2xfWg12IEFQJBAKnV
-qGcZtqvuwuUJ09kMbEHYJRM48DpCNb6Td01j7piIn7Fe9aumD2xGKio07ryF2ewa
-rfeqcpXj40KPEtXJng0CQEPJULeB6FKRqzGWsyIe4u7ow2MjMIou7m66HyjvjkHP
-6Rg5DA0dSEjwJeMFQ8AklKPtLyuIyrkFunjctYXx0Cg=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC0W/5IECvrWK/GDlcqpVzMV4VE8tnRQ4TTQIv3euDosZ3o9LFF
-xmcUm6Wo4o/LMabbYZANqgqeJtxLCzOifAdyke5q7Hc09H6lDjkTqNWGhhJbpIs4
-kVckjak7+PGmSIkgqVuz/spW8MrR7JmcV2rfjiOhfr5ffM+p2z+43KGaOQIDAQAB
-AoGAKiqfxoVRX1J6tdlAc835ZiTIGZiVaCFa+nDKyG9ICd8Mxhv/HgsGqoDBODzP
-1XekRQIIRcmNdfAr7LePuNs6eh/qm98UulUr6zpEMXu8/DIqI6Lf4F8GMwMaD2lx
-qmnQK+fziDrhrw10Y1ijy/ttEg6wDwCeQJJs/Iz3ncOEIMkCQQDo93B/RhJas6Gd
-bIC5IIe5pwvyOzmkn6dOWCIZDU5WXJ3A2gtNDdhO6MunaFCA2i+R4RSu8dDQjUXC
-dtthEfVfAkEAxjEGfrEg1NW7ug6CB2yvJiKzoHn6mVWUapKWfbstaodOrU1+WWtU
-CpWn0cm6ytGOeSI1Ylc2vnp667QikWq/ZwJBAKvV97CpKtikLs1DPx9OE06pHHKr
-pLT83hc3gs8ftWyWG/Yn3rYTRD3QEIeGtfqU9QmREASKcQ+jZJUvvlk3OdkCQArY
-9hULFtPvWtYFI0LKxQ9eSNyYsImh8Hygx1HcY9D31OuRWUAFqtTlegj2dJ3TOGwS
-3j8irOFiDMZH1riE0jMCQDtk5fJZd61phQ25I4mkBf4+8qCOiiWneuapdJlX1r+C
-5GmsM9fDr/m+pBNAbQP2vR+38wSHEuEt0U9MC7NEAHU=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC8dmzRZbvDmPpNGTSmQ4rBHf8ETPnJv8XZTAiUokxVMQloOjVh
-xi59anqHiLohTF5eKNnT/QG8TuJVqNfVoHLRtftv+Mp69+aJsD7Jg+X9jan8Cv2g
-3aIzF06gDjcisu8n5GfVWICLFqGiVsNzaX3uR9mvTRl+nysIrUtRB0CZ8QIDAQAB
-AoGAeD+3vwQCghMh4f+rMEr4RbA1/zB+UNQkEToKX4wO2Gypa+94ECK7lxpRhBkh
-ag2oSLwYAML2UIiksbNBw/TUTRJUIvVFGNj01ZAY/ToySwZyB+iGVvYLs14CWCh+
-lIG8Yv6jeioXW6lUYuKGX/8MgKxsYqdjTuNDBUTU/wYHZgECQQDezuG53RnhW+cv
-612+metzu3+9tnz1YME9d+xJSHehNG+44ZojxIujYaZpwq4riPfPp61JKJmJ9A1p
-QUDQfLeZAkEA2Im5unIRak409a6uNlZ4ga6ISROewyoGe+pzch7trOGgcmcTy3mA
-ZqmmRcolcpQ8Zvk/8pEbgSWwh1GxOuOMGQJBALwEyOcXdad+7nC5pboaGV7ocrud
-K4XFyEwezv5ocMtQfJb/iht02IFe/hdxeZizVKufS9PYtvh7QnX34sIM/MECQGHy
-Cjy3lAEN1w66MLsLaf7ev26unUWSINS0O/wG2WM1u6mDzoRfNSE646b1xPKK8rdx
-Tuedk19bePn8jbohayECQQDWDO5OcgeD/3Yyy5ybll7UC+8O1RWHx/aYV6xI1Nbm
-G4UsxB6jeEoHUD68YQ/LCaphFsrcYDK9KCaFn9qqcGeJ
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCocGkc8UikcaUr0NjxAB/KKhfQP08fQ6AEUj4oczsgA5ZHmRnc
-lTVBrwNOCAHB1QhlTHWfKXPTq7P1nOfgc6hOvv2GZ/f0IEJ2OYWUkbhsdADIyIvR
-JDiS3XR26Mpp9paqKRsyTtdlTdyHTP9g3ESlBmAqL0jmoJyT6yT/dKXQEwIDAQAB
-AoGBAJigAx7uo1wefgQN4gW+jw+oxJs2QoOZy00fGKOehlyj43BNEloF+ZPi+aOj
-LbRtTIY9mfb2oLWUSCSuYI3JPx9jIsNMeCgn+/Eo96mjOPvifKgz0D4tNPsGTmf5
-PSEDPdN6NdpIuPoCyn8dTEseL99FDe4JNu1Hotm6xzyl0m+BAkEA0s2LJKsQZKFw
-APuwpvLXiLE2n3jxZzxNTJY4X3TGkcDPkkh7LJLo/39KkGZ6jke73IY5UCYXKrSU
-t1UlPMTx2wJBAMyNnx2o4c0P3KRyOICS45q+9CMbASIN7aSxNg3Y/bb9R0sVQbXc
-C8HpfUN2erpMy2oCjcIt/aU47tTCrkJvfCkCQC+KY2L1oVDQh63xFTnRcoJFVQhK
-AkdB9jzbdAMzFsUwMp/O8NhwmVNlpa9DLUiBLQDi1HIa5Qagixl9flRiJhkCQGB6
-n8T+hdoRlDEgCpRiM+YmEMKKFyO3zBG039jyMuDfX4QDd6XOLuF8Pm/WbxZ16C+N
-Gs2uoYcPbl59oHGHYdkCQFYRupnzOGMA6qLlP/moi0j7OzOK0JpMLCvkGg5GcNVl
-MD2Jgl3O/7JVWQQ/21rS6BLbQHr4Uty6T79bHu6ZeYY=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIEnzCCAocCAQAwWjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMQswCQYD
-VQQDEwJDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMXhh68aWUeO
-MDqFnGm1yuqgKJ5gL7aLXkLvaoptZnZchTi+LbzDEIhAyHLVZhzW5TTalY9IsvqI
-B+vax6kYSJl1vzIqha7dBsHcftCqJqlDwl35pPOOfDJBcMjd211arVe/7XHIsdTm
-OaGpBVF/7WGMGgla9HIFLnr/EocSdxq/tyU82TPHBpTfjOnkXxuZLkvcTBdm2e3Z
-a6iLoXZBUwqAEbbfTQnsBClcBgUyaVR1bxwLjEbjmg8N9RvpHSNDhVBQkjRg80zn
-ryxojICHB3JplfNBFGJ+PtymRXQEouvzZRiy0tLRHydvULO1hsVO/mGtaKyhFILU
-kn240w1u8aiyM/7a1VEy+hYS4lLOiQnbCsZI6gWdzmroa1tBOOV3mjTb0tjnxIGb
-Gu2fnEQMrKhRBN1l04hELBlTUqGgvXqWBgYB03uaHt61Ul4HjAPqLWkmWu/CZlEO
-6ewoCoJHCPR0Z89gGdrcMzJBaF2dsceurIcYL+rSlALTkpo3SiQiRlqcNSQQUUhF
-cE+fsQq050gXxk6AMjZi3EZC/Lj2Z/oYcf5hiwt7gnzMux5A0Mxob8g4gRGIhOOx
-DxZg53X9frdTW6xnMTGHq2mqmVtQnquvz6MNcDw7cnJBUQkUWHkq4wvL3y6zbhBF
-UXsX7gBKox0JMY3PHeH+untLNoWdi9F9AgMBAAGgADANBgkqhkiG9w0BAQUFAAOC
-AgEARyunUCI3xAmw7kJY0NbLJA/+SvULDT+x0DMsHp/GHB25GFqPh8LXd7+nYCxR
-b4XKMUPwVhOuZgLIgv2yGcSvztXtm9OVtonVmrWfHCDPPrKVABrYOZ6odhKiIi6s
-hzW0MKEwcl774cqO8YYZwrJF4tHCc0sDKK3iCcw0JvRN/x64XlmeidiHyhgrJwPd
-REzMZaBTGiL69EKLs6JwUndI2cY8vOOmISSW098RRy0kJSLZXKvgx/vLlfCMEDdn
-vZm/5bCuOIiCMcu2JFGG4DsVV32kfUSDgkmUbVK9Cb2c/irldxh277Dt2vBzpG3T
-j8R7TOJcUfjjt61LCO1KVZMx/STGUqbyNJq1Zk8hWbK+x4ed+Abo4CHZS5kN7DWo
-IieX5xESyFqoHMyyoZVQ1n0DGk7SbQDTOrN4Iq1okMscRdZuZVwv34yadmZbQRWB
-V+HvEqOSYFOqeZLi7kEGiuPwEtQD189VbXLNpD4blWMcV7Uji9LeRJ00enFPcEHR
-MOZ7axCJKpEHyoRcJwYEceUhx8j8WOuVnptySbR+o20NNMcdCZ3Iaht5SfFaB/HO
-GOdL0kne1nrWcyPUWPQZmCYVrNvAraeJ657T9dnsIf6UWUk1Q7fbyXl7vAvtY3mt
-5V52iP/BiImA+Xy+7XwY/ByrPJrqdWpQxueI+GcO7v77i6k=
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFMDCCAxgCCQDyW0BbwrfQZDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJL
-UjETMBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNV
-BAoTDVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwNjA3MjIxNFoX
-DTE5MDMwNDA3MjIxNFowWjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2kt
-RG8xETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMQsw
-CQYDVQQDEwJDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMXhh68a
-WUeOMDqFnGm1yuqgKJ5gL7aLXkLvaoptZnZchTi+LbzDEIhAyHLVZhzW5TTalY9I
-svqIB+vax6kYSJl1vzIqha7dBsHcftCqJqlDwl35pPOOfDJBcMjd211arVe/7XHI
-sdTmOaGpBVF/7WGMGgla9HIFLnr/EocSdxq/tyU82TPHBpTfjOnkXxuZLkvcTBdm
-2e3Za6iLoXZBUwqAEbbfTQnsBClcBgUyaVR1bxwLjEbjmg8N9RvpHSNDhVBQkjRg
-80znryxojICHB3JplfNBFGJ+PtymRXQEouvzZRiy0tLRHydvULO1hsVO/mGtaKyh
-FILUkn240w1u8aiyM/7a1VEy+hYS4lLOiQnbCsZI6gWdzmroa1tBOOV3mjTb0tjn
-xIGbGu2fnEQMrKhRBN1l04hELBlTUqGgvXqWBgYB03uaHt61Ul4HjAPqLWkmWu/C
-ZlEO6ewoCoJHCPR0Z89gGdrcMzJBaF2dsceurIcYL+rSlALTkpo3SiQiRlqcNSQQ
-UUhFcE+fsQq050gXxk6AMjZi3EZC/Lj2Z/oYcf5hiwt7gnzMux5A0Mxob8g4gRGI
-hOOxDxZg53X9frdTW6xnMTGHq2mqmVtQnquvz6MNcDw7cnJBUQkUWHkq4wvL3y6z
-bhBFUXsX7gBKox0JMY3PHeH+untLNoWdi9F9AgMBAAEwDQYJKoZIhvcNAQEFBQAD
-ggIBAHVU/HAqDC+bX8J0Nt7y0jO1ioUun6qPzjcQ9QRYjZ71JrsRbTgNmYkKtBi1
-8TZ/Dyq27OO612N4qrGe8dZwTK7z8bhVv4+mjgpP/uyO1woLDpYof26z09cfYd3z
-J0OE7Ta0/OlMYCDWl6ORPCNkfv7Bj0cS/XsJczfJAaPdyUozTR6Jl4qARHgS07H4
-ITZGnzPSk34AhJdZFVcnepCSjb4eXTJw1xjAd/OIaD8qtAnrrx/RnWAiii7BIUN/
-O6oOBSumPIrzBbgOJ96KyE5DDaoaECBWEFeyLsXk9PW3PC4CcPrTW1qjkr2cFrPm
-oYhIb2NkYQzpx36wLqG9tiGGiO8BFmyDjffAu8rBvMIFDGjy62fA+n/BMyrfxrQ3
-bKPt/GVHEEhhpNVAF+aRdJk7UtirLIrOYnRJDcbi51ZYiLpogmsH0PZ7JcC2ZkCb
-w753asG0K48OcRNw4c2D0tOXWUE+pkTjbE4HUD4xU+of3x3V98xHghd2G8MOMoRL
-M4tcK/zs76pOY6gfNuZe8nN/9RI+gsiiswWLkSBDEJEAEngZchdmd0I+8ed9qKW8
-Sm+85bfdya+Pbl858kubbkVup8wdl6wfILV+1XZOks1enknQYbls6Gx6mF9Llx1h
-mEHwvjERzOA7ykbVsRj/42Rn4g6JNEzJIZCsaSowk1zt0imn
------END CERTIFICATE-----
+++ /dev/null
-V 100306080002Z 01 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100309031315Z 02 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Certificate for OCSP Client test - IP address as AIA
-V 100309060955Z 03 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100309061108Z 04 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100309061223Z 05 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100310001031Z 06 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100310001451Z 07 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100310080409Z 08 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100311104952Z 09 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100313011918Z 0A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100313022703Z 0B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100313023759Z 0C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100313023935Z 0D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311031642Z 0E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate
-V 190311031818Z 0F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First Test Certificate
-V 190311032356Z 10 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311032410Z 11 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311032420Z 12 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311032430Z 13 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311032440Z 14 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100314113542Z 15 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100314134812Z 16 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100316053643Z 17 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100316053834Z 18 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100316061833Z 19 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate
-V 100316114226Z 1A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316115653Z 1B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316121050Z 1C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316121256Z 1D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316121311Z 1E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316121809Z 1F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316122916Z 20 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316123325Z 21 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316125036Z 22 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316125902Z 23 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316125924Z 24 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316125941Z 25 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316140429Z 26 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field
-V 190314230611Z 27 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field
-V 190314230854Z 28 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder's certificate with delegation
-V 190314233211Z 29 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Seventh OCSP Client certificate
-V 190618082147Z 2A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First Test Certificate
+++ /dev/null
-unique_subject = no
+++ /dev/null
-unique_subject = no
+++ /dev/null
-V 100306080002Z 01 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100309031315Z 02 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Certificate for OCSP Client test - IP address as AIA
-V 100309060955Z 03 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100309061108Z 04 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100309061223Z 05 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100310001031Z 06 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100310001451Z 07 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100310080409Z 08 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100311104952Z 09 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100313011918Z 0A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100313022703Z 0B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100313023759Z 0C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100313023935Z 0D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311031642Z 0E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate
-V 190311031818Z 0F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First Test Certificate
-V 190311032356Z 10 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311032410Z 11 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311032420Z 12 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311032430Z 13 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 190311032440Z 14 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100314113542Z 15 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100314134812Z 16 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100316053643Z 17 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100316053834Z 18 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP
-V 100316061833Z 19 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate
-V 100316114226Z 1A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316115653Z 1B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316121050Z 1C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316121256Z 1D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316121311Z 1E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316121809Z 1F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316122916Z 20 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316123325Z 21 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316125036Z 22 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316125902Z 23 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316125924Z 24 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316125941Z 25 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder
-V 100316140429Z 26 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field
-V 190314230611Z 27 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field
-V 190314230854Z 28 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder's certificate with delegation
-V 190314233211Z 29 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Seventh OCSP Client certificate
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 6 08:00:02 2009 GMT
- Not After : Mar 6 08:00:02 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:d4:41:90:ba:e8:97:0c:89:05:f0:95:75:44:ff:
- f3:c9:b1:68:90:0a:83:a2:30:6d:f4:8d:2d:e1:ec:
- c7:bd:ba:24:39:bf:ae:29:fa:65:2b:c6:98:ee:13:
- 74:7c:5d:68:36:5b:b4:0c:ae:6b:99:40:b8:39:a2:
- df:fa:97:e3:62:37:ff:3c:ae:39:6a:1c:77:39:81:
- 2e:9d:c9:a4:30:e0:4c:e6:18:e9:57:04:a1:09:0b:
- ab:ac:00:9c:ca:65:96:59:1f:e9:21:86:9b:d8:ef:
- 86:db:99:70:1c:39:31:9f:48:f9:02:0d:4d:53:aa:
- ac:ad:f1:58:ca:84:98:44:95
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Extended Key Usage:
- OCSP Signing
- Signature Algorithm: sha1WithRSAEncryption
- 0e:0d:eb:90:52:0b:d8:81:b9:b1:87:da:b4:c2:18:5b:fc:01:
- bc:de:1b:16:5e:09:e1:a4:76:68:7a:05:e0:77:58:f0:bf:ce:
- 8e:52:f1:fb:ab:35:9b:1d:e7:40:14:88:b5:36:0a:1d:b6:70:
- cc:83:bd:2c:2f:7b:9e:fa:33:29:4f:c8:5e:ec:fb:56:90:1b:
- 7c:9c:c0:e8:0e:bb:92:dc:20:5f:22:10:d6:c3:68:3d:26:6e:
- f1:3f:df:42:45:f1:82:04:76:ef:3c:a9:d5:be:8e:dd:3b:a8:
- d4:c3:08:51:f9:2e:60:8e:93:4c:c3:e2:93:ea:ef:6c:d0:47:
- f1:f3:15:8e:6e:66:0b:22:36:32:8a:f7:7f:c9:41:d8:d1:69:
- 0d:32:62:ea:3c:fe:72:8a:c8:77:ff:5f:a1:4a:59:1b:5a:12:
- 7b:a0:52:17:ae:6e:d4:d6:b3:c1:3b:50:26:3e:55:46:37:39:
- 50:ea:2b:fd:97:15:ca:ca:fc:a3:dd:9b:72:c9:d8:a9:39:aa:
- e2:77:b1:d1:bd:2c:62:0c:90:72:75:32:e0:18:3d:4b:01:9c:
- e7:69:77:c8:05:1e:49:44:0f:fa:e2:71:0e:6b:b2:99:f6:a8:
- ae:fe:4b:02:73:fa:00:7b:f4:2b:50:44:b2:50:12:2a:82:ee:
- be:da:ff:47:51:b6:95:f7:fb:39:c7:7f:1f:01:b7:5c:19:01:
- 87:d8:c0:3d:bf:d5:ca:1d:67:6e:1b:6b:e6:98:8a:81:ab:91:
- 53:ef:03:e0:62:17:c2:5f:f5:ed:4b:24:12:10:64:aa:09:bf:
- 8b:fa:bb:54:a1:45:6a:7e:0a:f8:85:d2:ae:cc:b5:65:1a:db:
- 9b:17:1f:e5:64:f3:1b:8a:be:40:10:28:d9:a5:ac:30:ed:7e:
- fb:40:39:8b:f3:8d:10:1a:db:85:fd:83:a6:89:eb:09:b3:c1:
- a2:3f:b4:a9:35:62:58:24:6a:37:76:a8:e9:80:12:b9:bc:b0:
- db:e3:ba:e4:a2:dc:b9:8f:ac:99:6d:95:44:7b:b1:7e:1b:05:
- c3:79:25:bc:ae:15:4f:7c:f7:b6:70:0d:fb:d7:fc:91:d9:d4:
- 52:a3:bb:50:83:a2:2e:c9:ec:26:73:e3:a5:e2:b3:24:87:1e:
- 48:28:f5:7c:49:51:51:c4:1f:8e:06:53:cb:3c:49:8d:b9:ae:
- ce:51:a9:85:a8:25:57:02:22:70:17:16:78:29:31:c9:ad:63:
- 3f:39:75:1d:c2:ce:7a:0d:85:96:95:3b:01:02:0a:15:8b:ef:
- 93:74:65:44:c3:87:19:01:04:0a:87:82:da:66:f6:bd:34:00:
- ab:09:25:e3:20:4d:87:6e
------BEGIN CERTIFICATE-----
-MIIDuzCCAaOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwNjA4MDAwMloXDTEw
-MDMwNjA4MDAwMlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUQZC66JcMiQXwlXVE//PJsWiQ
-CoOiMG30jS3h7Me9uiQ5v64p+mUrxpjuE3R8XWg2W7QMrmuZQLg5ot/6l+NiN/88
-rjlqHHc5gS6dyaQw4EzmGOlXBKEJC6usAJzKZZZZH+khhpvY74bbmXAcOTGfSPkC
-DU1Tqqyt8VjKhJhElQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkq
-hkiG9w0BAQUFAAOCAgEADg3rkFIL2IG5sYfatMIYW/wBvN4bFl4J4aR2aHoF4HdY
-8L/OjlLx+6s1mx3nQBSItTYKHbZwzIO9LC97nvozKU/IXuz7VpAbfJzA6A67ktwg
-XyIQ1sNoPSZu8T/fQkXxggR27zyp1b6O3Tuo1MMIUfkuYI6TTMPik+rvbNBH8fMV
-jm5mCyI2Mor3f8lB2NFpDTJi6jz+corId/9foUpZG1oSe6BSF65u1NazwTtQJj5V
-Rjc5UOor/ZcVysr8o92bcsnYqTmq4nex0b0sYgyQcnUy4Bg9SwGc52l3yAUeSUQP
-+uJxDmuymfaorv5LAnP6AHv0K1BEslASKoLuvtr/R1G2lff7Ocd/HwG3XBkBh9jA
-Pb/Vyh1nbhtr5piKgauRU+8D4GIXwl/17UskEhBkqgm/i/q7VKFFan4K+IXSrsy1
-ZRrbmxcf5WTzG4q+QBAo2aWsMO1++0A5i/ONEBrbhf2DponrCbPBoj+0qTViWCRq
-N3ao6YASubyw2+O65KLcuY+smW2VRHuxfhsFw3klvK4VT3z3tnAN+9f8kdnUUqO7
-UIOiLsnsJnPjpeKzJIceSCj1fElRUcQfjgZTyzxJjbmuzlGphaglVwIicBcWeCkx
-ya1jPzl1HcLOeg2FlpU7AQIKFYvvk3RlRMOHGQEECoeC2mb2vTQAqwkl4yBNh24=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 2 (0x2)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 9 03:13:15 2009 GMT
- Not After : Mar 9 03:13:15 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Certificate for OCSP Client test - IP address as AIA
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:e1:a1:0b:40:23:f4:c2:29:2a:e6:9a:f8:55:86:
- 03:94:76:99:15:00:61:d5:97:00:ca:aa:7e:f6:d1:
- 7b:70:12:40:99:00:01:94:8c:69:7f:c0:fa:d7:72:
- 7d:fc:61:54:3d:ad:02:53:a3:c4:49:24:8b:42:59:
- 61:01:b5:4f:52:83:df:09:de:19:5a:a6:ce:78:7b:
- 1e:fd:03:2a:4e:24:37:89:d8:12:61:c2:f5:49:74:
- c5:f8:75:7b:02:b2:5a:a8:2d:a3:b3:18:3f:f0:0a:
- 18:e9:f9:e0:92:fa:37:b8:f2:15:99:23:26:07:a1:
- cb:2e:e3:c6:1f:d8:88:65:cd
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - IP Address:127.0.0.1
-
- Signature Algorithm: sha1WithRSAEncryption
- 3c:50:d3:19:27:36:33:e5:1d:a9:e0:30:c1:bf:8b:90:6c:ef:
- e6:40:e7:2a:5e:f6:1c:f4:e1:17:f2:2d:50:42:30:e7:68:30:
- d8:ea:a1:bc:92:77:b8:06:cb:f2:d8:b9:bc:26:c1:ff:6f:8c:
- cf:3b:22:a1:2f:07:c4:41:a8:91:4c:fd:1b:c8:85:5c:21:cf:
- 03:1b:1a:15:c4:f4:3e:bc:10:8a:27:82:fa:2c:a9:1b:e9:07:
- 72:bc:a2:79:91:3d:99:45:8c:cc:08:5d:c9:b9:4f:94:19:d0:
- 5e:9c:08:7c:8b:6c:11:c5:a7:7e:f3:5c:95:35:23:55:d2:cd:
- 06:34:98:00:a3:64:54:5e:ad:b4:d1:4d:e0:cd:4d:cf:11:53:
- d4:12:88:9a:42:12:77:61:73:2d:ae:9a:ba:2a:73:f5:59:96:
- e5:0b:85:3c:01:3f:16:0e:df:fc:c6:e5:a9:68:21:e9:09:7a:
- 7e:a9:fb:32:f0:69:d2:6d:30:e2:ed:34:6f:3d:fa:75:86:88:
- 08:5f:fa:ee:72:b6:51:e3:77:00:cb:25:27:42:cd:86:46:f0:
- 1a:08:6c:e4:a4:b0:97:2b:69:12:e6:3d:81:9b:d5:aa:31:c2:
- ac:93:43:04:3a:c1:e9:cf:53:f7:0a:ff:ed:6b:ef:ef:d0:43:
- 43:54:de:10:de:c7:77:f3:e7:d1:14:66:c2:02:25:e2:5b:c6:
- c9:09:3c:a5:c0:b5:6e:e9:b0:6c:03:87:3f:b6:9c:3c:f8:9e:
- 21:7c:dd:2d:99:09:62:ee:7f:44:d6:4c:dc:ff:33:97:77:86:
- 03:1b:e0:16:c8:c6:83:79:9f:20:a4:a5:e0:f6:0d:d5:d2:c2:
- ab:80:2b:f0:f4:09:e8:9d:38:9e:d3:2e:5b:3c:72:7b:1f:56:
- d7:96:d7:e3:49:de:b1:99:e6:1f:44:0c:9a:11:ac:18:8b:64:
- a5:4f:48:eb:93:b5:73:1e:1e:ee:62:39:f0:65:2f:6f:ff:76:
- 28:ac:d3:15:6a:39:04:b1:2b:1b:46:07:1a:b3:71:ea:e6:2c:
- 55:3d:f6:a5:c9:a1:5e:aa:bc:a5:35:61:8f:ec:69:ca:78:76:
- cd:b5:47:04:66:d3:96:84:62:0f:c0:8e:17:df:24:6c:81:b1:
- 85:9a:83:94:88:c1:37:e5:fa:bc:6d:f6:b3:b3:93:67:58:20:
- 63:73:81:9e:51:f9:5d:dd:ba:c9:a9:7c:ee:cd:5f:8b:df:d0:
- 2e:33:e4:aa:4e:35:17:6b:79:47:17:d0:89:68:53:37:0e:87:
- b7:9f:56:91:c9:a8:5d:12:5c:95:be:24:ff:8b:79:73:12:2e:
- 25:66:01:33:ac:08:e4:3a
------BEGIN CERTIFICATE-----
-MIID7jCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwOTAzMTMxNVoXDTEw
-MDMwOTAzMTMxNVoweTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xPTA7BgNVBAMTNENlcnRpZmljYXRlIGZv
-ciBPQ1NQIENsaWVudCB0ZXN0IC0gSVAgYWRkcmVzcyBhcyBBSUEwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAOGhC0Aj9MIpKuaa+FWGA5R2mRUAYdWXAMqqfvbR
-e3ASQJkAAZSMaX/A+tdyffxhVD2tAlOjxEkki0JZYQG1T1KD3wneGVqmznh7Hv0D
-Kk4kN4nYEmHC9Ul0xfh1ewKyWqgto7MYP/AKGOn54JL6N7jyFZkjJgehyy7jxh/Y
-iGXNAgMBAAGjJDAiMCAGCCsGAQUFBwEBBBQwEjAQBggrBgEFBQcwAYcEfwAAATAN
-BgkqhkiG9w0BAQUFAAOCAgEAPFDTGSc2M+UdqeAwwb+LkGzv5kDnKl72HPThF/It
-UEIw52gw2OqhvJJ3uAbL8ti5vCbB/2+MzzsioS8HxEGokUz9G8iFXCHPAxsaFcT0
-PrwQiieC+iypG+kHcryieZE9mUWMzAhdyblPlBnQXpwIfItsEcWnfvNclTUjVdLN
-BjSYAKNkVF6ttNFN4M1NzxFT1BKImkISd2FzLa6auipz9VmW5QuFPAE/Fg7f/Mbl
-qWgh6Ql6fqn7MvBp0m0w4u00bz36dYaICF/67nK2UeN3AMslJ0LNhkbwGghs5KSw
-lytpEuY9gZvVqjHCrJNDBDrB6c9T9wr/7Wvv79BDQ1TeEN7Hd/Pn0RRmwgIl4lvG
-yQk8pcC1bumwbAOHP7acPPieIXzdLZkJYu5/RNZM3P8zl3eGAxvgFsjGg3mfIKSl
-4PYN1dLCq4Ar8PQJ6J04ntMuWzxyex9W15bX40nesZnmH0QMmhGsGItkpU9I65O1
-cx4e7mI58GUvb/92KKzTFWo5BLErG0YHGrNx6uYsVT32pcmhXqq8pTVhj+xpynh2
-zbVHBGbTloRiD8COF98kbIGxhZqDlIjBN+X6vG32s7OTZ1ggY3OBnlH5Xd26yal8
-7s1fi9/QLjPkqk41F2t5RxfQiWhTNw6Ht59WkcmoXRJclb4k/4t5cxIuJWYBM6wI
-5Do=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 3 (0x3)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 9 06:09:55 2009 GMT
- Not After : Mar 9 06:09:55 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:80
-
- Signature Algorithm: sha1WithRSAEncryption
- a2:38:fe:fc:ab:b7:a1:d0:6d:52:b9:bd:7d:ab:24:94:01:bf:
- 2c:26:a9:6d:90:33:ac:3a:84:f3:35:7d:2e:26:5b:27:30:c7:
- 98:ba:a2:a8:a8:21:1c:32:a4:e9:3c:0a:91:9e:f9:e7:f1:6a:
- 9a:c4:58:e6:24:1c:78:8e:2e:94:9c:c1:d8:87:bf:ba:0b:84:
- b8:96:5f:47:fc:b1:da:5d:d6:ae:a1:d7:37:36:4a:bf:41:5e:
- cc:6f:ef:4f:2f:a1:a4:25:ba:b9:a3:01:6d:3e:e9:19:e4:a7:
- 05:51:f9:a4:8b:09:e3:3c:1f:0d:e2:98:9d:5a:66:c2:e2:80:
- ef:7d:4c:34:00:fe:08:10:4a:8f:6d:3d:46:95:cb:5a:19:95:
- 65:98:b0:b7:9f:ec:14:65:56:04:c7:a5:e3:95:5e:5a:11:30:
- 92:4f:40:e2:bc:b9:01:cb:ff:a9:34:b3:c0:7e:ab:3d:8d:f9:
- 68:aa:46:33:2c:52:fd:ab:5a:b0:32:27:f0:43:8e:79:cd:aa:
- c9:c8:1b:1e:45:58:8c:36:b3:39:c4:25:a6:9c:81:01:5f:a3:
- 19:d8:4d:e1:a3:a0:14:92:45:0c:ba:38:57:ce:aa:c6:98:b7:
- b0:53:74:fb:d6:52:ba:3b:0a:95:29:d6:99:57:d5:4f:19:48:
- e1:87:ac:ed:14:2c:34:0c:65:e7:d3:df:c0:92:5f:4b:2b:9c:
- 3c:48:a0:bb:21:af:fe:37:b5:84:36:00:e5:97:00:ef:46:75:
- 9f:e8:b4:24:91:76:ae:49:ed:a6:63:3d:22:2b:26:39:f6:77:
- 76:f0:d1:93:bd:68:6e:66:50:50:4f:26:d1:4b:8f:d3:b1:b8:
- 07:8b:5f:f8:ca:79:b6:40:1d:ab:09:14:e0:96:32:69:4a:bd:
- 81:c2:5f:1e:5f:d8:84:9c:df:3a:3e:0c:14:10:46:b6:9d:b4:
- 2d:71:f5:57:37:8e:b4:b5:9b:26:d5:69:89:7c:12:d8:0c:29:
- 42:96:5b:e8:57:07:da:60:3e:c8:4e:52:83:b1:46:4b:91:ad:
- 1e:89:97:b0:26:a6:b9:d5:b2:67:9b:e5:8c:02:56:aa:44:78:
- 7b:15:a7:ad:ed:7b:d4:75:ac:5f:3e:fd:f3:52:89:7d:a5:25:
- 5f:2d:b2:cb:99:25:8a:64:48:39:23:c0:82:34:4f:06:41:c3:
- 07:d9:38:cc:99:59:c2:f0:88:65:91:7e:fb:59:3a:02:34:02:
- 5a:90:4a:78:11:c0:fe:ab:09:04:c9:66:80:1e:fa:24:fc:c8:
- cd:d8:bf:b4:fe:23:5d:22:0c:92:09:90:2d:76:a6:99:c1:7e:
- d4:68:b4:36:ae:11:c8:b2
------BEGIN CERTIFICATE-----
-MIID5zCCAc+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwOTA2MDk1NVoXDTEw
-MDMwOTA2MDk1NVowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaMzMDEwLwYIKwYBBQUH
-AQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vMTI3LjAuMC4xOjgwMA0GCSqGSIb3
-DQEBBQUAA4ICAQCiOP78q7eh0G1Sub19qySUAb8sJqltkDOsOoTzNX0uJlsnMMeY
-uqKoqCEcMqTpPAqRnvnn8WqaxFjmJBx4ji6UnMHYh7+6C4S4ll9H/LHaXdauodc3
-Nkq/QV7Mb+9PL6GkJbq5owFtPukZ5KcFUfmkiwnjPB8N4pidWmbC4oDvfUw0AP4I
-EEqPbT1GlctaGZVlmLC3n+wUZVYEx6XjlV5aETCST0DivLkBy/+pNLPAfqs9jflo
-qkYzLFL9q1qwMifwQ455zarJyBseRViMNrM5xCWmnIEBX6MZ2E3ho6AUkkUMujhX
-zqrGmLewU3T71lK6OwqVKdaZV9VPGUjhh6ztFCw0DGXn09/Akl9LK5w8SKC7Ia/+
-N7WENgDllwDvRnWf6LQkkXauSe2mYz0iKyY59nd28NGTvWhuZlBQTybRS4/TsbgH
-i1/4ynm2QB2rCRTgljJpSr2Bwl8eX9iEnN86PgwUEEa2nbQtcfVXN460tZsm1WmJ
-fBLYDClCllvoVwfaYD7ITlKDsUZLka0eiZewJqa51bJnm+WMAlaqRHh7Faet7XvU
-daxfPv3zUol9pSVfLbLLmSWKZEg5I8CCNE8GQcMH2TjMmVnC8IhlkX77WToCNAJa
-kEp4EcD+qwkEyWaAHvok/MjN2L+0/iNdIgySCZAtdqaZwX7UaLQ2rhHIsg==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 4 (0x4)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 9 06:11:08 2009 GMT
- Not After : Mar 9 06:11:08 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:80
-
- Signature Algorithm: sha1WithRSAEncryption
- 6c:b3:f9:8e:f2:e6:c1:5e:a5:61:96:b3:77:9a:e7:bb:ba:6c:
- ff:0c:cc:47:b7:4f:f4:98:08:57:0f:40:cb:4a:3b:dc:52:64:
- 04:33:e3:c3:94:65:1d:a7:2b:d8:59:3b:74:37:cc:0e:06:fa:
- db:8c:b5:45:08:b1:f6:0b:3f:c8:f6:d6:36:4a:9b:df:41:58:
- 7c:9d:85:e4:d7:a3:87:64:68:1c:0d:33:bc:f3:b0:c7:01:72:
- ee:e8:e0:9b:e4:bf:b1:71:ec:eb:ca:6c:c5:4f:b8:66:06:42:
- fd:24:a4:d3:cb:35:d1:e8:0a:88:dd:ff:4e:43:59:87:96:9a:
- 13:08:8b:e4:c6:3f:3d:b8:5f:5f:91:a1:2f:39:bf:a7:33:4c:
- 7d:3d:38:3d:b9:f7:15:f6:eb:f6:c3:5a:ed:1d:54:d2:7b:98:
- aa:32:06:7e:b1:9c:fe:29:02:be:7e:f2:d6:75:0a:a8:21:e6:
- 38:6e:8d:29:60:65:64:5c:7a:1d:75:fd:48:ca:25:76:79:95:
- 19:0b:98:d5:76:14:c0:27:92:aa:f7:c6:1f:bc:82:65:d0:7c:
- ea:bb:a0:1c:e6:7b:0f:5d:87:8f:31:75:5a:79:49:cd:eb:1d:
- ee:02:e1:4c:ae:d0:89:78:d1:43:fb:ca:08:11:26:4c:46:43:
- a4:43:3f:55:a0:5c:d3:48:ee:e7:6c:c0:d1:1e:1c:7d:af:45:
- 0c:6f:31:33:df:28:dd:94:71:09:e5:1c:12:86:58:2a:78:0c:
- e3:05:5e:92:ae:fb:0b:2e:16:bb:9a:d0:b9:d8:77:8b:17:fb:
- fe:9a:0c:99:bb:1e:9a:ac:b4:dc:08:fa:6b:f8:48:fc:71:c7:
- 06:16:20:5c:38:19:66:f7:4d:86:e8:6e:f9:f9:4c:94:d7:df:
- 57:d4:2a:08:37:a7:71:17:51:37:3e:b3:8e:0a:5a:4c:1f:6c:
- 24:5a:df:4b:39:ec:a1:12:8a:c1:95:43:e8:6f:5a:63:b2:20:
- 1b:b0:c4:67:17:a9:be:c3:1d:04:99:26:37:f9:df:04:3d:e9:
- 26:54:d2:26:20:30:df:f8:1d:0e:1a:21:12:a5:b4:cf:ae:5f:
- 4b:87:6d:3c:a3:9f:5f:e9:ad:34:ed:38:59:8c:be:2b:c7:1a:
- 51:a3:b9:8a:1c:ae:47:b0:93:78:5a:21:fc:c1:91:6d:87:3c:
- 74:2a:a7:6f:fc:73:fe:6c:c8:17:19:2c:1f:2e:17:b9:62:38:
- bd:0e:81:fb:6e:39:94:25:55:21:d3:6a:6a:c4:3e:00:61:99:
- 00:33:d5:6b:36:2e:f6:d4:bf:bc:d0:a5:c6:51:95:aa:d4:67:
- aa:b7:a2:92:10:7a:96:51
------BEGIN CERTIFICATE-----
-MIID5zCCAc+gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwOTA2MTEwOFoXDTEw
-MDMwOTA2MTEwOFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaMzMDEwLwYIKwYBBQUH
-AQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vMTI3LjAuMC4xOjgwMA0GCSqGSIb3
-DQEBBQUAA4ICAQBss/mO8ubBXqVhlrN3mue7umz/DMxHt0/0mAhXD0DLSjvcUmQE
-M+PDlGUdpyvYWTt0N8wOBvrbjLVFCLH2Cz/I9tY2SpvfQVh8nYXk16OHZGgcDTO8
-87DHAXLu6OCb5L+xcezrymzFT7hmBkL9JKTTyzXR6AqI3f9OQ1mHlpoTCIvkxj89
-uF9fkaEvOb+nM0x9PTg9ufcV9uv2w1rtHVTSe5iqMgZ+sZz+KQK+fvLWdQqoIeY4
-bo0pYGVkXHoddf1IyiV2eZUZC5jVdhTAJ5Kq98YfvIJl0Hzqu6Ac5nsPXYePMXVa
-eUnN6x3uAuFMrtCJeNFD+8oIESZMRkOkQz9VoFzTSO7nbMDRHhx9r0UMbzEz3yjd
-lHEJ5RwShlgqeAzjBV6SrvsLLha7mtC52HeLF/v+mgyZux6arLTcCPpr+Ej8cccG
-FiBcOBlm902G6G75+UyU199X1CoIN6dxF1E3PrOOClpMH2wkWt9LOeyhEorBlUPo
-b1pjsiAbsMRnF6m+wx0EmSY3+d8EPekmVNImIDDf+B0OGiESpbTPrl9Lh208o59f
-6a007ThZjL4rxxpRo7mKHK5HsJN4WiH8wZFthzx0Kqdv/HP+bMgXGSwfLhe5Yji9
-DoH7bjmUJVUh02pqxD4AYZkAM9VrNi721L+80KXGUZWq1Geqt6KSEHqWUQ==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 5 (0x5)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 9 06:12:23 2009 GMT
- Not After : Mar 9 06:12:23 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:80
-
- Signature Algorithm: sha1WithRSAEncryption
- 4d:c8:99:4f:87:bc:aa:fa:03:99:57:b0:9b:56:a4:6a:7f:fc:
- 34:5d:ef:c5:9e:f1:d2:65:95:8c:f0:d6:47:9e:50:3b:1b:1f:
- 54:a7:75:6c:67:19:11:c4:c0:23:2f:a2:80:2c:08:84:10:63:
- 17:f5:4f:e7:24:53:cf:f6:52:64:b4:e6:5a:44:73:c9:f2:c0:
- 91:5f:23:2a:a4:4e:14:57:19:9e:82:82:d5:e1:cd:2e:1a:8d:
- 6c:45:e9:46:41:ec:25:e1:84:c9:f7:97:61:0c:2d:28:86:03:
- 1f:bf:8f:61:f2:b4:37:eb:e9:e7:9e:1a:55:1c:95:2d:50:f8:
- 1e:01:b8:3a:22:cb:18:00:43:ec:6c:6c:51:0c:ee:28:a1:85:
- 1c:b5:15:69:8b:0d:45:26:d9:48:19:d3:42:6a:e9:29:81:60:
- db:49:df:f0:1a:4b:82:68:f0:40:af:8b:22:1f:60:08:8a:40:
- e3:c1:cc:89:8f:28:12:ea:70:eb:a7:98:af:c8:2e:36:0d:5f:
- b9:eb:79:dc:64:f4:a6:70:91:00:f6:0e:81:bc:f6:35:d2:0a:
- ed:52:ff:2e:69:68:72:d1:19:32:39:47:80:82:c3:3d:36:98:
- 2f:9a:fe:6d:dc:7c:45:7a:fe:01:d6:36:de:53:92:4e:2c:0c:
- b1:a2:39:d1:5f:50:c4:6a:a1:2b:15:17:df:20:8f:dd:79:cf:
- f1:ce:76:df:fa:b1:f6:6b:67:e7:c7:3a:7d:2e:53:fe:f7:c2:
- 1f:b7:fa:71:09:b7:9f:83:91:0a:ce:eb:00:55:47:35:0b:ef:
- fc:ac:b2:03:e0:78:89:2d:56:a8:52:a1:93:6c:44:25:58:bd:
- 4a:ba:f9:85:23:fc:c0:db:4c:8b:95:54:be:ed:18:90:46:27:
- f1:3f:37:26:00:08:9f:fc:ce:5b:7e:64:26:46:51:42:c1:de:
- c4:2f:a8:73:74:0b:e6:48:aa:f3:01:df:63:36:d9:4b:6a:08:
- 02:ac:51:44:e9:ce:99:02:62:f5:87:d9:b2:a6:0b:77:bf:93:
- bd:ea:47:4c:6c:83:b5:0f:ca:ba:9b:55:8c:da:4f:87:63:d6:
- 32:87:b0:8a:74:3e:02:f5:47:96:dd:85:26:2e:43:63:96:45:
- 48:ca:45:b9:7c:4e:ae:93:69:0c:72:b2:c1:fe:81:ae:ab:be:
- e9:14:eb:ea:d6:e8:a4:a3:4f:dc:90:d5:10:b7:53:b7:85:81:
- aa:46:bc:c6:f6:97:1f:a7:55:0b:e2:45:e8:f9:ef:f4:62:88:
- bd:46:85:39:55:3c:32:92:1c:41:0c:cc:92:3b:17:9a:cc:ef:
- 2f:3b:c5:e0:39:cc:23:47
------BEGIN CERTIFICATE-----
-MIID5zCCAc+gAwIBAgIBBTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwOTA2MTIyM1oXDTEw
-MDMwOTA2MTIyM1owYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaMzMDEwLwYIKwYBBQUH
-AQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vMTI3LjAuMC4xOjgwMA0GCSqGSIb3
-DQEBBQUAA4ICAQBNyJlPh7yq+gOZV7CbVqRqf/w0Xe/FnvHSZZWM8NZHnlA7Gx9U
-p3VsZxkRxMAjL6KALAiEEGMX9U/nJFPP9lJktOZaRHPJ8sCRXyMqpE4UVxmegoLV
-4c0uGo1sRelGQewl4YTJ95dhDC0ohgMfv49h8rQ36+nnnhpVHJUtUPgeAbg6IssY
-AEPsbGxRDO4ooYUctRVpiw1FJtlIGdNCaukpgWDbSd/wGkuCaPBAr4siH2AIikDj
-wcyJjygS6nDrp5ivyC42DV+563ncZPSmcJEA9g6BvPY10grtUv8uaWhy0RkyOUeA
-gsM9Npgvmv5t3HxFev4B1jbeU5JOLAyxojnRX1DEaqErFRffII/dec/xznbf+rH2
-a2fnxzp9LlP+98Ift/pxCbefg5EKzusAVUc1C+/8rLID4HiJLVaoUqGTbEQlWL1K
-uvmFI/zA20yLlVS+7RiQRifxPzcmAAif/M5bfmQmRlFCwd7EL6hzdAvmSKrzAd9j
-NtlLaggCrFFE6c6ZAmL1h9mypgt3v5O96kdMbIO1D8q6m1WM2k+HY9Yyh7CKdD4C
-9UeW3YUmLkNjlkVIykW5fE6uk2kMcrLB/oGuq77pFOvq1uiko0/ckNUQt1O3hYGq
-RrzG9pcfp1UL4kXo+e/0Yoi9RoU5VTwykhxBDMySOxeazO8vO8XgOcwjRw==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 6 (0x6)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 10 00:10:31 2009 GMT
- Not After : Mar 10 00:10:31 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:d4:41:90:ba:e8:97:0c:89:05:f0:95:75:44:ff:
- f3:c9:b1:68:90:0a:83:a2:30:6d:f4:8d:2d:e1:ec:
- c7:bd:ba:24:39:bf:ae:29:fa:65:2b:c6:98:ee:13:
- 74:7c:5d:68:36:5b:b4:0c:ae:6b:99:40:b8:39:a2:
- df:fa:97:e3:62:37:ff:3c:ae:39:6a:1c:77:39:81:
- 2e:9d:c9:a4:30:e0:4c:e6:18:e9:57:04:a1:09:0b:
- ab:ac:00:9c:ca:65:96:59:1f:e9:21:86:9b:d8:ef:
- 86:db:99:70:1c:39:31:9f:48:f9:02:0d:4d:53:aa:
- ac:ad:f1:58:ca:84:98:44:95
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Extended Key Usage:
- OCSP Signing
- Signature Algorithm: sha1WithRSAEncryption
- a5:f6:ed:d3:38:76:cd:45:47:1f:0d:cf:67:ee:7d:e7:c5:dc:
- fe:a6:8d:88:3e:f8:29:dd:54:1c:a4:b7:3b:7b:a3:59:5d:64:
- 16:a9:2a:66:3b:3e:08:2d:32:88:0e:cd:8c:05:84:39:a0:19:
- 1f:91:24:ee:e9:a8:a7:b6:21:40:ca:12:d7:e5:98:4a:0f:d7:
- 31:e4:86:b0:1b:56:c1:38:d7:26:c2:fb:3d:2b:71:68:4c:a4:
- 80:16:2e:13:1a:d6:5e:92:b9:cf:ff:19:ea:65:49:b1:db:17:
- b8:d3:46:99:2c:12:20:51:6c:7d:a3:41:b3:88:f6:88:e2:07:
- 6e:49:6f:32:8d:dc:a0:e3:01:e6:5e:15:07:06:55:48:ae:f5:
- 77:8c:92:92:31:fa:06:29:5e:fc:16:1c:69:25:62:7e:6c:e4:
- 9b:60:c1:c9:28:6b:62:d3:72:bb:e6:a1:41:89:5d:56:5b:3f:
- 38:98:c0:c0:08:41:84:01:c1:cf:23:44:92:98:f7:47:40:a0:
- 8c:a7:29:a3:2d:15:f8:cd:7b:40:dc:84:8f:46:0f:d4:fe:78:
- 96:3a:53:01:31:64:47:3b:d8:50:92:7f:87:6c:94:ce:9e:07:
- 96:53:0a:c5:a8:2b:07:b4:8c:55:0d:e3:96:1b:fd:62:e8:19:
- c7:bc:ab:79:65:aa:83:5d:a3:94:db:84:23:e2:4c:ef:74:8f:
- 36:15:71:fd:a1:78:f0:c4:23:2e:ec:8b:de:df:23:58:6e:f6:
- c0:4a:ff:d0:b4:1b:f5:dd:e4:ab:bf:65:13:ee:ac:e4:86:31:
- 35:60:8d:04:bd:a3:90:35:11:b6:55:86:65:22:ec:ae:ef:65:
- 06:27:91:b7:a3:a0:84:83:c3:ae:fb:39:0b:74:c2:aa:da:2e:
- 52:27:5a:07:10:ba:10:a8:2c:54:c1:87:4d:cb:d5:fa:6f:6a:
- fe:1b:61:74:79:96:c4:b1:26:61:2d:26:6a:59:07:cd:20:11:
- 15:13:78:9b:77:5b:65:43:17:e0:0a:6e:6e:e5:72:37:58:3a:
- 96:e4:28:08:56:c5:78:2a:e8:ac:cb:44:66:25:a4:19:8a:bb:
- c8:10:8f:25:0d:93:a2:e8:d0:58:85:69:b0:fd:fa:38:83:90:
- 29:84:57:1c:39:6c:52:87:f5:4b:de:cf:c6:b8:4a:e2:a2:c8:
- c9:4e:7a:a3:51:13:d7:62:3a:31:7c:b9:ad:df:1e:a2:2f:c6:
- 5f:3f:f9:e3:e7:e2:8d:6c:1d:49:93:b7:ea:84:80:01:41:6e:
- 8d:a4:00:4e:9c:8b:5a:6f:84:6e:04:a2:7c:9c:e7:6b:30:50:
- a5:1d:2d:2e:00:24:6c:6b
------BEGIN CERTIFICATE-----
-MIIDuzCCAaOgAwIBAgIBBjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMDAwMTAzMVoXDTEw
-MDMxMDAwMTAzMVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUQZC66JcMiQXwlXVE//PJsWiQ
-CoOiMG30jS3h7Me9uiQ5v64p+mUrxpjuE3R8XWg2W7QMrmuZQLg5ot/6l+NiN/88
-rjlqHHc5gS6dyaQw4EzmGOlXBKEJC6usAJzKZZZZH+khhpvY74bbmXAcOTGfSPkC
-DU1Tqqyt8VjKhJhElQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkq
-hkiG9w0BAQUFAAOCAgEApfbt0zh2zUVHHw3PZ+5958Xc/qaNiD74Kd1UHKS3O3uj
-WV1kFqkqZjs+CC0yiA7NjAWEOaAZH5Ek7umop7YhQMoS1+WYSg/XMeSGsBtWwTjX
-JsL7PStxaEykgBYuExrWXpK5z/8Z6mVJsdsXuNNGmSwSIFFsfaNBs4j2iOIHbklv
-Mo3coOMB5l4VBwZVSK71d4ySkjH6Bile/BYcaSVifmzkm2DByShrYtNyu+ahQYld
-Vls/OJjAwAhBhAHBzyNEkpj3R0CgjKcpoy0V+M17QNyEj0YP1P54ljpTATFkRzvY
-UJJ/h2yUzp4HllMKxagrB7SMVQ3jlhv9YugZx7yreWWqg12jlNuEI+JM73SPNhVx
-/aF48MQjLuyL3t8jWG72wEr/0LQb9d3kq79lE+6s5IYxNWCNBL2jkDURtlWGZSLs
-ru9lBieRt6OghIPDrvs5C3TCqtouUidaBxC6EKgsVMGHTcvV+m9q/hthdHmWxLEm
-YS0malkHzSARFRN4m3dbZUMX4ApubuVyN1g6luQoCFbFeCrorMtEZiWkGYq7yBCP
-JQ2ToujQWIVpsP36OIOQKYRXHDlsUof1S97PxrhK4qLIyU56o1ET12I6MXy5rd8e
-oi/GXz/54+fijWwdSZO36oSAAUFujaQATpyLWm+EbgSifJznazBQpR0tLgAkbGs=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 7 (0x7)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 10 00:14:51 2009 GMT
- Not After : Mar 10 00:14:51 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
- 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
- cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
- ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
- 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
- b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
- ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
- 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
- c7:92:f2:b3:ba:6c:90:3d:71
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Extended Key Usage:
- OCSP Signing
- Signature Algorithm: sha1WithRSAEncryption
- 2d:28:82:cc:79:30:2e:b5:8e:4f:d9:3b:f4:8b:c8:a3:e6:3b:
- cb:2c:0f:97:1c:8b:7f:06:e1:5d:3b:ec:af:c5:de:ef:c4:fa:
- 0b:63:ee:cb:ad:60:7f:42:6f:82:6d:f2:fb:bb:9a:36:f7:1a:
- 6c:9c:82:e8:17:18:41:35:47:72:e8:36:b4:1a:c1:ae:59:7c:
- 92:07:62:8f:00:9a:2e:c8:5e:62:20:5f:14:82:0d:fe:de:04:
- c8:b0:b6:03:d4:aa:41:70:4f:f9:05:ba:b5:c7:3c:36:a0:68:
- 81:c5:82:91:56:fc:65:fe:73:c4:b3:91:d2:c4:51:16:cb:48:
- 32:e3:b1:ea:a4:dc:e0:de:9b:f2:75:22:cd:04:2d:2d:c9:76:
- aa:3b:b8:c6:1a:86:86:1f:a7:11:e0:6d:16:f4:5b:b3:09:1d:
- 34:c1:0e:1a:c8:21:82:91:73:bc:e5:c5:cb:d3:ed:46:d5:f5:
- a6:f8:65:a6:91:7b:cd:a9:0d:a6:37:3e:d9:3f:6f:c4:c7:aa:
- d9:95:75:dc:6d:38:9e:54:3d:0f:a1:26:16:28:71:6b:14:9e:
- be:66:8b:f4:71:c1:3e:34:a0:a1:5d:da:31:1c:63:9f:9d:01:
- 7f:62:13:9d:3b:74:a2:b3:0a:d5:24:c0:35:07:c0:6d:20:c1:
- 2a:21:fb:82:a5:9c:eb:3e:ce:25:57:02:d6:38:77:5e:a0:2a:
- 52:0c:f7:3f:f3:d3:aa:0c:53:a9:1c:e9:39:d7:0d:96:28:b8:
- e2:e9:1c:e3:92:12:1e:e1:3e:44:5a:fb:25:1e:2c:74:a9:93:
- 24:a0:f0:02:63:bf:e2:45:a0:c5:6f:40:e4:3b:b2:b1:f1:0a:
- 19:89:b9:54:d6:61:21:3d:7b:4b:91:fe:d9:f0:e1:48:20:d9:
- 0b:e2:be:dd:f7:5b:6f:c8:76:ca:74:9f:a5:4a:9a:9c:1d:f0:
- ec:40:72:82:67:fc:2a:9f:4e:f1:7f:e4:b5:7e:c0:3f:22:36:
- 18:c3:48:88:7f:0c:2d:26:cc:40:c5:82:bd:23:e5:6c:ce:3c:
- 27:19:27:fe:7b:1b:fa:cb:38:0a:9f:a6:44:4b:c2:22:63:68:
- 3c:fa:86:11:af:5d:05:7c:5b:fd:26:9a:78:18:c7:f6:1e:1f:
- 69:b9:ba:71:3b:dc:95:c1:3f:59:17:42:f1:48:2b:10:5f:67:
- 46:32:37:4a:1a:85:d0:00:81:92:50:6c:29:80:e1:b5:bf:52:
- a8:79:c0:5d:b9:36:e3:f7:d5:69:dc:de:54:13:c0:d3:6e:7a:
- 9c:a8:e9:e4:f6:57:ed:aa:bd:6e:c1:c5:35:ed:72:17:65:e3:
- cd:f0:a3:a0:10:95:b8:70
------BEGIN CERTIFICATE-----
-MIIDuzCCAaOgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMDAwMTQ1MVoXDTEw
-MDMxMDAwMTQ1MVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
-rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
-sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
-j9ppRseS8rO6bJA9cQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkq
-hkiG9w0BAQUFAAOCAgEALSiCzHkwLrWOT9k79IvIo+Y7yywPlxyLfwbhXTvsr8Xe
-78T6C2Puy61gf0Jvgm3y+7uaNvcabJyC6BcYQTVHcug2tBrBrll8kgdijwCaLshe
-YiBfFIIN/t4EyLC2A9SqQXBP+QW6tcc8NqBogcWCkVb8Zf5zxLOR0sRRFstIMuOx
-6qTc4N6b8nUizQQtLcl2qju4xhqGhh+nEeBtFvRbswkdNMEOGsghgpFzvOXFy9Pt
-RtX1pvhlppF7zakNpjc+2T9vxMeq2ZV13G04nlQ9D6EmFihxaxSevmaL9HHBPjSg
-oV3aMRxjn50Bf2ITnTt0orMK1STANQfAbSDBKiH7gqWc6z7OJVcC1jh3XqAqUgz3
-P/PTqgxTqRzpOdcNlii44ukc45ISHuE+RFr7JR4sdKmTJKDwAmO/4kWgxW9A5Duy
-sfEKGYm5VNZhIT17S5H+2fDhSCDZC+K+3fdbb8h2ynSfpUqanB3w7EBygmf8Kp9O
-8X/ktX7APyI2GMNIiH8MLSbMQMWCvSPlbM48Jxkn/nsb+ss4Cp+mREvCImNoPPqG
-Ea9dBXxb/SaaeBjH9h4fabm6cTvclcE/WRdC8UgrEF9nRjI3ShqF0ACBklBsKYDh
-tb9SqHnAXbk24/fVadzeVBPA0256nKjp5PZX7aq9bsHFNe1yF2XjzfCjoBCVuHA=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 8 (0x8)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 10 08:04:09 2009 GMT
- Not After : Mar 10 08:04:09 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:80/0001
-
- Signature Algorithm: sha1WithRSAEncryption
- 71:65:df:93:41:79:18:74:88:43:3b:dd:0f:b4:ac:96:16:f3:
- 0c:39:28:03:3e:3a:ee:0f:ce:d8:8c:14:3d:ae:e7:f8:a5:ff:
- 2f:f3:a9:17:0e:a3:6f:d0:a0:97:bb:b9:96:ba:ec:fc:3f:ef:
- 86:5c:d0:1c:66:2a:ac:7a:ca:a4:c2:4b:a3:6d:5f:3e:eb:e3:
- df:c7:74:d8:b8:04:ab:de:91:96:26:1b:83:78:6e:4c:37:ad:
- b1:90:e8:35:b2:da:fb:ee:8b:75:02:21:a0:11:b7:52:4f:90:
- 86:6c:5a:be:74:b8:cf:3b:0c:ff:08:27:f5:d9:13:62:fc:8e:
- 61:35:bb:48:fa:28:d0:5d:1b:73:4b:c3:29:d0:e0:b4:9b:9f:
- 59:9e:6a:5d:7a:55:4f:91:94:28:0c:76:e5:9e:83:db:f9:1e:
- 44:98:5d:6c:a6:2e:a0:b2:bf:f3:f0:d8:45:46:77:26:32:32:
- 2f:a2:8a:80:37:81:78:74:5f:91:e8:25:a7:bd:d2:34:cb:57:
- 80:d3:cf:1d:b1:2d:fb:d1:fd:0b:84:a5:86:f1:c9:25:06:3a:
- 65:06:8b:e8:b0:6b:57:35:73:30:18:a9:fe:c6:6f:8c:63:45:
- 62:c3:8b:f6:d8:70:38:8a:e7:c2:63:0e:4a:4b:a7:d8:45:42:
- 59:96:af:05:4c:ac:fe:d5:cc:45:7e:b6:30:39:52:f2:e8:26:
- 0d:22:be:b6:bf:e9:d4:ff:f7:5a:55:b3:5c:86:95:72:01:06:
- d8:58:26:21:9b:b9:02:f0:03:84:16:d3:f0:20:cb:7d:28:c8:
- f5:6d:d8:8e:57:29:f8:ba:c2:f4:e5:ea:d2:f1:6e:8b:44:f1:
- a0:1a:5b:e8:e1:e2:a1:6c:18:a5:06:df:d0:94:6c:20:34:c1:
- 0c:5e:e5:fc:d8:74:e6:a1:6a:a5:00:ca:30:a3:6b:71:8b:3c:
- 27:8b:c0:b5:2a:e0:78:10:8a:8b:ae:0b:ff:8a:f2:ef:e1:1e:
- dd:2a:d5:2f:8f:98:b1:4d:db:66:6b:b1:bd:85:d6:36:bd:19:
- 29:bd:40:1d:1a:b5:7f:77:a5:08:3f:98:07:38:82:e5:e3:53:
- b7:cc:54:66:e0:f2:b7:4c:0c:da:3c:5b:5f:d9:9b:f6:86:e2:
- e6:c8:d4:9a:81:e2:5b:e3:a7:0d:d9:4c:ac:98:b2:b7:de:56:
- 2c:82:3a:a2:64:55:36:2b:d5:95:1c:ff:bd:25:1c:9e:a1:55:
- d6:00:c2:ae:d3:54:63:33:ac:30:dd:52:90:78:53:9f:7c:b4:
- 72:4c:1a:3e:b1:90:5e:ce:af:a0:d7:5f:3e:dd:c5:28:42:03:
- ea:a7:5e:5b:ff:fa:b0:89
------BEGIN CERTIFICATE-----
-MIID7DCCAdSgAwIBAgIBCDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMDA4MDQwOVoXDTEw
-MDMxMDA4MDQwOVowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
-AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgwLzAwMDEwDQYJ
-KoZIhvcNAQEFBQADggIBAHFl35NBeRh0iEM73Q+0rJYW8ww5KAM+Ou4PztiMFD2u
-5/il/y/zqRcOo2/QoJe7uZa67Pw/74Zc0BxmKqx6yqTCS6NtXz7r49/HdNi4BKve
-kZYmG4N4bkw3rbGQ6DWy2vvui3UCIaARt1JPkIZsWr50uM87DP8IJ/XZE2L8jmE1
-u0j6KNBdG3NLwynQ4LSbn1meal16VU+RlCgMduWeg9v5HkSYXWymLqCyv/Pw2EVG
-dyYyMi+iioA3gXh0X5HoJae90jTLV4DTzx2xLfvR/QuEpYbxySUGOmUGi+iwa1c1
-czAYqf7Gb4xjRWLDi/bYcDiK58JjDkpLp9hFQlmWrwVMrP7VzEV+tjA5UvLoJg0i
-vra/6dT/91pVs1yGlXIBBthYJiGbuQLwA4QW0/Agy30oyPVt2I5XKfi6wvTl6tLx
-botE8aAaW+jh4qFsGKUG39CUbCA0wQxe5fzYdOahaqUAyjCja3GLPCeLwLUq4HgQ
-iouuC/+K8u/hHt0q1S+PmLFN22Zrsb2F1ja9GSm9QB0atX93pQg/mAc4guXjU7fM
-VGbg8rdMDNo8W1/Zm/aG4ubI1JqB4lvjpw3ZTKyYsrfeViyCOqJkVTYr1ZUc/70l
-HJ6hVdYAwq7TVGMzrDDdUpB4U598tHJMGj6xkF7Or6DXXz7dxShCA+qnXlv/+rCJ
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 9 (0x9)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 11 10:49:52 2009 GMT
- Not After : Mar 11 10:49:52 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
- 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
- cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
- ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
- 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
- b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
- ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
- 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
- c7:92:f2:b3:ba:6c:90:3d:71
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- CB:F2:C4:A9:D8:FB:EB:6D:99:08:AB:41:10:5D:9F:90:77:73:E5:AA
- X509v3 Authority Key Identifier:
- DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA
- serial:F2:5B:40:5B:C2:B7:D0:64
-
- Signature Algorithm: sha1WithRSAEncryption
- 38:fc:55:d5:e9:ae:c2:64:71:3d:ec:7d:b3:b3:a2:3c:cc:81:
- 97:19:5d:88:b1:a9:64:44:0a:74:80:80:5d:b8:c2:1f:8b:e6:
- 8f:ae:03:e1:61:ba:68:ff:16:2e:8e:c4:81:44:ce:ac:06:db:
- c1:57:d3:e5:a3:f6:e2:02:78:b5:a3:ef:04:57:3a:59:f4:df:
- 46:d2:18:61:8b:06:fc:57:15:39:0f:22:c7:81:3c:df:51:9e:
- c1:ac:b4:21:81:4b:1f:90:36:9a:dc:6b:4d:5d:7d:2a:e5:ab:
- d9:fe:5c:58:17:c3:58:01:a2:3d:d5:f9:e4:d8:e8:fe:be:e1:
- da:8d:30:e2:22:ef:59:48:8f:0f:ba:09:66:64:96:85:d5:b1:
- 90:b6:51:cc:99:35:5b:d9:e6:c4:57:07:98:c7:f5:68:7d:e2:
- 59:40:82:ae:9f:64:02:47:43:69:27:4a:9c:e4:70:b4:a9:20:
- c1:4f:10:9a:50:eb:c1:52:75:a6:72:84:cc:92:b4:cd:e1:36:
- e8:1a:ad:19:dc:0e:a2:49:e8:c8:0d:cd:ea:97:53:fc:a4:ea:
- 0d:16:81:af:41:38:90:b2:c8:69:f4:1c:55:1c:18:84:1b:b4:
- 82:c9:c0:c7:45:d8:6c:3a:b6:0e:9b:89:f1:20:c0:a9:0d:cf:
- b9:ae:84:19:7f:4c:2b:be:46:4d:61:b3:bc:56:ed:a2:01:4d:
- 46:a9:2d:bb:3b:73:5b:18:fc:eb:7f:60:d5:ac:60:92:f4:c0:
- 73:14:54:f1:be:c5:90:e9:f0:37:69:20:cb:a7:e9:74:52:e4:
- 30:38:b9:20:44:5e:9d:eb:86:ae:ed:38:8d:7d:32:59:d7:d7:
- 0b:8e:78:28:a3:3b:5e:f5:a4:35:f7:fe:e9:19:4c:7a:82:c0:
- 19:0f:99:bb:49:ba:38:8e:78:5c:5f:a5:7c:f7:58:aa:53:6c:
- d0:bd:6a:4a:87:e7:27:f8:7a:75:cf:0d:d0:98:93:5d:8f:e2:
- 85:cf:4c:93:18:34:bf:40:4c:b9:16:00:1d:ec:ce:bd:93:78:
- 46:80:d9:89:a5:52:41:db:f0:8b:13:f0:07:7c:35:dc:69:69:
- 16:67:31:60:ea:27:34:cb:8a:9b:d9:98:48:f6:fa:77:74:9d:
- 07:a8:60:df:74:e9:e1:25:5f:83:78:0d:69:37:b4:a5:78:7d:
- 0d:0f:e0:17:b9:42:7f:9e:41:33:5a:f3:b0:80:3e:f2:ed:5e:
- 93:60:8a:4e:88:a2:5e:40:ae:f9:ec:11:cb:76:0d:b6:ee:54:
- 31:f0:a3:37:9e:0f:22:c4:b8:c5:63:24:8c:c5:a9:24:c9:1b:
- 27:c6:1b:69:21:08:8c:33
------BEGIN CERTIFICATE-----
-MIIEdjCCAl6gAwIBAgIBCTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMTEwNDk1MloXDTEw
-MDMxMTEwNDk1MlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
-rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
-sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
-j9ppRseS8rO6bJA9cQIDAQABo4HRMIHOMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgEN
-BB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTL8sSp
-2PvrbZkIq0EQXZ+Qd3PlqjB0BgNVHSMEbTBroV6kXDBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBggkA8ltAW8K30GQwDQYJKoZIhvcN
-AQEFBQADggIBADj8VdXprsJkcT3sfbOzojzMgZcZXYixqWRECnSAgF24wh+L5o+u
-A+Fhumj/Fi6OxIFEzqwG28FX0+Wj9uICeLWj7wRXOln030bSGGGLBvxXFTkPIseB
-PN9RnsGstCGBSx+QNprca01dfSrlq9n+XFgXw1gBoj3V+eTY6P6+4dqNMOIi71lI
-jw+6CWZkloXVsZC2UcyZNVvZ5sRXB5jH9Wh94llAgq6fZAJHQ2knSpzkcLSpIMFP
-EJpQ68FSdaZyhMyStM3hNugarRncDqJJ6MgNzeqXU/yk6g0Wga9BOJCyyGn0HFUc
-GIQbtILJwMdF2Gw6tg6bifEgwKkNz7muhBl/TCu+Rk1hs7xW7aIBTUapLbs7c1sY
-/Ot/YNWsYJL0wHMUVPG+xZDp8DdpIMun6XRS5DA4uSBEXp3rhq7tOI19MlnX1wuO
-eCijO171pDX3/ukZTHqCwBkPmbtJujiOeFxfpXz3WKpTbNC9akqH5yf4enXPDdCY
-k12P4oXPTJMYNL9ATLkWAB3szr2TeEaA2YmlUkHb8IsT8Ad8NdxpaRZnMWDqJzTL
-ipvZmEj2+nd0nQeoYN906eElX4N4DWk3tKV4fQ0P4Be5Qn+eQTNa87CAPvLtXpNg
-ik6Iol5ArvnsEct2DbbuVDHwozeeDyLEuMVjJIzFqSTJGyfGG2khCIwz
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 10 (0xa)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 13 01:19:18 2009 GMT
- Not After : Mar 13 01:19:18 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:81/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- c2:1a:cb:28:cf:52:fa:67:16:85:c5:cb:7b:b8:4c:75:20:06:
- 62:ab:43:9f:95:f6:d8:98:ab:26:ec:89:32:d6:14:15:cb:5d:
- 5c:17:a4:4f:b5:c7:0e:9c:3e:f3:f0:11:ea:db:9d:5b:29:e8:
- 8d:14:1e:bb:46:1e:10:68:01:4f:3a:1b:40:4a:4c:a2:47:b4:
- b5:e6:c4:97:ce:df:56:a5:29:60:f5:e2:6e:d6:29:01:b8:23:
- 2a:58:89:d3:5f:6a:06:28:b6:b6:5b:0f:c7:ae:62:d2:9b:32:
- 06:ac:82:c4:f0:a1:fe:89:af:99:23:e4:7c:98:76:b0:e4:64:
- 6b:17:24:67:fa:f4:41:65:4e:c6:1d:cc:89:52:8c:4a:52:26:
- 8a:42:5b:7f:1a:93:d0:53:93:57:65:3f:6f:23:17:1c:68:13:
- 58:13:50:f7:9f:a5:32:2e:5f:20:23:9e:b4:a2:75:fb:a7:d8:
- 3a:c8:6c:86:18:b8:e0:09:08:c9:ec:b2:a6:6b:43:c2:c7:af:
- b6:c2:a4:97:cc:35:d5:06:38:1d:73:7f:4b:ca:54:9f:b6:94:
- 2d:82:81:62:37:b8:74:8a:33:1c:ed:52:4f:8f:5b:88:fd:b4:
- 61:97:2e:b9:2b:99:0b:5a:f6:2a:03:bc:e2:6f:d1:16:cc:da:
- be:97:26:06:e8:50:1f:e7:01:ec:5f:d8:d7:ca:74:84:70:48:
- 55:3c:6f:c8:31:ed:0c:39:7a:7f:ed:81:7a:ed:f4:3b:e1:06:
- 07:1d:f1:3b:81:ae:7d:1c:c7:6a:74:d9:a0:de:3f:ce:f4:d1:
- 9b:ea:43:f7:e0:46:7e:ae:a2:42:2b:58:3d:a3:c3:1c:37:2d:
- b7:6b:5d:3a:64:9f:97:e1:a4:1b:7e:63:06:1c:7b:3b:fa:73:
- a3:41:a9:65:bd:3f:42:38:ab:27:cc:07:b4:d2:0f:f8:04:26:
- 47:17:55:a6:30:83:81:87:28:55:7f:c1:53:ba:f1:09:5a:78:
- cb:05:1a:08:45:42:89:78:0e:2d:a3:ed:a3:d0:70:5c:bc:0f:
- f5:ee:52:dd:04:37:25:d2:20:e9:d9:e7:08:ef:39:83:e3:71:
- 4f:87:1d:1b:20:57:e1:7e:18:c8:30:1d:16:c5:5a:8b:8b:b3:
- f7:28:c8:7a:7f:e1:9a:60:25:49:bc:60:c0:95:3f:8d:8a:67:
- af:2d:ca:d5:e0:70:f1:07:2c:77:ea:61:72:64:cb:b5:56:fc:
- 9d:42:d4:99:19:ae:75:4d:61:0b:49:42:fb:fa:25:44:de:fa:
- d7:98:39:7c:32:3e:9c:57:a9:51:82:63:f5:93:dd:fd:da:a8:
- 04:96:67:8e:c6:2b:5f:59
------BEGIN CERTIFICATE-----
-MIID7DCCAdSgAwIBAgIBCjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAxMTkxOFoXDTEw
-MDMxMzAxMTkxOFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
-AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgxLzAwMDIwDQYJ
-KoZIhvcNAQEFBQADggIBAMIayyjPUvpnFoXFy3u4THUgBmKrQ5+V9tiYqybsiTLW
-FBXLXVwXpE+1xw6cPvPwEerbnVsp6I0UHrtGHhBoAU86G0BKTKJHtLXmxJfO31al
-KWD14m7WKQG4IypYidNfagYotrZbD8euYtKbMgasgsTwof6Jr5kj5HyYdrDkZGsX
-JGf69EFlTsYdzIlSjEpSJopCW38ak9BTk1dlP28jFxxoE1gTUPefpTIuXyAjnrSi
-dfun2DrIbIYYuOAJCMnssqZrQ8LHr7bCpJfMNdUGOB1zf0vKVJ+2lC2CgWI3uHSK
-MxztUk+PW4j9tGGXLrkrmQta9ioDvOJv0RbM2r6XJgboUB/nAexf2NfKdIRwSFU8
-b8gx7Qw5en/tgXrt9DvhBgcd8TuBrn0cx2p02aDeP8700ZvqQ/fgRn6uokIrWD2j
-wxw3LbdrXTpkn5fhpBt+YwYcezv6c6NBqWW9P0I4qyfMB7TSD/gEJkcXVaYwg4GH
-KFV/wVO68QlaeMsFGghFQol4Di2j7aPQcFy8D/XuUt0ENyXSIOnZ5wjvOYPjcU+H
-HRsgV+F+GMgwHRbFWouLs/coyHp/4ZpgJUm8YMCVP42KZ68tytXgcPEHLHfqYXJk
-y7VW/J1C1JkZrnVNYQtJQvv6JUTe+teYOXwyPpxXqVGCY/WT3f3aqASWZ47GK19Z
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 11 (0xb)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 13 02:27:03 2009 GMT
- Not After : Mar 13 02:27:03 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:82/0003
-
- Signature Algorithm: sha1WithRSAEncryption
- ae:34:5f:7e:66:8f:b1:5c:eb:da:31:33:60:29:43:c6:be:d7:
- 1b:4e:22:97:41:9e:7a:0f:7f:e0:3b:d0:6e:6a:50:ba:a1:1f:
- f0:78:e6:b0:a6:a2:08:c1:6f:5b:db:9f:42:a0:ba:8e:6b:99:
- c3:91:a1:81:16:79:65:6c:bc:ca:76:b7:06:d9:89:ba:ad:12:
- 32:32:b7:c3:c3:18:e2:7d:d5:88:4c:19:ab:33:03:70:c1:b3:
- 14:1e:f4:b3:93:c9:73:94:f5:38:0a:52:da:b9:ef:76:32:fd:
- 6d:d3:a2:ff:13:52:da:e1:d5:d6:8e:db:35:5b:df:dd:60:aa:
- 99:2d:4e:bb:d4:08:43:8e:86:3c:28:51:bc:5e:d0:bd:08:7a:
- 62:c7:ae:73:f3:92:60:b6:59:19:f3:ca:8a:fe:70:1a:67:c7:
- 7e:95:79:f1:79:2c:56:2c:17:28:03:86:49:86:54:e0:3b:f2:
- c1:ef:0f:12:cb:f9:4c:0d:fe:b9:7a:23:13:bc:67:ce:6b:d9:
- 9a:68:68:71:00:ab:aa:f7:43:1a:1c:be:35:dd:69:cc:88:50:
- 41:db:5a:41:e5:a5:9a:bc:2d:2b:fd:0d:52:e8:c5:ac:13:9e:
- d4:99:12:2d:6d:01:10:e6:44:87:07:b2:b9:b6:54:84:69:c9:
- 76:1b:c6:a5:cc:58:7b:82:14:78:9b:f1:79:19:25:44:86:56:
- e1:ce:0c:bf:7a:4e:23:d7:12:f4:b6:60:d6:1d:44:db:d6:97:
- 89:a9:54:36:75:91:d6:ef:88:01:94:cd:52:d4:6d:b3:7e:6d:
- 61:75:fc:e0:c8:ad:ee:0a:b2:f9:e2:33:42:08:c3:f9:d1:46:
- 6f:50:47:2d:51:e3:25:c3:cc:c5:1f:a9:04:8b:90:29:8f:1f:
- 94:c9:de:c2:16:1a:60:e7:a0:03:65:17:3e:45:c5:5a:66:f2:
- ff:9d:1d:1f:4d:ed:f3:92:76:70:a2:7d:43:ef:6d:e8:23:b8:
- 9d:ad:dd:24:0b:59:22:1a:5a:0b:25:2e:55:a1:57:5b:c9:40:
- cc:60:3e:a9:73:29:94:8e:83:dc:4e:25:54:6a:79:dc:f2:71:
- 28:4d:c9:ec:b4:96:ad:36:8c:cb:e0:cb:54:0e:1f:e9:86:0b:
- c0:32:c2:66:3b:35:e5:45:54:a0:1d:2c:3e:c2:fb:a0:b0:b2:
- d1:7a:cc:fc:1f:37:81:8a:89:af:fd:60:e8:50:95:33:4a:12:
- 98:7f:f6:51:c4:de:06:d9:8c:d0:11:b7:fb:a8:07:b4:8a:70:
- a2:3b:dc:5f:1b:d3:46:f9:e4:c7:46:b3:e9:38:bd:20:6f:7c:
- 6b:d6:07:4d:90:c7:67:0a
------BEGIN CERTIFICATE-----
-MIID7DCCAdSgAwIBAgIBCzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAyMjcwM1oXDTEw
-MDMxMzAyMjcwM1owYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
-AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgyLzAwMDMwDQYJ
-KoZIhvcNAQEFBQADggIBAK40X35mj7Fc69oxM2ApQ8a+1xtOIpdBnnoPf+A70G5q
-ULqhH/B45rCmogjBb1vbn0Kguo5rmcORoYEWeWVsvMp2twbZibqtEjIyt8PDGOJ9
-1YhMGaszA3DBsxQe9LOTyXOU9TgKUtq573Yy/W3Tov8TUtrh1daO2zVb391gqpkt
-TrvUCEOOhjwoUbxe0L0IemLHrnPzkmC2WRnzyor+cBpnx36VefF5LFYsFygDhkmG
-VOA78sHvDxLL+UwN/rl6IxO8Z85r2ZpoaHEAq6r3QxocvjXdacyIUEHbWkHlpZq8
-LSv9DVLoxawTntSZEi1tARDmRIcHsrm2VIRpyXYbxqXMWHuCFHib8XkZJUSGVuHO
-DL96TiPXEvS2YNYdRNvWl4mpVDZ1kdbviAGUzVLUbbN+bWF1/ODIre4KsvniM0II
-w/nRRm9QRy1R4yXDzMUfqQSLkCmPH5TJ3sIWGmDnoANlFz5FxVpm8v+dHR9N7fOS
-dnCifUPvbegjuJ2t3SQLWSIaWgslLlWhV1vJQMxgPqlzKZSOg9xOJVRqedzycShN
-yey0lq02jMvgy1QOH+mGC8AywmY7NeVFVKAdLD7C+6CwstF6zPwfN4GKia/9YOhQ
-lTNKEph/9lHE3gbZjNARt/uoB7SKcKI73F8b00b55MdGs+k4vSBvfGvWB02Qx2cK
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 12 (0xc)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 13 02:37:59 2009 GMT
- Not After : Mar 13 02:37:59 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
- 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
- cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
- ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
- 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
- b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
- ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
- 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
- c7:92:f2:b3:ba:6c:90:3d:71
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Extended Key Usage:
- OCSP Signing
- Signature Algorithm: sha1WithRSAEncryption
- 83:b5:a0:1e:ef:2c:c8:07:9b:9b:e3:cc:d4:af:39:f0:cb:88:
- bd:8e:8b:e2:66:95:43:4a:a7:4d:19:9b:44:1b:99:4a:57:2d:
- 1e:38:d6:06:9b:49:99:17:57:37:74:bd:fd:3f:63:2e:8f:5e:
- 87:00:66:bc:29:04:0f:34:a5:85:5b:e4:85:17:6f:3e:a4:3e:
- e6:97:dd:90:64:1b:00:6a:37:e0:29:7a:3d:76:d7:9b:ff:e5:
- 08:8f:d1:8d:77:f8:de:44:f7:00:b8:d3:d8:e8:07:7a:28:2a:
- 26:ca:63:b1:47:69:3b:c4:8c:ce:af:1e:15:53:ec:31:92:ba:
- 02:f4:e5:51:d9:dd:c7:37:44:9f:d3:28:fd:fb:05:ab:db:06:
- 51:2b:84:bb:7a:b7:99:1c:f6:8f:d1:37:ac:aa:38:16:f1:08:
- e1:ee:a1:43:b3:d9:fb:ea:83:9a:cc:e7:75:3e:98:79:86:2c:
- 60:32:08:43:a7:01:f9:75:cc:2e:77:8a:de:85:04:5a:4c:90:
- 5b:64:29:33:38:14:bd:7e:e4:1e:0b:7c:47:14:23:57:94:e5:
- ca:53:dd:c4:30:83:77:b7:42:e6:5f:1a:02:d4:6c:08:8a:55:
- 78:1d:3f:50:0b:0e:bf:03:af:4c:f7:a6:7a:da:33:f3:a6:62:
- 5e:25:89:e9:a8:f4:7c:06:16:6e:28:c5:f9:82:4b:b3:39:b0:
- bb:72:d0:15:5e:dd:ba:d5:bd:b1:7d:50:22:1d:92:10:65:bf:
- 99:45:01:0b:d0:a5:e0:5f:37:c3:d3:92:58:28:9b:97:c5:96:
- a5:2e:27:fc:86:04:11:9a:1c:84:0a:f2:37:51:27:1d:df:e8:
- 1a:c4:94:d1:53:39:7f:27:eb:16:ca:27:77:d1:f8:46:fe:d7:
- e8:ab:06:94:87:66:dc:03:c4:cb:a9:9d:21:0c:f4:93:d0:d3:
- d5:45:a5:56:28:37:d6:81:be:9c:18:98:b3:b1:f2:b9:1a:ad:
- 98:e8:92:39:a2:eb:c5:f4:d0:2f:82:09:ce:7e:dd:0e:94:cc:
- 80:8e:e5:af:04:06:67:04:c1:23:ee:4a:06:c0:5c:ac:75:b1:
- ed:e2:d0:8f:8d:8b:23:3a:94:3b:41:78:48:7c:c8:f7:dc:53:
- 1d:0b:fa:14:70:0c:ed:d3:8b:84:4c:81:d5:f0:d7:b2:3a:27:
- e6:82:ad:12:18:4d:19:b3:65:e6:de:fa:14:11:10:c8:66:cc:
- f7:b2:08:af:90:02:62:51:d1:31:aa:7e:f9:1c:b4:99:83:b8:
- e3:26:18:78:f3:7f:3a:c7:b5:59:eb:cb:32:8b:39:a4:86:14:
- 0a:55:3e:1d:24:56:2f:97
------BEGIN CERTIFICATE-----
-MIIDuzCCAaOgAwIBAgIBDDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAyMzc1OVoXDTEw
-MDMxMzAyMzc1OVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
-rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
-sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
-j9ppRseS8rO6bJA9cQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkq
-hkiG9w0BAQUFAAOCAgEAg7WgHu8syAebm+PM1K858MuIvY6L4maVQ0qnTRmbRBuZ
-SlctHjjWBptJmRdXN3S9/T9jLo9ehwBmvCkEDzSlhVvkhRdvPqQ+5pfdkGQbAGo3
-4Cl6PXbXm//lCI/RjXf43kT3ALjT2OgHeigqJspjsUdpO8SMzq8eFVPsMZK6AvTl
-UdndxzdEn9Mo/fsFq9sGUSuEu3q3mRz2j9E3rKo4FvEI4e6hQ7PZ++qDmszndT6Y
-eYYsYDIIQ6cB+XXMLneK3oUEWkyQW2QpMzgUvX7kHgt8RxQjV5TlylPdxDCDd7dC
-5l8aAtRsCIpVeB0/UAsOvwOvTPemetoz86ZiXiWJ6aj0fAYWbijF+YJLszmwu3LQ
-FV7dutW9sX1QIh2SEGW/mUUBC9Cl4F83w9OSWCibl8WWpS4n/IYEEZochAryN1En
-Hd/oGsSU0VM5fyfrFsond9H4Rv7X6KsGlIdm3APEy6mdIQz0k9DT1UWlVig31oG+
-nBiYs7HyuRqtmOiSOaLrxfTQL4IJzn7dDpTMgI7lrwQGZwTBI+5KBsBcrHWx7eLQ
-j42LIzqUO0F4SHzI99xTHQv6FHAM7dOLhEyB1fDXsjon5oKtEhhNGbNl5t76FBEQ
-yGbM97IIr5ACYlHRMap++Ry0mYO44yYYePN/Ose1WevLMos5pIYUClU+HSRWL5c=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 13 (0xd)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 13 02:39:35 2009 GMT
- Not After : Mar 13 02:39:35 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:83/0004
-
- Signature Algorithm: sha1WithRSAEncryption
- 24:50:3d:65:cc:60:62:13:c0:3b:e1:01:0d:17:35:e8:7a:a8:
- 05:1e:b3:70:dc:fe:d3:84:7e:71:14:c3:86:73:23:76:d9:bb:
- de:41:b4:02:3b:d7:db:03:6d:1f:44:1e:65:a6:b5:79:80:7f:
- 2a:8b:11:f4:71:b1:de:13:17:1c:d3:b2:51:f7:b5:ee:29:27:
- ff:06:96:4f:18:f6:7a:0f:bd:ed:39:d2:ab:ff:1c:b4:21:87:
- f3:fd:ed:2b:fe:19:29:bb:4b:41:d1:48:37:f7:34:fe:f1:92:
- 80:85:33:d6:df:bf:d4:40:f4:5f:42:de:22:88:86:11:78:c8:
- ac:9c:f2:87:95:b0:c6:d6:54:40:e3:c1:64:30:5c:46:f6:a1:
- 16:64:80:50:20:f8:9c:fe:da:8e:b5:ea:c3:83:18:c8:f3:13:
- 95:01:cc:fe:85:bc:be:56:bc:f2:fe:70:c1:fa:86:43:9a:e0:
- 7e:cd:8d:f1:d8:d2:35:51:df:9c:46:36:3b:c0:97:75:ac:9c:
- a7:90:ee:92:b9:9f:5d:cc:54:95:5f:69:38:23:cc:cf:c6:0a:
- c8:55:b7:80:b8:93:98:fc:a9:4c:71:e0:dd:f9:27:d1:db:9c:
- 0d:54:9a:d0:05:40:97:cc:45:d5:60:a8:c9:bb:4e:c0:c5:b4:
- 01:f5:82:d5:5a:8c:28:01:b9:b3:be:bc:25:32:f1:e6:70:e7:
- e4:42:45:4a:d8:06:cb:42:ed:3a:ec:97:42:97:b1:5c:cd:a0:
- 99:94:24:a5:94:c6:b3:5e:c9:06:6b:c5:b8:af:26:48:52:bd:
- bb:93:36:1d:01:6c:33:34:3b:a4:ba:76:0b:bc:44:20:8a:d2:
- ee:1d:70:81:94:01:35:69:a5:5b:30:f1:1e:50:9a:a3:20:b0:
- ae:70:f0:28:bc:48:e3:62:f2:1d:84:53:a4:e0:4f:56:6e:5f:
- ba:d1:f0:38:46:5d:c8:06:ab:94:f5:f1:d6:80:55:8f:73:cb:
- 64:17:70:6f:38:26:06:9f:9e:68:d4:3c:43:c0:10:fe:a9:99:
- 67:8d:d4:0d:c9:d7:04:41:0e:e8:fe:09:41:29:f3:b3:ba:e0:
- 3b:b1:09:67:68:82:93:24:23:a2:da:bb:d1:01:2b:28:5f:56:
- 27:2b:a4:8f:fd:f3:46:e9:62:67:3b:d6:26:80:f5:06:b8:0f:
- 08:dc:22:49:f3:f2:26:ef:b5:db:89:9a:b5:15:3b:45:b2:89:
- 35:8b:6d:49:dd:79:d0:49:6c:c4:78:1c:46:f7:4f:34:6f:37:
- 17:da:6f:7f:c2:54:5f:70:29:1b:36:c3:44:16:0d:1b:d9:f4:
- ab:bb:2d:87:65:99:6a:d1
------BEGIN CERTIFICATE-----
-MIID7DCCAdSgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAyMzkzNVoXDTEw
-MDMxMzAyMzkzNVowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
-AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgzLzAwMDQwDQYJ
-KoZIhvcNAQEFBQADggIBACRQPWXMYGITwDvhAQ0XNeh6qAUes3Dc/tOEfnEUw4Zz
-I3bZu95BtAI719sDbR9EHmWmtXmAfyqLEfRxsd4TFxzTslH3te4pJ/8Glk8Y9noP
-ve050qv/HLQhh/P97Sv+GSm7S0HRSDf3NP7xkoCFM9bfv9RA9F9C3iKIhhF4yKyc
-8oeVsMbWVEDjwWQwXEb2oRZkgFAg+Jz+2o616sODGMjzE5UBzP6FvL5WvPL+cMH6
-hkOa4H7NjfHY0jVR35xGNjvAl3WsnKeQ7pK5n13MVJVfaTgjzM/GCshVt4C4k5j8
-qUxx4N35J9HbnA1UmtAFQJfMRdVgqMm7TsDFtAH1gtVajCgBubO+vCUy8eZw5+RC
-RUrYBstC7Trsl0KXsVzNoJmUJKWUxrNeyQZrxbivJkhSvbuTNh0BbDM0O6S6dgu8
-RCCK0u4dcIGUATVppVsw8R5QmqMgsK5w8Ci8SONi8h2EU6TgT1ZuX7rR8DhGXcgG
-q5T18daAVY9zy2QXcG84JgafnmjUPEPAEP6pmWeN1A3J1wRBDuj+CUEp87O64Dux
-CWdogpMkI6Lau9EBKyhfVicrpI/980bpYmc71iaA9Qa4DwjcIknz8ibvtduJmrUV
-O0WyiTWLbUndedBJbMR4HEb3TzRvNxfab3/CVF9wKRs2w0QWDRvZ9Ku7LYdlmWrR
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 14 (0xe)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 13 03:16:42 2009 GMT
- Not After : Mar 11 03:16:42 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Second Responder Certificate
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:aa:01:31:49:34:0e:6c:b5:25:a0:da:35:71:cf:
- 9d:a7:c4:ad:27:31:ee:c2:46:fe:03:8f:4f:ed:f7:
- 75:d5:b9:01:c6:a9:8f:8d:17:ca:8c:82:82:63:ed:
- 08:d4:05:9e:31:3c:c9:66:59:41:72:63:8e:01:3e:
- a2:39:d1:9c:51:9c:c5:9a:ad:72:0d:e6:2b:19:ba:
- 45:a6:18:f6:e2:79:72:4b:5e:79:74:38:b5:86:9c:
- 57:bb:2c:e8:f5:57:9b:32:34:86:2a:2f:40:2f:5d:
- dd:9c:f5:63:d4:2e:ad:b1:d3:25:22:7c:86:89:84:
- c9:26:70:3c:c8:11:64:ed:47
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Extended Key Usage:
- OCSP Signing
- Signature Algorithm: sha1WithRSAEncryption
- b8:56:6b:f9:21:8a:79:e8:53:38:c7:84:e0:c3:96:6c:f3:71:
- 95:dc:31:9a:ef:fc:fb:b5:18:c6:35:26:3d:ee:4d:00:9c:e4:
- 10:25:a9:2e:a0:41:8a:37:a9:91:02:9c:52:ec:0d:7a:bf:e9:
- bb:54:6d:4a:92:5c:9d:c8:01:17:a3:8f:25:fd:32:a7:11:e4:
- 77:fd:ce:7c:4b:c9:ae:32:e6:d5:25:cc:a4:97:bb:07:f3:1d:
- f0:11:8a:d8:f1:37:e6:4f:3c:99:30:44:20:04:3d:82:fc:87:
- 60:24:21:a9:46:e7:d8:41:2c:76:d8:a5:58:44:ca:85:71:31:
- 24:f2:45:7d:fb:70:db:1b:93:42:21:85:69:5d:19:13:85:7c:
- 85:6c:83:8f:bf:c1:a7:3d:49:b9:68:4e:a2:12:2e:9d:89:c3:
- a7:1b:86:71:e4:cc:29:79:0e:b1:19:07:ca:2d:b8:95:87:f4:
- 8d:4a:be:06:0d:d0:e1:1a:ed:ea:a2:52:f3:f2:7b:1f:3c:10:
- c6:67:be:00:3a:36:ca:ad:93:d4:ee:b3:9d:e8:47:6e:bb:6f:
- 12:6b:cf:3d:73:22:a3:15:e0:e1:51:88:86:e6:2a:23:ee:e1:
- 32:55:0c:b8:73:35:f7:42:9e:4c:c4:ea:f5:3c:d5:20:ef:32:
- 27:c2:b5:9b:ad:f0:a8:bf:72:5c:5b:fc:41:e4:a0:6d:b2:4d:
- c0:69:a5:b2:dc:70:d6:90:ae:2e:81:41:f4:ec:33:c5:43:4e:
- 70:eb:1c:17:4c:d9:ed:8f:97:2e:20:17:9d:40:bc:d1:ae:74:
- 21:8b:ab:cc:b0:86:5a:cd:42:9c:df:13:16:59:56:27:be:26:
- bb:92:5f:7a:86:9e:f5:19:45:1f:36:8a:e3:55:5d:89:3b:2f:
- ed:13:9c:e7:ae:bd:eb:34:31:a2:02:70:0c:a7:32:d3:d1:be:
- c0:2f:0e:10:b7:43:2d:ab:68:70:b4:a1:e1:25:c1:ae:1c:43:
- 32:c0:90:81:c1:39:0b:27:e7:14:c9:28:db:40:0f:1f:9c:ce:
- 1b:8b:26:ca:b8:41:01:e7:cb:92:b0:8a:14:00:f3:e0:3c:84:
- d3:2c:45:19:15:01:02:ab:bd:e8:19:6b:d7:7e:c6:5a:a9:3a:
- d5:00:23:15:2a:e9:93:7d:11:75:cc:c6:c3:8e:5f:3f:d3:3f:
- 05:9f:40:12:a9:a8:bc:50:dc:42:02:62:7d:00:6a:ef:08:e1:
- 69:87:4d:2a:9b:54:49:35:80:58:12:92:a1:33:65:20:5f:29:
- cf:ab:03:8e:0b:91:08:9e:52:d6:b2:d7:ec:bb:38:9b:d5:5d:
- f6:b2:89:f5:00:bb:0f:f2
------BEGIN CERTIFICATE-----
-MIIDyTCCAbGgAwIBAgIBDjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMTY0MloXDTE5
-MDMxMTAzMTY0MlowYTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJTAjBgNVBAMTHFNlY29uZCBSZXNwb25k
-ZXIgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKoBMUk0
-Dmy1JaDaNXHPnafErScx7sJG/gOPT+33ddW5Acapj40XyoyCgmPtCNQFnjE8yWZZ
-QXJjjgE+ojnRnFGcxZqtcg3mKxm6RaYY9uJ5ckteeXQ4tYacV7ss6PVXmzI0hiov
-QC9d3Zz1Y9QurbHTJSJ8homEySZwPMgRZO1HAgMBAAGjFzAVMBMGA1UdJQQMMAoG
-CCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA4ICAQC4Vmv5IYp56FM4x4Tgw5Zs83GV
-3DGa7/z7tRjGNSY97k0AnOQQJakuoEGKN6mRApxS7A16v+m7VG1KklydyAEXo48l
-/TKnEeR3/c58S8muMubVJcykl7sH8x3wEYrY8TfmTzyZMEQgBD2C/IdgJCGpRufY
-QSx22KVYRMqFcTEk8kV9+3DbG5NCIYVpXRkThXyFbIOPv8GnPUm5aE6iEi6dicOn
-G4Zx5MwpeQ6xGQfKLbiVh/SNSr4GDdDhGu3qolLz8nsfPBDGZ74AOjbKrZPU7rOd
-6Eduu28Sa889cyKjFeDhUYiG5ioj7uEyVQy4czX3Qp5MxOr1PNUg7zInwrWbrfCo
-v3JcW/xB5KBtsk3AaaWy3HDWkK4ugUH07DPFQ05w6xwXTNntj5cuIBedQLzRrnQh
-i6vMsIZazUKc3xMWWVYnvia7kl96hp71GUUfNorjVV2JOy/tE5znrr3rNDGiAnAM
-pzLT0b7ALw4Qt0Mtq2hwtKHhJcGuHEMywJCBwTkLJ+cUySjbQA8fnM4biybKuEEB
-58uSsIoUAPPgPITTLEUZFQECq73oGWvXfsZaqTrVACMVKumTfRF1zMbDjl8/0z8F
-n0ASqai8UNxCAmJ9AGrvCOFph00qm1RJNYBYEpKhM2UgXynPqwOOC5EInlLWstfs
-uzib1V32son1ALsP8g==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 15 (0xf)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 13 03:18:18 2009 GMT
- Not After : Mar 11 03:18:18 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First Test Certificate
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:cf:0f:cf:a5:08:18:bf:8b:6c:2c:3c:55:fe:02:
- 43:b7:a8:af:45:a3:4a:28:63:d1:da:26:7a:c2:0d:
- f8:58:a5:73:c5:db:b8:fb:62:47:ea:17:7b:25:6b:
- d1:8c:e2:74:96:f4:6b:e5:49:3b:b3:e5:6a:63:36:
- 19:f8:3c:d8:4b:9c:14:9d:2b:6a:71:cc:3a:9f:b9:
- d5:db:60:8e:44:40:d7:12:53:52:e5:71:41:c8:bf:
- ec:0d:9c:5b:7c:8e:ac:99:47:65:50:e5:f8:95:3e:
- 8a:3c:99:d9:75:47:73:51:f4:fd:36:46:ed:1a:77:
- 10:ce:1d:01:0c:86:6b:23:ff
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 25:0C:EC:1F:D6:1A:A2:95:AF:C1:A3:DA:EF:B1:F3:BE:62:F3:10:6C
- X509v3 Authority Key Identifier:
- DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA
- serial:F2:5B:40:5B:C2:B7:D0:64
-
- Signature Algorithm: sha1WithRSAEncryption
- 18:fe:74:f1:af:0a:d9:91:ad:b5:7c:f3:01:f8:98:1a:dc:b3:
- 66:6b:f4:bc:16:9a:e6:2b:f2:1f:77:23:89:a8:68:e0:8d:e3:
- 50:f3:f1:e6:38:f1:59:54:9b:44:0f:72:00:1a:61:71:9c:f0:
- 4f:a3:08:9d:17:36:0c:54:82:be:24:04:cb:b5:04:e9:20:c9:
- 6e:bc:8f:af:18:d8:2d:ee:cc:a8:8b:e4:1a:35:98:f6:53:72:
- 89:4f:05:f8:c3:7b:50:13:ee:cf:9f:d3:eb:a7:7c:4a:e6:89:
- 0f:6b:0e:d6:c7:bc:db:04:03:08:25:59:b4:06:5b:ce:a6:db:
- 7b:3a:5d:80:e8:ff:66:e1:22:03:54:28:16:0e:89:c8:5b:aa:
- b2:6e:1a:0f:07:53:60:bc:f4:2a:2d:a7:89:f2:b4:58:55:47:
- 2e:b1:b2:3c:50:30:6b:0c:12:34:11:5f:54:2a:0a:ab:19:d9:
- 36:ae:e2:16:5e:b8:8e:0d:17:d0:42:82:96:4d:fb:36:56:69:
- 7b:ce:32:fb:91:a4:02:73:8c:75:7e:de:87:06:52:20:ed:26:
- ff:47:72:f2:f6:01:2e:ec:38:da:0b:5b:be:ec:8e:c6:02:28:
- 92:57:28:04:f5:00:87:90:34:e1:81:c5:cc:21:00:6b:4d:d5:
- d5:c3:f6:f1:97:e1:5e:8c:ea:56:2e:5e:ce:9e:de:b9:a6:86:
- 60:33:1d:94:76:39:e1:70:9a:d2:b3:9a:f4:47:f8:bd:83:26:
- 38:a0:ab:a3:bc:81:df:6b:79:7d:f5:67:8f:5a:e1:a4:67:29:
- 58:07:66:70:6a:43:dc:f7:4c:82:54:15:a0:2f:ab:c0:9f:24:
- 91:e0:a7:d1:b1:58:bf:43:bf:25:1f:32:fc:98:26:b1:2f:19:
- 8f:d8:69:c1:1a:bd:b0:3e:0a:dc:54:c1:27:34:b9:1b:55:93:
- ff:e6:23:ac:af:33:ed:8d:6e:ee:36:18:70:9e:a2:87:b6:e2:
- 1d:3a:ee:e8:e2:79:97:15:7c:83:d1:89:71:ab:87:8d:36:a7:
- 7d:d8:4c:e2:b6:b7:1f:32:34:a8:75:ca:4f:00:3e:49:b0:5c:
- 40:1a:9c:6e:bd:b5:5f:f4:2e:c5:0a:54:b4:89:4a:63:35:ff:
- 80:8d:fe:31:e8:2e:92:77:8c:19:1a:2c:b8:95:1e:ef:d5:7d:
- c6:f9:4d:05:b6:f8:dd:55:0c:10:43:6e:7d:47:c8:b0:83:db:
- a3:7b:b4:5a:e3:a9:33:b2:ed:23:83:6a:e1:ce:c6:1c:89:27:
- 39:2c:3d:2f:55:49:c8:c5:9d:23:46:fe:88:71:da:ef:2b:25:
- e4:79:92:2b:1d:61:a6:dc
------BEGIN CERTIFICATE-----
-MIIEfjCCAmagAwIBAgIBDzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMTgxOFoXDTE5
-MDMxMTAzMTgxOFowWzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xHzAdBgNVBAMTFkZpcnN0IFRlc3QgQ2Vy
-dGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8Pz6UIGL+LbCw8
-Vf4CQ7eor0WjSihj0domesIN+Filc8XbuPtiR+oXeyVr0YzidJb0a+VJO7PlamM2
-Gfg82EucFJ0ranHMOp+51dtgjkRA1xJTUuVxQci/7A2cW3yOrJlHZVDl+JU+ijyZ
-2XVHc1H0/TZG7Rp3EM4dAQyGayP/AgMBAAGjgdEwgc4wCQYDVR0TBAIwADAsBglg
-hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
-BBYEFCUM7B/WGqKVr8Gj2u+x875i8xBsMHQGA1UdIwRtMGuhXqRcMFoxCzAJBgNV
-BAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMREwDwYDVQQHEwhTdXdvbi1TaTEW
-MBQGA1UEChMNU2Ftc3VuZyBFbGVjLjELMAkGA1UEAxMCQ0GCCQDyW0BbwrfQZDAN
-BgkqhkiG9w0BAQUFAAOCAgEAGP508a8K2ZGttXzzAfiYGtyzZmv0vBaa5ivyH3cj
-iaho4I3jUPPx5jjxWVSbRA9yABphcZzwT6MInRc2DFSCviQEy7UE6SDJbryPrxjY
-Le7MqIvkGjWY9lNyiU8F+MN7UBPuz5/T66d8SuaJD2sO1se82wQDCCVZtAZbzqbb
-ezpdgOj/ZuEiA1QoFg6JyFuqsm4aDwdTYLz0Ki2nifK0WFVHLrGyPFAwawwSNBFf
-VCoKqxnZNq7iFl64jg0X0EKClk37NlZpe84y+5GkAnOMdX7ehwZSIO0m/0dy8vYB
-Luw42gtbvuyOxgIoklcoBPUAh5A04YHFzCEAa03V1cP28ZfhXozqVi5ezp7euaaG
-YDMdlHY54XCa0rOa9Ef4vYMmOKCro7yB32t5ffVnj1rhpGcpWAdmcGpD3PdMglQV
-oC+rwJ8kkeCn0bFYv0O/JR8y/JgmsS8Zj9hpwRq9sD4K3FTBJzS5G1WT/+YjrK8z
-7Y1u7jYYcJ6ih7biHTru6OJ5lxV8g9GJcauHjTanfdhM4ra3HzI0qHXKTwA+SbBc
-QBqcbr21X/QuxQpUtIlKYzX/gI3+MegukneMGRosuJUe79V9xvlNBbb43VUMEENu
-fUfIsIPbo3u0WuOpM7LtI4Nq4c7GHIknOSw9L1VJyMWdI0b+iHHa7ysl5HmSKx1h
-ptw=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 16 (0x10)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 13 03:23:56 2009 GMT
- Not After : Mar 11 03:23:56 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:80/0002
-
- Signature Algorithm: sha1WithRSAEncryption
- 75:b9:17:be:1c:06:6f:12:a9:04:1b:63:0b:0d:5c:70:55:e2:
- 31:c0:88:71:d0:56:8e:e5:16:e8:3b:47:1a:08:03:93:56:b2:
- 9b:a2:04:3c:a8:81:10:5a:18:7b:d2:70:ae:7c:0b:94:b6:6c:
- f2:58:e7:69:82:e5:f2:aa:4e:f3:ac:85:6d:5a:ac:11:53:d2:
- 8d:3d:53:ae:ab:f7:f3:c6:f0:ba:f2:e6:7b:2d:74:74:75:fd:
- e0:8d:67:c9:12:d5:f2:93:44:48:66:5b:85:26:7d:95:77:48:
- 4f:a4:72:65:67:38:99:47:4e:cd:47:1c:43:7a:0a:58:a6:99:
- 1b:1b:01:09:f7:0b:34:8a:3a:8d:10:e2:ca:9c:48:a3:f6:39:
- 42:3b:43:e6:f6:81:8b:36:5a:ed:33:98:70:24:ca:4f:18:8b:
- d9:c1:0a:d9:cd:96:33:d0:e8:ac:bd:3f:34:af:86:52:d1:69:
- 6e:90:8e:d0:86:bf:b1:04:3d:85:99:0f:e3:c3:e6:60:47:34:
- 37:97:f2:a2:69:c4:4e:dc:62:d0:eb:c2:24:77:2e:a3:ba:c1:
- 88:a9:b2:b4:fb:79:a6:d4:cf:5e:3f:03:41:25:c4:f3:29:0a:
- fd:b7:78:55:b1:9a:0c:79:32:2f:2e:fe:69:ba:a0:2c:62:bc:
- 11:38:c4:47:a8:b0:72:70:d1:50:9f:b9:87:64:f5:12:56:c5:
- f7:ed:8e:23:08:df:d0:0e:1a:6b:25:8c:b3:6b:7c:cc:55:6d:
- 90:83:a9:ef:7d:45:04:a6:dc:7c:0d:80:c1:54:22:d1:b8:e2:
- 43:cc:ad:75:a2:07:eb:d3:26:da:8a:c4:fb:6f:0b:ac:11:f4:
- 01:7f:b9:37:68:ec:1e:60:a2:ae:d6:b2:0b:37:cb:7e:5d:dc:
- ec:14:21:69:84:ff:fc:61:85:b6:bf:7f:d2:af:3c:70:12:c6:
- ba:40:e8:b5:25:56:34:ca:44:f1:ea:15:ad:79:50:ec:44:b7:
- 6c:d7:4b:cc:2c:4f:45:01:85:15:76:2a:03:c2:14:9c:3e:bf:
- 87:7b:59:d7:aa:2d:48:20:b6:1a:6e:6e:b0:c2:77:22:3c:ea:
- 24:d0:f8:62:b0:4b:01:3a:48:be:5f:66:73:0a:46:b3:1f:83:
- 41:91:f5:fd:e8:08:08:52:18:3a:8c:6a:19:2c:e3:30:d8:53:
- 13:97:62:83:eb:e3:ed:3a:8e:64:25:b1:8a:01:f4:24:14:6d:
- d4:61:c1:c3:8d:c3:89:2c:5f:6e:d8:1e:1d:de:b9:77:06:0b:
- 31:63:e4:ce:d9:76:1b:68:48:ea:ec:64:d5:a6:a5:15:29:1d:
- 79:af:21:2d:a8:e6:e6:f8
------BEGIN CERTIFICATE-----
-MIID7DCCAdSgAwIBAgIBEDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjM1NloXDTE5
-MDMxMTAzMjM1NlowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
-AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgwLzAwMDIwDQYJ
-KoZIhvcNAQEFBQADggIBAHW5F74cBm8SqQQbYwsNXHBV4jHAiHHQVo7lFug7RxoI
-A5NWspuiBDyogRBaGHvScK58C5S2bPJY52mC5fKqTvOshW1arBFT0o09U66r9/PG
-8Lry5nstdHR1/eCNZ8kS1fKTREhmW4UmfZV3SE+kcmVnOJlHTs1HHEN6ClimmRsb
-AQn3CzSKOo0Q4sqcSKP2OUI7Q+b2gYs2Wu0zmHAkyk8Yi9nBCtnNljPQ6Ky9PzSv
-hlLRaW6QjtCGv7EEPYWZD+PD5mBHNDeX8qJpxE7cYtDrwiR3LqO6wYipsrT7eabU
-z14/A0ElxPMpCv23eFWxmgx5Mi8u/mm6oCxivBE4xEeosHJw0VCfuYdk9RJWxfft
-jiMI39AOGmsljLNrfMxVbZCDqe99RQSm3HwNgMFUItG44kPMrXWiB+vTJtqKxPtv
-C6wR9AF/uTdo7B5goq7Wsgs3y35d3OwUIWmE//xhhba/f9KvPHASxrpA6LUlVjTK
-RPHqFa15UOxEt2zXS8wsT0UBhRV2KgPCFJw+v4d7WdeqLUggthpubrDCdyI86iTQ
-+GKwSwE6SL5fZnMKRrMfg0GR9f3oCAhSGDqMahks4zDYUxOXYoPr4+06jmQlsYoB
-9CQUbdRhwcONw4ksX27YHh3euXcGCzFj5M7ZdhtoSOrsZNWmpRUpHXmvIS2o5ub4
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 17 (0x11)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 13 03:24:10 2009 GMT
- Not After : Mar 11 03:24:10 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:81/0003
-
- Signature Algorithm: sha1WithRSAEncryption
- 5a:7d:5f:25:e5:5a:49:3e:e9:06:4c:f1:7f:83:7d:d4:0d:13:
- 36:35:bf:32:92:69:60:1d:ae:2e:ed:89:b3:d4:1e:78:d2:85:
- 35:7a:1f:65:30:78:5e:d3:30:60:3d:7d:2c:be:02:6a:f0:22:
- 5e:82:86:53:01:a4:b6:1c:9f:d4:79:e9:ec:eb:d8:33:85:fb:
- 21:d2:82:77:b9:6d:20:8e:af:82:ff:25:82:27:3b:d7:d9:38:
- 31:a3:2b:bc:55:00:28:f6:f9:bf:01:e6:66:0b:b8:a8:ed:30:
- 09:52:8d:bf:94:7b:96:d1:93:5b:a3:a4:f1:9f:aa:f4:04:54:
- 0b:69:73:af:36:d7:3e:33:2c:29:38:04:9b:65:32:31:fa:17:
- 2f:0a:9f:19:05:d8:01:0c:db:13:1e:55:ec:94:38:3f:83:ee:
- 50:35:d1:6e:4f:32:c3:3d:d3:39:c8:c5:cc:56:b4:33:2e:8b:
- 75:a0:9c:cd:28:e5:42:a1:89:e1:06:90:bd:f3:8e:b5:48:9e:
- 1c:dd:56:4d:d9:ec:6e:0b:7b:72:e5:0a:be:7e:33:5a:13:25:
- 13:87:4c:9a:27:49:02:6d:28:5b:e7:4d:1b:7c:11:22:10:45:
- b1:57:b7:fc:12:62:69:24:69:ee:67:ce:5b:20:70:6a:22:29:
- f4:a0:90:59:d3:a2:be:7b:43:3a:59:0b:23:d1:2e:ed:51:98:
- 87:c5:4d:1c:64:08:f8:ca:af:36:ab:5d:00:ce:15:00:f4:ad:
- 34:44:27:8b:72:c6:6d:24:4c:1a:e3:f7:4c:bc:25:a2:a8:e2:
- a8:79:58:57:a7:5d:f0:20:28:d2:ef:84:ff:ee:42:0f:1e:59:
- 93:4c:05:45:ff:c1:0d:cb:30:1d:bb:26:5a:4d:24:c0:44:52:
- 77:33:17:dd:d1:00:63:1e:9b:4d:ca:28:8b:bb:fd:0d:0b:e3:
- 72:26:94:e2:8c:5a:d7:1a:a6:e7:b7:bc:4b:bf:cc:02:2c:d8:
- 9b:cb:31:7d:09:4c:15:73:5d:1a:a8:46:10:66:68:80:a9:f3:
- 3d:f8:7c:9d:46:3d:ce:ae:75:6f:92:db:34:d3:d7:be:6c:4e:
- 76:b6:b6:b7:a2:a8:b9:9e:a9:f1:6f:a6:e5:01:bb:82:13:bd:
- 7f:24:81:c3:22:54:58:f0:7e:8d:9a:86:82:00:46:66:33:e4:
- 96:98:8a:33:7b:ed:93:9b:cf:68:b5:eb:42:da:6d:50:49:f0:
- 14:27:01:f6:57:09:26:7c:61:81:d0:e5:e9:ec:6d:18:eb:97:
- 1a:55:cf:1f:d9:20:67:8f:71:bb:0c:98:6d:c0:4b:85:32:c9:
- d3:b7:f3:d0:60:fd:64:01
------BEGIN CERTIFICATE-----
-MIID7DCCAdSgAwIBAgIBETANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQxMFoXDTE5
-MDMxMTAzMjQxMFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
-AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgxLzAwMDMwDQYJ
-KoZIhvcNAQEFBQADggIBAFp9XyXlWkk+6QZM8X+DfdQNEzY1vzKSaWAdri7tibPU
-HnjShTV6H2UweF7TMGA9fSy+AmrwIl6ChlMBpLYcn9R56ezr2DOF+yHSgne5bSCO
-r4L/JYInO9fZODGjK7xVACj2+b8B5mYLuKjtMAlSjb+Ue5bRk1ujpPGfqvQEVAtp
-c6821z4zLCk4BJtlMjH6Fy8KnxkF2AEM2xMeVeyUOD+D7lA10W5PMsM90znIxcxW
-tDMui3WgnM0o5UKhieEGkL3zjrVInhzdVk3Z7G4Le3LlCr5+M1oTJROHTJonSQJt
-KFvnTRt8ESIQRbFXt/wSYmkkae5nzlsgcGoiKfSgkFnTor57QzpZCyPRLu1RmIfF
-TRxkCPjKrzarXQDOFQD0rTREJ4tyxm0kTBrj90y8JaKo4qh5WFenXfAgKNLvhP/u
-Qg8eWZNMBUX/wQ3LMB27JlpNJMBEUnczF93RAGMem03KKIu7/Q0L43ImlOKMWtca
-pue3vEu/zAIs2JvLMX0JTBVzXRqoRhBmaICp8z34fJ1GPc6udW+S2zTT175sTna2
-treiqLmeqfFvpuUBu4ITvX8kgcMiVFjwfo2ahoIARmYz5JaYijN77ZObz2i160La
-bVBJ8BQnAfZXCSZ8YYHQ5ensbRjrlxpVzx/ZIGePcbsMmG3AS4UyydO389Bg/WQB
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 18 (0x12)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 13 03:24:20 2009 GMT
- Not After : Mar 11 03:24:20 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:82/0004
-
- Signature Algorithm: sha1WithRSAEncryption
- 1d:80:7c:33:dd:ab:99:c7:06:f5:aa:fd:16:7d:89:d8:a9:a2:
- 89:38:af:26:b7:b1:0f:69:3d:d6:09:3e:6d:dd:d2:e0:51:b8:
- 97:fc:8d:96:08:0d:33:2d:75:e7:d2:9e:47:2b:fd:46:5b:c9:
- f2:68:4f:26:8f:83:3d:fc:aa:d7:6a:20:77:15:3f:78:d9:75:
- b3:79:10:fd:ab:ab:95:34:69:64:3c:8a:65:6d:66:bb:a9:da:
- 26:79:51:59:a7:c2:97:ea:6c:7f:31:91:d3:a5:c2:65:ca:d5:
- 4f:6f:c8:d9:b9:c7:03:7b:c6:2d:16:5f:fe:de:02:28:f3:e9:
- 64:ad:e9:62:3c:e5:91:31:0f:c9:c9:33:1a:a5:66:d8:5b:80:
- 18:6f:5f:55:34:51:43:fa:79:50:ba:17:19:2c:b9:25:b8:a3:
- a0:b2:08:38:49:6d:3c:86:8c:42:2c:d8:07:bd:39:f1:3c:97:
- 8f:c6:83:cd:85:8f:e9:52:63:77:4f:d6:9e:58:3e:22:f8:29:
- 8e:44:92:c6:b7:ab:28:35:22:7b:b7:d0:8f:34:70:15:f2:4b:
- 91:65:42:8d:d5:ce:75:4b:2f:7b:7e:7f:7e:61:09:5b:b2:1a:
- 64:94:18:c9:8e:c3:ee:a4:89:d6:97:55:76:28:b0:e6:bc:7c:
- f0:c9:9b:20:e3:a5:10:da:c1:9c:c4:4e:ff:e8:ca:3c:19:82:
- 06:d6:aa:05:cb:05:e5:bd:36:cf:4c:3a:a7:e6:21:af:e8:5e:
- 2d:ee:3b:94:24:91:37:92:95:3f:d3:f8:b8:5a:13:56:16:a7:
- 20:34:f6:fd:cb:59:6d:4c:ff:04:df:ef:61:08:d9:2f:85:a8:
- b1:7c:07:80:93:31:7b:bb:7f:8d:17:ba:8b:64:41:82:4a:ca:
- f6:a9:f7:69:b8:cf:ed:17:c1:ca:09:5a:52:c4:ce:a0:9c:e3:
- 4c:52:ab:ea:b3:4f:3c:93:1d:50:bf:60:e8:6e:d1:bf:90:0c:
- 3f:1d:6b:2c:a5:c5:bf:eb:e2:da:cb:76:56:08:51:cc:87:49:
- 21:16:f0:a6:85:ce:0f:c3:32:c2:50:cc:04:f5:d1:bb:de:b8:
- db:9b:79:e1:d2:73:14:b2:7c:5a:cf:26:7b:24:4a:58:48:58:
- 2e:b1:a1:2f:01:c2:71:40:85:c8:9b:21:10:15:1a:3e:5e:3d:
- 79:53:9c:82:b2:4e:ad:91:96:9f:03:c5:f6:44:ea:d6:d6:cf:
- 3b:1e:74:e6:b1:f2:f4:b3:e0:7d:91:77:ac:50:d9:66:1b:73:
- 59:3e:e6:18:07:bb:e0:60:4f:1e:8d:40:2b:da:25:ac:c8:85:
- d6:31:62:f3:5b:05:4a:11
------BEGIN CERTIFICATE-----
-MIID7DCCAdSgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQyMFoXDTE5
-MDMxMTAzMjQyMFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
-AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgyLzAwMDQwDQYJ
-KoZIhvcNAQEFBQADggIBAB2AfDPdq5nHBvWq/RZ9idipook4rya3sQ9pPdYJPm3d
-0uBRuJf8jZYIDTMtdefSnkcr/UZbyfJoTyaPgz38qtdqIHcVP3jZdbN5EP2rq5U0
-aWQ8imVtZrup2iZ5UVmnwpfqbH8xkdOlwmXK1U9vyNm5xwN7xi0WX/7eAijz6WSt
-6WI85ZExD8nJMxqlZthbgBhvX1U0UUP6eVC6FxksuSW4o6CyCDhJbTyGjEIs2Ae9
-OfE8l4/Gg82Fj+lSY3dP1p5YPiL4KY5Eksa3qyg1Inu30I80cBXyS5FlQo3VznVL
-L3t+f35hCVuyGmSUGMmOw+6kidaXVXYosOa8fPDJmyDjpRDawZzETv/oyjwZggbW
-qgXLBeW9Ns9MOqfmIa/oXi3uO5QkkTeSlT/T+LhaE1YWpyA09v3LWW1M/wTf72EI
-2S+FqLF8B4CTMXu7f40XuotkQYJKyvap92m4z+0XwcoJWlLEzqCc40xSq+qzTzyT
-HVC/YOhu0b+QDD8dayylxb/r4trLdlYIUcyHSSEW8KaFzg/DMsJQzAT10bveuNub
-eeHScxSyfFrPJnskSlhIWC6xoS8BwnFAhcibIRAVGj5ePXlTnIKyTq2Rlp8DxfZE
-6tbWzzsedOax8vSz4H2Rd6xQ2WYbc1k+5hgHu+BgTx6NQCvaJazIhdYxYvNbBUoR
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 19 (0x13)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 13 03:24:30 2009 GMT
- Not After : Mar 11 03:24:30 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:83/0005
-
- Signature Algorithm: sha1WithRSAEncryption
- 9b:ea:5d:a3:f4:b2:04:44:31:6b:64:e4:7d:25:5d:69:1b:25:
- 3d:63:d4:3f:2c:0f:c6:60:44:70:18:57:31:be:84:38:e8:53:
- 29:dd:5e:f2:5c:8e:41:6d:e8:ea:a7:23:91:b9:f4:c1:20:2c:
- cd:d6:b4:b4:e6:9d:c3:b4:5b:4c:48:dd:3a:cc:cd:9e:0c:93:
- bb:e0:03:43:1c:ab:01:86:4e:67:44:ad:68:3d:e6:00:4d:9e:
- 95:5f:86:0f:e4:18:af:3d:76:a4:1b:91:5e:e8:07:2b:aa:62:
- 4e:d9:af:f8:15:e7:3c:bb:8c:f4:a9:4f:df:72:f6:b0:6a:36:
- ad:eb:d2:10:02:cb:65:28:a7:4c:4f:98:e1:7b:1e:aa:af:3e:
- 61:65:91:58:94:99:26:69:29:06:50:02:44:61:a6:3c:ee:8a:
- 7e:db:56:5a:f5:cc:d6:58:6f:a2:40:51:e1:81:fa:3b:b8:4b:
- 8d:00:64:b2:99:d3:e7:8a:52:78:b3:67:a1:64:5d:dd:a0:c5:
- 54:1d:de:07:29:ef:85:01:d4:e9:24:44:8b:df:9b:f5:ae:80:
- 4d:fa:4d:08:76:7c:97:6b:86:74:22:56:d1:87:6b:41:54:66:
- fc:3b:d2:3e:2d:95:c1:46:06:b9:db:0e:8b:e1:be:c8:56:82:
- c3:1d:df:84:b6:50:ee:b8:30:3c:54:07:49:8b:e2:d4:a7:b8:
- 35:0d:b6:09:7e:04:01:bb:71:86:8c:50:87:a7:3a:2d:b8:7c:
- 24:cd:b1:a6:87:b8:eb:d5:dc:8f:02:21:f9:71:06:34:c4:e5:
- 6f:ff:53:4b:dd:33:96:60:8b:6d:bb:03:b1:36:31:2d:02:6c:
- 7f:ba:70:0a:78:b8:fb:45:92:84:5b:1e:a7:15:39:13:33:fd:
- 6f:a7:95:76:10:1f:b3:cd:11:e8:ed:ce:2c:63:cd:64:23:62:
- c4:21:d6:48:bf:f7:10:b8:da:d5:72:14:ad:5a:a0:5d:4a:2b:
- a0:76:5f:b8:3b:d2:6b:8a:7f:6b:6a:cc:84:eb:6a:be:d9:26:
- 2c:bb:38:06:b8:f4:d4:fb:78:85:83:c8:ad:6e:56:f9:67:5f:
- bc:3c:41:b6:f0:6f:d4:45:78:ed:3e:2f:c7:3a:3e:9a:98:68:
- c4:64:79:29:51:19:cd:a6:70:c4:04:30:50:86:9c:f2:54:57:
- b1:e1:7d:4a:d5:34:fc:93:31:6d:64:15:79:31:c0:70:d5:db:
- bc:a0:be:21:22:1e:61:ac:4a:9f:a2:a6:ff:de:52:2e:31:d7:
- 5e:39:66:c6:47:55:f6:64:f5:bd:ed:c0:60:b8:59:88:a1:8e:
- 8c:5f:20:1b:be:41:51:f4
------BEGIN CERTIFICATE-----
-MIID7DCCAdSgAwIBAgIBEzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQzMFoXDTE5
-MDMxMTAzMjQzMFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
-AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgzLzAwMDUwDQYJ
-KoZIhvcNAQEFBQADggIBAJvqXaP0sgREMWtk5H0lXWkbJT1j1D8sD8ZgRHAYVzG+
-hDjoUyndXvJcjkFt6OqnI5G59MEgLM3WtLTmncO0W0xI3TrMzZ4Mk7vgA0McqwGG
-TmdErWg95gBNnpVfhg/kGK89dqQbkV7oByuqYk7Zr/gV5zy7jPSpT99y9rBqNq3r
-0hACy2Uop0xPmOF7HqqvPmFlkViUmSZpKQZQAkRhpjzuin7bVlr1zNZYb6JAUeGB
-+ju4S40AZLKZ0+eKUnizZ6FkXd2gxVQd3gcp74UB1OkkRIvfm/WugE36TQh2fJdr
-hnQiVtGHa0FUZvw70j4tlcFGBrnbDovhvshWgsMd34S2UO64MDxUB0mL4tSnuDUN
-tgl+BAG7cYaMUIenOi24fCTNsaaHuOvV3I8CIflxBjTE5W//U0vdM5Zgi227A7E2
-MS0CbH+6cAp4uPtFkoRbHqcVORMz/W+nlXYQH7PNEejtzixjzWQjYsQh1ki/9xC4
-2tVyFK1aoF1KK6B2X7g70muKf2tqzITrar7ZJiy7OAa49NT7eIWDyK1uVvlnX7w8
-Qbbwb9RFeO0+L8c6PpqYaMRkeSlRGc2mcMQEMFCGnPJUV7HhfUrVNPyTMW1kFXkx
-wHDV27ygviEiHmGsSp+ipv/eUi4x1145ZsZHVfZk9b3twGC4WYihjoxfIBu+QVH0
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 20 (0x14)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 13 03:24:40 2009 GMT
- Not After : Mar 11 03:24:40 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:84/0006
-
- Signature Algorithm: sha1WithRSAEncryption
- 49:da:46:14:f1:5a:4a:09:cb:36:a5:fe:ab:50:f5:ea:e1:b2:
- 18:79:dc:d7:79:bb:a8:b0:8d:0b:b5:e1:a9:60:db:8a:e9:3a:
- b8:15:b0:eb:e4:45:bf:90:64:6b:4e:c1:dc:7e:9d:5f:47:0e:
- be:7b:22:ba:c2:71:3d:5d:8b:8f:14:67:1d:19:51:54:05:5a:
- 06:11:e1:1f:ca:bb:98:1a:a3:d6:16:b9:5d:8d:03:70:28:40:
- ca:3a:7d:fe:a7:c3:40:ab:7a:0a:42:3a:95:f6:da:fd:bc:d9:
- 09:50:70:9a:7a:b4:e9:ae:75:b7:cd:a8:56:f4:2e:7c:ef:40:
- 63:6d:02:da:50:29:c8:df:2f:40:04:84:9d:60:a2:3c:21:fc:
- d6:64:02:72:cb:4c:5b:e1:68:d9:0a:16:84:58:47:a5:d1:28:
- 18:86:eb:07:b9:1f:db:9f:46:de:6b:2d:2e:4e:20:9a:40:3a:
- 56:86:28:9f:c5:15:97:1a:3f:70:18:5f:44:1d:64:d0:76:ef:
- 09:c5:23:21:03:32:9c:c4:23:af:c4:1f:85:fd:da:b8:40:33:
- b6:c2:7d:2b:67:ff:88:a0:9c:a8:2e:9e:4b:40:44:6b:bc:c0:
- 3b:f2:b3:a3:d5:f0:b4:04:85:cd:b4:cd:49:3d:34:64:1e:1d:
- 16:a1:8f:05:74:8e:91:ee:98:6c:cc:c8:d8:c3:5e:fd:65:4a:
- 15:ed:28:cb:0b:c3:b6:29:bc:d6:3d:0d:0e:a8:21:36:27:74:
- 9d:f2:7c:58:1f:88:25:35:2b:7f:4c:16:38:df:0f:32:8f:db:
- 22:96:ad:e8:8b:bd:d8:d5:e9:e1:b0:fe:53:03:e6:c7:67:78:
- bf:a6:50:dc:2a:0a:c9:a2:df:6a:d5:c3:db:eb:20:1c:78:ed:
- 69:14:d4:f5:26:62:78:f6:33:a0:ac:95:19:5d:a6:d9:30:8d:
- 21:80:2d:42:dc:a5:a5:a0:42:41:e8:60:f1:4d:81:6d:e6:58:
- 32:b9:e4:23:09:34:3e:7a:fb:69:4b:f3:c0:8a:00:c3:59:2b:
- 02:13:fc:4e:9c:3e:8f:34:fe:b0:ca:07:df:6b:1d:97:9c:ca:
- a9:b1:b6:8f:2d:92:6c:12:4b:64:23:d6:47:c1:f2:6f:79:16:
- 78:7b:f8:36:b9:83:a3:a4:e7:0f:c0:99:d9:a3:09:45:ac:92:
- 52:62:26:64:51:04:e9:92:6f:3e:f9:62:93:c5:2a:00:5b:d3:
- 0b:66:75:ad:bb:5d:12:37:09:3c:b6:95:6d:c2:05:17:8f:d7:
- 79:aa:0d:6a:6c:00:6e:94:0c:e8:e3:31:9d:8e:63:e9:f9:d2:
- dc:8e:07:36:9a:e3:08:55
------BEGIN CERTIFICATE-----
-MIID7DCCAdSgAwIBAgIBFDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQ0MFoXDTE5
-MDMxMTAzMjQ0MFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
-AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjg0LzAwMDYwDQYJ
-KoZIhvcNAQEFBQADggIBAEnaRhTxWkoJyzal/qtQ9erhshh53Nd5u6iwjQu14alg
-24rpOrgVsOvkRb+QZGtOwdx+nV9HDr57IrrCcT1di48UZx0ZUVQFWgYR4R/Ku5ga
-o9YWuV2NA3AoQMo6ff6nw0CregpCOpX22v282QlQcJp6tOmudbfNqFb0LnzvQGNt
-AtpQKcjfL0AEhJ1gojwh/NZkAnLLTFvhaNkKFoRYR6XRKBiG6we5H9ufRt5rLS5O
-IJpAOlaGKJ/FFZcaP3AYX0QdZNB27wnFIyEDMpzEI6/EH4X92rhAM7bCfStn/4ig
-nKgunktARGu8wDvys6PV8LQEhc20zUk9NGQeHRahjwV0jpHumGzMyNjDXv1lShXt
-KMsLw7YpvNY9DQ6oITYndJ3yfFgfiCU1K39MFjjfDzKP2yKWreiLvdjV6eGw/lMD
-5sdneL+mUNwqCsmi32rVw9vrIBx47WkU1PUmYnj2M6CslRldptkwjSGALULcpaWg
-QkHoYPFNgW3mWDK55CMJND56+2lL88CKAMNZKwIT/E6cPo80/rDKB99rHZecyqmx
-to8tkmwSS2Qj1kfB8m95Fnh7+Da5g6Ok5w/AmdmjCUWsklJiJmRRBOmSbz75YpPF
-KgBb0wtmda27XRI3CTy2lW3CBReP13mqDWpsAG6UDOjjMZ2OY+n50tyOBzaa4whV
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 21 (0x15)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 14 11:35:42 2009 GMT
- Not After : Mar 14 11:35:42 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
- 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
- cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
- ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
- 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
- b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
- ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
- 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
- c7:92:f2:b3:ba:6c:90:3d:71
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- OCSP No Check:
-
- Signature Algorithm: sha1WithRSAEncryption
- 80:91:21:6b:30:15:99:38:e1:5c:74:82:7d:25:f0:ee:15:cb:
- 44:f0:01:16:3d:17:09:7f:8e:73:bf:3b:34:52:c7:1d:0f:f6:
- 8f:30:34:76:d7:c2:b9:95:14:a0:01:f8:93:de:ff:62:7e:c1:
- 79:f2:de:e2:cf:0d:f8:9a:b3:6a:ab:cf:cf:68:12:9f:e2:81:
- 7b:05:1f:27:34:a6:f6:68:9c:46:45:cd:d5:02:d7:7d:e0:d9:
- b5:ef:7b:f6:7b:5c:d9:29:ae:f2:55:dd:10:7a:58:74:bc:ef:
- a9:9b:9f:a8:e4:89:99:f0:df:3e:d4:c9:64:85:fa:fa:15:d0:
- d2:20:2c:07:49:55:43:50:f4:0a:fd:dc:20:e5:cf:d5:e7:d6:
- 2c:65:af:18:37:13:78:f5:dd:6e:43:a1:aa:be:93:20:be:4c:
- 1f:71:47:10:cb:1c:48:62:5a:80:c6:d5:a4:23:c0:06:a0:e5:
- d7:d5:b2:bb:4e:d8:fe:cf:d7:ae:93:ce:bb:ab:96:07:f8:a3:
- fb:e9:4f:04:b0:96:a5:b4:3f:89:2c:d5:c9:cd:95:6c:38:cc:
- 68:f3:3c:1b:0f:0e:c6:d2:b8:bc:8e:5a:97:66:eb:b7:9e:c1:
- 3a:0c:17:74:e8:4c:91:5b:33:e4:3f:b5:1c:d7:91:e2:6f:5b:
- 9c:27:ad:00:c6:30:49:ba:2e:a0:8d:a1:6f:c5:97:e5:b7:58:
- ca:ee:8c:71:4e:3c:7a:f1:82:fc:6e:74:77:53:e5:d1:7a:02:
- 35:c2:6b:91:7a:38:2c:17:42:45:2a:a6:b3:e9:e2:7e:80:a0:
- b4:7d:dc:a8:4b:76:34:92:cf:87:76:b8:a8:31:b5:a7:1d:cf:
- 93:10:bf:1d:bc:5a:65:1e:95:17:8c:4c:d6:5a:b4:08:a4:b7:
- 9c:99:3a:a9:b4:45:c1:aa:5a:62:7f:6e:25:63:01:c3:e3:ad:
- c0:1a:d7:5d:75:07:60:93:73:8e:9e:1e:7c:96:2d:39:b8:1b:
- 85:4a:9e:8f:b9:2e:eb:94:c4:83:43:60:87:30:26:0b:9f:26:
- a9:02:81:4a:df:20:08:e0:2c:8f:b8:c5:96:38:7e:b8:c8:88:
- 32:e6:d4:ab:e4:13:4e:fe:66:fc:77:ef:e4:1c:5a:76:8d:60:
- e4:f9:d7:be:ed:94:f2:92:e3:b5:5c:28:ea:a4:2d:d6:b6:76:
- 64:4b:d4:f1:3a:eb:22:08:b0:f0:a9:31:1a:1d:e4:59:c3:07:
- 7b:28:ed:55:ac:e6:bf:da:21:ce:44:77:79:10:a5:5c:66:b3:
- a7:65:e1:15:59:81:f7:48:f4:eb:83:2a:08:1b:4f:08:0b:fd:
- 2c:22:21:a7:c7:6b:87:d1
------BEGIN CERTIFICATE-----
-MIIDtzCCAZ+gAwIBAgIBFTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNDExMzU0MloXDTEw
-MDMxNDExMzU0MlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
-rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
-sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
-j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3
-DQEBBQUAA4ICAQCAkSFrMBWZOOFcdIJ9JfDuFctE8AEWPRcJf45zvzs0UscdD/aP
-MDR218K5lRSgAfiT3v9ifsF58t7izw34mrNqq8/PaBKf4oF7BR8nNKb2aJxGRc3V
-Atd94Nm173v2e1zZKa7yVd0Qelh0vO+pm5+o5ImZ8N8+1Mlkhfr6FdDSICwHSVVD
-UPQK/dwg5c/V59YsZa8YNxN49d1uQ6GqvpMgvkwfcUcQyxxIYlqAxtWkI8AGoOXX
-1bK7Ttj+z9euk867q5YH+KP76U8EsJaltD+JLNXJzZVsOMxo8zwbDw7G0ri8jlqX
-Zuu3nsE6DBd06EyRWzPkP7Uc15Hib1ucJ60AxjBJui6gjaFvxZflt1jK7oxxTjx6
-8YL8bnR3U+XRegI1wmuRejgsF0JFKqaz6eJ+gKC0fdyoS3Y0ks+HdrioMbWnHc+T
-EL8dvFplHpUXjEzWWrQIpLecmTqptEXBqlpif24lYwHD463AGtdddQdgk3OOnh58
-li05uBuFSp6PuS7rlMSDQ2CHMCYLnyapAoFK3yAI4CyPuMWWOH64yIgy5tSr5BNO
-/mb8d+/kHFp2jWDk+de+7ZTykuO1XCjqpC3WtnZkS9TxOusiCLDwqTEaHeRZwwd7
-KO1VrOa/2iHORHd5EKVcZrOnZeEVWYH3SPTrgyoIG08IC/0sIiGnx2uH0Q==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 22 (0x16)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 14 13:48:12 2009 GMT
- Not After : Mar 14 13:48:12 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:85/0007
-
- Signature Algorithm: sha1WithRSAEncryption
- b1:9e:ce:8d:09:9e:f9:21:6f:be:f2:a7:54:6e:24:82:e3:2b:
- 88:b7:0d:e0:e2:49:33:b4:8b:ad:60:71:cc:20:23:57:cf:17:
- a8:46:c0:a7:1a:5f:8e:8d:1a:cc:0b:1b:da:a4:34:b1:d7:74:
- 1b:a7:e4:71:a1:2d:fd:2e:18:51:02:2c:93:ff:a9:f7:98:bd:
- ed:6b:4c:55:8e:24:f6:97:8e:8a:80:56:52:7a:17:da:94:96:
- fa:27:78:8c:65:40:a6:b1:d2:2a:13:fe:76:c0:0c:f2:04:3f:
- d1:88:25:c3:5a:05:ca:33:d7:bb:27:e2:8b:e8:d4:00:fd:fc:
- b6:a8:9d:27:c2:f9:ea:98:32:79:85:9d:a3:e7:bf:78:65:e8:
- 15:ef:49:48:87:a9:b2:b4:c4:cb:ec:a7:da:90:36:d6:c5:6f:
- ff:c3:85:19:13:0b:27:6a:d3:c4:e7:97:62:08:49:a3:e9:22:
- 9a:3c:d1:91:8f:6e:8e:87:47:0e:38:43:8e:5a:84:f6:9c:24:
- c1:9f:90:29:dc:38:73:72:7d:3f:d6:7f:dd:b3:d1:1d:cf:7b:
- bc:31:a6:6b:b4:be:10:06:94:69:a0:16:ef:bd:e9:e7:a2:8b:
- 18:e1:10:27:7f:9d:8a:f9:60:18:d5:93:54:d6:4e:c2:31:bf:
- 37:00:db:d5:cf:85:da:e9:7b:e4:bb:48:f3:a5:6e:ba:48:1b:
- 50:6a:10:99:f8:77:81:95:78:1b:d0:fe:d0:74:47:28:05:34:
- 32:32:5f:1f:52:42:85:f8:7a:f1:a8:87:ff:2f:6c:ec:83:09:
- 91:85:0a:43:ce:35:a2:7f:94:b6:ae:70:94:b6:0f:c9:c7:8a:
- ee:7c:a7:32:8a:ee:c3:e1:ee:01:34:c1:b8:db:98:80:4c:ac:
- 5f:ac:18:02:fa:f5:c1:36:df:39:57:57:81:b9:26:d0:81:0e:
- 75:79:18:21:29:a6:cb:eb:97:58:f2:dd:8a:88:c1:a2:c7:54:
- 9f:97:89:b1:ef:ff:11:5f:18:0a:cd:25:3e:d8:35:07:45:55:
- 1e:bb:a2:54:fc:66:ac:0f:ac:2a:77:d6:1a:a4:44:cc:5a:49:
- 37:45:70:5b:c9:3d:2c:6d:c1:7e:af:4d:9c:4f:2a:a2:d9:01:
- 3d:e2:7f:a4:f2:4b:d7:60:b1:06:a3:b4:46:35:43:1c:be:79:
- 46:a7:8a:50:ee:22:4f:b8:57:45:c9:83:8a:65:bb:7a:86:b3:
- 30:3a:7c:62:d3:b7:08:34:a7:05:0a:44:a7:57:5c:2b:b6:34:
- 03:ea:3a:61:06:c9:f2:65:16:f2:20:c5:32:0a:61:20:c9:f7:
- 07:2e:e8:d2:f2:67:c4:64
------BEGIN CERTIFICATE-----
-MIID7DCCAdSgAwIBAgIBFjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNDEzNDgxMloXDTEw
-MDMxNDEzNDgxMlowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH
-AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjg1LzAwMDcwDQYJ
-KoZIhvcNAQEFBQADggIBALGezo0Jnvkhb77yp1RuJILjK4i3DeDiSTO0i61gccwg
-I1fPF6hGwKcaX46NGswLG9qkNLHXdBun5HGhLf0uGFECLJP/qfeYve1rTFWOJPaX
-joqAVlJ6F9qUlvoneIxlQKax0ioT/nbADPIEP9GIJcNaBcoz17sn4ovo1AD9/Lao
-nSfC+eqYMnmFnaPnv3hl6BXvSUiHqbK0xMvsp9qQNtbFb//DhRkTCydq08Tnl2II
-SaPpIpo80ZGPbo6HRw44Q45ahPacJMGfkCncOHNyfT/Wf92z0R3Pe7wxpmu0vhAG
-lGmgFu+96eeiixjhECd/nYr5YBjVk1TWTsIxvzcA29XPhdrpe+S7SPOlbrpIG1Bq
-EJn4d4GVeBvQ/tB0RygFNDIyXx9SQoX4evGoh/8vbOyDCZGFCkPONaJ/lLaucJS2
-D8nHiu58pzKK7sPh7gE0wbjbmIBMrF+sGAL69cE23zlXV4G5JtCBDnV5GCEppsvr
-l1jy3YqIwaLHVJ+XibHv/xFfGArNJT7YNQdFVR67olT8ZqwPrCp31hqkRMxaSTdF
-cFvJPSxtwX6vTZxPKqLZAT3if6TyS9dgsQajtEY1Qxy+eUanilDuIk+4V0XJg4pl
-u3qGszA6fGLTtwg0pwUKRKdXXCu2NAPqOmEGyfJlFvIgxTIKYSDJ9wcu6NLyZ8Rk
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 23 (0x17)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 05:36:43 2009 GMT
- Not After : Mar 16 05:36:43 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 6C:00:26:BD:98:D4:60:DD:06:EA:CA:73:09:35:6A:7E:1F:92:D9:59
- X509v3 Authority Key Identifier:
- DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA
- serial:F2:5B:40:5B:C2:B7:D0:64
-
- Signature Algorithm: sha1WithRSAEncryption
- 5b:8c:6e:80:cd:e0:8f:cc:7d:a4:c1:d6:61:9a:78:93:eb:04:
- 85:60:12:e1:1c:6d:0d:2e:fa:2a:1e:c9:08:ac:b5:6d:a8:00:
- c8:8b:e5:1d:72:80:5a:df:d1:c9:88:10:a6:fe:35:62:11:72:
- 5f:08:e7:94:f2:0a:0b:79:0e:04:9f:4f:16:d9:45:10:67:c4:
- 5e:a2:34:a6:89:f9:67:3c:88:9e:82:d4:d4:28:42:ce:bd:c8:
- 0a:cf:b6:9f:a9:7f:a1:5d:21:58:95:64:bd:84:24:2c:00:bf:
- 29:ea:b6:f6:d2:b4:b9:03:6b:34:81:cb:5d:a8:fb:55:96:99:
- 1a:71:94:cf:37:7e:83:c5:01:a6:cb:cd:38:06:27:49:99:56:
- 38:06:19:f7:62:80:24:8c:4f:79:0f:2d:a4:b8:cc:6e:4b:35:
- 5a:d2:8e:f1:26:b4:fb:d7:85:0d:7f:c6:a2:a3:20:e5:48:b8:
- 0b:ee:a0:7d:a9:6d:e2:88:41:ee:f6:47:a6:1f:52:c2:ca:6c:
- d9:d0:53:0f:a3:db:ee:12:0f:56:cf:51:75:70:9a:1a:02:c4:
- ff:7e:46:77:75:1b:d6:d9:e2:7b:fb:a6:0f:11:49:9f:59:5d:
- 2c:d8:0f:61:eb:c4:8f:51:1a:95:ae:dd:33:0e:da:40:90:67:
- 6b:a3:7b:4d:9d:a2:53:37:c1:98:a5:c1:f5:b4:a6:dd:5e:ac:
- b3:d3:ef:9d:1a:bc:15:1b:cb:8b:b7:73:ba:bd:3d:b9:6a:18:
- e2:a2:ad:d8:54:5e:ea:81:71:ad:a1:e2:83:c9:89:3c:83:35:
- 92:80:65:46:aa:45:45:4f:a3:c5:a4:a3:32:43:05:ec:a4:9f:
- 61:5a:14:1a:0b:5b:6e:84:bf:d7:1d:fe:20:eb:c0:45:d4:92:
- f2:56:09:12:dd:1a:0d:75:9d:43:0b:0b:71:0d:c7:1b:38:63:
- b5:75:7b:f2:3e:d6:0d:07:21:ab:73:51:fe:e3:0f:36:b4:33:
- d3:94:f2:ae:42:24:b1:2e:9d:68:69:18:d2:5a:1e:64:a6:67:
- d2:40:f9:de:b5:d5:dd:15:72:de:05:a0:43:c7:b9:13:bd:e5:
- 10:fd:52:f1:27:0f:95:5a:a4:cd:5a:ba:c6:7c:bd:14:4e:46:
- 51:b1:b9:00:98:23:16:ce:ae:0a:6c:11:67:18:73:e7:d1:aa:
- e9:6e:99:82:b7:2b:f2:e7:8c:8e:b5:2a:76:16:14:57:93:5e:
- a4:7a:ec:f5:96:90:22:88:66:ca:3c:8b:92:95:2c:21:3f:a0:
- 9e:56:c5:c2:27:1a:d8:9e:fa:fd:da:3b:96:52:cc:94:cf:5f:
- d3:a8:b0:c0:f5:7c:58:f6
------BEGIN CERTIFICATE-----
-MIIEhjCCAm6gAwIBAgIBFzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjA1MzY0M1oXDTEw
-MDMxNjA1MzY0M1owYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaOB0TCBzjAJBgNVHRME
-AjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
-ZTAdBgNVHQ4EFgQUbAAmvZjUYN0G6spzCTVqfh+S2VkwdAYDVR0jBG0wa6FepFww
-WjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xETAPBgNVBAcTCFN1
-d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMQswCQYDVQQDEwJDQYIJAPJb
-QFvCt9BkMA0GCSqGSIb3DQEBBQUAA4ICAQBbjG6AzeCPzH2kwdZhmniT6wSFYBLh
-HG0NLvoqHskIrLVtqADIi+UdcoBa39HJiBCm/jViEXJfCOeU8goLeQ4En08W2UUQ
-Z8ReojSmiflnPIiegtTUKELOvcgKz7afqX+hXSFYlWS9hCQsAL8p6rb20rS5A2s0
-gctdqPtVlpkacZTPN36DxQGmy804BidJmVY4Bhn3YoAkjE95Dy2kuMxuSzVa0o7x
-JrT714UNf8aioyDlSLgL7qB9qW3iiEHu9kemH1LCymzZ0FMPo9vuEg9Wz1F1cJoa
-AsT/fkZ3dRvW2eJ7+6YPEUmfWV0s2A9h68SPURqVrt0zDtpAkGdro3tNnaJTN8GY
-pcH1tKbdXqyz0++dGrwVG8uLt3O6vT25ahjioq3YVF7qgXGtoeKDyYk8gzWSgGVG
-qkVFT6PFpKMyQwXspJ9hWhQaC1tuhL/XHf4g68BF1JLyVgkS3RoNdZ1DCwtxDccb
-OGO1dXvyPtYNByGrc1H+4w82tDPTlPKuQiSxLp1oaRjSWh5kpmfSQPnetdXdFXLe
-BaBDx7kTveUQ/VLxJw+VWqTNWrrGfL0UTkZRsbkAmCMWzq4KbBFnGHPn0arpbpmC
-tyvy54yOtSp2FhRXk16keuz1lpAiiGbKPIuSlSwhP6CeVsXCJxrYnvr92juWUsyU
-z1/TqLDA9XxY9g==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 24 (0x18)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 05:38:34 2009 GMT
- Not After : Mar 16 05:38:34 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab:
- 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68:
- fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41:
- b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07:
- 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14:
- 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3:
- 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd:
- bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57:
- 2a:e8:e8:44:0f:59:ea:e7:bf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 6C:00:26:BD:98:D4:60:DD:06:EA:CA:73:09:35:6A:7E:1F:92:D9:59
- X509v3 Authority Key Identifier:
- DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA
- serial:F2:5B:40:5B:C2:B7:D0:64
-
- Signature Algorithm: sha1WithRSAEncryption
- 5e:a6:39:dd:09:b5:6e:ef:1c:05:01:1b:91:7b:cc:26:66:0b:
- 53:f0:69:1b:ae:7e:10:42:ef:38:c7:ce:09:0f:17:c9:28:df:
- 7d:ab:e2:b6:ab:8d:56:17:38:db:e7:b0:2a:52:e0:ec:16:6a:
- cf:db:8b:31:4f:bb:88:89:2e:24:1c:db:a3:b1:c9:fb:d5:9b:
- e2:58:1d:6d:ca:cc:14:79:cc:e0:b1:27:8f:2a:a2:60:90:dc:
- 7e:bf:52:65:1d:81:14:18:65:d4:f4:af:43:00:bc:88:50:4b:
- ef:14:1a:5f:d2:7e:64:0e:fd:e0:26:cb:09:f8:b7:04:49:3e:
- 6f:56:88:fa:0d:9e:23:90:06:98:ff:75:06:29:09:9b:df:21:
- 69:e9:fa:53:a4:c0:9a:06:a7:e2:50:03:e8:13:32:db:a0:62:
- 5f:a6:0e:3b:7f:0a:d8:f7:62:56:2e:ca:4b:f7:cb:59:00:d8:
- 15:32:57:fc:67:24:8e:38:c1:7f:3a:a6:ca:ac:29:5b:b6:e6:
- e5:2b:5a:f4:52:16:e3:5b:00:f1:46:c9:29:9b:75:e3:e3:28:
- 69:fa:cb:52:69:5c:96:1b:2d:a2:ee:26:e3:df:10:fe:67:31:
- 7f:bf:3a:7c:81:8c:87:1c:7c:ba:11:96:21:23:02:f9:ab:d8:
- a7:33:ca:b2:47:12:07:c8:c7:a1:67:2a:1f:81:0d:11:f6:12:
- c2:5e:b3:82:77:fb:d6:6e:a9:e5:0e:b3:5c:49:da:c5:b6:0a:
- 3b:55:80:8a:b5:0d:ce:94:64:3f:68:f4:e9:4a:00:5b:1b:19:
- a2:29:bc:2f:a4:7c:23:ee:30:c4:48:7e:8b:c5:65:f4:1b:cc:
- 4c:5e:dc:fb:38:ed:2d:8e:2b:d8:e4:65:d4:bd:9f:9e:6f:08:
- d0:35:24:86:72:f8:0d:ec:e0:15:49:ed:2a:67:43:13:88:f8:
- fa:1f:03:e1:cb:14:e4:3c:5d:f9:78:b1:1c:a6:20:05:22:b1:
- dc:e2:3d:d4:1c:62:a6:32:61:03:ce:2a:3c:bc:08:57:65:de:
- ec:cf:26:ef:fd:1d:b8:91:f1:a7:e5:d9:2c:94:70:cb:e4:9c:
- c6:78:b6:f3:ff:e4:9b:89:aa:fa:30:1d:62:0a:a7:ba:59:57:
- 7b:40:f4:bb:47:1a:80:a7:f3:f4:da:ea:2f:e5:96:0b:7f:39:
- f7:66:0c:bb:c3:33:c9:2d:9d:36:eb:29:6a:31:1b:b9:f6:31:
- 3c:b7:fc:18:29:0f:67:a4:ca:6c:db:56:b2:fe:17:37:4d:35:
- 38:c5:e8:62:b0:94:3a:ba:da:f6:4b:6c:81:22:05:90:60:ba:
- 0d:0c:d8:d8:e2:c8:33:6a
------BEGIN CERTIFICATE-----
-MIIEhjCCAm6gAwIBAgIBGDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjA1MzgzNFoXDTEw
-MDMxNjA1MzgzNFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj
-YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR
-YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU
-Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm
-bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaOB0TCBzjAJBgNVHRME
-AjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
-ZTAdBgNVHQ4EFgQUbAAmvZjUYN0G6spzCTVqfh+S2VkwdAYDVR0jBG0wa6FepFww
-WjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xETAPBgNVBAcTCFN1
-d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMQswCQYDVQQDEwJDQYIJAPJb
-QFvCt9BkMA0GCSqGSIb3DQEBBQUAA4ICAQBepjndCbVu7xwFARuRe8wmZgtT8Gkb
-rn4QQu84x84JDxfJKN99q+K2q41WFzjb57AqUuDsFmrP24sxT7uIiS4kHNujscn7
-1ZviWB1tyswUeczgsSePKqJgkNx+v1JlHYEUGGXU9K9DALyIUEvvFBpf0n5kDv3g
-JssJ+LcEST5vVoj6DZ4jkAaY/3UGKQmb3yFp6fpTpMCaBqfiUAPoEzLboGJfpg47
-fwrY92JWLspL98tZANgVMlf8ZySOOMF/OqbKrClbtublK1r0UhbjWwDxRskpm3Xj
-4yhp+stSaVyWGy2i7ibj3xD+ZzF/vzp8gYyHHHy6EZYhIwL5q9inM8qyRxIHyMeh
-ZyofgQ0R9hLCXrOCd/vWbqnlDrNcSdrFtgo7VYCKtQ3OlGQ/aPTpSgBbGxmiKbwv
-pHwj7jDESH6LxWX0G8xMXtz7OO0tjivY5GXUvZ+ebwjQNSSGcvgN7OAVSe0qZ0MT
-iPj6HwPhyxTkPF35eLEcpiAFIrHc4j3UHGKmMmEDzio8vAhXZd7szybv/R24kfGn
-5dkslHDL5JzGeLbz/+Sbiar6MB1iCqe6WVd7QPS7RxqAp/P02uov5ZYLfzn3Zgy7
-wzPJLZ026ylqMRu59jE8t/wYKQ9npMps21ay/hc3TTU4xehisJQ6utr2S2yBIgWQ
-YLoNDNjY4sgzag==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 25 (0x19)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 06:18:33 2009 GMT
- Not After : Mar 16 06:18:33 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Second Responder Certificate
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:aa:01:31:49:34:0e:6c:b5:25:a0:da:35:71:cf:
- 9d:a7:c4:ad:27:31:ee:c2:46:fe:03:8f:4f:ed:f7:
- 75:d5:b9:01:c6:a9:8f:8d:17:ca:8c:82:82:63:ed:
- 08:d4:05:9e:31:3c:c9:66:59:41:72:63:8e:01:3e:
- a2:39:d1:9c:51:9c:c5:9a:ad:72:0d:e6:2b:19:ba:
- 45:a6:18:f6:e2:79:72:4b:5e:79:74:38:b5:86:9c:
- 57:bb:2c:e8:f5:57:9b:32:34:86:2a:2f:40:2f:5d:
- dd:9c:f5:63:d4:2e:ad:b1:d3:25:22:7c:86:89:84:
- c9:26:70:3c:c8:11:64:ed:47
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Extended Key Usage:
- OCSP Signing
- OCSP No Check:
-
- Signature Algorithm: sha1WithRSAEncryption
- 23:9f:5b:21:e4:9f:c8:2f:37:b9:e4:84:fa:72:b5:16:b1:59:
- 1d:5a:76:1a:be:ce:e2:08:d1:0e:0e:a1:ed:0a:5f:71:68:4e:
- 7e:34:f2:7f:3c:2d:5a:d2:a3:2d:b1:91:a6:46:c4:13:ac:5f:
- 2f:35:23:f2:d9:19:16:74:ee:1e:18:b8:43:7c:d0:7a:33:96:
- 0b:ae:12:be:91:68:1b:98:7f:b3:5e:a2:c1:d8:64:e9:b6:24:
- 3c:ef:f3:b7:0a:66:f9:8b:9b:9d:30:10:f5:95:97:83:41:6e:
- 22:f7:1c:19:d6:da:6a:92:e1:28:79:f7:7d:60:12:f8:fe:e1:
- 79:f7:8b:b5:04:a3:9d:b5:cb:a7:e6:b2:50:a4:48:ee:e6:d5:
- 6e:ea:b6:3a:ca:c8:11:3a:4d:c1:20:e5:4b:d2:59:f3:af:40:
- a9:4f:aa:81:1a:2d:4b:c2:99:43:fa:11:05:85:11:cf:ec:9b:
- b3:96:4e:62:8e:3e:3c:64:82:df:50:ab:6a:31:e6:66:35:c0:
- c5:dd:c2:a3:ba:f1:2b:66:7f:19:ba:3e:05:e8:e4:69:48:33:
- 9a:89:39:2c:dc:b1:98:02:b5:18:8d:11:54:a9:40:27:2b:38:
- 42:a4:fc:ea:46:80:0a:07:c7:a6:af:0a:2a:47:6d:bb:44:e8:
- 3e:b7:27:ba:7b:1f:3a:00:c5:7f:de:96:88:dd:6b:bc:65:19:
- 8f:39:96:53:13:78:4d:59:d8:76:5b:17:eb:57:71:2d:fb:2a:
- b5:c9:d3:ea:af:9b:7c:39:88:82:c5:13:8a:d8:d5:4c:f5:90:
- 25:dd:11:ef:f4:d2:5b:4f:e7:d8:d7:ee:c6:7b:2f:59:6d:55:
- 54:3f:6e:ac:16:f4:3d:8a:b3:76:65:f6:13:6c:e8:6d:68:bf:
- 2b:79:66:ed:9a:02:e7:4e:3b:65:cd:de:38:84:bc:7b:56:a2:
- e6:bb:88:f1:54:71:eb:4d:04:e7:13:80:44:73:53:66:90:ef:
- c7:c4:cf:e6:87:91:2c:cf:23:06:95:16:08:90:6a:9d:df:06:
- 51:89:39:f0:61:5c:b8:79:7d:c4:ad:c4:4c:26:30:3d:13:bc:
- ac:4f:bb:69:42:e1:28:89:1d:ac:1e:a7:81:86:4e:fd:4d:ba:
- 06:a4:9b:33:06:e0:39:76:52:52:12:eb:c4:be:f5:e9:c9:ff:
- 73:df:f2:6c:73:27:64:60:5d:1b:5f:9c:07:8e:89:10:a3:27:
- 15:0e:7b:08:1e:a2:57:8c:f2:a5:e6:4c:86:4a:03:7a:45:a1:
- ee:40:71:15:17:55:a3:7d:24:33:b3:57:46:11:07:c6:19:a0:
- 50:aa:3a:97:7a:41:36:dc
------BEGIN CERTIFICATE-----
-MIID2jCCAcKgAwIBAgIBGTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjA2MTgzM1oXDTEw
-MDMxNjA2MTgzM1owYTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJTAjBgNVBAMTHFNlY29uZCBSZXNwb25k
-ZXIgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKoBMUk0
-Dmy1JaDaNXHPnafErScx7sJG/gOPT+33ddW5Acapj40XyoyCgmPtCNQFnjE8yWZZ
-QXJjjgE+ojnRnFGcxZqtcg3mKxm6RaYY9uJ5ckteeXQ4tYacV7ss6PVXmzI0hiov
-QC9d3Zz1Y9QurbHTJSJ8homEySZwPMgRZO1HAgMBAAGjKDAmMBMGA1UdJQQMMAoG
-CCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQADggIBACOf
-WyHkn8gvN7nkhPpytRaxWR1adhq+zuII0Q4Ooe0KX3FoTn408n88LVrSoy2xkaZG
-xBOsXy81I/LZGRZ07h4YuEN80HozlguuEr6RaBuYf7NeosHYZOm2JDzv87cKZvmL
-m50wEPWVl4NBbiL3HBnW2mqS4Sh5931gEvj+4Xn3i7UEo521y6fmslCkSO7m1W7q
-tjrKyBE6TcEg5UvSWfOvQKlPqoEaLUvCmUP6EQWFEc/sm7OWTmKOPjxkgt9Qq2ox
-5mY1wMXdwqO68Stmfxm6PgXo5GlIM5qJOSzcsZgCtRiNEVSpQCcrOEKk/OpGgAoH
-x6avCipHbbtE6D63J7p7HzoAxX/elojda7xlGY85llMTeE1Z2HZbF+tXcS37KrXJ
-0+qvm3w5iILFE4rY1Uz1kCXdEe/00ltP59jX7sZ7L1ltVVQ/bqwW9D2Ks3Zl9hNs
-6G1ovyt5Zu2aAudOO2XN3jiEvHtWoua7iPFUcetNBOcTgERzU2aQ78fEz+aHkSzP
-IwaVFgiQap3fBlGJOfBhXLh5fcStxEwmMD0TvKxPu2lC4SiJHawep4GGTv1Nugak
-mzMG4Dl2UlIS68S+9enJ/3Pf8mxzJ2RgXRtfnAeOiRCjJxUOewgeoleM8qXmTIZK
-A3pFoe5AcRUXVaN9JDOzV0YRB8YZoFCqOpd6QTbc
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 26 (0x1a)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 11:42:26 2009 GMT
- Not After : Mar 16 11:42:26 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
- 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
- cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
- ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
- 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
- b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
- ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
- 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
- c7:92:f2:b3:ba:6c:90:3d:71
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Extended Key Usage:
- OCSP No Check
- Signature Algorithm: sha1WithRSAEncryption
- a9:46:f1:69:d0:17:5c:84:65:ff:4e:17:ba:5a:3a:2a:f5:75:
- ec:c2:2f:50:1a:fc:ce:7e:b0:9f:16:bd:51:fd:27:51:1a:8f:
- 8c:d9:b1:c3:27:e9:b4:77:17:2d:d8:fc:e9:fe:e0:57:35:08:
- 8f:f2:50:18:9b:e9:14:90:c2:e2:94:1b:19:18:9d:df:c1:20:
- 9f:fd:4c:31:a1:b6:68:41:b6:93:66:04:74:03:d4:34:a2:cb:
- bd:88:3a:36:9c:c0:a0:79:52:33:3d:c5:9f:fb:3e:32:24:cb:
- 68:aa:78:d2:24:a3:44:39:55:28:3d:20:9a:c0:e9:98:cf:44:
- 40:74:4c:83:83:8d:1d:2a:ce:f8:1d:b4:3c:f1:ca:60:5c:58:
- 4a:7c:a9:6d:96:1c:96:16:82:7d:0c:14:26:6d:b6:e4:2f:05:
- 4c:6f:0a:ed:59:aa:43:f8:e7:f5:a2:a5:01:c0:32:87:32:73:
- fe:e4:b2:c0:ee:07:cf:f3:07:e4:e5:16:c2:07:91:7c:01:8c:
- 5d:89:38:40:c6:43:80:ac:fb:cc:27:5a:de:9b:c7:70:c6:5b:
- 2e:c8:c7:f9:08:2f:42:7e:ee:44:6e:50:29:5b:19:2f:16:fb:
- 0d:16:f9:43:f3:82:c2:c0:ed:2d:a2:51:f2:1c:07:61:1b:2e:
- c4:be:f4:7d:20:83:a9:0d:ff:bb:ec:86:c5:c5:5e:57:66:70:
- 06:f1:0e:89:ba:a7:6b:39:dd:46:46:dc:a6:ec:fe:c8:44:4e:
- bd:1d:d5:9b:2b:a2:df:04:9d:40:35:ce:35:3b:d1:b7:91:5c:
- e6:5f:83:23:a2:9e:d5:be:46:9f:6a:43:4c:36:86:4c:a9:a5:
- ce:05:e1:c2:65:9b:70:cd:67:63:c7:a5:1b:01:0d:3e:c3:cd:
- 91:3e:65:33:72:2b:38:14:db:18:bb:f9:1a:3d:80:92:fb:66:
- 86:06:29:0b:48:ef:91:35:e6:00:8f:81:22:3f:3a:36:af:9c:
- 7f:9e:b1:f5:40:ab:43:8b:ff:f2:a2:0a:8d:7e:23:e3:97:3a:
- 72:3d:70:fb:25:61:e0:a6:26:b3:d8:6e:62:77:ab:be:b8:16:
- 88:2e:b5:0c:9a:44:e9:7f:01:96:d1:29:08:b1:a3:55:00:97:
- ff:9d:2f:68:b8:bb:88:8f:03:47:4c:39:a9:62:fe:e0:fa:eb:
- 4c:f2:f6:0e:23:43:ca:83:cb:54:84:79:c4:72:9d:1b:02:97:
- ec:4a:50:5f:cd:10:ba:89:fb:4f:2e:df:50:06:be:55:fd:30:
- c9:ca:58:94:a3:d3:e3:42:83:21:79:89:f7:dd:eb:46:f0:9a:
- 88:1b:26:d9:a5:de:4b:c7
------BEGIN CERTIFICATE-----
-MIIDvDCCAaSgAwIBAgIBGjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjExNDIyNloXDTEw
-MDMxNjExNDIyNlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
-rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
-sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
-j9ppRseS8rO6bJA9cQIDAQABoxgwFjAUBgNVHSUEDTALBgkrBgEFBQcwAQUwDQYJ
-KoZIhvcNAQEFBQADggIBAKlG8WnQF1yEZf9OF7paOir1dezCL1Aa/M5+sJ8WvVH9
-J1Eaj4zZscMn6bR3Fy3Y/On+4Fc1CI/yUBib6RSQwuKUGxkYnd/BIJ/9TDGhtmhB
-tpNmBHQD1DSiy72IOjacwKB5UjM9xZ/7PjIky2iqeNIko0Q5VSg9IJrA6ZjPREB0
-TIODjR0qzvgdtDzxymBcWEp8qW2WHJYWgn0MFCZttuQvBUxvCu1ZqkP45/WipQHA
-Mocyc/7kssDuB8/zB+TlFsIHkXwBjF2JOEDGQ4Cs+8wnWt6bx3DGWy7Ix/kIL0J+
-7kRuUClbGS8W+w0W+UPzgsLA7S2iUfIcB2EbLsS+9H0gg6kN/7vshsXFXldmcAbx
-Dom6p2s53UZG3Kbs/shETr0d1Zsrot8EnUA1zjU70beRXOZfgyOintW+Rp9qQ0w2
-hkyppc4F4cJlm3DNZ2PHpRsBDT7DzZE+ZTNyKzgU2xi7+Ro9gJL7ZoYGKQtI75E1
-5gCPgSI/OjavnH+esfVAq0OL//KiCo1+I+OXOnI9cPslYeCmJrPYbmJ3q764Fogu
-tQyaROl/AZbRKQixo1UAl/+dL2i4u4iPA0dMOali/uD660zy9g4jQ8qDy1SEecRy
-nRsCl+xKUF/NELqJ+08u31AGvlX9MMnKWJSj0+NCgyF5iffd60bwmogbJtml3kvH
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 27 (0x1b)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 11:56:53 2009 GMT
- Not After : Mar 16 11:56:53 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
- 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
- cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
- ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
- 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
- b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
- ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
- 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
- c7:92:f2:b3:ba:6c:90:3d:71
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- OCSP No Check:
-
- Signature Algorithm: sha1WithRSAEncryption
- 30:ef:e6:6f:c4:15:ce:e0:09:3e:ab:07:cb:30:ca:64:77:a0:
- cb:ca:9e:0e:b5:57:10:16:65:f3:f6:ff:76:c6:30:f1:28:5b:
- 0f:9e:57:dd:fc:0a:b2:45:7b:ff:2a:e5:52:5c:39:62:cf:ff:
- 20:06:e5:d4:50:d9:20:07:29:65:db:4a:96:b3:62:6e:3c:8e:
- fc:8c:16:2f:b7:e6:82:13:e5:c9:47:ae:79:25:6c:1b:90:01:
- 53:3a:d6:65:9d:3f:0d:b4:69:cc:72:e1:e1:5b:f3:bc:80:5d:
- a0:a0:3a:be:99:59:e2:b4:84:eb:53:91:b7:f5:87:0c:e6:81:
- 47:b2:be:28:5f:7c:26:df:18:ea:fc:7f:36:bb:3d:a3:9a:2b:
- 86:04:32:26:7e:25:12:45:d0:56:6e:a7:d1:43:7d:f2:d4:85:
- d3:a6:4e:9d:82:3b:15:77:5b:b5:77:7d:37:06:1c:84:ed:09:
- bc:21:bb:fd:56:89:ee:f7:7d:8d:8f:ae:ab:37:5a:c0:9e:17:
- 43:77:19:b3:2f:26:4b:1d:68:e3:95:0f:f9:09:6a:27:a5:26:
- e0:00:cc:a4:7d:4c:89:a4:d9:54:56:5c:80:10:b2:eb:23:9d:
- 53:64:ac:45:7e:85:ff:4b:34:29:56:91:8a:a6:9d:19:9f:0c:
- 1a:c3:3a:82:eb:9f:0e:ab:a2:18:0a:d9:cd:20:bb:1a:33:51:
- 38:c6:5b:7e:bf:fe:6f:cd:96:b9:b3:22:7e:99:b0:5b:52:e0:
- a6:3b:07:87:28:83:18:12:cb:5e:d1:8e:29:52:e1:16:9e:a1:
- 7e:0a:5c:2c:e2:e1:9d:2d:19:ce:c5:f3:f0:a1:99:18:5f:6d:
- ea:07:8e:b5:0e:ab:e3:76:b8:f3:22:77:2b:52:70:4d:d3:9a:
- 26:85:81:2c:13:70:d7:5e:da:0a:13:64:74:f4:22:98:33:c6:
- 1f:99:6c:6a:55:7a:05:e6:51:7e:9b:ae:27:ff:68:4b:a9:5b:
- 71:69:9f:fe:86:3f:3e:5d:47:8f:72:4b:07:2e:9a:29:07:36:
- e3:2c:dd:94:72:f6:9b:04:b4:18:2a:49:c6:b6:1c:7f:e5:81:
- ea:21:13:ca:50:0e:fe:b0:47:04:4d:52:b0:dc:39:50:a5:ac:
- 4c:7a:72:c8:a3:c9:d3:f2:07:dc:1b:bc:83:e7:6c:9d:2a:a9:
- c0:0a:5f:ff:d1:fc:d3:8f:fe:8c:b3:58:64:b5:d6:44:6a:7e:
- b5:23:ea:7d:18:a5:f3:e1:7a:d1:56:cf:7d:05:b9:29:fc:28:
- c1:e7:50:37:49:c7:17:69:73:d1:91:ac:d0:a3:ef:c1:99:1d:
- 91:f6:55:9b:46:b6:46:4e
------BEGIN CERTIFICATE-----
-MIIDtzCCAZ+gAwIBAgIBGzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjExNTY1M1oXDTEw
-MDMxNjExNTY1M1owUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
-rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
-sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
-j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3
-DQEBBQUAA4ICAQAw7+ZvxBXO4Ak+qwfLMMpkd6DLyp4OtVcQFmXz9v92xjDxKFsP
-nlfd/AqyRXv/KuVSXDliz/8gBuXUUNkgByll20qWs2JuPI78jBYvt+aCE+XJR655
-JWwbkAFTOtZlnT8NtGnMcuHhW/O8gF2goDq+mVnitITrU5G39YcM5oFHsr4oX3wm
-3xjq/H82uz2jmiuGBDImfiUSRdBWbqfRQ33y1IXTpk6dgjsVd1u1d303BhyE7Qm8
-Ibv9Vonu932Nj66rN1rAnhdDdxmzLyZLHWjjlQ/5CWonpSbgAMykfUyJpNlUVlyA
-ELLrI51TZKxFfoX/SzQpVpGKpp0ZnwwawzqC658Oq6IYCtnNILsaM1E4xlt+v/5v
-zZa5syJ+mbBbUuCmOweHKIMYEste0Y4pUuEWnqF+Clws4uGdLRnOxfPwoZkYX23q
-B461DqvjdrjzIncrUnBN05omhYEsE3DXXtoKE2R09CKYM8YfmWxqVXoF5lF+m64n
-/2hLqVtxaZ/+hj8+XUePcksHLpopBzbjLN2UcvabBLQYKknGthx/5YHqIRPKUA7+
-sEcETVKw3DlQpaxMenLIo8nT8gfcG7yD52ydKqnACl//0fzTj/6Ms1hktdZEan61
-I+p9GKXz4XrRVs99Bbkp/CjB51A3SccXaXPRkazQo+/BmR2R9lWbRrZGTg==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 28 (0x1c)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 12:10:50 2009 GMT
- Not After : Mar 16 12:10:50 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
- 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
- cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
- ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
- 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
- b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
- ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
- 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
- c7:92:f2:b3:ba:6c:90:3d:71
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- OCSP No Check:
-
- Signature Algorithm: sha1WithRSAEncryption
- 9e:15:66:51:b4:ba:c2:50:57:2f:fb:35:bd:43:53:67:26:73:
- 96:30:ae:28:d3:fb:b6:d1:4c:e4:bb:1a:c6:f3:e4:40:b6:bb:
- a8:85:c8:1f:e8:09:cd:5a:ec:c2:4d:21:7c:24:85:c2:78:1d:
- 97:1f:65:41:50:4c:f7:c2:87:0d:5f:1b:0e:30:b1:66:97:9b:
- 4d:d3:32:27:e2:a5:50:17:80:55:0b:d7:4e:ae:9d:94:c1:4f:
- c3:98:f4:d7:64:9c:e5:c9:16:e0:2a:11:8e:27:8d:00:d8:5d:
- 3d:61:15:8b:0d:16:39:f1:71:a1:d4:0c:28:fe:d8:47:09:d7:
- be:00:95:39:3b:c0:1c:b2:fd:c4:74:e0:97:df:61:4d:90:db:
- 7f:bf:85:21:72:91:90:fa:19:67:6e:cf:ef:61:86:0d:6d:60:
- c6:9b:83:5a:44:fb:d6:d2:1f:f1:2b:5e:0f:3d:6c:a3:07:c3:
- e6:99:13:73:53:71:b5:29:97:d9:43:73:f7:f5:47:41:08:92:
- 59:22:95:3e:8d:5e:ff:3f:ad:17:2f:b4:2d:da:b8:5e:09:5a:
- 23:c7:b4:eb:cb:3b:b8:83:e9:1c:5c:72:df:65:52:36:54:2f:
- 73:0c:57:89:32:80:a4:3e:80:5b:d4:cf:84:73:63:62:27:86:
- 0a:61:51:63:1a:58:e8:ed:09:5b:a7:99:97:a3:e6:00:ee:46:
- e5:b7:c6:2f:2f:1a:57:8c:8b:e4:ff:19:f1:eb:3d:8a:ef:a6:
- ea:3b:7e:d8:82:d6:cf:ff:fc:56:b9:85:4d:9a:21:a4:05:d3:
- 3a:9a:84:b6:cc:2a:d5:7b:08:2b:00:fe:de:aa:55:53:4f:5c:
- d1:a3:61:8e:44:d3:85:22:ab:88:a6:79:dc:8d:b4:39:e7:28:
- 5a:30:68:10:bc:94:19:95:5f:6c:58:94:a4:05:da:5e:d9:1e:
- ae:7b:50:cc:33:e8:db:b6:8f:ee:2e:28:da:fe:31:18:c1:a8:
- 50:d9:2b:5c:b1:f8:1b:f5:ab:35:28:31:ca:85:3e:2b:14:0f:
- 5a:49:94:6e:1b:3e:d7:ee:8b:ee:51:f2:24:7e:a6:d7:fd:b3:
- 48:7e:e1:39:d9:e5:fa:4a:72:2c:4e:6f:64:39:48:88:23:3b:
- 23:b3:7f:b1:aa:07:76:37:49:e1:81:fa:57:e5:58:d6:b8:bd:
- e1:84:e4:47:7e:02:23:3c:21:3e:51:42:c5:ad:dd:41:1c:e5:
- 27:17:c0:2c:cf:11:f0:19:ab:96:92:f3:d8:88:df:11:bc:7f:
- 05:aa:14:03:7f:4b:31:2a:8f:1b:00:79:4e:bd:1e:71:24:3f:
- c8:27:5a:e6:a7:8a:87:3e
------BEGIN CERTIFICATE-----
-MIIDtzCCAZ+gAwIBAgIBHDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyMTA1MFoXDTEw
-MDMxNjEyMTA1MFowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
-rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
-sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
-j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3
-DQEBBQUAA4ICAQCeFWZRtLrCUFcv+zW9Q1NnJnOWMK4o0/u20UzkuxrG8+RAtruo
-hcgf6AnNWuzCTSF8JIXCeB2XH2VBUEz3wocNXxsOMLFml5tN0zIn4qVQF4BVC9dO
-rp2UwU/DmPTXZJzlyRbgKhGOJ40A2F09YRWLDRY58XGh1Awo/thHCde+AJU5O8Ac
-sv3EdOCX32FNkNt/v4UhcpGQ+hlnbs/vYYYNbWDGm4NaRPvW0h/xK14PPWyjB8Pm
-mRNzU3G1KZfZQ3P39UdBCJJZIpU+jV7/P60XL7Qt2rheCVojx7Tryzu4g+kcXHLf
-ZVI2VC9zDFeJMoCkPoBb1M+Ec2NiJ4YKYVFjGljo7Qlbp5mXo+YA7kblt8YvLxpX
-jIvk/xnx6z2K76bqO37YgtbP//xWuYVNmiGkBdM6moS2zCrVewgrAP7eqlVTT1zR
-o2GORNOFIquIpnncjbQ55yhaMGgQvJQZlV9sWJSkBdpe2R6ue1DMM+jbto/uLija
-/jEYwahQ2Stcsfgb9as1KDHKhT4rFA9aSZRuGz7X7ovuUfIkfqbX/bNIfuE52eX6
-SnIsTm9kOUiIIzsjs3+xqgd2N0nhgfpX5VjWuL3hhORHfgIjPCE+UULFrd1BHOUn
-F8AszxHwGauWkvPYiN8RvH8FqhQDf0sxKo8bAHlOvR5xJD/IJ1rmp4qHPg==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 29 (0x1d)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 12:12:56 2009 GMT
- Not After : Mar 16 12:12:56 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
- 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
- cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
- ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
- 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
- b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
- ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
- 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
- c7:92:f2:b3:ba:6c:90:3d:71
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- OCSP No Check:
-
- Signature Algorithm: sha1WithRSAEncryption
- 08:72:72:7b:9c:62:fb:4d:ed:66:dc:d9:f2:db:a0:89:0e:ff:
- 04:54:3a:16:60:e4:d9:c8:68:44:54:ee:27:a9:8a:45:ff:26:
- 7e:05:1e:c9:61:cd:f3:54:25:d8:72:6e:6f:87:a1:65:ad:cd:
- f4:8b:86:8f:5e:20:ab:82:4f:ac:1e:ec:a7:fd:66:2b:33:73:
- 64:44:36:8a:a8:3e:fa:9c:48:ce:ec:52:a9:23:51:94:4b:61:
- 55:d5:ea:83:95:30:a2:af:ef:69:ac:bc:48:47:bd:5f:18:5a:
- 64:71:6c:65:a9:e7:fd:d2:c1:5f:56:68:6c:90:74:f9:a3:35:
- 92:7d:aa:d9:d7:64:20:6d:84:d1:53:a8:b8:06:05:83:5f:e2:
- e4:94:81:55:09:df:3d:88:fb:76:f1:ee:59:67:75:41:70:77:
- fe:7c:c2:b6:d3:7a:13:a0:ab:99:62:7a:fc:5e:d2:ea:d0:99:
- 91:3a:57:8b:01:99:3a:78:3b:6c:b6:8d:1b:9d:21:69:90:28:
- 34:c6:f3:14:81:94:d3:9d:5c:d2:0b:44:78:29:f9:fb:c2:e8:
- 30:47:eb:27:ab:8b:b5:d4:28:a3:6d:fa:83:5d:13:76:da:d2:
- da:77:c3:d0:e0:d3:8b:c1:6e:e4:e0:94:b3:6a:4d:60:9b:84:
- 24:02:75:ca:89:4b:60:83:51:3a:7a:b1:c7:e7:d4:55:40:fa:
- ac:7e:1b:c4:f4:d9:01:e2:84:e7:16:20:92:68:6f:dd:2f:a5:
- 5a:c5:40:24:9f:89:e9:53:43:02:76:ea:a2:be:17:de:c8:da:
- fa:0e:2a:b8:98:25:0f:c9:2e:31:6f:a9:bf:ec:54:09:bf:e0:
- 74:af:23:bd:ee:b1:c4:2b:91:8a:dc:c4:14:e5:52:c9:c8:fd:
- ae:c0:87:e1:8e:a9:b5:25:2b:ce:43:fa:3a:2a:02:fb:2f:9a:
- 04:7a:39:e1:8f:84:99:4c:61:6a:24:7c:a3:66:bc:93:80:4e:
- 14:22:bc:fb:eb:a0:2f:e2:5a:be:01:c5:3d:76:72:ce:d6:be:
- e7:e0:01:27:ca:22:35:1b:81:84:c4:d6:ee:24:8d:f0:be:cd:
- 0e:a8:85:29:f2:23:20:23:52:14:4a:c0:8a:ac:9a:d6:14:63:
- 01:1f:41:f7:8c:c5:18:4e:39:64:05:f6:da:44:a3:18:1a:6f:
- 77:62:40:f2:e5:d6:ab:4d:55:8b:ed:76:f6:73:80:de:1c:b9:
- 69:84:11:aa:e2:56:07:e6:0a:a1:41:4b:a5:b4:92:f4:30:48:
- 4d:df:e6:a6:52:97:84:8d:7e:04:24:99:d1:93:a4:55:8b:d7:
- c9:82:44:63:74:f3:1f:d5
------BEGIN CERTIFICATE-----
-MIIDtzCCAZ+gAwIBAgIBHTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyMTI1NloXDTEw
-MDMxNjEyMTI1NlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
-rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
-sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
-j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3
-DQEBBQUAA4ICAQAIcnJ7nGL7Te1m3Nny26CJDv8EVDoWYOTZyGhEVO4nqYpF/yZ+
-BR7JYc3zVCXYcm5vh6Flrc30i4aPXiCrgk+sHuyn/WYrM3NkRDaKqD76nEjO7FKp
-I1GUS2FV1eqDlTCir+9prLxIR71fGFpkcWxlqef90sFfVmhskHT5ozWSfarZ12Qg
-bYTRU6i4BgWDX+LklIFVCd89iPt28e5ZZ3VBcHf+fMK203oToKuZYnr8XtLq0JmR
-OleLAZk6eDtsto0bnSFpkCg0xvMUgZTTnVzSC0R4Kfn7wugwR+snq4u11CijbfqD
-XRN22tLad8PQ4NOLwW7k4JSzak1gm4QkAnXKiUtgg1E6erHH59RVQPqsfhvE9NkB
-4oTnFiCSaG/dL6VaxUAkn4npU0MCduqivhfeyNr6Diq4mCUPyS4xb6m/7FQJv+B0
-ryO97rHEK5GK3MQU5VLJyP2uwIfhjqm1JSvOQ/o6KgL7L5oEejnhj4SZTGFqJHyj
-ZryTgE4UIrz766Av4lq+AcU9dnLO1r7n4AEnyiI1G4GExNbuJI3wvs0OqIUp8iMg
-I1IUSsCKrJrWFGMBH0H3jMUYTjlkBfbaRKMYGm93YkDy5darTVWL7Xb2c4DeHLlp
-hBGq4lYH5gqhQUultJL0MEhN3+amUpeEjX4EJJnRk6RVi9fJgkRjdPMf1Q==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 30 (0x1e)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 12:13:11 2009 GMT
- Not After : Mar 16 12:13:11 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
- 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
- cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
- ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
- 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
- b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
- ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
- 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
- c7:92:f2:b3:ba:6c:90:3d:71
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- OCSP No Check:
-
- X509v3 Extended Key Usage:
- OCSP Signing
- Signature Algorithm: sha1WithRSAEncryption
- 8f:da:fe:f8:bb:53:ba:a5:4a:ed:09:6e:4e:5e:10:3f:aa:ce:
- b4:49:9e:53:d9:66:ff:3c:1e:d6:b4:7b:b5:ca:74:7e:11:12:
- 2e:da:a5:9b:2d:81:40:aa:f6:06:4a:df:43:59:63:cd:31:05:
- 8b:20:4b:1d:c0:66:e7:02:c5:6f:b3:a6:5e:ad:73:fc:88:61:
- e7:b4:fe:59:c7:3b:85:4c:06:97:87:5f:c3:80:fc:28:29:b4:
- 2d:c6:3b:ea:ac:4d:ce:d8:f3:f7:ca:45:9c:23:33:80:23:da:
- 83:39:a7:d6:51:a0:a2:79:56:48:f3:2b:ca:c4:31:56:09:ab:
- 2e:c8:50:0a:24:c1:36:3e:11:5d:cd:1b:9b:d7:38:59:70:a1:
- ea:de:50:fa:44:37:33:1a:b3:24:b7:a6:29:3c:21:1e:66:cf:
- 23:65:12:90:01:20:1a:b4:be:39:ff:7e:bf:55:17:5f:bd:fc:
- 77:67:12:15:c9:9c:42:7f:49:f5:6f:96:15:68:ba:e9:b1:16:
- dc:ac:92:b0:26:55:2e:1f:90:62:1c:da:29:94:1c:17:d3:92:
- 6b:1d:83:bc:ac:cb:3f:b9:d1:e4:e2:a4:67:f4:c0:a1:21:ff:
- 3f:92:ab:9a:d2:6f:8b:0b:f9:a0:75:b2:da:20:38:08:b6:b9:
- 1c:b8:8a:af:c8:67:63:f2:53:fa:9e:0c:8f:3d:fa:5d:07:0d:
- af:96:10:e6:fa:6f:76:c4:7e:ac:82:e7:2c:04:c4:7b:66:be:
- 25:69:f9:cb:10:1d:8f:29:6a:f1:0b:50:b3:00:d6:47:75:03:
- b6:34:96:60:f8:32:e2:9b:a0:b2:71:e4:6f:31:4f:d3:64:48:
- d3:01:27:ba:e8:11:76:36:86:7e:74:9d:44:cd:25:bc:7f:90:
- f7:64:a1:10:ae:75:82:f9:5d:b6:65:83:5b:71:19:89:9d:0e:
- 70:01:46:bf:86:d2:82:cf:ca:c5:c6:34:54:67:ea:e4:9c:32:
- db:12:ad:d2:8d:78:9b:07:cb:06:f1:f0:3c:0a:56:70:11:9b:
- 71:2d:41:1c:b5:81:cf:a1:6f:2e:17:f5:54:99:ea:c0:79:e5:
- d0:0c:df:50:2a:aa:ff:e3:8b:a3:66:2a:9f:f0:84:b6:8f:e6:
- 8e:fd:d9:91:e5:8c:8b:5b:d1:77:d7:1d:b1:06:b6:1e:48:32:
- 82:d5:28:f2:24:40:2e:71:5c:e1:16:1e:14:2d:77:22:d3:ab:
- 84:b6:c0:ad:67:3d:b2:a6:15:f8:00:f9:95:f7:32:05:3b:e7:
- a7:41:62:16:3f:f6:55:f1:c0:9e:6a:c5:00:a1:9c:78:27:58:
- ea:80:17:5f:80:fa:9d:b0
------BEGIN CERTIFICATE-----
-MIIDzDCCAbSgAwIBAgIBHjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyMTMxMVoXDTEw
-MDMxNjEyMTMxMVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
-rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
-sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
-j9ppRseS8rO6bJA9cQIDAQABoygwJjAPBgkrBgEFBQcwAQUEAgUAMBMGA1UdJQQM
-MAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA4ICAQCP2v74u1O6pUrtCW5OXhA/
-qs60SZ5T2Wb/PB7WtHu1ynR+ERIu2qWbLYFAqvYGSt9DWWPNMQWLIEsdwGbnAsVv
-s6ZerXP8iGHntP5ZxzuFTAaXh1/DgPwoKbQtxjvqrE3O2PP3ykWcIzOAI9qDOafW
-UaCieVZI8yvKxDFWCasuyFAKJME2PhFdzRub1zhZcKHq3lD6RDczGrMkt6YpPCEe
-Zs8jZRKQASAatL45/36/VRdfvfx3ZxIVyZxCf0n1b5YVaLrpsRbcrJKwJlUuH5Bi
-HNoplBwX05JrHYO8rMs/udHk4qRn9MChIf8/kqua0m+LC/mgdbLaIDgItrkcuIqv
-yGdj8lP6ngyPPfpdBw2vlhDm+m92xH6sgucsBMR7Zr4lafnLEB2PKWrxC1CzANZH
-dQO2NJZg+DLim6CyceRvMU/TZEjTASe66BF2NoZ+dJ1EzSW8f5D3ZKEQrnWC+V22
-ZYNbcRmJnQ5wAUa/htKCz8rFxjRUZ+rknDLbEq3SjXibB8sG8fA8ClZwEZtxLUEc
-tYHPoW8uF/VUmerAeeXQDN9QKqr/44ujZiqf8IS2j+aO/dmR5YyLW9F31x2xBrYe
-SDKC1SjyJEAucVzhFh4ULXci06uEtsCtZz2yphX4APmV9zIFO+enQWIWP/ZV8cCe
-asUAoZx4J1jqgBdfgPqdsA==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 31 (0x1f)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 12:18:09 2009 GMT
- Not After : Mar 16 12:18:09 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
- 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
- cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
- ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
- 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
- b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
- ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
- 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
- c7:92:f2:b3:ba:6c:90:3d:71
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- OCSP No Check:
-
- X509v3 Extended Key Usage:
- OCSP Signing
- Signature Algorithm: sha1WithRSAEncryption
- 79:52:2d:07:c5:c3:28:24:6e:4e:fa:96:bc:67:29:f8:1c:1d:
- b0:c9:ea:1a:5a:1b:6c:a6:c8:c2:05:3f:3c:2c:8d:23:6c:5e:
- 04:09:ae:80:d5:a6:0b:72:6b:58:29:45:4f:38:f6:01:14:0e:
- fd:6a:c3:80:8d:a6:1c:05:e9:9f:a5:a9:93:0a:f3:2a:6b:47:
- dd:b9:77:4f:89:e9:e8:15:ae:46:d1:55:0e:79:d2:63:df:0a:
- 28:c6:c3:6b:d9:b8:66:6a:b1:28:15:68:ec:33:2d:51:9e:eb:
- 08:12:61:5c:6d:17:b9:6c:db:33:b6:e4:99:4f:7c:3e:3c:31:
- 28:04:8a:d9:a8:dd:43:b4:80:4c:3d:8f:43:a8:d4:8b:da:f5:
- 04:7d:0c:c3:f7:c3:75:ab:b1:a9:a3:7e:f1:d0:44:46:99:c0:
- 7f:00:ce:3d:82:b4:07:4b:37:5f:68:49:99:d9:9d:c9:b0:ab:
- 8b:45:2b:cd:b0:19:33:3a:81:8e:25:1e:e8:ad:b7:1c:8b:0a:
- 18:96:e2:78:cc:53:ef:fc:b4:90:46:55:7b:d6:3b:8f:cf:e0:
- 7f:f9:0e:41:04:a4:06:3e:9c:86:6e:c8:2c:11:de:6a:8b:82:
- a5:49:70:d2:ac:3a:45:4a:c9:fb:1e:a5:4c:0e:1d:88:b5:86:
- ac:08:a6:57:61:6c:1c:7f:63:7a:44:ad:50:16:f8:f9:2f:22:
- 4b:ba:ae:22:fc:b9:58:fe:9d:b4:31:a8:7d:f5:86:18:03:01:
- 7b:51:c1:57:7f:62:77:1d:e6:98:06:1c:da:7f:cd:f0:e8:12:
- 9c:7e:70:c3:bc:bd:db:18:de:57:f3:4c:1a:6a:b6:e1:24:3f:
- 2c:2d:3e:ee:7f:01:45:84:09:5f:cf:ff:a6:26:a9:36:8e:13:
- d8:f5:72:85:4a:0e:55:a5:6c:27:ef:91:e4:1c:93:f4:93:75:
- c4:b5:22:16:b3:af:ec:81:72:dd:f2:4c:a4:f5:99:00:f7:e8:
- f1:9e:a1:e3:a1:dd:ea:e3:5e:47:d1:ea:72:cb:6d:b6:60:cc:
- de:3c:f4:cf:7e:c1:3d:bf:c1:34:88:cb:ee:a2:23:2e:72:ca:
- 56:f2:ec:9b:16:3b:5e:8e:02:0f:d5:7e:d2:8a:49:26:fb:59:
- 3f:6c:15:1c:b3:cf:a0:6e:70:b6:81:31:44:cf:9a:70:1d:86:
- a6:9a:7e:7e:88:85:34:72:9d:da:3e:3f:65:ad:ad:d2:67:2a:
- 22:62:4d:c2:9a:dd:f4:23:45:be:e2:e2:26:cb:f4:7b:f4:5f:
- 45:d2:6a:71:a9:9c:69:cd:c5:c1:f3:96:44:f5:d2:95:77:bc:
- 1c:aa:79:cc:a1:d5:3c:32
------BEGIN CERTIFICATE-----
-MIIDzDCCAbSgAwIBAgIBHzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyMTgwOVoXDTEw
-MDMxNjEyMTgwOVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
-rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
-sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
-j9ppRseS8rO6bJA9cQIDAQABoygwJjAPBgkrBgEFBQcwAQUEAgUAMBMGA1UdJQQM
-MAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA4ICAQB5Ui0HxcMoJG5O+pa8Zyn4
-HB2wyeoaWhtspsjCBT88LI0jbF4ECa6A1aYLcmtYKUVPOPYBFA79asOAjaYcBemf
-pamTCvMqa0fduXdPienoFa5G0VUOedJj3wooxsNr2bhmarEoFWjsMy1RnusIEmFc
-bRe5bNsztuSZT3w+PDEoBIrZqN1DtIBMPY9DqNSL2vUEfQzD98N1q7Gpo37x0ERG
-mcB/AM49grQHSzdfaEmZ2Z3JsKuLRSvNsBkzOoGOJR7orbcciwoYluJ4zFPv/LSQ
-RlV71juPz+B/+Q5BBKQGPpyGbsgsEd5qi4KlSXDSrDpFSsn7HqVMDh2ItYasCKZX
-YWwcf2N6RK1QFvj5LyJLuq4i/LlY/p20Mah99YYYAwF7UcFXf2J3HeaYBhzaf83w
-6BKcfnDDvL3bGN5X80waarbhJD8sLT7ufwFFhAlfz/+mJqk2jhPY9XKFSg5VpWwn
-75HkHJP0k3XEtSIWs6/sgXLd8kyk9ZkA9+jxnqHjod3q415H0epyy222YMzePPTP
-fsE9v8E0iMvuoiMucspW8uybFjtejgIP1X7Sikkm+1k/bBUcs8+gbnC2gTFEz5pw
-HYammn5+iIU0cp3aPj9lra3SZyoiYk3Cmt30I0W+4uImy/R79F9F0mpxqZxpzcXB
-85ZE9dKVd7wcqnnModU8Mg==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 32 (0x20)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 12:29:16 2009 GMT
- Not After : Mar 16 12:29:16 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
- 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
- cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
- ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
- 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
- b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
- ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
- 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
- c7:92:f2:b3:ba:6c:90:3d:71
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Extended Key Usage:
- OCSP Signing
- OCSP No Check:
-
- Signature Algorithm: sha1WithRSAEncryption
- 22:63:3c:cd:27:23:8b:bf:c2:f1:d9:e8:f8:62:0b:58:a6:7d:
- d7:f1:1f:d8:a2:0e:02:1f:51:30:a9:fd:b6:2a:e0:f3:55:f4:
- a6:a4:d5:f2:3b:b1:2d:09:66:67:ab:f3:12:07:4f:98:96:7d:
- 7a:95:64:99:df:b0:75:b1:5a:51:76:bc:70:82:80:5f:14:0c:
- d6:f3:4a:0c:26:87:d2:ad:ed:8a:fe:94:73:6b:37:c6:3e:b5:
- 70:a4:06:a8:48:af:fc:45:6c:d8:71:ae:9d:a1:05:14:26:bc:
- 3c:76:1e:f0:d4:00:08:b3:5d:9e:0b:da:c4:51:c2:3f:da:25:
- e5:ff:9f:20:9a:30:c1:03:cb:62:64:2d:de:20:a0:c4:53:d9:
- a8:b2:36:4d:db:2f:1d:f6:31:48:b1:8a:32:9d:4a:5d:b2:8d:
- e1:57:e7:47:c8:c6:58:e2:91:5f:de:dd:6c:e1:36:57:12:7d:
- 54:75:5b:d8:11:15:75:53:70:79:4e:46:ce:5d:b5:4d:62:ac:
- 79:14:0a:0b:57:aa:ef:43:aa:5c:7f:97:df:cf:51:7c:08:98:
- db:36:f2:9d:66:7f:98:c2:9e:2b:70:85:f0:9c:41:19:32:c2:
- 5c:27:08:7e:b9:d1:f1:fb:a6:05:55:ad:6e:73:04:dd:14:fb:
- d6:e5:17:f6:3b:bc:30:93:e8:0f:66:0f:90:2b:c4:60:f7:2c:
- de:35:e1:33:da:a0:67:54:00:d8:2a:2f:e1:8c:0b:a3:33:94:
- 32:cc:94:fe:d6:d8:96:0c:58:92:ee:89:a8:8e:c8:75:e5:a3:
- 2a:94:8a:b8:bb:c2:c3:1c:1d:4d:af:c9:4a:5b:6a:83:34:34:
- ed:f8:f4:fc:23:d5:93:85:39:ad:12:d6:86:48:e4:9c:23:b2:
- 84:9e:77:8f:3f:17:c2:91:b8:95:a8:69:4d:43:be:a1:13:9c:
- d8:30:cb:e1:ce:91:92:11:eb:b3:e3:83:2c:ab:f1:2b:3e:7d:
- 5d:dc:6b:69:64:28:a5:cc:06:8e:39:9f:f6:11:ec:f9:b3:86:
- bb:c6:26:2f:a9:dd:70:39:34:e3:7a:97:4e:f2:cd:fd:8f:29:
- d7:e7:37:15:53:ab:98:3c:51:65:0c:c4:d1:0e:cb:33:17:4f:
- 1c:b3:81:e5:90:f0:43:86:74:a3:40:c4:4a:0d:bb:65:0b:c2:
- de:b7:ec:e8:99:e4:92:d1:16:31:0a:2b:6a:d9:e5:8c:13:3f:
- ec:e6:cf:c0:08:6b:92:37:ae:e2:a9:9c:c6:3b:0f:2d:e4:82:
- d6:b5:92:be:db:65:53:95:7f:fe:09:cd:79:bd:23:ac:3b:5c:
- ec:3b:98:90:76:90:c4:c5
------BEGIN CERTIFICATE-----
-MIIDzDCCAbSgAwIBAgIBIDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyMjkxNloXDTEw
-MDMxNjEyMjkxNlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
-rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
-sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
-j9ppRseS8rO6bJA9cQIDAQABoygwJjATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkr
-BgEFBQcwAQUEAgUAMA0GCSqGSIb3DQEBBQUAA4ICAQAiYzzNJyOLv8Lx2ej4YgtY
-pn3X8R/Yog4CH1Ewqf22KuDzVfSmpNXyO7EtCWZnq/MSB0+Yln16lWSZ37B1sVpR
-drxwgoBfFAzW80oMJofSre2K/pRzazfGPrVwpAaoSK/8RWzYca6doQUUJrw8dh7w
-1AAIs12eC9rEUcI/2iXl/58gmjDBA8tiZC3eIKDEU9mosjZN2y8d9jFIsYoynUpd
-so3hV+dHyMZY4pFf3t1s4TZXEn1UdVvYERV1U3B5TkbOXbVNYqx5FAoLV6rvQ6pc
-f5ffz1F8CJjbNvKdZn+Ywp4rcIXwnEEZMsJcJwh+udHx+6YFVa1ucwTdFPvW5Rf2
-O7wwk+gPZg+QK8Rg9yzeNeEz2qBnVADYKi/hjAujM5QyzJT+1tiWDFiS7omojsh1
-5aMqlIq4u8LDHB1Nr8lKW2qDNDTt+PT8I9WThTmtEtaGSOScI7KEnnePPxfCkbiV
-qGlNQ76hE5zYMMvhzpGSEeuz44Msq/ErPn1d3GtpZCilzAaOOZ/2Eez5s4a7xiYv
-qd1wOTTjepdO8s39jynX5zcVU6uYPFFlDMTRDsszF08cs4HlkPBDhnSjQMRKDbtl
-C8Let+zomeSS0RYxCitq2eWMEz/s5s/ACGuSN67iqZzGOw8t5ILWtZK+22VTlX/+
-Cc15vSOsO1zsO5iQdpDExQ==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 33 (0x21)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 12:33:25 2009 GMT
- Not After : Mar 16 12:33:25 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
- 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
- cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
- ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
- 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
- b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
- ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
- 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
- c7:92:f2:b3:ba:6c:90:3d:71
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- OCSP No Check:
-
- Signature Algorithm: sha1WithRSAEncryption
- 82:41:0d:08:56:89:0d:b0:bc:15:6e:8a:aa:b9:85:55:2c:61:
- 4f:78:7c:41:3d:d3:06:00:3a:de:69:19:4f:b2:44:bd:fd:ca:
- 42:aa:ed:12:76:bb:6e:e7:fa:29:ab:ec:7b:d5:cb:48:8a:e8:
- 3b:ef:30:a4:b1:94:73:83:43:21:f9:1f:7c:38:cc:a9:9b:a1:
- 7b:ba:af:96:9e:c4:e2:96:39:6f:d5:ec:b2:5a:95:a2:ee:4a:
- b2:c4:45:df:54:12:69:fa:2f:b6:e3:42:8f:da:e9:eb:8b:0a:
- 14:fd:c2:da:97:07:fd:31:6f:74:8a:cc:18:43:4c:e6:e3:de:
- 91:4b:72:d4:1d:17:51:18:d8:6c:b7:51:e4:ad:e0:f3:45:70:
- 98:e7:1a:e5:e6:bc:54:7a:b6:e4:a3:66:0a:e0:7e:2f:71:64:
- f9:b8:f6:b9:eb:ca:e4:a9:14:b2:b2:82:39:19:e4:57:76:68:
- 66:92:a3:15:e8:83:cb:d7:2c:fb:5e:e7:c3:50:9d:df:a5:dc:
- c6:f7:a0:93:e6:ab:bb:f8:8e:85:4c:a2:3a:bd:8c:c7:e8:0d:
- 13:df:e8:cb:8c:4a:ef:d6:8c:42:e6:e0:9c:45:60:e3:45:ad:
- ad:d9:fb:56:7a:ca:73:2d:87:33:c8:37:b9:f3:9a:a6:c3:c2:
- 79:76:29:aa:c7:75:b7:12:fb:14:07:e0:13:48:c1:69:ad:a3:
- bd:9f:94:83:46:aa:b3:44:0a:f2:62:bb:55:9a:80:46:fb:86:
- af:0d:60:39:7a:ee:dc:ac:15:a2:1f:2b:c2:43:0f:cd:d2:c0:
- 49:a9:7f:1e:28:ca:69:91:e0:06:1d:b2:ed:71:02:0a:1f:7b:
- 2f:19:8b:fe:5d:b3:b8:dd:a0:ad:0d:c6:75:47:ae:15:8e:d1:
- 4f:f3:1c:f3:ee:fe:eb:34:c2:ea:9d:7d:6d:33:00:8a:55:e8:
- ef:26:68:a4:91:90:d5:f9:e4:1c:5f:77:14:c8:17:b1:fd:41:
- f2:28:74:ca:1a:e4:be:01:26:cf:3d:3b:46:98:6e:25:ee:ab:
- 66:75:3d:a5:cf:06:5a:5f:ff:a9:3a:58:de:3d:2f:22:0a:13:
- 5a:94:6a:f2:fd:f0:1a:c2:06:c9:96:f1:3a:59:87:50:83:5c:
- 57:c3:e4:36:df:7a:0d:02:c3:20:c2:cb:2c:cc:df:46:6c:51:
- df:04:11:51:11:ae:81:a3:2a:2e:35:a8:77:1b:37:35:37:54:
- ea:3b:c1:46:a7:48:e3:78:40:c3:a2:3a:f7:3e:94:ff:48:4c:
- 55:79:ff:84:e5:38:4c:f3:16:82:27:7f:e1:c2:61:96:d3:d3:
- c1:94:92:94:8c:3d:3e:34
------BEGIN CERTIFICATE-----
-MIIDtzCCAZ+gAwIBAgIBITANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyMzMyNVoXDTEw
-MDMxNjEyMzMyNVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
-rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
-sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
-j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3
-DQEBBQUAA4ICAQCCQQ0IVokNsLwVboqquYVVLGFPeHxBPdMGADreaRlPskS9/cpC
-qu0Sdrtu5/opq+x71ctIiug77zCksZRzg0Mh+R98OMypm6F7uq+WnsTiljlv1eyy
-WpWi7kqyxEXfVBJp+i+240KP2unriwoU/cLalwf9MW90iswYQ0zm496RS3LUHRdR
-GNhst1HkreDzRXCY5xrl5rxUerbko2YK4H4vcWT5uPa568rkqRSysoI5GeRXdmhm
-kqMV6IPL1yz7XufDUJ3fpdzG96CT5qu7+I6FTKI6vYzH6A0T3+jLjErv1oxC5uCc
-RWDjRa2t2ftWespzLYczyDe585qmw8J5dimqx3W3EvsUB+ATSMFpraO9n5SDRqqz
-RAryYrtVmoBG+4avDWA5eu7crBWiHyvCQw/N0sBJqX8eKMppkeAGHbLtcQIKH3sv
-GYv+XbO43aCtDcZ1R64VjtFP8xzz7v7rNMLqnX1tMwCKVejvJmikkZDV+eQcX3cU
-yBex/UHyKHTKGuS+ASbPPTtGmG4l7qtmdT2lzwZaX/+pOljePS8iChNalGry/fAa
-wgbJlvE6WYdQg1xXw+Q233oNAsMgwssszN9GbFHfBBFREa6BoyouNah3Gzc1N1Tq
-O8FGp0jjeEDDojr3PpT/SExVef+E5ThM8xaCJ3/hwmGW09PBlJKUjD0+NA==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 34 (0x22)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 12:50:36 2009 GMT
- Not After : Mar 16 12:50:36 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
- 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
- cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
- ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
- 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
- b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
- ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
- 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
- c7:92:f2:b3:ba:6c:90:3d:71
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- OCSP No Check:
-
- X509v3 Extended Key Usage:
- OCSP Signing
- Signature Algorithm: sha1WithRSAEncryption
- 01:64:cf:9d:45:b8:8f:e5:96:d2:fe:3f:dc:bc:58:cb:db:6b:
- 26:ec:33:9b:84:6a:f8:a9:3e:5a:8a:3b:97:63:db:c8:d1:0c:
- 3e:c1:8d:1f:6f:16:20:9a:d9:97:78:2f:7a:4f:d1:49:fa:e0:
- 0d:fe:aa:20:d4:97:71:ed:44:63:2d:eb:91:86:83:70:0e:44:
- 1d:7c:91:3d:31:11:a8:bb:60:7c:65:71:73:1c:b1:5e:d2:f2:
- 11:78:be:3a:90:2d:a4:79:a0:b6:53:33:8e:cb:f4:ee:5e:ce:
- 4b:41:19:c5:27:13:f5:fa:09:4c:5d:af:52:59:95:4c:2f:2b:
- 3b:24:2c:54:8f:72:2f:86:c7:57:a4:3a:f3:f2:bf:29:60:f5:
- f6:31:73:8a:62:2e:83:c5:8c:91:ba:85:ab:e1:b6:5a:fb:50:
- fd:e5:3e:96:f7:dd:9b:1d:91:ac:2d:1b:b7:ca:62:c8:f7:a4:
- 17:6d:2d:ab:87:4b:69:9e:0f:cc:6a:e4:40:3b:82:64:c7:0d:
- 7b:81:56:20:5d:cd:1b:99:2e:35:31:78:4a:e6:d8:aa:8e:42:
- 6c:c5:e5:bf:a0:f1:5a:1e:21:6a:c0:cb:85:f1:90:6c:93:53:
- 66:a8:62:1e:a7:77:15:1f:de:09:23:13:5f:b8:12:33:31:c1:
- 4b:44:3b:e1:c4:3f:6a:f5:98:72:d1:ab:e7:9f:0e:f1:46:19:
- 0b:09:f6:bd:f4:fe:e0:1f:9f:ff:5c:3b:69:42:5e:ec:a5:ab:
- 85:11:29:23:24:fc:37:ab:4f:b0:9c:a3:2c:5d:84:4d:b3:d9:
- fc:a0:87:36:15:22:30:b5:de:f8:27:4e:12:41:11:81:3b:8b:
- 2d:d8:34:d5:79:0b:fa:47:54:5b:46:2e:2c:6d:f4:e1:7e:78:
- 2d:86:ec:17:5e:29:3a:97:af:7e:0e:df:9a:d2:7d:f0:10:0d:
- c0:ac:ce:5c:ae:fe:b4:01:82:cf:5f:f9:be:ba:b2:15:5d:04:
- 5a:58:06:92:2a:5f:e3:98:6a:10:da:51:60:30:66:17:cb:ba:
- 5b:79:e8:17:63:16:e8:67:40:07:c6:ea:b9:8f:12:d4:31:de:
- 95:b8:dd:e6:04:5b:3f:b6:c6:25:7b:23:51:2f:62:c5:5f:f9:
- d5:2e:9b:7f:ba:d9:fc:72:6f:3a:2c:b6:1f:98:87:ea:48:df:
- 07:97:90:6d:21:48:6b:6a:92:d5:d0:2e:6b:37:56:3e:2a:74:
- fa:84:02:57:9c:81:eb:e0:2d:3a:e4:2c:94:15:69:75:65:e0:
- d7:b2:d5:a8:94:39:da:21:85:b2:51:bc:c3:b0:da:16:a5:06:
- 98:bc:9f:e6:ea:4a:2c:ab
------BEGIN CERTIFICATE-----
-MIIDzDCCAbSgAwIBAgIBIjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyNTAzNloXDTEw
-MDMxNjEyNTAzNlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
-rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
-sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
-j9ppRseS8rO6bJA9cQIDAQABoygwJjAPBgkrBgEFBQcwAQUEAgUAMBMGA1UdJQQM
-MAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA4ICAQABZM+dRbiP5ZbS/j/cvFjL
-22sm7DObhGr4qT5aijuXY9vI0Qw+wY0fbxYgmtmXeC96T9FJ+uAN/qog1Jdx7URj
-LeuRhoNwDkQdfJE9MRGou2B8ZXFzHLFe0vIReL46kC2keaC2UzOOy/TuXs5LQRnF
-JxP1+glMXa9SWZVMLys7JCxUj3IvhsdXpDrz8r8pYPX2MXOKYi6DxYyRuoWr4bZa
-+1D95T6W992bHZGsLRu3ymLI96QXbS2rh0tpng/MauRAO4Jkxw17gVYgXc0bmS41
-MXhK5tiqjkJsxeW/oPFaHiFqwMuF8ZBsk1NmqGIep3cVH94JIxNfuBIzMcFLRDvh
-xD9q9Zhy0avnnw7xRhkLCfa99P7gH5//XDtpQl7spauFESkjJPw3q0+wnKMsXYRN
-s9n8oIc2FSIwtd74J04SQRGBO4st2DTVeQv6R1RbRi4sbfThfngthuwXXik6l69+
-Dt+a0n3wEA3ArM5crv60AYLPX/m+urIVXQRaWAaSKl/jmGoQ2lFgMGYXy7pbeegX
-YxboZ0AHxuq5jxLUMd6VuN3mBFs/tsYleyNRL2LFX/nVLpt/utn8cm86LLYfmIfq
-SN8Hl5BtIUhrapLV0C5rN1Y+KnT6hAJXnIHr4C065CyUFWl1ZeDXstWolDnaIYWy
-UbzDsNoWpQaYvJ/m6kosqw==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 35 (0x23)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 12:59:02 2009 GMT
- Not After : Mar 16 12:59:02 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
- 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
- cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
- ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
- 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
- b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
- ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
- 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
- c7:92:f2:b3:ba:6c:90:3d:71
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- OCSP No Check:
-
- Signature Algorithm: sha1WithRSAEncryption
- 56:3b:b8:5c:63:eb:9d:db:55:cc:00:8e:5b:2b:2b:b1:17:d4:
- f0:a4:ca:f7:b9:02:37:ea:2a:ff:df:34:a0:ba:af:a2:47:a5:
- 8e:1a:f9:eb:97:51:16:a5:6a:35:20:3f:5a:8a:25:98:00:73:
- 3e:b1:c9:1c:9c:a2:12:72:be:3f:ce:e3:7e:09:c0:8c:4a:eb:
- 33:4c:77:7c:5c:7c:d7:20:07:a0:9f:48:1d:f9:9a:24:e1:50:
- f6:63:c4:6e:70:65:12:51:47:79:c5:0e:d9:c2:c5:f5:69:67:
- 34:a5:b9:64:6e:31:ed:76:5b:66:74:41:10:35:58:48:43:e1:
- 29:72:25:dd:64:9b:80:03:31:96:a2:d0:75:58:06:66:37:c2:
- 86:fb:42:a6:50:3b:8c:22:e0:b9:a7:b5:7d:35:df:5d:58:ca:
- f1:e9:be:60:6d:cc:2d:72:d7:c6:c1:8e:48:6f:ed:54:06:fa:
- 31:92:c7:34:8a:64:32:82:4b:a9:20:9f:8c:1d:2d:c1:f1:35:
- 77:5b:0f:7d:f0:2a:0c:a8:b2:cb:86:ac:cd:9c:5d:91:df:78:
- b1:e1:cc:1e:f7:da:7e:3d:01:4a:86:07:86:9f:50:3b:69:91:
- cf:3e:22:ec:7a:e3:c8:8f:f8:69:d2:f0:16:de:b6:5c:e4:fa:
- 89:1a:de:74:d3:fb:df:16:1d:46:d4:7d:b6:74:8a:eb:fc:bf:
- c0:82:3b:1d:c3:af:6f:b5:12:f2:c6:cc:05:47:12:cb:4e:f6:
- 48:b9:da:bd:da:b0:dc:3c:a5:83:29:11:7e:66:7f:1e:08:5f:
- 7e:90:13:a5:63:c9:76:5e:91:b2:37:3b:ff:e7:8d:07:ab:0c:
- 34:57:17:8d:09:92:86:1b:63:68:c1:e3:c8:f1:56:19:46:5b:
- a9:1a:13:a2:23:9b:57:2d:92:25:cc:b7:fe:62:1c:80:bb:08:
- e4:23:1d:9f:ad:5c:41:6d:27:b2:9d:d6:03:96:c6:22:f1:cb:
- 87:04:c7:55:22:4b:88:6c:07:11:e6:d1:ca:0e:2a:5a:a4:9b:
- ea:e4:90:ef:e5:ea:ae:a5:db:dd:dd:85:da:a3:80:1a:fb:91:
- df:f3:8a:65:35:8f:a8:d4:65:51:b7:f7:f9:fb:b4:97:d8:a2:
- 4d:04:4d:f5:89:d2:ed:ee:f4:2e:b4:ba:45:8f:36:1d:20:0a:
- 89:c6:aa:be:39:1c:cb:e4:07:a1:d0:0e:c7:8c:b0:70:25:10:
- 7e:cb:64:0d:1f:32:5e:b5:7b:c0:d9:15:e4:aa:a5:b3:5f:4a:
- 91:0f:b5:b8:9e:a2:6b:f7:d7:73:35:dc:bc:e2:88:6e:b1:79:
- 0c:f6:dd:e9:9a:fb:1a:45
------BEGIN CERTIFICATE-----
-MIIDtzCCAZ+gAwIBAgIBIzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyNTkwMloXDTEw
-MDMxNjEyNTkwMlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
-rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
-sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
-j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3
-DQEBBQUAA4ICAQBWO7hcY+ud21XMAI5bKyuxF9TwpMr3uQI36ir/3zSguq+iR6WO
-Gvnrl1EWpWo1ID9aiiWYAHM+sckcnKIScr4/zuN+CcCMSuszTHd8XHzXIAegn0gd
-+Zok4VD2Y8RucGUSUUd5xQ7ZwsX1aWc0pblkbjHtdltmdEEQNVhIQ+EpciXdZJuA
-AzGWotB1WAZmN8KG+0KmUDuMIuC5p7V9Nd9dWMrx6b5gbcwtctfGwY5Ib+1UBvox
-ksc0imQygkupIJ+MHS3B8TV3Ww998CoMqLLLhqzNnF2R33ix4cwe99p+PQFKhgeG
-n1A7aZHPPiLseuPIj/hp0vAW3rZc5PqJGt500/vfFh1G1H22dIrr/L/Agjsdw69v
-tRLyxswFRxLLTvZIudq92rDcPKWDKRF+Zn8eCF9+kBOlY8l2XpGyNzv/540Hqww0
-VxeNCZKGG2NowePI8VYZRlupGhOiI5tXLZIlzLf+YhyAuwjkIx2frVxBbSeyndYD
-lsYi8cuHBMdVIkuIbAcR5tHKDipapJvq5JDv5equpdvd3YXao4Aa+5Hf84plNY+o
-1GVRt/f5+7SX2KJNBE31idLt7vQutLpFjzYdIAqJxqq+ORzL5Aeh0A7HjLBwJRB+
-y2QNHzJetXvA2RXkqqWzX0qRD7W4nqJr99dzNdy84ohusXkM9t3pmvsaRQ==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 36 (0x24)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 12:59:24 2009 GMT
- Not After : Mar 16 12:59:24 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
- 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
- cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
- ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
- 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
- b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
- ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
- 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
- c7:92:f2:b3:ba:6c:90:3d:71
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- OCSP No Check:
-
- Signature Algorithm: sha1WithRSAEncryption
- 5c:26:43:01:d9:b4:43:ff:e0:3f:49:67:cd:a3:ea:1c:b3:75:
- f9:12:d8:c8:0b:96:65:a5:bd:db:15:3c:d6:18:2c:00:59:2d:
- 1c:17:a6:74:8d:48:03:70:9c:c9:70:00:74:81:0b:b6:5d:c3:
- cf:41:ed:1b:1a:06:89:f7:e3:b0:61:33:bf:b9:9b:11:68:bb:
- 30:50:c2:f5:13:40:84:42:b8:7d:9e:cb:03:03:8f:5c:7b:44:
- 23:dc:e3:ed:dc:09:c6:d4:aa:23:19:50:bc:6c:2a:a9:f9:3b:
- 55:e7:3d:34:aa:6e:96:7a:a5:72:95:9e:42:21:05:ca:98:1d:
- 06:80:55:8e:b8:eb:d7:56:12:f9:84:c3:c9:2e:73:eb:fa:5b:
- 15:f4:11:a5:95:b5:52:90:52:c7:0e:8c:7a:5d:30:34:2e:4b:
- ca:98:91:19:cc:3b:88:5f:18:85:8f:0d:31:97:ee:2d:7c:d4:
- 95:ea:b1:03:15:7d:f6:0a:64:bd:8f:b4:fd:7e:51:91:c2:6d:
- 13:51:7c:0f:d8:6d:6e:a8:56:3a:73:a2:d9:9a:37:19:ce:31:
- 8f:a2:b7:39:c9:5e:f0:8b:7d:fe:e4:19:9d:49:11:86:1c:d6:
- 04:00:84:53:62:ee:94:f9:7c:b3:2d:db:5a:3c:3d:ce:e9:5f:
- 76:52:c5:b8:b6:2b:02:52:8a:b2:5f:99:00:9b:12:36:77:d4:
- 38:ad:8f:34:b3:7e:2b:6d:cf:34:7b:f3:62:79:4b:da:8f:54:
- bd:cb:f9:d8:10:71:d7:dc:37:34:f9:2c:33:b9:33:b0:38:f8:
- ec:6c:70:61:ad:37:92:28:71:a5:fe:08:54:9f:1d:6f:ba:28:
- 1d:6b:a8:35:a4:09:06:73:b8:38:a4:32:48:a9:4b:a9:7c:32:
- 0c:18:bd:4b:8f:e0:b6:d7:83:30:89:df:d2:da:5a:f6:5b:fa:
- 84:5c:32:bf:1d:6d:1d:9e:d5:a9:a2:75:88:3d:4a:15:d8:cb:
- 41:7d:ec:94:f1:18:f6:9f:7f:c6:75:1f:77:02:2f:7b:30:1e:
- 56:b6:bd:b1:c6:d9:e9:44:71:bb:1c:74:a0:17:1a:da:10:4e:
- 22:f1:e0:13:6e:ec:56:61:18:72:fe:81:a6:2d:47:c3:90:9a:
- 3a:4d:06:97:9a:22:ef:f4:7c:37:d9:64:3b:6c:15:9f:fd:77:
- cc:a9:77:ff:6a:7e:dd:06:0d:43:c5:a6:37:39:df:4d:a5:80:
- ac:5d:f8:d5:7c:ca:90:a3:58:2b:b6:ea:ed:f1:c3:91:15:28:
- e3:5e:c0:fb:f9:6e:18:de:63:df:43:a5:d3:8f:ae:4e:44:3c:
- 4c:6c:92:40:1f:bd:d1:6a
------BEGIN CERTIFICATE-----
-MIIDtzCCAZ+gAwIBAgIBJDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyNTkyNFoXDTEw
-MDMxNjEyNTkyNFowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
-rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
-sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
-j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3
-DQEBBQUAA4ICAQBcJkMB2bRD/+A/SWfNo+ocs3X5EtjIC5Zlpb3bFTzWGCwAWS0c
-F6Z0jUgDcJzJcAB0gQu2XcPPQe0bGgaJ9+OwYTO/uZsRaLswUML1E0CEQrh9nssD
-A49ce0Qj3OPt3AnG1KojGVC8bCqp+TtV5z00qm6WeqVylZ5CIQXKmB0GgFWOuOvX
-VhL5hMPJLnPr+lsV9BGllbVSkFLHDox6XTA0LkvKmJEZzDuIXxiFjw0xl+4tfNSV
-6rEDFX32CmS9j7T9flGRwm0TUXwP2G1uqFY6c6LZmjcZzjGPorc5yV7wi33+5Bmd
-SRGGHNYEAIRTYu6U+XyzLdtaPD3O6V92UsW4tisCUoqyX5kAmxI2d9Q4rY80s34r
-bc80e/NieUvaj1S9y/nYEHHX3Dc0+SwzuTOwOPjsbHBhrTeSKHGl/ghUnx1vuigd
-a6g1pAkGc7g4pDJIqUupfDIMGL1Lj+C214Mwid/S2lr2W/qEXDK/HW0dntWponWI
-PUoV2MtBfeyU8Rj2n3/GdR93Ai97MB5Wtr2xxtnpRHG7HHSgFxraEE4i8eATbuxW
-YRhy/oGmLUfDkJo6TQaXmiLv9Hw32WQ7bBWf/XfMqXf/an7dBg1DxaY3Od9NpYCs
-XfjVfMqQo1grturt8cORFSjjXsD7+W4Y3mPfQ6XTj65ORDxMbJJAH73Rag==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 37 (0x25)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 12:59:41 2009 GMT
- Not After : Mar 16 12:59:41 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
- 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
- cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
- ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
- 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
- b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
- ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
- 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
- c7:92:f2:b3:ba:6c:90:3d:71
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- OCSP No Check:
-
- Signature Algorithm: sha1WithRSAEncryption
- 26:92:48:59:3d:33:df:db:c5:57:57:5a:6e:1d:b0:33:bc:83:
- c5:27:d8:97:dc:a7:96:24:19:d8:58:8b:7d:9b:e7:80:89:6a:
- e2:7c:fe:68:6e:11:3d:83:40:65:01:f1:44:58:20:9a:3b:14:
- c6:66:ed:1b:e4:86:46:fb:81:6b:b1:9d:0c:4a:0b:5d:90:c6:
- d0:08:0a:3d:b2:45:31:a1:aa:0f:e9:be:f2:5f:03:31:70:10:
- 55:c8:6e:d8:df:ca:9b:3e:77:f5:c5:c0:87:e0:8e:f2:16:c2:
- d5:35:a9:e6:c6:e7:15:e7:4d:db:f2:bd:01:8f:23:59:2b:36:
- 5e:97:80:ec:02:47:60:a6:9f:a3:57:b8:d4:ef:81:9f:6b:c8:
- 58:65:43:8a:47:c1:8d:1c:20:e5:1e:e1:ce:89:72:60:ec:63:
- c2:96:11:0e:be:98:d3:8f:85:b7:33:28:fb:d5:57:4e:96:3f:
- 2b:1c:d6:65:e7:ad:82:67:d8:ca:82:be:a7:74:7b:87:02:8b:
- de:70:aa:d3:77:e7:6d:e4:97:02:24:07:ea:03:40:de:16:de:
- 94:0c:7e:d9:f3:cc:37:ac:b9:39:ee:ea:b5:4b:ee:21:00:9c:
- 0a:54:cf:bd:35:dd:92:71:8b:98:4d:9b:f9:4e:40:b1:d2:bb:
- 9c:5c:98:53:dc:7f:13:e5:c6:21:b8:c5:42:81:f0:10:bc:a6:
- 0d:b7:53:9b:38:67:82:85:2d:bd:87:20:f6:e0:4c:06:a0:b8:
- 30:a6:74:b2:ee:43:31:95:53:02:ad:c0:88:83:d0:70:d1:af:
- b4:97:66:d1:00:c9:c5:d2:a7:d1:be:b1:fb:1b:75:86:a1:ef:
- 0d:c2:78:77:ae:d5:aa:e9:2c:66:80:f7:04:7c:b9:f5:cd:32:
- cf:c2:a2:11:9f:34:39:ec:ee:e0:fe:80:c4:34:24:c3:1c:43:
- 3b:44:d2:55:44:55:28:ef:38:bd:07:37:ad:fd:92:2e:1b:96:
- 0d:0a:08:84:a6:74:4c:c3:99:0b:11:36:4e:04:47:6a:82:b3:
- 45:c7:73:7c:9e:9f:a3:46:c2:b5:26:21:21:8d:04:31:79:db:
- b6:71:b0:1b:7f:3c:9b:eb:07:cc:0d:c2:44:20:48:91:1d:b3:
- 2a:34:4f:b9:f3:4e:6f:86:46:83:3c:56:ab:87:8f:bf:e6:15:
- 60:4d:d3:d9:56:0e:9c:eb:86:ea:df:2d:1c:5e:9b:c7:38:ec:
- c5:db:22:b7:92:55:2b:ba:3e:3f:da:09:5e:82:ab:9a:fe:bb:
- 2b:ac:11:f3:b9:d8:8f:aa:35:66:d3:cd:bc:5b:69:11:e6:06:
- 31:92:07:a2:3f:86:26:43
------BEGIN CERTIFICATE-----
-MIIDtzCCAZ+gAwIBAgIBJTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyNTk0MVoXDTEw
-MDMxNjEyNTk0MVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
-rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
-sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
-j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3
-DQEBBQUAA4ICAQAmkkhZPTPf28VXV1puHbAzvIPFJ9iX3KeWJBnYWIt9m+eAiWri
-fP5obhE9g0BlAfFEWCCaOxTGZu0b5IZG+4FrsZ0MSgtdkMbQCAo9skUxoaoP6b7y
-XwMxcBBVyG7Y38qbPnf1xcCH4I7yFsLVNanmxucV503b8r0BjyNZKzZel4DsAkdg
-pp+jV7jU74Gfa8hYZUOKR8GNHCDlHuHOiXJg7GPClhEOvpjTj4W3Myj71VdOlj8r
-HNZl562CZ9jKgr6ndHuHAovecKrTd+dt5JcCJAfqA0DeFt6UDH7Z88w3rLk57uq1
-S+4hAJwKVM+9Nd2ScYuYTZv5TkCx0rucXJhT3H8T5cYhuMVCgfAQvKYNt1ObOGeC
-hS29hyD24EwGoLgwpnSy7kMxlVMCrcCIg9Bw0a+0l2bRAMnF0qfRvrH7G3WGoe8N
-wnh3rtWq6SxmgPcEfLn1zTLPwqIRnzQ57O7g/oDENCTDHEM7RNJVRFUo7zi9Bzet
-/ZIuG5YNCgiEpnRMw5kLETZOBEdqgrNFx3N8np+jRsK1JiEhjQQxedu2cbAbfzyb
-6wfMDcJEIEiRHbMqNE+5805vhkaDPFarh4+/5hVgTdPZVg6c64bq3y0cXpvHOOzF
-2yK3klUruj4/2glegqua/rsrrBHzudiPqjVm0828W2kR5gYxkgeiP4YmQw==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 38 (0x26)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 14:04:29 2009 GMT
- Not After : Mar 16 14:04:29 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Responder certificate with nocheck ext. field
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c3:69:f4:12:34:1b:04:51:33:26:84:9e:5a:fe:
- 2b:d7:d8:eb:6a:14:af:e5:58:68:a5:71:e4:5e:8a:
- 55:dc:69:71:14:3f:16:48:b1:52:ee:22:05:fd:2a:
- e7:6e:ce:f1:24:49:f0:06:3d:f5:ed:6c:ed:26:11:
- 93:93:4e:08:05:91:26:b9:22:e8:77:8b:6f:50:a5:
- db:14:28:2c:c2:94:86:d2:64:11:0e:8a:51:eb:54:
- 3b:5a:1f:70:0a:b2:5c:e2:b2:62:99:30:7c:8c:71:
- f6:08:28:4f:d9:38:38:38:f3:82:cd:3a:ed:57:5c:
- c9:d2:bc:47:fa:96:24:2e:d5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- OCSP No Check:
-
- Signature Algorithm: sha1WithRSAEncryption
- 41:77:99:bc:20:b3:78:98:b9:5c:ce:5b:21:0c:27:40:77:3c:
- 98:1e:f0:b6:2e:5f:70:f1:80:b1:bc:7b:fb:02:4d:86:a8:e9:
- 0c:fb:d9:ec:f4:f6:bb:33:8b:f4:f4:6d:21:f7:08:5a:aa:5c:
- ab:bf:05:c6:7f:4f:65:b7:c9:85:77:35:67:37:f9:a3:78:d8:
- 7c:40:ca:2d:f6:17:f0:14:47:78:82:3b:ed:58:0b:b1:2d:69:
- 47:ee:39:35:17:04:94:2a:d6:57:d7:85:4b:76:a7:bc:38:31:
- 7f:a2:65:fe:e5:f5:7c:de:61:ee:ef:58:06:a1:3f:c1:49:cf:
- e6:83:94:6a:42:d3:c4:f8:d7:51:2d:7c:1c:1e:3c:43:77:6b:
- c9:64:aa:ca:30:94:ec:05:84:0e:54:6d:1d:95:74:82:88:90:
- 45:f9:25:83:23:2c:51:98:2e:91:6d:06:77:19:97:58:88:54:
- 5c:99:e3:71:c2:97:93:b5:5d:d2:c7:58:a7:f7:ec:b2:18:b1:
- d5:b7:13:59:9f:d9:cf:5c:b2:48:a9:55:ec:25:2c:67:e2:f4:
- b1:12:7f:18:a7:35:28:c3:fd:29:d2:84:f5:91:4e:57:a4:27:
- 42:37:a2:2d:ea:ae:a1:c8:c3:0a:b5:ee:60:b0:c3:6e:df:e3:
- 0c:33:65:06:21:89:51:83:7a:24:4a:e8:79:48:1d:a5:d4:35:
- dd:3f:c8:46:9b:77:8f:3e:28:26:a2:08:aa:72:9d:a4:12:05:
- ae:5b:2c:e9:28:3d:6d:87:0c:ed:c1:74:19:c9:c5:67:34:bf:
- 6e:cb:9f:3c:2e:12:b2:57:80:b3:bd:97:8d:16:ba:2a:7f:28:
- 9d:66:6f:78:c4:a3:26:81:07:68:3f:8c:ca:08:cc:3a:0e:de:
- 0d:6d:c6:c8:c9:9e:b0:a0:aa:89:b9:a3:96:a8:31:65:2b:bf:
- fe:01:b9:26:9e:27:31:b6:c9:28:a9:f3:0c:bd:26:c5:b2:8d:
- 35:9b:50:6e:e0:38:76:2f:7a:44:a2:7d:54:c5:fa:bf:0b:d8:
- 0c:ae:97:ed:64:b9:0d:42:07:87:4b:e7:f2:bb:77:1e:19:61:
- 47:3d:7b:bc:a7:9b:b7:d1:d9:2a:de:ec:f8:6d:f2:0b:1e:21:
- 2f:8b:9b:6e:67:07:06:df:fb:30:83:4f:67:7d:d2:b0:9a:2c:
- 0d:06:d0:9e:08:51:f2:e4:3f:56:ff:ec:32:d6:08:52:3e:00:
- 16:b1:8c:8a:8d:01:3f:12:6b:df:53:e8:2d:1d:4c:e5:72:86:
- 96:cf:2b:40:d7:2f:d0:e7:9f:ce:19:a1:65:30:cd:1a:82:fa:
- 5a:c5:2d:a0:0a:5f:18:2a
------BEGIN CERTIFICATE-----
-MIID1jCCAb6gAwIBAgIBJjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjE0MDQyOVoXDTEw
-MDMxNjE0MDQyOVowcjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xNjA0BgNVBAMTLVJlc3BvbmRlciBjZXJ0
-aWZpY2F0ZSB3aXRoIG5vY2hlY2sgZXh0LiBmaWVsZDCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAw2n0EjQbBFEzJoSeWv4r19jrahSv5VhopXHkXopV3GlxFD8W
-SLFS7iIF/Srnbs7xJEnwBj317WztJhGTk04IBZEmuSLod4tvUKXbFCgswpSG0mQR
-DopR61Q7Wh9wCrJc4rJimTB8jHH2CChP2Tg4OPOCzTrtV1zJ0rxH+pYkLtUCAwEA
-AaMTMBEwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQUFAAOCAgEAQXeZvCCz
-eJi5XM5bIQwnQHc8mB7wti5fcPGAsbx7+wJNhqjpDPvZ7PT2uzOL9PRtIfcIWqpc
-q78Fxn9PZbfJhXc1Zzf5o3jYfEDKLfYX8BRHeII77VgLsS1pR+45NRcElCrWV9eF
-S3anvDgxf6Jl/uX1fN5h7u9YBqE/wUnP5oOUakLTxPjXUS18HB48Q3dryWSqyjCU
-7AWEDlRtHZV0goiQRfklgyMsUZgukW0GdxmXWIhUXJnjccKXk7Vd0sdYp/fsshix
-1bcTWZ/Zz1yySKlV7CUsZ+L0sRJ/GKc1KMP9KdKE9ZFOV6QnQjeiLequocjDCrXu
-YLDDbt/jDDNlBiGJUYN6JEroeUgdpdQ13T/IRpt3jz4oJqIIqnKdpBIFrlss6Sg9
-bYcM7cF0GcnFZzS/bsufPC4SsleAs72XjRa6Kn8onWZveMSjJoEHaD+MygjMOg7e
-DW3GyMmesKCqibmjlqgxZSu//gG5Jp4nMbbJKKnzDL0mxbKNNZtQbuA4di96RKJ9
-VMX6vwvYDK6X7WS5DUIHh0vn8rt3HhlhRz17vKebt9HZKt7s+G3yCx4hL4ubbmcH
-Bt/7MINPZ33SsJosDQbQnghR8uQ/Vv/sMtYIUj4AFrGMio0BPxJr31PoLR1M5XKG
-ls8rQNcv0OefzhmhZTDNGoL6WsUtoApfGCo=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 39 (0x27)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 23:06:11 2009 GMT
- Not After : Mar 14 23:06:11 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Responder certificate with nocheck ext. field
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c3:69:f4:12:34:1b:04:51:33:26:84:9e:5a:fe:
- 2b:d7:d8:eb:6a:14:af:e5:58:68:a5:71:e4:5e:8a:
- 55:dc:69:71:14:3f:16:48:b1:52:ee:22:05:fd:2a:
- e7:6e:ce:f1:24:49:f0:06:3d:f5:ed:6c:ed:26:11:
- 93:93:4e:08:05:91:26:b9:22:e8:77:8b:6f:50:a5:
- db:14:28:2c:c2:94:86:d2:64:11:0e:8a:51:eb:54:
- 3b:5a:1f:70:0a:b2:5c:e2:b2:62:99:30:7c:8c:71:
- f6:08:28:4f:d9:38:38:38:f3:82:cd:3a:ed:57:5c:
- c9:d2:bc:47:fa:96:24:2e:d5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- OCSP No Check:
-
- Signature Algorithm: sha1WithRSAEncryption
- 69:71:40:12:af:e4:be:42:52:ff:7a:a8:bf:e3:41:f2:2b:75:
- 0d:22:10:e8:d6:1e:d3:c0:bb:90:7f:76:46:92:a9:63:2b:50:
- 74:c8:73:c4:7b:0e:a0:b7:ed:5c:20:06:18:64:1b:7b:82:21:
- a7:82:bc:c0:33:53:8b:5f:68:c7:de:5f:95:31:52:93:5d:0f:
- 78:4c:ff:50:2f:e0:57:ba:f5:49:cb:94:ba:34:85:e9:f1:10:
- 76:27:66:6d:d6:46:f6:9d:51:2d:04:96:b5:78:f7:c6:1b:25:
- b4:0a:e7:89:f4:9f:a5:33:92:51:00:86:97:0f:47:cc:3a:8d:
- 5e:3a:c2:ad:51:48:7e:7a:03:7a:d1:a7:6d:14:8a:64:f9:5a:
- e1:1c:cb:82:e1:42:f3:8c:dc:87:8e:9b:c8:e4:68:3c:26:eb:
- 0a:19:c8:1c:71:88:7e:c9:66:f7:fe:1a:ee:3a:52:1b:54:60:
- 95:e8:37:e6:0d:b3:8b:bf:02:07:e7:f8:16:64:f9:34:50:8c:
- bd:54:e5:d1:0b:a8:5f:59:79:de:2a:ea:44:92:be:3e:b2:0d:
- cd:fa:df:d3:93:10:c9:ef:40:d3:31:a7:06:e3:39:15:68:5d:
- d7:94:4f:96:69:8e:13:8d:f3:fb:79:eb:33:50:1e:af:fa:c3:
- d8:81:47:1b:89:05:39:62:ea:c4:ef:f7:15:29:e2:43:f2:66:
- 93:51:20:12:10:17:c9:c7:f3:7c:e0:fd:59:dc:38:ca:b2:f5:
- fd:fe:5d:f8:9a:83:70:72:b9:e1:6b:a6:60:db:9d:a3:58:3e:
- 5e:73:a4:ce:18:12:ba:dc:56:72:f8:b4:d8:4c:e8:d9:9c:5e:
- cf:d1:76:56:7e:2e:33:9d:1a:80:eb:dd:7c:69:c0:9c:d3:5c:
- 5c:d3:a2:89:7c:44:87:66:10:6e:f9:90:b6:72:58:90:77:48:
- ea:56:25:52:e3:c6:bd:3c:95:99:ae:fd:2a:f7:b2:1f:87:bc:
- af:93:ba:2d:0f:1a:ff:7e:90:3b:ae:63:96:9e:68:97:32:16:
- ed:b8:ce:7d:48:f2:b9:83:fc:24:dc:34:1a:34:a4:19:80:78:
- ec:b2:6c:a0:e8:15:37:1e:8d:fa:b9:62:a2:25:5d:d3:14:50:
- f6:68:4b:09:b3:12:ac:cc:63:bb:2b:e6:2a:33:ee:c7:1c:c6:
- 64:14:47:e2:c3:29:26:ba:f9:e8:2e:34:c1:cc:9e:3b:2d:57:
- cd:f7:fe:fb:d8:13:65:5c:42:a8:71:61:df:d7:ae:16:71:7f:
- fd:fb:66:d6:a2:92:52:e9:cb:65:03:7d:13:8c:bc:d4:5a:1a:
- c0:55:0d:5f:1c:85:a0:1e
------BEGIN CERTIFICATE-----
-MIID1jCCAb6gAwIBAgIBJzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjIzMDYxMVoXDTE5
-MDMxNDIzMDYxMVowcjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xNjA0BgNVBAMTLVJlc3BvbmRlciBjZXJ0
-aWZpY2F0ZSB3aXRoIG5vY2hlY2sgZXh0LiBmaWVsZDCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAw2n0EjQbBFEzJoSeWv4r19jrahSv5VhopXHkXopV3GlxFD8W
-SLFS7iIF/Srnbs7xJEnwBj317WztJhGTk04IBZEmuSLod4tvUKXbFCgswpSG0mQR
-DopR61Q7Wh9wCrJc4rJimTB8jHH2CChP2Tg4OPOCzTrtV1zJ0rxH+pYkLtUCAwEA
-AaMTMBEwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQUFAAOCAgEAaXFAEq/k
-vkJS/3qov+NB8it1DSIQ6NYe08C7kH92RpKpYytQdMhzxHsOoLftXCAGGGQbe4Ih
-p4K8wDNTi19ox95flTFSk10PeEz/UC/gV7r1ScuUujSF6fEQdidmbdZG9p1RLQSW
-tXj3xhsltArnifSfpTOSUQCGlw9HzDqNXjrCrVFIfnoDetGnbRSKZPla4RzLguFC
-84zch46byORoPCbrChnIHHGIfslm9/4a7jpSG1Rgleg35g2zi78CB+f4FmT5NFCM
-vVTl0QuoX1l53irqRJK+PrINzfrf05MQye9A0zGnBuM5FWhd15RPlmmOE43z+3nr
-M1Aer/rD2IFHG4kFOWLqxO/3FSniQ/Jmk1EgEhAXycfzfOD9Wdw4yrL1/f5d+JqD
-cHK54WumYNudo1g+XnOkzhgSutxWcvi02Ezo2Zxez9F2Vn4uM50agOvdfGnAnNNc
-XNOiiXxEh2YQbvmQtnJYkHdI6lYlUuPGvTyVma79KveyH4e8r5O6LQ8a/36QO65j
-lp5olzIW7bjOfUjyuYP8JNw0GjSkGYB47LJsoOgVNx6N+rlioiVd0xRQ9mhLCbMS
-rMxjuyvmKjPuxxzGZBRH4sMpJrr56C40wcyeOy1Xzff++9gTZVxCqHFh39euFnF/
-/ftm1qKSUunLZQN9E4y81FoawFUNXxyFoB4=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 40 (0x28)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 23:08:54 2009 GMT
- Not After : Mar 14 23:08:54 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder's certificate with delegation
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:d0:8a:8e:73:c5:57:a8:03:b0:2c:1f:05:05:36:
- 1b:90:89:db:48:b2:cd:e8:ea:02:95:d8:30:c3:c6:
- 3e:6a:8c:19:70:0c:a7:cb:a6:07:df:ec:42:c9:dc:
- 18:cf:ef:73:cd:d1:eb:51:c0:bd:0e:51:63:6f:a3:
- ce:26:a0:02:da:32:a3:65:36:ad:42:02:85:9b:df:
- 9e:0a:51:41:93:f9:02:ff:f0:63:be:38:2e:b9:d9:
- 07:db:3c:81:23:4f:2a:0d:24:50:6e:e2:ef:59:f4:
- 91:3a:fb:fd:55:19:4b:49:71:08:bd:f9:2d:ea:64:
- 82:f6:1a:ca:46:60:ac:de:e5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Extended Key Usage:
- OCSP Signing
- OCSP No Check:
-
- Signature Algorithm: sha1WithRSAEncryption
- 05:a1:04:c7:55:71:a8:52:04:d6:60:f3:37:08:15:50:86:71:
- bf:8e:9e:9b:60:50:6e:57:1e:b1:30:3a:e0:8a:e0:74:90:c0:
- be:97:78:f1:8b:52:f3:6b:e6:45:38:a5:7b:e2:47:2d:5c:80:
- 15:e7:74:b2:b1:66:db:eb:96:67:7c:01:8b:5e:c1:c2:59:33:
- 2e:62:a9:a3:7f:c7:b8:07:ee:27:22:83:11:e3:e9:b9:59:a5:
- 1f:27:1f:6f:b9:34:c5:c2:ae:d5:cd:59:59:28:05:78:ff:0f:
- 18:6a:c8:22:5b:40:06:0b:a9:ee:8c:e5:44:04:59:a0:f2:42:
- e8:52:a4:ec:45:78:1e:b4:cf:02:e5:b5:31:d2:f4:93:15:58:
- bc:02:a6:b0:01:5a:d9:72:eb:80:64:e9:f1:d5:38:69:f4:1a:
- 4d:7c:78:d7:ba:9e:ca:41:22:a6:09:c2:7e:fe:90:20:7f:72:
- ae:ca:76:30:39:e5:1e:70:63:bc:68:e4:ee:0f:e7:7a:b0:cf:
- c4:70:26:b8:dd:4e:9f:9f:75:11:05:be:d8:17:95:c1:75:ac:
- e6:91:f7:b8:8e:93:f3:45:c1:9d:10:10:71:69:92:6d:f1:b8:
- 73:18:ed:02:84:6d:ab:6c:cc:91:be:ac:3c:61:39:48:74:e2:
- 27:b9:16:5e:02:6c:c4:1b:35:a2:68:24:44:5c:4e:37:58:6d:
- f3:a4:e9:6a:d9:56:92:6d:05:6e:e1:f3:f5:7b:11:40:4b:2b:
- 13:32:e5:18:5b:62:64:1a:17:9f:91:fd:0c:95:54:02:09:6f:
- 48:ea:c8:ae:7e:24:bb:a8:b1:33:c8:98:50:90:8d:b2:5b:21:
- 1e:af:d2:78:ae:87:a7:32:82:3d:aa:9d:66:0d:92:59:02:8c:
- 3f:73:43:76:74:58:f9:95:fd:5c:90:31:d7:c7:7a:2a:fb:e0:
- bb:b8:50:62:3c:44:09:34:dd:68:10:11:be:c6:c3:65:a4:e8:
- e3:9d:0f:59:a2:a7:e5:d5:97:8b:48:a0:d4:30:31:aa:9e:4b:
- e2:30:ed:06:72:c8:97:0d:6a:70:a8:c9:ca:9c:d4:f1:57:0b:
- bf:24:43:7e:b7:a1:a5:91:af:ac:ae:f5:c6:8b:ef:aa:61:e5:
- c4:7d:37:31:a0:5f:e9:45:9d:d8:08:b9:15:da:16:2a:16:77:
- c7:82:0e:02:6e:9b:ec:25:f3:8f:8d:11:41:0b:56:a9:7b:1d:
- 0f:f3:be:fa:46:ee:cb:80:3b:09:1f:85:90:70:ed:1d:e3:65:
- f4:81:3f:ef:86:32:6c:9c:b0:35:e2:73:41:fb:0c:0c:2d:2d:
- cb:45:0e:73:d3:39:98:36
------BEGIN CERTIFICATE-----
-MIID6jCCAdKgAwIBAgIBKDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjIzMDg1NFoXDTE5
-MDMxNDIzMDg1NFowcTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xNTAzBgNVBAMTLE9DU1AgUmVzcG9uZGVy
-J3MgY2VydGlmaWNhdGUgd2l0aCBkZWxlZ2F0aW9uMIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQDQio5zxVeoA7AsHwUFNhuQidtIss3o6gKV2DDDxj5qjBlwDKfL
-pgff7ELJ3BjP73PN0etRwL0OUWNvo84moALaMqNlNq1CAoWb354KUUGT+QL/8GO+
-OC652QfbPIEjTyoNJFBu4u9Z9JE6+/1VGUtJcQi9+S3qZIL2GspGYKze5QIDAQAB
-oygwJjATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMA0GCSqG
-SIb3DQEBBQUAA4ICAQAFoQTHVXGoUgTWYPM3CBVQhnG/jp6bYFBuVx6xMDrgiuB0
-kMC+l3jxi1Lza+ZFOKV74kctXIAV53SysWbb65ZnfAGLXsHCWTMuYqmjf8e4B+4n
-IoMR4+m5WaUfJx9vuTTFwq7VzVlZKAV4/w8YasgiW0AGC6nujOVEBFmg8kLoUqTs
-RXgetM8C5bUx0vSTFVi8AqawAVrZcuuAZOnx1Thp9BpNfHjXup7KQSKmCcJ+/pAg
-f3KuynYwOeUecGO8aOTuD+d6sM/EcCa43U6fn3URBb7YF5XBdazmkfe4jpPzRcGd
-EBBxaZJt8bhzGO0ChG2rbMyRvqw8YTlIdOInuRZeAmzEGzWiaCREXE43WG3zpOlq
-2VaSbQVu4fP1exFASysTMuUYW2JkGhefkf0MlVQCCW9I6siufiS7qLEzyJhQkI2y
-WyEer9J4roenMoI9qp1mDZJZAow/c0N2dFj5lf1ckDHXx3oq++C7uFBiPEQJNN1o
-EBG+xsNlpOjjnQ9Zoqfl1ZeLSKDUMDGqnkviMO0GcsiXDWpwqMnKnNTxVwu/JEN+
-t6Glka+srvXGi++qYeXEfTcxoF/pRZ3YCLkV2hYqFnfHgg4CbpvsJfOPjRFBC1ap
-ex0P8776Ru7LgDsJH4WQcO0d42X0gT/vhjJsnLA14nNB+wwMLS3LRQ5z0zmYNg==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 41 (0x29)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 23:32:11 2009 GMT
- Not After : Mar 14 23:32:11 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Seventh OCSP Client certificate
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:ab:f9:60:ff:9d:55:0f:31:12:2c:f2:df:64:22:
- fb:c0:97:1d:e4:13:fb:d7:15:37:5d:b9:2d:97:37:
- c4:e8:34:cb:00:85:22:4d:8a:85:80:a1:ae:90:5e:
- 71:bf:6d:0d:a3:c3:8d:ce:47:58:60:25:bb:9c:95:
- 0a:0b:cd:23:01:ae:18:be:d5:65:bd:8b:55:bf:ee:
- 59:8a:db:20:bd:f9:f3:ac:53:2e:09:99:fb:27:7d:
- 23:8b:f6:96:d9:41:37:0a:43:16:1f:f9:5d:84:b3:
- 3b:79:45:ff:dd:b2:35:99:c0:db:85:24:22:a8:7e:
- ff:e0:8b:f2:d8:ca:3e:ae:e5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Authority Information Access:
- OCSP - URI:http://127.0.0.1:86/0008
-
- Signature Algorithm: sha1WithRSAEncryption
- 08:02:c2:09:8a:f6:f1:d7:9e:d3:30:dc:ce:97:fc:84:bd:5b:
- ae:60:39:82:0a:06:38:43:1e:55:de:83:11:d3:12:e0:81:76:
- fd:5c:6e:9e:30:73:6d:8f:b2:32:a6:60:24:24:ee:e3:fd:73:
- 10:12:e6:c7:23:6b:1f:4e:b5:52:e3:12:09:ee:dd:19:d2:b4:
- a6:34:e6:14:3c:79:58:95:4b:25:e3:f6:97:d2:cc:20:93:48:
- 1f:d5:2f:37:db:15:bf:f4:71:ad:04:bd:95:80:57:a5:49:bb:
- aa:ca:f3:ff:af:62:dd:f9:94:75:38:59:6c:74:ef:ac:1e:19:
- 60:6d:4b:be:f7:62:2f:c6:68:b9:c4:fc:8a:fd:9f:b2:4d:44:
- 87:12:51:6e:7d:5f:41:2c:ea:e6:9c:3c:bd:cf:dc:aa:14:b2:
- 34:16:e0:38:b3:8c:f4:d7:68:1f:6c:cc:3c:da:30:32:8e:58:
- 5b:9a:bf:75:7a:38:a3:cf:60:6f:74:cc:a6:c1:55:f6:96:84:
- 98:04:db:b1:07:d6:f6:06:11:af:c2:fb:81:a4:77:04:4d:55:
- 9d:c4:28:d4:3c:d0:97:a0:f8:d4:18:59:cc:23:3a:b3:c0:82:
- ad:1d:e2:4c:e4:da:24:73:cd:77:ab:db:22:07:94:d1:16:26:
- 27:82:e2:d5:82:f9:e1:29:fb:8f:9e:88:a2:1b:5c:8b:31:3c:
- c6:1c:ae:16:31:28:f8:e2:5c:9d:e9:e8:d7:d9:fe:0a:39:3f:
- fa:65:20:53:5e:20:32:4b:b8:a8:4b:a8:b8:e8:f1:3f:0a:80:
- 7d:b4:8c:1b:e6:54:d3:02:d6:56:a3:a6:4e:87:9a:51:ed:0d:
- 52:9b:e1:66:c8:64:c8:95:55:08:aa:f9:c0:9d:5a:89:03:21:
- 6b:29:96:f8:42:64:6a:3f:d5:92:d5:13:00:6c:89:38:ea:01:
- 0d:28:3b:a0:12:e1:cf:cf:fd:10:5e:a3:9b:67:0b:3e:a7:17:
- 7a:de:76:25:26:54:db:0f:a8:f9:e9:50:f0:1e:9a:0d:ad:d6:
- ad:63:32:be:c0:bb:7a:66:be:c9:d3:f2:1e:48:c3:f5:2b:15:
- 4d:39:cc:88:32:65:97:99:01:41:12:07:4e:d7:1d:af:fa:46:
- 29:93:02:70:ed:df:89:a3:d5:50:1c:07:ed:df:f8:5c:d6:11:
- c6:1a:32:e6:2b:e7:49:d8:82:16:dd:41:5d:13:9c:a0:00:68:
- 82:54:f8:5e:2a:81:3e:fe:0b:bf:6e:de:e2:b4:4f:09:31:74:
- 4d:6a:2d:b7:a9:0a:54:f4:a7:1f:63:8a:6e:73:bc:e3:38:9e:
- b8:26:e5:f6:8a:dd:ad:14
------BEGIN CERTIFICATE-----
-MIID7TCCAdWgAwIBAgIBKTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjIzMzIxMVoXDTE5
-MDMxNDIzMzIxMVowZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xKDAmBgNVBAMTH1NldmVudGggT0NTUCBD
-bGllbnQgY2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKv5
-YP+dVQ8xEizy32Qi+8CXHeQT+9cVN125LZc3xOg0ywCFIk2KhYChrpBecb9tDaPD
-jc5HWGAlu5yVCgvNIwGuGL7VZb2LVb/uWYrbIL3586xTLgmZ+yd9I4v2ltlBNwpD
-Fh/5XYSzO3lF/92yNZnA24UkIqh+/+CL8tjKPq7lAgMBAAGjODA2MDQGCCsGAQUF
-BwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovLzEyNy4wLjAuMTo4Ni8wMDA4MA0G
-CSqGSIb3DQEBBQUAA4ICAQAIAsIJivbx157TMNzOl/yEvVuuYDmCCgY4Qx5V3oMR
-0xLggXb9XG6eMHNtj7IypmAkJO7j/XMQEubHI2sfTrVS4xIJ7t0Z0rSmNOYUPHlY
-lUsl4/aX0swgk0gf1S832xW/9HGtBL2VgFelSbuqyvP/r2Ld+ZR1OFlsdO+sHhlg
-bUu+92Ivxmi5xPyK/Z+yTUSHElFufV9BLOrmnDy9z9yqFLI0FuA4s4z012gfbMw8
-2jAyjlhbmr91ejijz2BvdMymwVX2loSYBNuxB9b2BhGvwvuBpHcETVWdxCjUPNCX
-oPjUGFnMIzqzwIKtHeJM5Nokc813q9siB5TRFiYnguLVgvnhKfuPnoiiG1yLMTzG
-HK4WMSj44lyd6ejX2f4KOT/6ZSBTXiAyS7ioS6i46PE/CoB9tIwb5lTTAtZWo6ZO
-h5pR7Q1Sm+FmyGTIlVUIqvnAnVqJAyFrKZb4QmRqP9WS1RMAbIk46gENKDugEuHP
-z/0QXqObZws+pxd63nYlJlTbD6j56VDwHpoNrdatYzK+wLt6Zr7J0/IeSMP1KxVN
-OcyIMmWXmQFBEgdO1x2v+kYpkwJw7d+Jo9VQHAft3/hc1hHGGjLmK+dJ2IIW3UFd
-E5ygAGiCVPheKoE+/gu/bt7itE8JMXRNai23qQpU9KcfY4puc7zjOJ64JuX2it2t
-FA==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 42 (0x2a)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Jun 20 08:21:47 2009 GMT
- Not After : Jun 18 08:21:47 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First Test Certificate
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:cf:0f:cf:a5:08:18:bf:8b:6c:2c:3c:55:fe:02:
- 43:b7:a8:af:45:a3:4a:28:63:d1:da:26:7a:c2:0d:
- f8:58:a5:73:c5:db:b8:fb:62:47:ea:17:7b:25:6b:
- d1:8c:e2:74:96:f4:6b:e5:49:3b:b3:e5:6a:63:36:
- 19:f8:3c:d8:4b:9c:14:9d:2b:6a:71:cc:3a:9f:b9:
- d5:db:60:8e:44:40:d7:12:53:52:e5:71:41:c8:bf:
- ec:0d:9c:5b:7c:8e:ac:99:47:65:50:e5:f8:95:3e:
- 8a:3c:99:d9:75:47:73:51:f4:fd:36:46:ed:1a:77:
- 10:ce:1d:01:0c:86:6b:23:ff
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 25:0C:EC:1F:D6:1A:A2:95:AF:C1:A3:DA:EF:B1:F3:BE:62:F3:10:6C
- X509v3 Authority Key Identifier:
- DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA
- serial:F2:5B:40:5B:C2:B7:D0:64
-
- Signature Algorithm: sha256WithRSAEncryption
- b1:3e:50:ff:5f:32:b2:09:6b:52:98:07:5a:78:7f:fe:12:6f:
- 87:25:d4:bc:96:45:07:31:e0:ae:52:d1:9e:04:d8:05:84:cf:
- e2:e5:82:01:b5:46:ce:4e:47:d6:ef:87:7c:37:d6:67:99:ab:
- ad:4d:70:eb:98:fe:31:f1:f8:e9:a2:c5:40:4f:a6:c4:79:15:
- 64:d3:64:d2:3f:05:b5:08:16:88:46:22:72:86:a1:8e:ef:df:
- 67:25:d7:74:bd:01:04:b8:70:00:0d:9d:36:d0:9e:3a:4b:7e:
- 0d:3d:9e:3d:ce:fb:47:ee:7d:5b:b9:c1:65:2b:4c:ef:26:89:
- ed:1b:bc:17:4a:63:41:b3:99:e7:c5:4d:d5:31:af:d7:4b:3b:
- 37:ce:99:da:8f:53:20:40:14:95:14:09:61:ba:9c:c0:1b:66:
- 7c:e7:e3:4c:28:c6:48:e8:6c:02:55:3c:44:18:d1:29:88:7b:
- ff:30:e5:be:ee:8e:da:95:fe:04:c2:c8:a1:ce:81:46:b9:bb:
- b2:3d:ad:af:a9:e3:a8:c1:8f:d8:51:48:d1:c6:e9:c8:c8:94:
- 6f:7c:b0:fc:92:04:d0:8f:30:30:f1:a3:d0:f8:dc:aa:52:2c:
- 1f:bd:f3:67:ac:97:6e:0d:1a:82:c1:a2:30:9e:d3:95:74:47:
- b5:49:c8:73:7a:c6:73:20:18:7a:98:8f:c1:3e:5f:1a:04:33:
- 9b:ff:e0:ab:9e:f8:ca:92:bc:e8:94:b8:ce:87:89:75:e6:49:
- bd:d5:7f:1f:44:b6:48:fc:02:4f:b5:25:f4:ff:53:98:5f:0f:
- 95:52:d2:00:2a:41:85:cb:8d:f4:a1:a6:ef:68:ac:b5:fa:a7:
- 94:91:cc:64:5c:30:43:01:90:84:eb:8f:66:3b:98:4c:42:43:
- 3d:31:47:28:da:49:eb:e9:14:67:c5:81:f6:13:a3:c3:a5:ee:
- c4:28:0e:52:ee:c7:b2:e6:f8:c3:79:63:12:45:c1:06:5b:94:
- 48:f1:4c:32:c7:69:9d:6d:b3:0b:c5:98:93:f4:4b:c7:64:35:
- 23:22:56:c7:fa:e3:0c:3b:39:cf:b4:ca:cf:d2:10:97:b3:95:
- e4:f7:53:d3:cb:5e:43:82:d4:7c:e5:83:a4:cf:4e:0b:c8:16:
- 35:5e:8a:2b:47:8a:6e:2f:98:02:d4:cc:9d:28:a9:95:ff:ab:
- 73:df:01:c6:ff:df:7b:33:21:e0:db:81:8d:59:11:f0:f3:92:
- f7:c5:8c:83:2e:22:55:dd:1f:78:5c:f7:a3:fc:de:99:8f:46:
- 50:ff:75:db:bb:58:07:fa:01:c1:67:8c:18:c4:3f:2f:b7:41:
- f7:ec:56:e7:1a:4b:e4:78
------BEGIN CERTIFICATE-----
-MIIEfjCCAmagAwIBAgIBKjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDYyMDA4MjE0N1oXDTE5
-MDYxODA4MjE0N1owWzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xHzAdBgNVBAMTFkZpcnN0IFRlc3QgQ2Vy
-dGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8Pz6UIGL+LbCw8
-Vf4CQ7eor0WjSihj0domesIN+Filc8XbuPtiR+oXeyVr0YzidJb0a+VJO7PlamM2
-Gfg82EucFJ0ranHMOp+51dtgjkRA1xJTUuVxQci/7A2cW3yOrJlHZVDl+JU+ijyZ
-2XVHc1H0/TZG7Rp3EM4dAQyGayP/AgMBAAGjgdEwgc4wCQYDVR0TBAIwADAsBglg
-hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
-BBYEFCUM7B/WGqKVr8Gj2u+x875i8xBsMHQGA1UdIwRtMGuhXqRcMFoxCzAJBgNV
-BAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMREwDwYDVQQHEwhTdXdvbi1TaTEW
-MBQGA1UEChMNU2Ftc3VuZyBFbGVjLjELMAkGA1UEAxMCQ0GCCQDyW0BbwrfQZDAN
-BgkqhkiG9w0BAQsFAAOCAgEAsT5Q/18ysglrUpgHWnh//hJvhyXUvJZFBzHgrlLR
-ngTYBYTP4uWCAbVGzk5H1u+HfDfWZ5mrrU1w65j+MfH46aLFQE+mxHkVZNNk0j8F
-tQgWiEYicoahju/fZyXXdL0BBLhwAA2dNtCeOkt+DT2ePc77R+59W7nBZStM7yaJ
-7Ru8F0pjQbOZ58VN1TGv10s7N86Z2o9TIEAUlRQJYbqcwBtmfOfjTCjGSOhsAlU8
-RBjRKYh7/zDlvu6O2pX+BMLIoc6BRrm7sj2tr6njqMGP2FFI0cbpyMiUb3yw/JIE
-0I8wMPGj0PjcqlIsH73zZ6yXbg0agsGiMJ7TlXRHtUnIc3rGcyAYepiPwT5fGgQz
-m//gq574ypK86JS4zoeJdeZJvdV/H0S2SPwCT7Ul9P9TmF8PlVLSACpBhcuN9KGm
-72istfqnlJHMZFwwQwGQhOuPZjuYTEJDPTFHKNpJ6+kUZ8WB9hOjw6XuxCgOUu7H
-sub4w3ljEkXBBluUSPFMMsdpnW2zC8WYk/RLx2Q1IyJWx/rjDDs5z7TKz9IQl7OV
-5PdT08teQ4LUfOWDpM9OC8gWNV6KK0eKbi+YAtTMnSiplf+rc98Bxv/fezMh4NuB
-jVkR8POS98WMgy4iVd0feFz3o/zemY9GUP9127tYB/oBwWeMGMQ/L7dB9+xW5xpL
-5Hg=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIIJKAIBAAKCAgEAxeGHrxpZR44wOoWcabXK6qAonmAvtoteQu9qim1mdlyFOL4t
-vMMQiEDIctVmHNblNNqVj0iy+ogH69rHqRhImXW/MiqFrt0Gwdx+0KomqUPCXfmk
-8458MkFwyN3bXVqtV7/tccix1OY5oakFUX/tYYwaCVr0cgUuev8ShxJ3Gr+3JTzZ
-M8cGlN+M6eRfG5kuS9xMF2bZ7dlrqIuhdkFTCoARtt9NCewEKVwGBTJpVHVvHAuM
-RuOaDw31G+kdI0OFUFCSNGDzTOevLGiMgIcHcmmV80EUYn4+3KZFdASi6/NlGLLS
-0tEfJ29Qs7WGxU7+Ya1orKEUgtSSfbjTDW7xqLIz/trVUTL6FhLiUs6JCdsKxkjq
-BZ3OauhrW0E45XeaNNvS2OfEgZsa7Z+cRAysqFEE3WXTiEQsGVNSoaC9epYGBgHT
-e5oe3rVSXgeMA+otaSZa78JmUQ7p7CgKgkcI9HRnz2AZ2twzMkFoXZ2xx66shxgv
-6tKUAtOSmjdKJCJGWpw1JBBRSEVwT5+xCrTnSBfGToAyNmLcRkL8uPZn+hhx/mGL
-C3uCfMy7HkDQzGhvyDiBEYiE47EPFmDndf1+t1NbrGcxMYeraaqZW1Ceq6/Pow1w
-PDtyckFRCRRYeSrjC8vfLrNuEEVRexfuAEqjHQkxjc8d4f66e0s2hZ2L0X0CAwEA
-AQKCAgBEQ968QLnGHr5yof9o1IdxU9lPcd1j+0aEjvXRVZaAhMCM58b9lMnSR48f
-VpFIp7Yg+ruX17uvBFi/PBWfNzpsfpt8IgFGZwfav0eckuaNhEu8gdAvGdustrjD
-Aw6XcR3V5Od0VolK6jW9mIK2MAzjlyKwUYl9AF6dnft1T6B5QORc21YPL70MhOan
-FdrduYWoNBKoDBponJYwaiNEmZqdR7tUvEpmft6cqhuFlXOS6IRxR2aYWhKe2PDT
-NSORM8z8/R7DJSMqR8894b9+45ZlGRna9nui0uy60D2rnaHbBne9AowKoIw/3X4Y
-0SnyTaMibWFsFJHv5Ie5CZb9zmVdcqAKZniikngDOLkxdqTr1U4T4hAP4ICahKjl
-/mugIlg67Oua6Opd2LBpDsw4/5nXM2XyWwb6OFdDVCvnsV9v1pdRu2m8qZIQkWwC
-2eEkuN3aW0DYOalWldjLggMGFrByZKp6H2+upvygJdInRIOlNA4e+aOmFFLWnCQ3
-HgXlLXvT8FJsAs/52eYTi3QFaYSb+WgagROw7FBZHXwyfV7f2Lrty9o/lh4AwAqv
-4KtPfhQ0eVtB/3L7Pa+QuW5IBjjUbrrNCH3uo+NuJ+mOVzVZ/eVF4WlEDhapTyCh
-YL/hMMIijRhf4VNkNch84Ly2lzvMxTnO/yFgomgMBf7vdYJBnQKCAQEA8LNvx3U2
-rNQqa342Uep15k3RBUTDtN8d6s06CpiRz+d/qKl/8MteENl0SQAOGmbmVfa4QUD9
-jFCD18D0sM0qERLB63Jwr62y1sRi2m47QEzWHzx81OxjKHZZw2K6YmHXE9JzurX5
-2+ifdUiU2uOmqS1IVrIFOZuQef0xqVq7PSSjbL3DwPefWQakRnmhpL1iTzgnswTu
-7PPoqZaV9QmgjCGgMhNZlvQINXM8dYsAgfUlVZwKqkzAip9FpJLdmOUhyF2I+p6b
-zjSwsA0MslyBqc/mkZBxAjMR7j4KeshwCosGpf12Ax/7eWIsBZBI2+GktPsUwiS0
-FsCX7b5s/Xk1SwKCAQEA0nVZUelZKUg+aoaQmAoJ1h83XaqOqV+uN7jjxYag9+Ts
-Ay4mfhkMra6p7xfEz0lWiOVXDfq7jOSiefsvIAaVlr+EPBzyGpFN46S0A00EKloZ
-ysP2R3bqI46VlqPcqaSZoj8dGWVN+gmz7zuu0usv0uzZx9wJ8cbxkC9LnD9Ka7dG
-ea8al5FoC2eJHQGMfIj+RlRWdSZ2dkRWPb9oLpaTtQW7iLnFQDheZcK8lTcBxTc5
-gkGqv4Ab/ItNg6ukCd75lgHdxgNE5GNfBofu/68zn1qJjpP4YwJ9B8+4JPHmfl2f
-F4OGvD9jq439/z8M4ymM4TjQbi0qYDfGPfgeja//VwKCAQAutcOlY1u+4lVxEscb
-0nIaxVMgwJ1yBjJaFIWE9OKnA/fEFVCcu/p/LpPgbsBN41YjrINJNoF9r0pGnk1d
-2hKlyYwUUtsHXJ/uCaJdXTLmYYLUAPsAnvcHLSBySEB/Qxln4VlQDGx2fogjTHiG
-mdMH1Z/KIzXcXhIFelse0FqxnOCSA6lvUx57Oky62HPD8nSXhwA9P2HWXebysiRb
-rwiW6RebYCHsp2LIbJp4/QaWMaqTGHsBXW+n9wyeyVlziFOr/GrOp+T4eUUohP/H
-xSfsekn2SZ+Em8CJCUUjWq5TfXNG1w8FwDke7yw30C4zbXB3Jpp6qoDAQZO6MVAZ
-SGJNAoIBAE1B2sog+SQYayE7yLSnarj5uJ9fzwMKJrA55RNLuqeFl8YLGQJNO8Q+
-TA+DEDJv355dYjm1g0fTXnmc5c3B3QP7xhUzIwTxtkAM5DAaA59wd+thSHUviAAJ
-hYxJFuYHkIZo2MvLznYtPapipGi1AVdSrxeZBOWGfILLedwft7gXDX35868UJ7eY
-CFNnkCTfPUigCST0O6RqraX5L8t6Zzqaoh8s4uYSS0Tb2dKE4Nd+0FOqu32VD7ED
-ii79wTgGbGTOxpS7+nxEpkuFdwzRSggDel+mnhXqge9uJ1EYo95bi91b4QgV1QbT
-FxyuDpMNW7QJ4Smw1s9/afyxqrWkl/0CggEBAO5OYdCU/EQCmz2cNcYTbUQRffh9
-cpILgXA8RI7Ravn7x9AyjoO9mhBwQRernPX/YQdL1homYhOC/NW7xCyr8qpOhmLh
-bplV/TBOl74w114EZxvv0w4M9gxP666x3Kx7FzFs4gLNcHXh3eA8jzjiEJQQafwy
-/LPDjVf1mQjmVKVj8keqsB2pJi/NgJuCl7qBdJbNvzcw/bhAT1HhQwuZ+2Z9+lO0
-5mcaxOgbvEv1MBQ5J/m0Afx5fYcNQbrS8S43b3Z3aiqd0ljybs3eDg3JEuRLMYc4
-EDiEvtDqv0nq/VK1yTYG1DhZRDPaVxWUplVl/sH57FzpbY4nVyUvAt5tSUo=
------END RSA PRIVATE KEY-----
+++ /dev/null
-authorityInfoAccess = OCSP;URI:http://127.0.0.1:80/0002
+++ /dev/null
-authorityInfoAccess = OCSP;URI:http://127.0.0.1:81/0003
+++ /dev/null
-authorityInfoAccess = OCSP;URI:http://127.0.0.1:82/0004
+++ /dev/null
-authorityInfoAccess = OCSP;URI:http://127.0.0.1:83/0005
+++ /dev/null
-authorityInfoAccess = OCSP;URI:http://127.0.0.1:84/0006
+++ /dev/null
-authorityInfoAccess = OCSP;URI:http://127.0.0.1:85/0007
+++ /dev/null
-authorityInfoAccess = OCSP;URI:http://127.0.0.1:86/0008
+++ /dev/null
-authorityInfoAccess = OCSP;URI:http://127.0.0.1:89/0002
+++ /dev/null
-authorityInfoAccess = OCSP;URI:http://127.0.0.1:90/0003
+++ /dev/null
-extendedKeyUsage=OCSPSigning
+++ /dev/null
-extendedKeyUsage=OCSPSigning
-noCheck=
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 7 (0x7)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 10 00:14:51 2009 GMT
- Not After : Mar 10 00:14:51 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
- 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
- cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
- ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
- 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
- b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
- ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
- 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
- c7:92:f2:b3:ba:6c:90:3d:71
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Extended Key Usage:
- OCSP Signing
- Signature Algorithm: sha1WithRSAEncryption
- 2d:28:82:cc:79:30:2e:b5:8e:4f:d9:3b:f4:8b:c8:a3:e6:3b:
- cb:2c:0f:97:1c:8b:7f:06:e1:5d:3b:ec:af:c5:de:ef:c4:fa:
- 0b:63:ee:cb:ad:60:7f:42:6f:82:6d:f2:fb:bb:9a:36:f7:1a:
- 6c:9c:82:e8:17:18:41:35:47:72:e8:36:b4:1a:c1:ae:59:7c:
- 92:07:62:8f:00:9a:2e:c8:5e:62:20:5f:14:82:0d:fe:de:04:
- c8:b0:b6:03:d4:aa:41:70:4f:f9:05:ba:b5:c7:3c:36:a0:68:
- 81:c5:82:91:56:fc:65:fe:73:c4:b3:91:d2:c4:51:16:cb:48:
- 32:e3:b1:ea:a4:dc:e0:de:9b:f2:75:22:cd:04:2d:2d:c9:76:
- aa:3b:b8:c6:1a:86:86:1f:a7:11:e0:6d:16:f4:5b:b3:09:1d:
- 34:c1:0e:1a:c8:21:82:91:73:bc:e5:c5:cb:d3:ed:46:d5:f5:
- a6:f8:65:a6:91:7b:cd:a9:0d:a6:37:3e:d9:3f:6f:c4:c7:aa:
- d9:95:75:dc:6d:38:9e:54:3d:0f:a1:26:16:28:71:6b:14:9e:
- be:66:8b:f4:71:c1:3e:34:a0:a1:5d:da:31:1c:63:9f:9d:01:
- 7f:62:13:9d:3b:74:a2:b3:0a:d5:24:c0:35:07:c0:6d:20:c1:
- 2a:21:fb:82:a5:9c:eb:3e:ce:25:57:02:d6:38:77:5e:a0:2a:
- 52:0c:f7:3f:f3:d3:aa:0c:53:a9:1c:e9:39:d7:0d:96:28:b8:
- e2:e9:1c:e3:92:12:1e:e1:3e:44:5a:fb:25:1e:2c:74:a9:93:
- 24:a0:f0:02:63:bf:e2:45:a0:c5:6f:40:e4:3b:b2:b1:f1:0a:
- 19:89:b9:54:d6:61:21:3d:7b:4b:91:fe:d9:f0:e1:48:20:d9:
- 0b:e2:be:dd:f7:5b:6f:c8:76:ca:74:9f:a5:4a:9a:9c:1d:f0:
- ec:40:72:82:67:fc:2a:9f:4e:f1:7f:e4:b5:7e:c0:3f:22:36:
- 18:c3:48:88:7f:0c:2d:26:cc:40:c5:82:bd:23:e5:6c:ce:3c:
- 27:19:27:fe:7b:1b:fa:cb:38:0a:9f:a6:44:4b:c2:22:63:68:
- 3c:fa:86:11:af:5d:05:7c:5b:fd:26:9a:78:18:c7:f6:1e:1f:
- 69:b9:ba:71:3b:dc:95:c1:3f:59:17:42:f1:48:2b:10:5f:67:
- 46:32:37:4a:1a:85:d0:00:81:92:50:6c:29:80:e1:b5:bf:52:
- a8:79:c0:5d:b9:36:e3:f7:d5:69:dc:de:54:13:c0:d3:6e:7a:
- 9c:a8:e9:e4:f6:57:ed:aa:bd:6e:c1:c5:35:ed:72:17:65:e3:
- cd:f0:a3:a0:10:95:b8:70
------BEGIN CERTIFICATE-----
-MIIDuzCCAaOgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMDAwMTQ1MVoXDTEw
-MDMxMDAwMTQ1MVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
-rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
-sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
-j9ppRseS8rO6bJA9cQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkq
-hkiG9w0BAQUFAAOCAgEALSiCzHkwLrWOT9k79IvIo+Y7yywPlxyLfwbhXTvsr8Xe
-78T6C2Puy61gf0Jvgm3y+7uaNvcabJyC6BcYQTVHcug2tBrBrll8kgdijwCaLshe
-YiBfFIIN/t4EyLC2A9SqQXBP+QW6tcc8NqBogcWCkVb8Zf5zxLOR0sRRFstIMuOx
-6qTc4N6b8nUizQQtLcl2qju4xhqGhh+nEeBtFvRbswkdNMEOGsghgpFzvOXFy9Pt
-RtX1pvhlppF7zakNpjc+2T9vxMeq2ZV13G04nlQ9D6EmFihxaxSevmaL9HHBPjSg
-oV3aMRxjn50Bf2ITnTt0orMK1STANQfAbSDBKiH7gqWc6z7OJVcC1jh3XqAqUgz3
-P/PTqgxTqRzpOdcNlii44ukc45ISHuE+RFr7JR4sdKmTJKDwAmO/4kWgxW9A5Duy
-sfEKGYm5VNZhIT17S5H+2fDhSCDZC+K+3fdbb8h2ynSfpUqanB3w7EBygmf8Kp9O
-8X/ktX7APyI2GMNIiH8MLSbMQMWCvSPlbM48Jxkn/nsb+ss4Cp+mREvCImNoPPqG
-Ea9dBXxb/SaaeBjH9h4fabm6cTvclcE/WRdC8UgrEF9nRjI3ShqF0ACBklBsKYDh
-tb9SqHnAXbk24/fVadzeVBPA0256nKjp5PZX7aq9bsHFNe1yF2XjzfCjoBCVuHA=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC5DoAg/HRJCMuDh3bkQgNCblYbrnNDm6bPXTMdN8+1Irx5Xmpp
-Aj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47LisOggn6nnirjtP+Rvhtjl1Tv+
-R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttqj9ppRseS8rO6bJA9cQIDAQAB
-AoGAfBn7VyO2IBxjzssTsjOK2AwCdwHgjqBdl4aa9qctBf5LguEMX2uAHDlh+FGZ
-Dwgk3eqMJ9M5315fukg4m9D/SSJB5KzmdUB9OQaVe5zhteWOyFUFmMPWOwckKbHj
-EZ+VLpab1PcQQm7VPPAGkF2p2J5UTR/JXt3ZPPj25+orKXkCQQDtnKJ0KtowUUjM
-84+EV9nb7MdJJSAYBr0FKwqSyXsE/WdjqIGh5n/DtJcx6j44IaTn77EIOWHjztQa
-e7/uuZ63AkEAx2CvuyGE4gijAZSQl7gLdgd5JbaJ4dXsFYb5WZK9TuoglsFoUFjC
-aWP9ozPQQGCdTjt4LM5Ln3SuShIopBndFwJBAK0CuwsI1LwPw4lv4tUDPp8y5dxt
-itPTvDgSIe3FhKyacniPDmy7L9ZpHRn8LHekj7VNwsJxPcSpKalq59LEFzsCQCAT
-vjItQmPbX95xOJIwWiezLBqVM7nR4RnVjWiL40k/Ad8/XrkOjrjGDZikTW0OHkDn
-8H3E8wXEkAX6xe8g+iECQEq02B0Je95yRzhFU2OfcZFz9B5YdNXkWAORNGNHV8nO
-m4hVtlawDFWvhHhB/o6JG3QlN3UWy0TRgqZssfb+pNA=
------END RSA PRIVATE KEY-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 7 (0x7)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 10 00:14:51 2009 GMT
- Not After : Mar 10 00:14:51 2010 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42:
- 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37:
- cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be:
- ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14:
- 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a:
- b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51:
- ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3:
- 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46:
- c7:92:f2:b3:ba:6c:90:3d:71
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Extended Key Usage:
- OCSP Signing
- Signature Algorithm: sha1WithRSAEncryption
- 2d:28:82:cc:79:30:2e:b5:8e:4f:d9:3b:f4:8b:c8:a3:e6:3b:
- cb:2c:0f:97:1c:8b:7f:06:e1:5d:3b:ec:af:c5:de:ef:c4:fa:
- 0b:63:ee:cb:ad:60:7f:42:6f:82:6d:f2:fb:bb:9a:36:f7:1a:
- 6c:9c:82:e8:17:18:41:35:47:72:e8:36:b4:1a:c1:ae:59:7c:
- 92:07:62:8f:00:9a:2e:c8:5e:62:20:5f:14:82:0d:fe:de:04:
- c8:b0:b6:03:d4:aa:41:70:4f:f9:05:ba:b5:c7:3c:36:a0:68:
- 81:c5:82:91:56:fc:65:fe:73:c4:b3:91:d2:c4:51:16:cb:48:
- 32:e3:b1:ea:a4:dc:e0:de:9b:f2:75:22:cd:04:2d:2d:c9:76:
- aa:3b:b8:c6:1a:86:86:1f:a7:11:e0:6d:16:f4:5b:b3:09:1d:
- 34:c1:0e:1a:c8:21:82:91:73:bc:e5:c5:cb:d3:ed:46:d5:f5:
- a6:f8:65:a6:91:7b:cd:a9:0d:a6:37:3e:d9:3f:6f:c4:c7:aa:
- d9:95:75:dc:6d:38:9e:54:3d:0f:a1:26:16:28:71:6b:14:9e:
- be:66:8b:f4:71:c1:3e:34:a0:a1:5d:da:31:1c:63:9f:9d:01:
- 7f:62:13:9d:3b:74:a2:b3:0a:d5:24:c0:35:07:c0:6d:20:c1:
- 2a:21:fb:82:a5:9c:eb:3e:ce:25:57:02:d6:38:77:5e:a0:2a:
- 52:0c:f7:3f:f3:d3:aa:0c:53:a9:1c:e9:39:d7:0d:96:28:b8:
- e2:e9:1c:e3:92:12:1e:e1:3e:44:5a:fb:25:1e:2c:74:a9:93:
- 24:a0:f0:02:63:bf:e2:45:a0:c5:6f:40:e4:3b:b2:b1:f1:0a:
- 19:89:b9:54:d6:61:21:3d:7b:4b:91:fe:d9:f0:e1:48:20:d9:
- 0b:e2:be:dd:f7:5b:6f:c8:76:ca:74:9f:a5:4a:9a:9c:1d:f0:
- ec:40:72:82:67:fc:2a:9f:4e:f1:7f:e4:b5:7e:c0:3f:22:36:
- 18:c3:48:88:7f:0c:2d:26:cc:40:c5:82:bd:23:e5:6c:ce:3c:
- 27:19:27:fe:7b:1b:fa:cb:38:0a:9f:a6:44:4b:c2:22:63:68:
- 3c:fa:86:11:af:5d:05:7c:5b:fd:26:9a:78:18:c7:f6:1e:1f:
- 69:b9:ba:71:3b:dc:95:c1:3f:59:17:42:f1:48:2b:10:5f:67:
- 46:32:37:4a:1a:85:d0:00:81:92:50:6c:29:80:e1:b5:bf:52:
- a8:79:c0:5d:b9:36:e3:f7:d5:69:dc:de:54:13:c0:d3:6e:7a:
- 9c:a8:e9:e4:f6:57:ed:aa:bd:6e:c1:c5:35:ed:72:17:65:e3:
- cd:f0:a3:a0:10:95:b8:70
------BEGIN CERTIFICATE-----
-MIIDuzCCAaOgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMDAwMTQ1MVoXDTEw
-MDMxMDAwMTQ1MVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb
-rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li
-sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq
-j9ppRseS8rO6bJA9cQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkq
-hkiG9w0BAQUFAAOCAgEALSiCzHkwLrWOT9k79IvIo+Y7yywPlxyLfwbhXTvsr8Xe
-78T6C2Puy61gf0Jvgm3y+7uaNvcabJyC6BcYQTVHcug2tBrBrll8kgdijwCaLshe
-YiBfFIIN/t4EyLC2A9SqQXBP+QW6tcc8NqBogcWCkVb8Zf5zxLOR0sRRFstIMuOx
-6qTc4N6b8nUizQQtLcl2qju4xhqGhh+nEeBtFvRbswkdNMEOGsghgpFzvOXFy9Pt
-RtX1pvhlppF7zakNpjc+2T9vxMeq2ZV13G04nlQ9D6EmFihxaxSevmaL9HHBPjSg
-oV3aMRxjn50Bf2ITnTt0orMK1STANQfAbSDBKiH7gqWc6z7OJVcC1jh3XqAqUgz3
-P/PTqgxTqRzpOdcNlii44ukc45ISHuE+RFr7JR4sdKmTJKDwAmO/4kWgxW9A5Duy
-sfEKGYm5VNZhIT17S5H+2fDhSCDZC+K+3fdbb8h2ynSfpUqanB3w7EBygmf8Kp9O
-8X/ktX7APyI2GMNIiH8MLSbMQMWCvSPlbM48Jxkn/nsb+ss4Cp+mREvCImNoPPqG
-Ea9dBXxb/SaaeBjH9h4fabm6cTvclcE/WRdC8UgrEF9nRjI3ShqF0ACBklBsKYDh
-tb9SqHnAXbk24/fVadzeVBPA0256nKjp5PZX7aq9bsHFNe1yF2XjzfCjoBCVuHA=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 39 (0x27)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 23:06:11 2009 GMT
- Not After : Mar 14 23:06:11 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Responder certificate with nocheck ext. field
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c3:69:f4:12:34:1b:04:51:33:26:84:9e:5a:fe:
- 2b:d7:d8:eb:6a:14:af:e5:58:68:a5:71:e4:5e:8a:
- 55:dc:69:71:14:3f:16:48:b1:52:ee:22:05:fd:2a:
- e7:6e:ce:f1:24:49:f0:06:3d:f5:ed:6c:ed:26:11:
- 93:93:4e:08:05:91:26:b9:22:e8:77:8b:6f:50:a5:
- db:14:28:2c:c2:94:86:d2:64:11:0e:8a:51:eb:54:
- 3b:5a:1f:70:0a:b2:5c:e2:b2:62:99:30:7c:8c:71:
- f6:08:28:4f:d9:38:38:38:f3:82:cd:3a:ed:57:5c:
- c9:d2:bc:47:fa:96:24:2e:d5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- OCSP No Check:
-
- Signature Algorithm: sha1WithRSAEncryption
- 69:71:40:12:af:e4:be:42:52:ff:7a:a8:bf:e3:41:f2:2b:75:
- 0d:22:10:e8:d6:1e:d3:c0:bb:90:7f:76:46:92:a9:63:2b:50:
- 74:c8:73:c4:7b:0e:a0:b7:ed:5c:20:06:18:64:1b:7b:82:21:
- a7:82:bc:c0:33:53:8b:5f:68:c7:de:5f:95:31:52:93:5d:0f:
- 78:4c:ff:50:2f:e0:57:ba:f5:49:cb:94:ba:34:85:e9:f1:10:
- 76:27:66:6d:d6:46:f6:9d:51:2d:04:96:b5:78:f7:c6:1b:25:
- b4:0a:e7:89:f4:9f:a5:33:92:51:00:86:97:0f:47:cc:3a:8d:
- 5e:3a:c2:ad:51:48:7e:7a:03:7a:d1:a7:6d:14:8a:64:f9:5a:
- e1:1c:cb:82:e1:42:f3:8c:dc:87:8e:9b:c8:e4:68:3c:26:eb:
- 0a:19:c8:1c:71:88:7e:c9:66:f7:fe:1a:ee:3a:52:1b:54:60:
- 95:e8:37:e6:0d:b3:8b:bf:02:07:e7:f8:16:64:f9:34:50:8c:
- bd:54:e5:d1:0b:a8:5f:59:79:de:2a:ea:44:92:be:3e:b2:0d:
- cd:fa:df:d3:93:10:c9:ef:40:d3:31:a7:06:e3:39:15:68:5d:
- d7:94:4f:96:69:8e:13:8d:f3:fb:79:eb:33:50:1e:af:fa:c3:
- d8:81:47:1b:89:05:39:62:ea:c4:ef:f7:15:29:e2:43:f2:66:
- 93:51:20:12:10:17:c9:c7:f3:7c:e0:fd:59:dc:38:ca:b2:f5:
- fd:fe:5d:f8:9a:83:70:72:b9:e1:6b:a6:60:db:9d:a3:58:3e:
- 5e:73:a4:ce:18:12:ba:dc:56:72:f8:b4:d8:4c:e8:d9:9c:5e:
- cf:d1:76:56:7e:2e:33:9d:1a:80:eb:dd:7c:69:c0:9c:d3:5c:
- 5c:d3:a2:89:7c:44:87:66:10:6e:f9:90:b6:72:58:90:77:48:
- ea:56:25:52:e3:c6:bd:3c:95:99:ae:fd:2a:f7:b2:1f:87:bc:
- af:93:ba:2d:0f:1a:ff:7e:90:3b:ae:63:96:9e:68:97:32:16:
- ed:b8:ce:7d:48:f2:b9:83:fc:24:dc:34:1a:34:a4:19:80:78:
- ec:b2:6c:a0:e8:15:37:1e:8d:fa:b9:62:a2:25:5d:d3:14:50:
- f6:68:4b:09:b3:12:ac:cc:63:bb:2b:e6:2a:33:ee:c7:1c:c6:
- 64:14:47:e2:c3:29:26:ba:f9:e8:2e:34:c1:cc:9e:3b:2d:57:
- cd:f7:fe:fb:d8:13:65:5c:42:a8:71:61:df:d7:ae:16:71:7f:
- fd:fb:66:d6:a2:92:52:e9:cb:65:03:7d:13:8c:bc:d4:5a:1a:
- c0:55:0d:5f:1c:85:a0:1e
------BEGIN CERTIFICATE-----
-MIID1jCCAb6gAwIBAgIBJzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjIzMDYxMVoXDTE5
-MDMxNDIzMDYxMVowcjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xNjA0BgNVBAMTLVJlc3BvbmRlciBjZXJ0
-aWZpY2F0ZSB3aXRoIG5vY2hlY2sgZXh0LiBmaWVsZDCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAw2n0EjQbBFEzJoSeWv4r19jrahSv5VhopXHkXopV3GlxFD8W
-SLFS7iIF/Srnbs7xJEnwBj317WztJhGTk04IBZEmuSLod4tvUKXbFCgswpSG0mQR
-DopR61Q7Wh9wCrJc4rJimTB8jHH2CChP2Tg4OPOCzTrtV1zJ0rxH+pYkLtUCAwEA
-AaMTMBEwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQUFAAOCAgEAaXFAEq/k
-vkJS/3qov+NB8it1DSIQ6NYe08C7kH92RpKpYytQdMhzxHsOoLftXCAGGGQbe4Ih
-p4K8wDNTi19ox95flTFSk10PeEz/UC/gV7r1ScuUujSF6fEQdidmbdZG9p1RLQSW
-tXj3xhsltArnifSfpTOSUQCGlw9HzDqNXjrCrVFIfnoDetGnbRSKZPla4RzLguFC
-84zch46byORoPCbrChnIHHGIfslm9/4a7jpSG1Rgleg35g2zi78CB+f4FmT5NFCM
-vVTl0QuoX1l53irqRJK+PrINzfrf05MQye9A0zGnBuM5FWhd15RPlmmOE43z+3nr
-M1Aer/rD2IFHG4kFOWLqxO/3FSniQ/Jmk1EgEhAXycfzfOD9Wdw4yrL1/f5d+JqD
-cHK54WumYNudo1g+XnOkzhgSutxWcvi02Ezo2Zxez9F2Vn4uM50agOvdfGnAnNNc
-XNOiiXxEh2YQbvmQtnJYkHdI6lYlUuPGvTyVma79KveyH4e8r5O6LQ8a/36QO65j
-lp5olzIW7bjOfUjyuYP8JNw0GjSkGYB47LJsoOgVNx6N+rlioiVd0xRQ9mhLCbMS
-rMxjuyvmKjPuxxzGZBRH4sMpJrr56C40wcyeOy1Xzff++9gTZVxCqHFh39euFnF/
-/ftm1qKSUunLZQN9E4y81FoawFUNXxyFoB4=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDDafQSNBsEUTMmhJ5a/ivX2OtqFK/lWGilceReilXcaXEUPxZI
-sVLuIgX9KuduzvEkSfAGPfXtbO0mEZOTTggFkSa5Iuh3i29QpdsUKCzClIbSZBEO
-ilHrVDtaH3AKslzismKZMHyMcfYIKE/ZODg484LNOu1XXMnSvEf6liQu1QIDAQAB
-AoGADsM3XBSxoc7clWFZcThYaZMKndX4P9RA+5ayEO5UdDVHBKeLcGxs/m51k12l
-ZDqf/wTS7DXMGWasN78GLg+sDVXKhzmGIcI7Lql8bVbeXIn8CQaCG+Ol7VmUwDw4
-LAoguwyyKZbeWTzsdRdumhHyLnjVXDnBw3oUYGDtVvIMgXUCQQDo4Y+qsWEa/88O
-M+0LjnM0Ua4DGpHLiKtGkmsc9+Lyhq1bRa07F78ufsVW7Fv3esOa2dyOU9+cK/oe
-fukRZH3/AkEA1tAzV8bRVxoyFahZ31yEnag9op+ZdH45TiIKT/TpA3skxaanV5aJ
-xa3czmfOge3izwZ5e/Gq2MVuCHiRUUb7KwJAQy11/P5IDbrHJsix04iXEPuS39BV
-SEo3ZhcskOGs9NsGvPJ/gzFZc/cbw/RQnzYpoMzBw8jME0fYUd24K806TwJAWQD2
-5P2Zqy9NZS/V3PgmcnRM5V6fZGcQM1FjWHGvQiP5vnMojt/uwZsiC9ty8t6vxPt3
-xmUBVsOmrZfXDggM9QJBAKKwevWzPt5v42+mZhN1qWeHgHk/urFWn5+ITIzVNZmD
-FvIQ/2iBj2YmLiD3pbgT0eflAdfSM8enTyqZ431nOFE=
------END RSA PRIVATE KEY-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 40 (0x28)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 16 23:08:54 2009 GMT
- Not After : Mar 14 23:08:54 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder's certificate with delegation
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:d0:8a:8e:73:c5:57:a8:03:b0:2c:1f:05:05:36:
- 1b:90:89:db:48:b2:cd:e8:ea:02:95:d8:30:c3:c6:
- 3e:6a:8c:19:70:0c:a7:cb:a6:07:df:ec:42:c9:dc:
- 18:cf:ef:73:cd:d1:eb:51:c0:bd:0e:51:63:6f:a3:
- ce:26:a0:02:da:32:a3:65:36:ad:42:02:85:9b:df:
- 9e:0a:51:41:93:f9:02:ff:f0:63:be:38:2e:b9:d9:
- 07:db:3c:81:23:4f:2a:0d:24:50:6e:e2:ef:59:f4:
- 91:3a:fb:fd:55:19:4b:49:71:08:bd:f9:2d:ea:64:
- 82:f6:1a:ca:46:60:ac:de:e5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Extended Key Usage:
- OCSP Signing
- OCSP No Check:
-
- Signature Algorithm: sha1WithRSAEncryption
- 05:a1:04:c7:55:71:a8:52:04:d6:60:f3:37:08:15:50:86:71:
- bf:8e:9e:9b:60:50:6e:57:1e:b1:30:3a:e0:8a:e0:74:90:c0:
- be:97:78:f1:8b:52:f3:6b:e6:45:38:a5:7b:e2:47:2d:5c:80:
- 15:e7:74:b2:b1:66:db:eb:96:67:7c:01:8b:5e:c1:c2:59:33:
- 2e:62:a9:a3:7f:c7:b8:07:ee:27:22:83:11:e3:e9:b9:59:a5:
- 1f:27:1f:6f:b9:34:c5:c2:ae:d5:cd:59:59:28:05:78:ff:0f:
- 18:6a:c8:22:5b:40:06:0b:a9:ee:8c:e5:44:04:59:a0:f2:42:
- e8:52:a4:ec:45:78:1e:b4:cf:02:e5:b5:31:d2:f4:93:15:58:
- bc:02:a6:b0:01:5a:d9:72:eb:80:64:e9:f1:d5:38:69:f4:1a:
- 4d:7c:78:d7:ba:9e:ca:41:22:a6:09:c2:7e:fe:90:20:7f:72:
- ae:ca:76:30:39:e5:1e:70:63:bc:68:e4:ee:0f:e7:7a:b0:cf:
- c4:70:26:b8:dd:4e:9f:9f:75:11:05:be:d8:17:95:c1:75:ac:
- e6:91:f7:b8:8e:93:f3:45:c1:9d:10:10:71:69:92:6d:f1:b8:
- 73:18:ed:02:84:6d:ab:6c:cc:91:be:ac:3c:61:39:48:74:e2:
- 27:b9:16:5e:02:6c:c4:1b:35:a2:68:24:44:5c:4e:37:58:6d:
- f3:a4:e9:6a:d9:56:92:6d:05:6e:e1:f3:f5:7b:11:40:4b:2b:
- 13:32:e5:18:5b:62:64:1a:17:9f:91:fd:0c:95:54:02:09:6f:
- 48:ea:c8:ae:7e:24:bb:a8:b1:33:c8:98:50:90:8d:b2:5b:21:
- 1e:af:d2:78:ae:87:a7:32:82:3d:aa:9d:66:0d:92:59:02:8c:
- 3f:73:43:76:74:58:f9:95:fd:5c:90:31:d7:c7:7a:2a:fb:e0:
- bb:b8:50:62:3c:44:09:34:dd:68:10:11:be:c6:c3:65:a4:e8:
- e3:9d:0f:59:a2:a7:e5:d5:97:8b:48:a0:d4:30:31:aa:9e:4b:
- e2:30:ed:06:72:c8:97:0d:6a:70:a8:c9:ca:9c:d4:f1:57:0b:
- bf:24:43:7e:b7:a1:a5:91:af:ac:ae:f5:c6:8b:ef:aa:61:e5:
- c4:7d:37:31:a0:5f:e9:45:9d:d8:08:b9:15:da:16:2a:16:77:
- c7:82:0e:02:6e:9b:ec:25:f3:8f:8d:11:41:0b:56:a9:7b:1d:
- 0f:f3:be:fa:46:ee:cb:80:3b:09:1f:85:90:70:ed:1d:e3:65:
- f4:81:3f:ef:86:32:6c:9c:b0:35:e2:73:41:fb:0c:0c:2d:2d:
- cb:45:0e:73:d3:39:98:36
------BEGIN CERTIFICATE-----
-MIID6jCCAdKgAwIBAgIBKDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjIzMDg1NFoXDTE5
-MDMxNDIzMDg1NFowcTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xNTAzBgNVBAMTLE9DU1AgUmVzcG9uZGVy
-J3MgY2VydGlmaWNhdGUgd2l0aCBkZWxlZ2F0aW9uMIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQDQio5zxVeoA7AsHwUFNhuQidtIss3o6gKV2DDDxj5qjBlwDKfL
-pgff7ELJ3BjP73PN0etRwL0OUWNvo84moALaMqNlNq1CAoWb354KUUGT+QL/8GO+
-OC652QfbPIEjTyoNJFBu4u9Z9JE6+/1VGUtJcQi9+S3qZIL2GspGYKze5QIDAQAB
-oygwJjATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMA0GCSqG
-SIb3DQEBBQUAA4ICAQAFoQTHVXGoUgTWYPM3CBVQhnG/jp6bYFBuVx6xMDrgiuB0
-kMC+l3jxi1Lza+ZFOKV74kctXIAV53SysWbb65ZnfAGLXsHCWTMuYqmjf8e4B+4n
-IoMR4+m5WaUfJx9vuTTFwq7VzVlZKAV4/w8YasgiW0AGC6nujOVEBFmg8kLoUqTs
-RXgetM8C5bUx0vSTFVi8AqawAVrZcuuAZOnx1Thp9BpNfHjXup7KQSKmCcJ+/pAg
-f3KuynYwOeUecGO8aOTuD+d6sM/EcCa43U6fn3URBb7YF5XBdazmkfe4jpPzRcGd
-EBBxaZJt8bhzGO0ChG2rbMyRvqw8YTlIdOInuRZeAmzEGzWiaCREXE43WG3zpOlq
-2VaSbQVu4fP1exFASysTMuUYW2JkGhefkf0MlVQCCW9I6siufiS7qLEzyJhQkI2y
-WyEer9J4roenMoI9qp1mDZJZAow/c0N2dFj5lf1ckDHXx3oq++C7uFBiPEQJNN1o
-EBG+xsNlpOjjnQ9Zoqfl1ZeLSKDUMDGqnkviMO0GcsiXDWpwqMnKnNTxVwu/JEN+
-t6Glka+srvXGi++qYeXEfTcxoF/pRZ3YCLkV2hYqFnfHgg4CbpvsJfOPjRFBC1ap
-ex0P8776Ru7LgDsJH4WQcO0d42X0gT/vhjJsnLA14nNB+wwMLS3LRQ5z0zmYNg==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDQio5zxVeoA7AsHwUFNhuQidtIss3o6gKV2DDDxj5qjBlwDKfL
-pgff7ELJ3BjP73PN0etRwL0OUWNvo84moALaMqNlNq1CAoWb354KUUGT+QL/8GO+
-OC652QfbPIEjTyoNJFBu4u9Z9JE6+/1VGUtJcQi9+S3qZIL2GspGYKze5QIDAQAB
-AoGAN5sqft45EFjjafBfg1M5KGJJ8WmUFC4JwHDkF9/NltWClukY+Oltohy6dl7U
-0uUziMcXqzXsc1vqWsNf3da+y3oApBa83lI0u02Quzfjc3Lod+Blg7F6RA2dujg+
-3r6Zsop82NWnsMVqxi6+ZjXymSndu8UoY2k/+0N4Ct3916UCQQD9tWlBrKwPhVI3
-tz1Ho0peEdHrn6FXg21rvZgy+RMuiJUummwZZVUDS8ag2OPymffpNCZjbLTDXlaS
-LGKwWt8vAkEA0my3N0557HO345VHlhFiOc1wKcAVN06PNzjU1FZ9PqQeOpoVj4E5
-LlZK625v8d6N8/W8EFbjxfsVll4/P2Q+KwJAS5noYJqctw9KXbHrv9In0fpLbIQn
-5tUSIR3hIadZEO/ATJ/VgIfSmmXVLY8T9fHtjv9sRQpanzEYaPxy+AxMHwJAb0q8
-pG3HIn4Zli7QC9jp4LR9TDehgPz11jkip6OO3mCi9E+mc53fBljxiw9/+abB4XPo
-oaOzGHUx97OlM/vqvQJBAKSUpOYm8HPvMiHUAZElqD+gCSPM1ocv5MpQjm6t7Bc+
-WTCWBulo/KPHIG0wI4Ug/PtA29DsdC0mqQVLZZ9r0IE=
------END RSA PRIVATE KEY-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 14 (0xe)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Mar 13 03:16:42 2009 GMT
- Not After : Mar 11 03:16:42 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Second Responder Certificate
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:aa:01:31:49:34:0e:6c:b5:25:a0:da:35:71:cf:
- 9d:a7:c4:ad:27:31:ee:c2:46:fe:03:8f:4f:ed:f7:
- 75:d5:b9:01:c6:a9:8f:8d:17:ca:8c:82:82:63:ed:
- 08:d4:05:9e:31:3c:c9:66:59:41:72:63:8e:01:3e:
- a2:39:d1:9c:51:9c:c5:9a:ad:72:0d:e6:2b:19:ba:
- 45:a6:18:f6:e2:79:72:4b:5e:79:74:38:b5:86:9c:
- 57:bb:2c:e8:f5:57:9b:32:34:86:2a:2f:40:2f:5d:
- dd:9c:f5:63:d4:2e:ad:b1:d3:25:22:7c:86:89:84:
- c9:26:70:3c:c8:11:64:ed:47
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Extended Key Usage:
- OCSP Signing
- Signature Algorithm: sha1WithRSAEncryption
- b8:56:6b:f9:21:8a:79:e8:53:38:c7:84:e0:c3:96:6c:f3:71:
- 95:dc:31:9a:ef:fc:fb:b5:18:c6:35:26:3d:ee:4d:00:9c:e4:
- 10:25:a9:2e:a0:41:8a:37:a9:91:02:9c:52:ec:0d:7a:bf:e9:
- bb:54:6d:4a:92:5c:9d:c8:01:17:a3:8f:25:fd:32:a7:11:e4:
- 77:fd:ce:7c:4b:c9:ae:32:e6:d5:25:cc:a4:97:bb:07:f3:1d:
- f0:11:8a:d8:f1:37:e6:4f:3c:99:30:44:20:04:3d:82:fc:87:
- 60:24:21:a9:46:e7:d8:41:2c:76:d8:a5:58:44:ca:85:71:31:
- 24:f2:45:7d:fb:70:db:1b:93:42:21:85:69:5d:19:13:85:7c:
- 85:6c:83:8f:bf:c1:a7:3d:49:b9:68:4e:a2:12:2e:9d:89:c3:
- a7:1b:86:71:e4:cc:29:79:0e:b1:19:07:ca:2d:b8:95:87:f4:
- 8d:4a:be:06:0d:d0:e1:1a:ed:ea:a2:52:f3:f2:7b:1f:3c:10:
- c6:67:be:00:3a:36:ca:ad:93:d4:ee:b3:9d:e8:47:6e:bb:6f:
- 12:6b:cf:3d:73:22:a3:15:e0:e1:51:88:86:e6:2a:23:ee:e1:
- 32:55:0c:b8:73:35:f7:42:9e:4c:c4:ea:f5:3c:d5:20:ef:32:
- 27:c2:b5:9b:ad:f0:a8:bf:72:5c:5b:fc:41:e4:a0:6d:b2:4d:
- c0:69:a5:b2:dc:70:d6:90:ae:2e:81:41:f4:ec:33:c5:43:4e:
- 70:eb:1c:17:4c:d9:ed:8f:97:2e:20:17:9d:40:bc:d1:ae:74:
- 21:8b:ab:cc:b0:86:5a:cd:42:9c:df:13:16:59:56:27:be:26:
- bb:92:5f:7a:86:9e:f5:19:45:1f:36:8a:e3:55:5d:89:3b:2f:
- ed:13:9c:e7:ae:bd:eb:34:31:a2:02:70:0c:a7:32:d3:d1:be:
- c0:2f:0e:10:b7:43:2d:ab:68:70:b4:a1:e1:25:c1:ae:1c:43:
- 32:c0:90:81:c1:39:0b:27:e7:14:c9:28:db:40:0f:1f:9c:ce:
- 1b:8b:26:ca:b8:41:01:e7:cb:92:b0:8a:14:00:f3:e0:3c:84:
- d3:2c:45:19:15:01:02:ab:bd:e8:19:6b:d7:7e:c6:5a:a9:3a:
- d5:00:23:15:2a:e9:93:7d:11:75:cc:c6:c3:8e:5f:3f:d3:3f:
- 05:9f:40:12:a9:a8:bc:50:dc:42:02:62:7d:00:6a:ef:08:e1:
- 69:87:4d:2a:9b:54:49:35:80:58:12:92:a1:33:65:20:5f:29:
- cf:ab:03:8e:0b:91:08:9e:52:d6:b2:d7:ec:bb:38:9b:d5:5d:
- f6:b2:89:f5:00:bb:0f:f2
------BEGIN CERTIFICATE-----
-MIIDyTCCAbGgAwIBAgIBDjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMTY0MloXDTE5
-MDMxMTAzMTY0MlowYTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJTAjBgNVBAMTHFNlY29uZCBSZXNwb25k
-ZXIgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKoBMUk0
-Dmy1JaDaNXHPnafErScx7sJG/gOPT+33ddW5Acapj40XyoyCgmPtCNQFnjE8yWZZ
-QXJjjgE+ojnRnFGcxZqtcg3mKxm6RaYY9uJ5ckteeXQ4tYacV7ss6PVXmzI0hiov
-QC9d3Zz1Y9QurbHTJSJ8homEySZwPMgRZO1HAgMBAAGjFzAVMBMGA1UdJQQMMAoG
-CCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA4ICAQC4Vmv5IYp56FM4x4Tgw5Zs83GV
-3DGa7/z7tRjGNSY97k0AnOQQJakuoEGKN6mRApxS7A16v+m7VG1KklydyAEXo48l
-/TKnEeR3/c58S8muMubVJcykl7sH8x3wEYrY8TfmTzyZMEQgBD2C/IdgJCGpRufY
-QSx22KVYRMqFcTEk8kV9+3DbG5NCIYVpXRkThXyFbIOPv8GnPUm5aE6iEi6dicOn
-G4Zx5MwpeQ6xGQfKLbiVh/SNSr4GDdDhGu3qolLz8nsfPBDGZ74AOjbKrZPU7rOd
-6Eduu28Sa889cyKjFeDhUYiG5ioj7uEyVQy4czX3Qp5MxOr1PNUg7zInwrWbrfCo
-v3JcW/xB5KBtsk3AaaWy3HDWkK4ugUH07DPFQ05w6xwXTNntj5cuIBedQLzRrnQh
-i6vMsIZazUKc3xMWWVYnvia7kl96hp71GUUfNorjVV2JOy/tE5znrr3rNDGiAnAM
-pzLT0b7ALw4Qt0Mtq2hwtKHhJcGuHEMywJCBwTkLJ+cUySjbQA8fnM4biybKuEEB
-58uSsIoUAPPgPITTLEUZFQECq73oGWvXfsZaqTrVACMVKumTfRF1zMbDjl8/0z8F
-n0ASqai8UNxCAmJ9AGrvCOFph00qm1RJNYBYEpKhM2UgXynPqwOOC5EInlLWstfs
-uzib1V32son1ALsP8g==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCqATFJNA5stSWg2jVxz52nxK0nMe7CRv4Dj0/t93XVuQHGqY+N
-F8qMgoJj7QjUBZ4xPMlmWUFyY44BPqI50ZxRnMWarXIN5isZukWmGPbieXJLXnl0
-OLWGnFe7LOj1V5syNIYqL0AvXd2c9WPULq2x0yUifIaJhMkmcDzIEWTtRwIDAQAB
-AoGANCB/e0Gx9pUov4SJBKezYKDGsxD1c66O7op/6KiLAghjSgXt1UZpPeI6luc0
-YMaENfa8jlxp2+g4v5rz5SSneEK4G/Qx5dNh+wMEr0iE7PWgkgmOgDj2beaqcFP1
-l1QG0pshiW4VuD+erfPuWMBzPPGC5rGlyFCDgvHelybbuNECQQDaPgCAmxk1CcVD
-hN6TIA9Q1kkzALKvFntrKGgSy/c/tY+FkYQbMl8EPqaiIs+sseXCtW1kLELQU5gY
-tZsF7wMpAkEAx2q9HZ4s+K141csh+7pLhum/xR2lYJ4Gu2qtj15Xq2fWdRDLvbdv
-lt+R0Mw9H+cDlgmPQHnYWglajRC2EKJq7wJAbydzFA1qukO+r9PllOOYSWDKqWpq
-l5iIxZwv3Zr60/0CG1JxCXUPRdcvAZdfVKLK1e+XxpRwdzCMX9FnIo+IeQJAfIPY
-a9rtJ6VhctTwdjafnDDuDg1xyr9BYtq8Xm3A/gTLMrN3FBGquqEEckRk0juz0IZN
-jSvHfIikorpRhFd1vwJBAMKpl679FQG6Bcl6TPXnFuiw3/g/4zFGBONQGhBwl6xb
-PwrJ4Iv1XzZ1VtVvp5c5sRkCf6F1Lv7pyZsCMLD8wrQ=
------END RSA PRIVATE KEY-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 42 (0x2a)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA
- Validity
- Not Before: Jun 20 08:21:47 2009 GMT
- Not After : Jun 18 08:21:47 2019 GMT
- Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First Test Certificate
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:cf:0f:cf:a5:08:18:bf:8b:6c:2c:3c:55:fe:02:
- 43:b7:a8:af:45:a3:4a:28:63:d1:da:26:7a:c2:0d:
- f8:58:a5:73:c5:db:b8:fb:62:47:ea:17:7b:25:6b:
- d1:8c:e2:74:96:f4:6b:e5:49:3b:b3:e5:6a:63:36:
- 19:f8:3c:d8:4b:9c:14:9d:2b:6a:71:cc:3a:9f:b9:
- d5:db:60:8e:44:40:d7:12:53:52:e5:71:41:c8:bf:
- ec:0d:9c:5b:7c:8e:ac:99:47:65:50:e5:f8:95:3e:
- 8a:3c:99:d9:75:47:73:51:f4:fd:36:46:ed:1a:77:
- 10:ce:1d:01:0c:86:6b:23:ff
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 25:0C:EC:1F:D6:1A:A2:95:AF:C1:A3:DA:EF:B1:F3:BE:62:F3:10:6C
- X509v3 Authority Key Identifier:
- DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA
- serial:F2:5B:40:5B:C2:B7:D0:64
-
- Signature Algorithm: sha256WithRSAEncryption
- b1:3e:50:ff:5f:32:b2:09:6b:52:98:07:5a:78:7f:fe:12:6f:
- 87:25:d4:bc:96:45:07:31:e0:ae:52:d1:9e:04:d8:05:84:cf:
- e2:e5:82:01:b5:46:ce:4e:47:d6:ef:87:7c:37:d6:67:99:ab:
- ad:4d:70:eb:98:fe:31:f1:f8:e9:a2:c5:40:4f:a6:c4:79:15:
- 64:d3:64:d2:3f:05:b5:08:16:88:46:22:72:86:a1:8e:ef:df:
- 67:25:d7:74:bd:01:04:b8:70:00:0d:9d:36:d0:9e:3a:4b:7e:
- 0d:3d:9e:3d:ce:fb:47:ee:7d:5b:b9:c1:65:2b:4c:ef:26:89:
- ed:1b:bc:17:4a:63:41:b3:99:e7:c5:4d:d5:31:af:d7:4b:3b:
- 37:ce:99:da:8f:53:20:40:14:95:14:09:61:ba:9c:c0:1b:66:
- 7c:e7:e3:4c:28:c6:48:e8:6c:02:55:3c:44:18:d1:29:88:7b:
- ff:30:e5:be:ee:8e:da:95:fe:04:c2:c8:a1:ce:81:46:b9:bb:
- b2:3d:ad:af:a9:e3:a8:c1:8f:d8:51:48:d1:c6:e9:c8:c8:94:
- 6f:7c:b0:fc:92:04:d0:8f:30:30:f1:a3:d0:f8:dc:aa:52:2c:
- 1f:bd:f3:67:ac:97:6e:0d:1a:82:c1:a2:30:9e:d3:95:74:47:
- b5:49:c8:73:7a:c6:73:20:18:7a:98:8f:c1:3e:5f:1a:04:33:
- 9b:ff:e0:ab:9e:f8:ca:92:bc:e8:94:b8:ce:87:89:75:e6:49:
- bd:d5:7f:1f:44:b6:48:fc:02:4f:b5:25:f4:ff:53:98:5f:0f:
- 95:52:d2:00:2a:41:85:cb:8d:f4:a1:a6:ef:68:ac:b5:fa:a7:
- 94:91:cc:64:5c:30:43:01:90:84:eb:8f:66:3b:98:4c:42:43:
- 3d:31:47:28:da:49:eb:e9:14:67:c5:81:f6:13:a3:c3:a5:ee:
- c4:28:0e:52:ee:c7:b2:e6:f8:c3:79:63:12:45:c1:06:5b:94:
- 48:f1:4c:32:c7:69:9d:6d:b3:0b:c5:98:93:f4:4b:c7:64:35:
- 23:22:56:c7:fa:e3:0c:3b:39:cf:b4:ca:cf:d2:10:97:b3:95:
- e4:f7:53:d3:cb:5e:43:82:d4:7c:e5:83:a4:cf:4e:0b:c8:16:
- 35:5e:8a:2b:47:8a:6e:2f:98:02:d4:cc:9d:28:a9:95:ff:ab:
- 73:df:01:c6:ff:df:7b:33:21:e0:db:81:8d:59:11:f0:f3:92:
- f7:c5:8c:83:2e:22:55:dd:1f:78:5c:f7:a3:fc:de:99:8f:46:
- 50:ff:75:db:bb:58:07:fa:01:c1:67:8c:18:c4:3f:2f:b7:41:
- f7:ec:56:e7:1a:4b:e4:78
------BEGIN CERTIFICATE-----
-MIIEfjCCAmagAwIBAgIBKjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJLUjET
-MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT
-DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDYyMDA4MjE0N1oXDTE5
-MDYxODA4MjE0N1owWzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x
-FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xHzAdBgNVBAMTFkZpcnN0IFRlc3QgQ2Vy
-dGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8Pz6UIGL+LbCw8
-Vf4CQ7eor0WjSihj0domesIN+Filc8XbuPtiR+oXeyVr0YzidJb0a+VJO7PlamM2
-Gfg82EucFJ0ranHMOp+51dtgjkRA1xJTUuVxQci/7A2cW3yOrJlHZVDl+JU+ijyZ
-2XVHc1H0/TZG7Rp3EM4dAQyGayP/AgMBAAGjgdEwgc4wCQYDVR0TBAIwADAsBglg
-hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
-BBYEFCUM7B/WGqKVr8Gj2u+x875i8xBsMHQGA1UdIwRtMGuhXqRcMFoxCzAJBgNV
-BAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMREwDwYDVQQHEwhTdXdvbi1TaTEW
-MBQGA1UEChMNU2Ftc3VuZyBFbGVjLjELMAkGA1UEAxMCQ0GCCQDyW0BbwrfQZDAN
-BgkqhkiG9w0BAQsFAAOCAgEAsT5Q/18ysglrUpgHWnh//hJvhyXUvJZFBzHgrlLR
-ngTYBYTP4uWCAbVGzk5H1u+HfDfWZ5mrrU1w65j+MfH46aLFQE+mxHkVZNNk0j8F
-tQgWiEYicoahju/fZyXXdL0BBLhwAA2dNtCeOkt+DT2ePc77R+59W7nBZStM7yaJ
-7Ru8F0pjQbOZ58VN1TGv10s7N86Z2o9TIEAUlRQJYbqcwBtmfOfjTCjGSOhsAlU8
-RBjRKYh7/zDlvu6O2pX+BMLIoc6BRrm7sj2tr6njqMGP2FFI0cbpyMiUb3yw/JIE
-0I8wMPGj0PjcqlIsH73zZ6yXbg0agsGiMJ7TlXRHtUnIc3rGcyAYepiPwT5fGgQz
-m//gq574ypK86JS4zoeJdeZJvdV/H0S2SPwCT7Ul9P9TmF8PlVLSACpBhcuN9KGm
-72istfqnlJHMZFwwQwGQhOuPZjuYTEJDPTFHKNpJ6+kUZ8WB9hOjw6XuxCgOUu7H
-sub4w3ljEkXBBluUSPFMMsdpnW2zC8WYk/RLx2Q1IyJWx/rjDDs5z7TKz9IQl7OV
-5PdT08teQ4LUfOWDpM9OC8gWNV6KK0eKbi+YAtTMnSiplf+rc98Bxv/fezMh4NuB
-jVkR8POS98WMgy4iVd0feFz3o/zemY9GUP9127tYB/oBwWeMGMQ/L7dB9+xW5xpL
-5Hg=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 0 (0x0)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=AU, ST=Some-State, L=root, O=Internet Widgits Pty Ltd, OU=root, CN=root/emailAddress=root
- Validity
- Not Before: May 13 01:21:41 2011 GMT
- Not After : May 12 01:21:41 2012 GMT
- Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain1, CN=chain1/emailAddress=chain1
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:ae:6d:d3:18:3f:b2:63:ab:fb:72:ce:ff:9a:8b:
- 07:4a:52:c5:99:0e:9e:5c:68:ce:82:67:07:7a:27:
- 11:98:a7:fe:3a:68:3f:4e:4b:74:d4:a5:77:15:87:
- 7e:9c:9f:10:82:2f:1c:e3:c0:c7:1e:8b:35:ab:3a:
- f6:13:44:81:43:22:a7:fa:06:36:9c:55:53:7a:9d:
- 18:9b:a0:f4:93:58:50:2c:cd:ab:ec:32:2f:fa:4f:
- ff:6e:6a:68:75:15:76:e1:b1:e1:67:f9:13:0a:d0:
- 9b:db:12:b9:fd:dd:51:19:e4:63:d0:d0:56:b5:6a:
- 00:a5:03:68:e7:77:21:b0:f9
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 01:d3:3c:dc:a0:62:14:99:b8:b1:99:cf:0c:4a:50:2b:f7:1e:
- 56:f6:de:ce:80:b4:32:bb:0c:5c:45:b7:78:e5:27:ee:90:0c:
- a0:db:ef:32:85:85:08:c6:4a:e6:22:7b:56:61:d5:b4:4e:a1:
- 7e:ed:60:c2:bf:bc:51:89:9a:b1:73:c2:e0:bb:3d:4e:fa:6f:
- 3e:32:b5:7f:b4:bc:0f:8a:ca:7d:f0:bf:da:b1:12:23:0e:cc:
- 57:e5:58:7c:23:38:b1:d8:b2:13:d8:6a:0d:20:bd:e9:66:51:
- 2d:e6:57:a1:33:17:69:6d:21:9f:18:37:23:6c:ca:0e:b0:c4:
- 47:86
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBhzELMAkGA1UEBhMCQVUx
-EzARBgNVBAgTClNvbWUtU3RhdGUxDTALBgNVBAcTBHJvb3QxITAfBgNVBAoTGElu
-dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UECxMEcm9vdDENMAsGA1UEAxME
-cm9vdDETMBEGCSqGSIb3DQEJARYEcm9vdDAeFw0xMTA1MTMwMTIxNDFaFw0xMjA1
-MTIwMTIxNDFaMH4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEw
-HwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAsTBmNoYWlu
-MTEPMA0GA1UEAxMGY2hhaW4xMRUwEwYJKoZIhvcNAQkBFgZjaGFpbjEwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAK5t0xg/smOr+3LO/5qLB0pSxZkOnlxozoJn
-B3onEZin/jpoP05LdNSldxWHfpyfEIIvHOPAxx6LNas69hNEgUMip/oGNpxVU3qd
-GJug9JNYUCzNq+wyL/pP/25qaHUVduGx4Wf5EwrQm9sSuf3dURnkY9DQVrVqAKUD
-aOd3IbD5AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
-AdM83KBiFJm4sZnPDEpQK/ceVvbezoC0MrsMXEW3eOUn7pAMoNvvMoWFCMZK5iJ7
-VmHVtE6hfu1gwr+8UYmasXPC4Ls9TvpvPjK1f7S8D4rKffC/2rESIw7MV+VYfCM4
-sdiyE9hqDSC96WZRLeZXoTMXaW0hnxg3I2zKDrDER4Y=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain1, CN=chain1/emailAddress=chain1
- Validity
- Not Before: May 13 01:22:02 2011 GMT
- Not After : May 12 01:22:02 2012 GMT
- Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain2, CN=chain2/emailAddress=chain2
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c4:20:c7:96:1e:c5:33:47:ac:e5:ad:2b:0b:63:
- ce:e4:44:33:e3:7f:16:ae:f0:d8:7c:b0:96:01:69:
- 38:63:4f:62:7d:97:d6:31:c9:0d:10:24:f5:17:40:
- 13:f0:1a:70:70:5e:3f:05:4d:d9:67:52:ed:41:83:
- b7:d2:bb:bf:3d:29:98:07:a3:64:1e:2f:1e:13:8c:
- 7a:c1:62:33:66:33:3e:d4:26:5a:59:99:05:8e:67:
- c7:68:cd:f2:8d:6f:fb:8c:07:63:ab:50:68:03:88:
- ae:0a:5c:9b:b6:9b:c1:18:7b:ef:cd:c9:f0:5e:44:
- ab:56:d6:df:48:41:d3:21:51
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 53:5a:c3:bb:48:87:d0:a2:7d:20:68:02:7c:be:18:93:b6:3d:
- 83:e4:10:1a:a7:4d:37:24:3e:6c:41:bd:8f:1d:3b:89:08:5a:
- e3:ba:81:9b:e8:fc:0e:fc:3d:0a:70:f2:11:69:59:de:ba:45:
- b4:97:b8:d2:e0:5a:d1:a4:75:bc:68:d5:5f:71:36:78:32:ae:
- d3:31:26:80:f3:f3:a8:54:33:f7:be:a3:0c:2d:d9:9b:b8:33:
- 03:be:54:7b:f5:c4:cf:62:9b:25:0c:79:76:12:10:b6:84:1e:
- f1:ff:7c:fe:0a:ac:46:85:26:52:d5:6f:cc:e5:89:e7:ca:8d:
- 71:69
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
-dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjExDzANBgNVBAMTBmNoYWluMTEVMBMGCSqG
-SIb3DQEJARYGY2hhaW4xMB4XDTExMDUxMzAxMjIwMloXDTEyMDUxMjAxMjIwMlow
-fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
-dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW4yMQ8wDQYDVQQD
-EwZjaGFpbjIxFTATBgkqhkiG9w0BCQEWBmNoYWluMjCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAxCDHlh7FM0es5a0rC2PO5EQz438WrvDYfLCWAWk4Y09ifZfW
-MckNECT1F0AT8BpwcF4/BU3ZZ1LtQYO30ru/PSmYB6NkHi8eE4x6wWIzZjM+1CZa
-WZkFjmfHaM3yjW/7jAdjq1BoA4iuClybtpvBGHvvzcnwXkSrVtbfSEHTIVECAwEA
-AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBTWsO7SIfQon0g
-aAJ8vhiTtj2D5BAap003JD5sQb2PHTuJCFrjuoGb6PwO/D0KcPIRaVneukW0l7jS
-4FrRpHW8aNVfcTZ4Mq7TMSaA8/OoVDP3vqMMLdmbuDMDvlR79cTPYpslDHl2EhC2
-hB7x/3z+CqxGhSZS1W/M5Ynnyo1xaQ==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 2 (0x2)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain2, CN=chain2/emailAddress=chain2
- Validity
- Not Before: May 13 01:22:13 2011 GMT
- Not After : May 12 01:22:13 2012 GMT
- Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain3, CN=chain3/emailAddress=chain3
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:a2:52:3c:b7:64:b4:05:92:cd:b2:58:0c:81:5c:
- b4:bd:a4:10:99:17:1a:35:f2:de:f8:86:db:e9:24:
- a3:01:b1:d6:03:a9:f8:2b:d1:cd:f7:7b:9a:c0:a0:
- a9:8d:6d:34:94:7c:2c:4c:5c:c0:26:db:46:13:a3:
- c2:c4:2d:eb:ac:cb:5b:64:09:2c:23:eb:b5:8c:80:
- 12:d6:cd:7b:fa:5f:d9:7a:17:b6:fc:d5:65:fa:d4:
- 94:d9:9a:cf:b5:9e:87:99:f7:3e:32:6c:0d:5c:1f:
- 09:77:a1:4b:ae:c1:47:27:60:a2:7e:f5:94:66:5f:
- 7b:ea:e1:a9:b1:24:5a:40:03
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 80:03:04:99:b2:ea:8c:d8:0a:76:e5:08:fc:2d:72:f9:d5:90:
- 8e:ce:3b:c0:ac:d0:57:d1:44:d2:84:cf:83:82:05:70:46:d9:
- e8:07:cf:90:e4:cb:4c:7a:a0:98:d9:e3:be:86:23:71:a2:64:
- 36:df:43:54:1d:03:cf:85:5f:e6:43:cc:d3:ca:da:a2:31:2b:
- dd:5a:da:d9:26:38:29:9e:89:04:cc:f9:55:a5:35:77:77:57:
- ab:58:aa:d2:19:39:ad:6b:d2:3f:d9:e0:d7:58:ea:41:79:2a:
- f2:50:ec:3f:89:0a:aa:ec:d6:eb:20:af:5e:52:ff:4d:39:34:
- 9c:99
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBAjANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
-dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjIxDzANBgNVBAMTBmNoYWluMjEVMBMGCSqG
-SIb3DQEJARYGY2hhaW4yMB4XDTExMDUxMzAxMjIxM1oXDTEyMDUxMjAxMjIxM1ow
-fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
-dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW4zMQ8wDQYDVQQD
-EwZjaGFpbjMxFTATBgkqhkiG9w0BCQEWBmNoYWluMzCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAolI8t2S0BZLNslgMgVy0vaQQmRcaNfLe+Ibb6SSjAbHWA6n4
-K9HN93uawKCpjW00lHwsTFzAJttGE6PCxC3rrMtbZAksI+u1jIAS1s17+l/Zehe2
-/NVl+tSU2ZrPtZ6Hmfc+MmwNXB8Jd6FLrsFHJ2CifvWUZl976uGpsSRaQAMCAwEA
-AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCAAwSZsuqM2Ap2
-5Qj8LXL51ZCOzjvArNBX0UTShM+DggVwRtnoB8+Q5MtMeqCY2eO+hiNxomQ230NU
-HQPPhV/mQ8zTytqiMSvdWtrZJjgpnokEzPlVpTV3d1erWKrSGTmta9I/2eDXWOpB
-eSryUOw/iQqq7NbrIK9eUv9NOTScmQ==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 3 (0x3)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain3, CN=chain3/emailAddress=chain3
- Validity
- Not Before: May 13 01:22:24 2011 GMT
- Not After : May 12 01:22:24 2012 GMT
- Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain4, CN=chain4/emailAddress=chain4
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b5:4a:07:d9:39:8b:6d:46:b2:91:b7:d0:20:e5:
- 5e:41:8e:59:9c:78:8e:b1:54:8a:2e:fb:6a:f1:51:
- 1c:90:78:3a:b6:98:ae:eb:1b:86:94:36:1c:10:d1:
- ab:47:e2:87:96:cb:e9:70:db:5e:29:2f:24:e6:c4:
- a1:de:08:33:81:66:5b:53:8b:54:90:d8:75:7b:ec:
- c4:62:61:eb:06:5e:0f:e7:a4:8e:3b:53:50:8e:31:
- f2:42:df:4e:e3:38:8b:46:d5:47:ae:81:3e:31:9e:
- 70:42:b6:08:b7:c0:ed:a7:3f:b9:72:5b:1b:21:4e:
- 0c:77:21:46:92:a0:a5:4e:a5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 14:49:d0:40:34:42:87:e5:c3:13:4b:42:41:e7:7f:cf:85:66:
- d8:80:62:4f:5a:d6:38:44:25:67:cb:14:bf:3c:6e:ab:97:9f:
- e8:e7:2f:eb:79:ef:97:d2:81:57:e1:a0:e6:10:34:d1:98:4d:
- 78:45:9f:98:dd:80:33:b8:64:17:de:3b:f4:e8:99:01:d3:a1:
- 56:96:dc:79:5b:75:5a:d1:63:df:4e:9b:4d:6a:65:0d:f4:6d:
- 20:ca:51:c0:db:52:7f:4c:b9:32:d5:be:a9:05:ae:b3:19:23:
- 5d:38:33:3e:48:66:eb:fb:af:8c:8a:f1:11:61:9d:36:f3:06:
- 3e:95
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
-dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjMxDzANBgNVBAMTBmNoYWluMzEVMBMGCSqG
-SIb3DQEJARYGY2hhaW4zMB4XDTExMDUxMzAxMjIyNFoXDTEyMDUxMjAxMjIyNFow
-fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
-dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW40MQ8wDQYDVQQD
-EwZjaGFpbjQxFTATBgkqhkiG9w0BCQEWBmNoYWluNDCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAtUoH2TmLbUaykbfQIOVeQY5ZnHiOsVSKLvtq8VEckHg6tpiu
-6xuGlDYcENGrR+KHlsvpcNteKS8k5sSh3ggzgWZbU4tUkNh1e+zEYmHrBl4P56SO
-O1NQjjHyQt9O4ziLRtVHroE+MZ5wQrYIt8Dtpz+5clsbIU4MdyFGkqClTqUCAwEA
-AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAUSdBANEKH5cMT
-S0JB53/PhWbYgGJPWtY4RCVnyxS/PG6rl5/o5y/ree+X0oFX4aDmEDTRmE14RZ+Y
-3YAzuGQX3jv06JkB06FWltx5W3Va0WPfTptNamUN9G0gylHA21J/TLky1b6pBa6z
-GSNdODM+SGbr+6+MivERYZ028wY+lQ==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 4 (0x4)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain4, CN=chain4/emailAddress=chain4
- Validity
- Not Before: May 13 01:22:35 2011 GMT
- Not After : May 12 01:22:35 2012 GMT
- Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain5, CN=chain5/emailAddress=chain5
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:f1:32:40:b3:f9:95:60:3a:29:3c:1c:cc:a4:f5:
- e5:08:19:dd:32:95:a2:62:cf:35:74:c2:85:1b:99:
- c9:3e:3a:90:d2:b5:9a:be:9a:cf:e9:77:13:26:4c:
- d2:78:06:3d:19:9b:d7:38:05:66:ca:d2:36:e7:a2:
- ce:bc:81:aa:31:23:c8:5d:a7:7c:41:25:44:79:99:
- ac:10:34:16:10:b8:29:a1:5d:96:f8:47:7f:d1:5c:
- 68:b2:85:8a:99:28:65:00:94:d9:e6:df:1c:37:59:
- db:88:87:5f:b3:e5:a9:88:86:86:30:71:f0:22:24:
- 57:3a:5b:58:04:db:c3:94:0f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 26:7c:b5:24:c8:8b:49:4b:d1:d6:76:16:db:75:cb:c4:a8:34:
- 92:30:e6:e9:8b:7d:70:b7:24:d9:42:e2:b3:16:83:1e:48:1f:
- a2:b5:02:e0:74:3c:f5:bd:b3:03:59:6a:3e:68:6b:bf:3d:38:
- d6:86:fd:ef:ae:3d:2e:55:8a:67:42:02:fa:2c:ef:4e:81:aa:
- 06:0a:95:80:90:dc:39:af:7e:b1:0d:c8:78:b1:17:59:49:40:
- 5d:b0:d2:86:03:1c:3a:a4:f6:26:b1:23:b2:89:a7:22:f5:02:
- c7:9e:61:82:ee:c0:3d:a6:cc:bf:de:eb:d3:6e:73:ed:a5:85:
- a5:b6
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
-dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjQxDzANBgNVBAMTBmNoYWluNDEVMBMGCSqG
-SIb3DQEJARYGY2hhaW40MB4XDTExMDUxMzAxMjIzNVoXDTEyMDUxMjAxMjIzNVow
-fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
-dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW41MQ8wDQYDVQQD
-EwZjaGFpbjUxFTATBgkqhkiG9w0BCQEWBmNoYWluNTCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEA8TJAs/mVYDopPBzMpPXlCBndMpWiYs81dMKFG5nJPjqQ0rWa
-vprP6XcTJkzSeAY9GZvXOAVmytI256LOvIGqMSPIXad8QSVEeZmsEDQWELgpoV2W
-+Ed/0VxosoWKmShlAJTZ5t8cN1nbiIdfs+WpiIaGMHHwIiRXOltYBNvDlA8CAwEA
-AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAmfLUkyItJS9HW
-dhbbdcvEqDSSMObpi31wtyTZQuKzFoMeSB+itQLgdDz1vbMDWWo+aGu/PTjWhv3v
-rj0uVYpnQgL6LO9OgaoGCpWAkNw5r36xDch4sRdZSUBdsNKGAxw6pPYmsSOyiaci
-9QLHnmGC7sA9psy/3uvTbnPtpYWltg==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 5 (0x5)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain5, CN=chain5/emailAddress=chain5
- Validity
- Not Before: May 13 01:23:13 2011 GMT
- Not After : May 12 01:23:13 2012 GMT
- Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=server, CN=server/emailAddress=server
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:d9:75:ea:49:42:39:98:26:0f:61:30:bd:f3:70:
- 17:bd:ca:5b:1b:a1:31:68:9d:63:7e:a6:c5:1e:2e:
- 1f:13:63:6b:ef:b0:23:b7:21:b6:1e:f7:65:f1:01:
- e7:1c:4a:c8:d1:15:20:e9:d4:cb:9d:b2:4c:57:b4:
- a8:4b:0e:e3:5b:54:16:10:51:3b:3f:af:51:e9:e3:
- d0:7d:1e:a3:30:59:dd:8e:8c:b5:69:02:5d:a3:5e:
- 37:02:22:05:e2:6d:04:b8:fb:2b:33:d5:59:c9:e3:
- 9e:74:59:65:b2:7f:03:e5:0c:dd:93:62:1a:55:94:
- 4d:5c:e1:bd:cc:99:19:04:61
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 2E:EE:9A:24:CA:AA:22:7C:B3:7F:13:56:FC:A8:FC:06:0F:FB:63:7D
- X509v3 Authority Key Identifier:
- DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain4/CN=chain4/emailAddress=chain4
- serial:04
-
- Signature Algorithm: sha1WithRSAEncryption
- d6:e7:97:51:80:37:cc:cf:b5:96:47:cc:4b:ca:62:f4:d1:43:
- a1:d2:8b:9a:21:50:99:04:9f:c0:00:f1:0c:71:18:82:88:63:
- 9e:86:6c:a1:2c:25:0e:c1:30:32:db:02:5b:47:ae:8d:5e:ba:
- 0f:3d:16:84:39:c6:30:91:8d:b9:23:1b:a9:58:52:9c:49:81:
- c9:87:e3:34:1d:dc:a0:dd:81:0b:1e:f6:d7:a7:2e:bd:dc:1c:
- 7b:d7:5c:0f:ec:da:09:81:45:36:63:76:e8:31:ba:cd:26:dc:
- 7a:80:18:c4:3e:be:14:14:07:dc:4b:1a:b5:c4:2c:38:10:f6:
- 13:84
------BEGIN CERTIFICATE-----
-MIIDZTCCAs6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
-dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjUxDzANBgNVBAMTBmNoYWluNTEVMBMGCSqG
-SIb3DQEJARYGY2hhaW41MB4XDTExMDUxMzAxMjMxM1oXDTEyMDUxMjAxMjMxM1ow
-fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
-dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGc2VydmVyMQ8wDQYDVQQD
-EwZzZXJ2ZXIxFTATBgkqhkiG9w0BCQEWBnNlcnZlcjCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEA2XXqSUI5mCYPYTC983AXvcpbG6ExaJ1jfqbFHi4fE2Nr77Aj
-tyG2Hvdl8QHnHErI0RUg6dTLnbJMV7SoSw7jW1QWEFE7P69R6ePQfR6jMFndjoy1
-aQJdo143AiIF4m0EuPsrM9VZyeOedFllsn8D5Qzdk2IaVZRNXOG9zJkZBGECAwEA
-AaOB8jCB7zAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
-YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQULu6aJMqqInyzfxNW/Kj8Bg/7Y30w
-gZQGA1UdIwSBjDCBiaGBg6SBgDB+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
-ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ8wDQYD
-VQQLEwZjaGFpbjQxDzANBgNVBAMTBmNoYWluNDEVMBMGCSqGSIb3DQEJARYGY2hh
-aW40ggEEMA0GCSqGSIb3DQEBBQUAA4GBANbnl1GAN8zPtZZHzEvKYvTRQ6HSi5oh
-UJkEn8AA8QxxGIKIY56GbKEsJQ7BMDLbAltHro1eug89FoQ5xjCRjbkjG6lYUpxJ
-gcmH4zQd3KDdgQse9tenLr3cHHvXXA/s2gmBRTZjdugxus0m3HqAGMQ+vhQUB9xL
-GrXELDgQ9hOE
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDfjCCAuegAwIBAgIJAJpBROaNArZVMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD
-VQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTENMAsGA1UEBxMEcm9vdDEhMB8G
-A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQLEwRyb290MQ0w
-CwYDVQQDEwRyb290MRMwEQYJKoZIhvcNAQkBFgRyb290MB4XDTExMDUxMjA1NDE1
-NFoXDTEyMDUxMTA1NDE1NFowgYcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21l
-LVN0YXRlMQ0wCwYDVQQHEwRyb290MSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRz
-IFB0eSBMdGQxDTALBgNVBAsTBHJvb3QxDTALBgNVBAMTBHJvb3QxEzARBgkqhkiG
-9w0BCQEWBHJvb3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDZOXVYvgdH
-kSZMQi259Uscs8ny6MkvH9VYoK7sKtTKnk0IDjge/srEfOs3mqtNDDL4SI3tS9wH
-6AsRn/ixuPF1tmFoFmnP66Mk0+XaB0DxppSmtUqYdKdXIplRTmOzS+pcMi9aL3G8
-uhb2mxZp9gOUt0WXToHpGWpVMg5/G6ptAgMBAAGjge8wgewwHQYDVR0OBBYEFJUV
-1626bZK5TUMrRw6PcabInryvMIG8BgNVHSMEgbQwgbGAFJUV1626bZK5TUMrRw6P
-cabInryvoYGNpIGKMIGHMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0
-ZTENMAsGA1UEBxMEcm9vdDEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkg
-THRkMQ0wCwYDVQQLEwRyb290MQ0wCwYDVQQDEwRyb290MRMwEQYJKoZIhvcNAQkB
-FgRyb290ggkAmkFE5o0CtlUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOB
-gQA/yOsY9OTiNklnJablnVur+G/BIqxdOryUojlxQw/yagS2pnvvC2nxPcPBdaao
-qvISRWhGIsuhKPUQg4J+OBk6KMHKB79aJljjvjty4ApN7xyFpJQljD+4UFW+U+Yf
-kD1tq5SG8hg00YyklFq8mzBiPV97gfseGm4KzwK6RK0EHQ==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 0 (0x0)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=AU, ST=Some-State, L=root, O=Internet Widgits Pty Ltd, OU=root, CN=root/emailAddress=root
- Validity
- Not Before: May 13 01:21:41 2011 GMT
- Not After : May 12 01:21:41 2012 GMT
- Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain1, CN=chain1/emailAddress=chain1
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:ae:6d:d3:18:3f:b2:63:ab:fb:72:ce:ff:9a:8b:
- 07:4a:52:c5:99:0e:9e:5c:68:ce:82:67:07:7a:27:
- 11:98:a7:fe:3a:68:3f:4e:4b:74:d4:a5:77:15:87:
- 7e:9c:9f:10:82:2f:1c:e3:c0:c7:1e:8b:35:ab:3a:
- f6:13:44:81:43:22:a7:fa:06:36:9c:55:53:7a:9d:
- 18:9b:a0:f4:93:58:50:2c:cd:ab:ec:32:2f:fa:4f:
- ff:6e:6a:68:75:15:76:e1:b1:e1:67:f9:13:0a:d0:
- 9b:db:12:b9:fd:dd:51:19:e4:63:d0:d0:56:b5:6a:
- 00:a5:03:68:e7:77:21:b0:f9
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 01:d3:3c:dc:a0:62:14:99:b8:b1:99:cf:0c:4a:50:2b:f7:1e:
- 56:f6:de:ce:80:b4:32:bb:0c:5c:45:b7:78:e5:27:ee:90:0c:
- a0:db:ef:32:85:85:08:c6:4a:e6:22:7b:56:61:d5:b4:4e:a1:
- 7e:ed:60:c2:bf:bc:51:89:9a:b1:73:c2:e0:bb:3d:4e:fa:6f:
- 3e:32:b5:7f:b4:bc:0f:8a:ca:7d:f0:bf:da:b1:12:23:0e:cc:
- 57:e5:58:7c:23:38:b1:d8:b2:13:d8:6a:0d:20:bd:e9:66:51:
- 2d:e6:57:a1:33:17:69:6d:21:9f:18:37:23:6c:ca:0e:b0:c4:
- 47:86
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBhzELMAkGA1UEBhMCQVUx
-EzARBgNVBAgTClNvbWUtU3RhdGUxDTALBgNVBAcTBHJvb3QxITAfBgNVBAoTGElu
-dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UECxMEcm9vdDENMAsGA1UEAxME
-cm9vdDETMBEGCSqGSIb3DQEJARYEcm9vdDAeFw0xMTA1MTMwMTIxNDFaFw0xMjA1
-MTIwMTIxNDFaMH4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEw
-HwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAsTBmNoYWlu
-MTEPMA0GA1UEAxMGY2hhaW4xMRUwEwYJKoZIhvcNAQkBFgZjaGFpbjEwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAK5t0xg/smOr+3LO/5qLB0pSxZkOnlxozoJn
-B3onEZin/jpoP05LdNSldxWHfpyfEIIvHOPAxx6LNas69hNEgUMip/oGNpxVU3qd
-GJug9JNYUCzNq+wyL/pP/25qaHUVduGx4Wf5EwrQm9sSuf3dURnkY9DQVrVqAKUD
-aOd3IbD5AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
-AdM83KBiFJm4sZnPDEpQK/ceVvbezoC0MrsMXEW3eOUn7pAMoNvvMoWFCMZK5iJ7
-VmHVtE6hfu1gwr+8UYmasXPC4Ls9TvpvPjK1f7S8D4rKffC/2rESIw7MV+VYfCM4
-sdiyE9hqDSC96WZRLeZXoTMXaW0hnxg3I2zKDrDER4Y=
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain1, CN=chain1/emailAddress=chain1
- Validity
- Not Before: May 13 01:22:02 2011 GMT
- Not After : May 12 01:22:02 2012 GMT
- Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain2, CN=chain2/emailAddress=chain2
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:c4:20:c7:96:1e:c5:33:47:ac:e5:ad:2b:0b:63:
- ce:e4:44:33:e3:7f:16:ae:f0:d8:7c:b0:96:01:69:
- 38:63:4f:62:7d:97:d6:31:c9:0d:10:24:f5:17:40:
- 13:f0:1a:70:70:5e:3f:05:4d:d9:67:52:ed:41:83:
- b7:d2:bb:bf:3d:29:98:07:a3:64:1e:2f:1e:13:8c:
- 7a:c1:62:33:66:33:3e:d4:26:5a:59:99:05:8e:67:
- c7:68:cd:f2:8d:6f:fb:8c:07:63:ab:50:68:03:88:
- ae:0a:5c:9b:b6:9b:c1:18:7b:ef:cd:c9:f0:5e:44:
- ab:56:d6:df:48:41:d3:21:51
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 53:5a:c3:bb:48:87:d0:a2:7d:20:68:02:7c:be:18:93:b6:3d:
- 83:e4:10:1a:a7:4d:37:24:3e:6c:41:bd:8f:1d:3b:89:08:5a:
- e3:ba:81:9b:e8:fc:0e:fc:3d:0a:70:f2:11:69:59:de:ba:45:
- b4:97:b8:d2:e0:5a:d1:a4:75:bc:68:d5:5f:71:36:78:32:ae:
- d3:31:26:80:f3:f3:a8:54:33:f7:be:a3:0c:2d:d9:9b:b8:33:
- 03:be:54:7b:f5:c4:cf:62:9b:25:0c:79:76:12:10:b6:84:1e:
- f1:ff:7c:fe:0a:ac:46:85:26:52:d5:6f:cc:e5:89:e7:ca:8d:
- 71:69
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
-dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjExDzANBgNVBAMTBmNoYWluMTEVMBMGCSqG
-SIb3DQEJARYGY2hhaW4xMB4XDTExMDUxMzAxMjIwMloXDTEyMDUxMjAxMjIwMlow
-fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
-dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW4yMQ8wDQYDVQQD
-EwZjaGFpbjIxFTATBgkqhkiG9w0BCQEWBmNoYWluMjCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAxCDHlh7FM0es5a0rC2PO5EQz438WrvDYfLCWAWk4Y09ifZfW
-MckNECT1F0AT8BpwcF4/BU3ZZ1LtQYO30ru/PSmYB6NkHi8eE4x6wWIzZjM+1CZa
-WZkFjmfHaM3yjW/7jAdjq1BoA4iuClybtpvBGHvvzcnwXkSrVtbfSEHTIVECAwEA
-AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBTWsO7SIfQon0g
-aAJ8vhiTtj2D5BAap003JD5sQb2PHTuJCFrjuoGb6PwO/D0KcPIRaVneukW0l7jS
-4FrRpHW8aNVfcTZ4Mq7TMSaA8/OoVDP3vqMMLdmbuDMDvlR79cTPYpslDHl2EhC2
-hB7x/3z+CqxGhSZS1W/M5Ynnyo1xaQ==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 2 (0x2)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain2, CN=chain2/emailAddress=chain2
- Validity
- Not Before: May 13 01:22:13 2011 GMT
- Not After : May 12 01:22:13 2012 GMT
- Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain3, CN=chain3/emailAddress=chain3
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:a2:52:3c:b7:64:b4:05:92:cd:b2:58:0c:81:5c:
- b4:bd:a4:10:99:17:1a:35:f2:de:f8:86:db:e9:24:
- a3:01:b1:d6:03:a9:f8:2b:d1:cd:f7:7b:9a:c0:a0:
- a9:8d:6d:34:94:7c:2c:4c:5c:c0:26:db:46:13:a3:
- c2:c4:2d:eb:ac:cb:5b:64:09:2c:23:eb:b5:8c:80:
- 12:d6:cd:7b:fa:5f:d9:7a:17:b6:fc:d5:65:fa:d4:
- 94:d9:9a:cf:b5:9e:87:99:f7:3e:32:6c:0d:5c:1f:
- 09:77:a1:4b:ae:c1:47:27:60:a2:7e:f5:94:66:5f:
- 7b:ea:e1:a9:b1:24:5a:40:03
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 80:03:04:99:b2:ea:8c:d8:0a:76:e5:08:fc:2d:72:f9:d5:90:
- 8e:ce:3b:c0:ac:d0:57:d1:44:d2:84:cf:83:82:05:70:46:d9:
- e8:07:cf:90:e4:cb:4c:7a:a0:98:d9:e3:be:86:23:71:a2:64:
- 36:df:43:54:1d:03:cf:85:5f:e6:43:cc:d3:ca:da:a2:31:2b:
- dd:5a:da:d9:26:38:29:9e:89:04:cc:f9:55:a5:35:77:77:57:
- ab:58:aa:d2:19:39:ad:6b:d2:3f:d9:e0:d7:58:ea:41:79:2a:
- f2:50:ec:3f:89:0a:aa:ec:d6:eb:20:af:5e:52:ff:4d:39:34:
- 9c:99
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBAjANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
-dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjIxDzANBgNVBAMTBmNoYWluMjEVMBMGCSqG
-SIb3DQEJARYGY2hhaW4yMB4XDTExMDUxMzAxMjIxM1oXDTEyMDUxMjAxMjIxM1ow
-fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
-dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW4zMQ8wDQYDVQQD
-EwZjaGFpbjMxFTATBgkqhkiG9w0BCQEWBmNoYWluMzCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAolI8t2S0BZLNslgMgVy0vaQQmRcaNfLe+Ibb6SSjAbHWA6n4
-K9HN93uawKCpjW00lHwsTFzAJttGE6PCxC3rrMtbZAksI+u1jIAS1s17+l/Zehe2
-/NVl+tSU2ZrPtZ6Hmfc+MmwNXB8Jd6FLrsFHJ2CifvWUZl976uGpsSRaQAMCAwEA
-AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCAAwSZsuqM2Ap2
-5Qj8LXL51ZCOzjvArNBX0UTShM+DggVwRtnoB8+Q5MtMeqCY2eO+hiNxomQ230NU
-HQPPhV/mQ8zTytqiMSvdWtrZJjgpnokEzPlVpTV3d1erWKrSGTmta9I/2eDXWOpB
-eSryUOw/iQqq7NbrIK9eUv9NOTScmQ==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 3 (0x3)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain3, CN=chain3/emailAddress=chain3
- Validity
- Not Before: May 13 01:22:24 2011 GMT
- Not After : May 12 01:22:24 2012 GMT
- Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain4, CN=chain4/emailAddress=chain4
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b5:4a:07:d9:39:8b:6d:46:b2:91:b7:d0:20:e5:
- 5e:41:8e:59:9c:78:8e:b1:54:8a:2e:fb:6a:f1:51:
- 1c:90:78:3a:b6:98:ae:eb:1b:86:94:36:1c:10:d1:
- ab:47:e2:87:96:cb:e9:70:db:5e:29:2f:24:e6:c4:
- a1:de:08:33:81:66:5b:53:8b:54:90:d8:75:7b:ec:
- c4:62:61:eb:06:5e:0f:e7:a4:8e:3b:53:50:8e:31:
- f2:42:df:4e:e3:38:8b:46:d5:47:ae:81:3e:31:9e:
- 70:42:b6:08:b7:c0:ed:a7:3f:b9:72:5b:1b:21:4e:
- 0c:77:21:46:92:a0:a5:4e:a5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 14:49:d0:40:34:42:87:e5:c3:13:4b:42:41:e7:7f:cf:85:66:
- d8:80:62:4f:5a:d6:38:44:25:67:cb:14:bf:3c:6e:ab:97:9f:
- e8:e7:2f:eb:79:ef:97:d2:81:57:e1:a0:e6:10:34:d1:98:4d:
- 78:45:9f:98:dd:80:33:b8:64:17:de:3b:f4:e8:99:01:d3:a1:
- 56:96:dc:79:5b:75:5a:d1:63:df:4e:9b:4d:6a:65:0d:f4:6d:
- 20:ca:51:c0:db:52:7f:4c:b9:32:d5:be:a9:05:ae:b3:19:23:
- 5d:38:33:3e:48:66:eb:fb:af:8c:8a:f1:11:61:9d:36:f3:06:
- 3e:95
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
-dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjMxDzANBgNVBAMTBmNoYWluMzEVMBMGCSqG
-SIb3DQEJARYGY2hhaW4zMB4XDTExMDUxMzAxMjIyNFoXDTEyMDUxMjAxMjIyNFow
-fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
-dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW40MQ8wDQYDVQQD
-EwZjaGFpbjQxFTATBgkqhkiG9w0BCQEWBmNoYWluNDCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAtUoH2TmLbUaykbfQIOVeQY5ZnHiOsVSKLvtq8VEckHg6tpiu
-6xuGlDYcENGrR+KHlsvpcNteKS8k5sSh3ggzgWZbU4tUkNh1e+zEYmHrBl4P56SO
-O1NQjjHyQt9O4ziLRtVHroE+MZ5wQrYIt8Dtpz+5clsbIU4MdyFGkqClTqUCAwEA
-AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAUSdBANEKH5cMT
-S0JB53/PhWbYgGJPWtY4RCVnyxS/PG6rl5/o5y/ree+X0oFX4aDmEDTRmE14RZ+Y
-3YAzuGQX3jv06JkB06FWltx5W3Va0WPfTptNamUN9G0gylHA21J/TLky1b6pBa6z
-GSNdODM+SGbr+6+MivERYZ028wY+lQ==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 4 (0x4)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain4, CN=chain4/emailAddress=chain4
- Validity
- Not Before: May 13 01:22:35 2011 GMT
- Not After : May 12 01:22:35 2012 GMT
- Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain5, CN=chain5/emailAddress=chain5
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:f1:32:40:b3:f9:95:60:3a:29:3c:1c:cc:a4:f5:
- e5:08:19:dd:32:95:a2:62:cf:35:74:c2:85:1b:99:
- c9:3e:3a:90:d2:b5:9a:be:9a:cf:e9:77:13:26:4c:
- d2:78:06:3d:19:9b:d7:38:05:66:ca:d2:36:e7:a2:
- ce:bc:81:aa:31:23:c8:5d:a7:7c:41:25:44:79:99:
- ac:10:34:16:10:b8:29:a1:5d:96:f8:47:7f:d1:5c:
- 68:b2:85:8a:99:28:65:00:94:d9:e6:df:1c:37:59:
- db:88:87:5f:b3:e5:a9:88:86:86:30:71:f0:22:24:
- 57:3a:5b:58:04:db:c3:94:0f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 26:7c:b5:24:c8:8b:49:4b:d1:d6:76:16:db:75:cb:c4:a8:34:
- 92:30:e6:e9:8b:7d:70:b7:24:d9:42:e2:b3:16:83:1e:48:1f:
- a2:b5:02:e0:74:3c:f5:bd:b3:03:59:6a:3e:68:6b:bf:3d:38:
- d6:86:fd:ef:ae:3d:2e:55:8a:67:42:02:fa:2c:ef:4e:81:aa:
- 06:0a:95:80:90:dc:39:af:7e:b1:0d:c8:78:b1:17:59:49:40:
- 5d:b0:d2:86:03:1c:3a:a4:f6:26:b1:23:b2:89:a7:22:f5:02:
- c7:9e:61:82:ee:c0:3d:a6:cc:bf:de:eb:d3:6e:73:ed:a5:85:
- a5:b6
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
-dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjQxDzANBgNVBAMTBmNoYWluNDEVMBMGCSqG
-SIb3DQEJARYGY2hhaW40MB4XDTExMDUxMzAxMjIzNVoXDTEyMDUxMjAxMjIzNVow
-fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
-dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW41MQ8wDQYDVQQD
-EwZjaGFpbjUxFTATBgkqhkiG9w0BCQEWBmNoYWluNTCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEA8TJAs/mVYDopPBzMpPXlCBndMpWiYs81dMKFG5nJPjqQ0rWa
-vprP6XcTJkzSeAY9GZvXOAVmytI256LOvIGqMSPIXad8QSVEeZmsEDQWELgpoV2W
-+Ed/0VxosoWKmShlAJTZ5t8cN1nbiIdfs+WpiIaGMHHwIiRXOltYBNvDlA8CAwEA
-AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAmfLUkyItJS9HW
-dhbbdcvEqDSSMObpi31wtyTZQuKzFoMeSB+itQLgdDz1vbMDWWo+aGu/PTjWhv3v
-rj0uVYpnQgL6LO9OgaoGCpWAkNw5r36xDch4sRdZSUBdsNKGAxw6pPYmsSOyiaci
-9QLHnmGC7sA9psy/3uvTbnPtpYWltg==
------END CERTIFICATE-----
+++ /dev/null
-basicConstraints=CA:TRUE
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl
-MQ8wDQYDVQQHEwZjaGFpbjExITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5
-IEx0ZDEPMA0GA1UECxMGY2hhaW4xMQ8wDQYDVQQDEwZjaGFpbjExFTATBgkqhkiG
-9w0BCQEWBmNoYWluMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArm3TGD+y
-Y6v7cs7/mosHSlLFmQ6eXGjOgmcHeicRmKf+Omg/Tkt01KV3FYd+nJ8Qgi8c48DH
-Hos1qzr2E0SBQyKn+gY2nFVTep0Ym6D0k1hQLM2r7DIv+k//bmpodRV24bHhZ/kT
-CtCb2xK5/d1RGeRj0NBWtWoApQNo53chsPkCAwEAAaAAMA0GCSqGSIb3DQEBBQUA
-A4GBAEZdP93VI8InLmmg/d8SigIev7EfkTxhw1kVmGAdfbEpBuBuKj2ls7FUx6Ee
-hz72r2SjFGDJmPeAJwpL+DNQXc+8SywMMwGCTxgz2bHgBGKPc780SlezixYkxxuS
-uhkDw9o+SP7v4SQXhlHI9lEccEk3T7HmQc7uDZN81cHT/jjU
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl
-MQ8wDQYDVQQHEwZjaGFpbjIxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5
-IEx0ZDEPMA0GA1UECxMGY2hhaW4yMQ8wDQYDVQQDEwZjaGFpbjIxFTATBgkqhkiG
-9w0BCQEWBmNoYWluMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxCDHlh7F
-M0es5a0rC2PO5EQz438WrvDYfLCWAWk4Y09ifZfWMckNECT1F0AT8BpwcF4/BU3Z
-Z1LtQYO30ru/PSmYB6NkHi8eE4x6wWIzZjM+1CZaWZkFjmfHaM3yjW/7jAdjq1Bo
-A4iuClybtpvBGHvvzcnwXkSrVtbfSEHTIVECAwEAAaAAMA0GCSqGSIb3DQEBBQUA
-A4GBAJDdqMxSiUEjahKvVWsnaUOEqZADE9ncVH1Zp2oiIOTaGoj6TNR08BgAo1Rf
-OA5saruaJhak8gvZenvMjl48LoHq1rg5BxlumOqy87flCQO9YRP2+FTzcprCCMoK
-O8DuRov7j6+c30H2F3xaxABzlHlOniL659Q9gHm7tTg9dowK
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl
-MQ8wDQYDVQQHEwZjaGFpbjMxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5
-IEx0ZDEPMA0GA1UECxMGY2hhaW4zMQ8wDQYDVQQDEwZjaGFpbjMxFTATBgkqhkiG
-9w0BCQEWBmNoYWluMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAolI8t2S0
-BZLNslgMgVy0vaQQmRcaNfLe+Ibb6SSjAbHWA6n4K9HN93uawKCpjW00lHwsTFzA
-JttGE6PCxC3rrMtbZAksI+u1jIAS1s17+l/Zehe2/NVl+tSU2ZrPtZ6Hmfc+MmwN
-XB8Jd6FLrsFHJ2CifvWUZl976uGpsSRaQAMCAwEAAaAAMA0GCSqGSIb3DQEBBQUA
-A4GBAJ0QAZHBPgrCTfpY3x+iz798F/HUaXLdZ1PpGWvNAXA5eEvD3gQUW2VTDmxS
-WhvIIRuI5KMKAW+tngo/Avfq2pGDSAnBxA+sSLXg/Hesgx2v9A2PsHDQ7rsAZvsz
-N+QgyHD2tI/aD1vLnHpFJWy9RFCaWU67q5m09ox0M0AcYYbT
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl
-MQ8wDQYDVQQHEwZjaGFpbjQxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5
-IEx0ZDEPMA0GA1UECxMGY2hhaW40MQ8wDQYDVQQDEwZjaGFpbjQxFTATBgkqhkiG
-9w0BCQEWBmNoYWluNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtUoH2TmL
-bUaykbfQIOVeQY5ZnHiOsVSKLvtq8VEckHg6tpiu6xuGlDYcENGrR+KHlsvpcNte
-KS8k5sSh3ggzgWZbU4tUkNh1e+zEYmHrBl4P56SOO1NQjjHyQt9O4ziLRtVHroE+
-MZ5wQrYIt8Dtpz+5clsbIU4MdyFGkqClTqUCAwEAAaAAMA0GCSqGSIb3DQEBBQUA
-A4GBAJPwc6IqD20GEyd+ridxaMu2ZxWOSwDs8SZ+Zl9ysbCYP3fClBpL8aCoqPOG
-Mgwsp7m4KrwReNYO2jF2TPmHqrpdoYsFLh4SrET4GkUpbdNaJMbzJLcAHYC45W7J
-2WnliPdMRG44LAUYA+p46do627qcAHwTdqr0ULg9MNYxHEc4
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl
-MQ8wDQYDVQQHEwZjaGFpbjUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5
-IEx0ZDEPMA0GA1UECxMGY2hhaW41MQ8wDQYDVQQDEwZjaGFpbjUxFTATBgkqhkiG
-9w0BCQEWBmNoYWluNTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA8TJAs/mV
-YDopPBzMpPXlCBndMpWiYs81dMKFG5nJPjqQ0rWavprP6XcTJkzSeAY9GZvXOAVm
-ytI256LOvIGqMSPIXad8QSVEeZmsEDQWELgpoV2W+Ed/0VxosoWKmShlAJTZ5t8c
-N1nbiIdfs+WpiIaGMHHwIiRXOltYBNvDlA8CAwEAAaAAMA0GCSqGSIb3DQEBBQUA
-A4GBADmAeL4VKRFVGCVb4rH4HAtIb5Mzn5eqTmCPTqFHTCMfwuHLcvTiAtWZUnkY
-65AraaOnqxZHBeLDIYAX/4rTlg6kdCwnjcImYKuF7YP0aFAClon57cS0ZUKdxpO7
-1EVm2vFIpm0KI7tGHTFKU7FK3wu7GtXrdB4tVbW6i7skeWZD
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl
-MQ8wDQYDVQQHEwZzZXJ2ZXIxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5
-IEx0ZDEPMA0GA1UECxMGc2VydmVyMQ8wDQYDVQQDEwZzZXJ2ZXIxFTATBgkqhkiG
-9w0BCQEWBnNlcnZlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2XXqSUI5
-mCYPYTC983AXvcpbG6ExaJ1jfqbFHi4fE2Nr77AjtyG2Hvdl8QHnHErI0RUg6dTL
-nbJMV7SoSw7jW1QWEFE7P69R6ePQfR6jMFndjoy1aQJdo143AiIF4m0EuPsrM9VZ
-yeOedFllsn8D5Qzdk2IaVZRNXOG9zJkZBGECAwEAAaAAMA0GCSqGSIb3DQEBBQUA
-A4GBAIyuwA0UbZ3K93G8OmuSZ2Xiyt5nPvzRFIAZlK6TMGNYTmMWLEkNz/AL1qBX
-EByJmCuho83Ei4WRB4xaOfaL/Yq5cRR+Xadz8tjAwpzrT8JpxEUmj4MHABN0EcXr
-q3Gz0rvxnDiV6v+1TkbGAfdpzF+pZAh05DdtswLXJ2EoEn29
------END CERTIFICATE REQUEST-----
+++ /dev/null
-V 120512012141Z 00 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain1/CN=chain1/emailAddress=chain1
-V 120512012202Z 01 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain2/CN=chain2/emailAddress=chain2
-V 120512012213Z 02 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain3/CN=chain3/emailAddress=chain3
-V 120512012224Z 03 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain4/CN=chain4/emailAddress=chain4
-V 120512012235Z 04 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain5/CN=chain5/emailAddress=chain5
-V 120512012313Z 05 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=server/CN=server/emailAddress=server
+++ /dev/null
-V 120512012141Z 00 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain1/CN=chain1/emailAddress=chain1
-V 120512012202Z 01 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain2/CN=chain2/emailAddress=chain2
-V 120512012213Z 02 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain3/CN=chain3/emailAddress=chain3
-V 120512012224Z 03 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain4/CN=chain4/emailAddress=chain4
-V 120512012235Z 04 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain5/CN=chain5/emailAddress=chain5
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDQ2Tl1WL4HR5EmTEItufVLHLPJ8ujJLx/VWKCu7CrUyp5NCA44
-Hv7KxHzrN5qrTQwy+EiN7UvcB+gLEZ/4sbjxdbZhaBZpz+ujJNPl2gdA8aaUprVK
-mHSnVyKZUU5js0vqXDIvWi9xvLoW9psWafYDlLdFl06B6RlqVTIOfxuqbQIDAQAB
-AoGALIc0Bf3+viSXIPg/X+p3DyW2e4dL9KEUg3NbBxCZbTcqGzhtd6+8GVVdYPVB
-B+bsg+2F4qTGeMpCwiFm3ypdSNMqPCe+u8UF8Sw82th7m+Tkj5nM4svtkMT+CWZ2
-/SkJDWPplv0ipBPmYCrX7pMyTkBQxIOAoJh5P2Bb2m+u0y0CQQD6jp0W3tNCZ2m1
-yoIGRWLQDANqZdiOarL2vlu9ksKxySu5sA/COcOCKS4JaE56uebSKZEriLdKFCqd
-X/fxv81rAkEA1WKpxTphvNhVKyNsMZbhLoMEB1XUHX08dap1Oiwp5nu4S95RFXKE
-LAwngdqApRwrqXQO9WqDpMIDbkHnu2nFhwJBALCgDh8MLxK1gbB0NBqlmRWeEl5T
-s0gZ8VS9NkC6D2Nys88vTLyXKbo8u0ZIcGJVYGCwirSMqOCgvLW57DhQBEcCQQCg
-A4mdvcb3Lx7G55xFn4gjMdo+ie0zY+uHrRiVU/LjxJkSQ5d4RtS4lzC1Hp5jsjlH
-rCFfhc1MKrUZ5FAa6RlXAkBG+TojT8xAF+XzxPEG8ZIRpS75PDek+BTOJNpxbvvk
-LyEbsJ054HwYJbEenYrhJiAXGRxQS9wzTXm7vUO/NZlJ
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCubdMYP7Jjq/tyzv+aiwdKUsWZDp5caM6CZwd6JxGYp/46aD9O
-S3TUpXcVh36cnxCCLxzjwMceizWrOvYTRIFDIqf6BjacVVN6nRiboPSTWFAszavs
-Mi/6T/9uamh1FXbhseFn+RMK0JvbErn93VEZ5GPQ0Fa1agClA2jndyGw+QIDAQAB
-AoGATPoWoKrrlOT/EMmdL5yPWRNyNHupE2sFR7MkL5oyP8ZTgX8kAO933agwB4ZG
-L+RaqrkT7MbUmPwicTCSDCq9SCLSL+fQS/hujdRbsBhnLTuAiaIblmpDYO5z6Rma
-tUXnImdvKROpYmBNNzFzDlj0686KahdYGXJOTFYSST3QHEkCQQDap3/5ursNj1NY
-dehaiUhYD3mOqgrj/MhN+JHNR6Eb3qQQ1Aa/rQmEkPnmopNy7qc/B+6Y4CMxNLkM
-bHSyre2/AkEAzDibGZCBct4slqyuPyZTfgh3UQSaCQ4CSF7HG/Pj/ZeHqDnKoxR7
-v//WZy5gxHZ7CrSWM/laNOd6svdtQs1/RwJBAJ1UMK1MQxN6sYnRLSMX7MoQOHMC
-v1tUo/wWgzKl+7LF/F9vcHuy0kpk1quxB0+HkSe1WWT+wdPCD/R0hXOb2pkCQFt0
-ehjfuujbEDLF0B6dpkRJvE0+91BYwrLwJtCgzxgQ1QKEJvgTQzv/cV+xyEoTGRT5
-PE64Oyp4A13EKl0BNB8CQF7C0zzEBE/MngPizBU6KEfo47c0hD57IUVGcIA3juwm
-AELZem13BOjaDk9CEZppfk1lpdU0ZKmkIodlDwLVgLE=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDEIMeWHsUzR6zlrSsLY87kRDPjfxau8Nh8sJYBaThjT2J9l9Yx
-yQ0QJPUXQBPwGnBwXj8FTdlnUu1Bg7fSu789KZgHo2QeLx4TjHrBYjNmMz7UJlpZ
-mQWOZ8dozfKNb/uMB2OrUGgDiK4KXJu2m8EYe+/NyfBeRKtW1t9IQdMhUQIDAQAB
-AoGALCNoZ2uDW9gMnB/NqSGMJSkIOHGYjERdpColiCnC6+6orrUmGkwx6Wk300Sz
-d/yrQ06ihjIP9EXgaTcYfo+MKPW4pt5P980H8sZg8XKSwv94gigKoSLAT0jPmFr1
-Z9YXew3b3Js0sd0K/i79pTAC1uIzaHeBjgB+D/SVbVmiX+UCQQDl66n5k43+aidO
-TDVizP59SvUPulvEkiWyy59+pvIBkAVtpYFQkS8Ty50M3w+qk3wmjPUbl6NeqFbw
-Qb75rLZbAkEA2l/c5D3XdWOmSb8eA5jIa6fIytSHRjOaiYGOAhzH/umWgtmqwNPg
-xG9CNsw35bRj9PrL2wpw0UlFUWykdkXOwwJBANKBgP9bZH8R6+jZB2vtKffHADYl
-Ns3zzQY1PlM0QJDDruSjypDcTFEAdEsLk4lmPR4Cootfu5j34ZlZaKOpyM8CQHC/
-YAAkAdNlMN0QpQF8Z7ZVubEni/Rt/lMSpexnScdOeVxz39qRSpKBUzGRvSaHPbil
-qI0eVeNorjZ9HmjGYBsCQQDEMANkM1n9eYcOuDseJpxh2G43IUN2zJauOkChQ3QH
-Rd9aNw3GPBzKw2JbGuYQqdHPMdaoUcCcRAkQQbS2kEm7
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCiUjy3ZLQFks2yWAyBXLS9pBCZFxo18t74htvpJKMBsdYDqfgr
-0c33e5rAoKmNbTSUfCxMXMAm20YTo8LELeusy1tkCSwj67WMgBLWzXv6X9l6F7b8
-1WX61JTZms+1noeZ9z4ybA1cHwl3oUuuwUcnYKJ+9ZRmX3vq4amxJFpAAwIDAQAB
-AoGBAIRhv4TuS2eUP9AowSIrwng7uxGv5r+C8VgNXIK7T3oNWHaqg2zxciJZm29o
-WH+wRcanstUge9H02SUhVLH8pYx9fFj0swfRhul8ISYVTRowH8I3K5wXjmeBU+z3
-WWyJfFqbsvyTaxdfEfXIoWI/d4vHVz5DeTnWKtntr/Nls/whAkEA1Yw3m3RERisP
-Ck9/1C2pzOBtrtHKLVJzQDV/NZBo7+CIMxuOWnbDNnoi+IgacNYtCfxchbF7TtUk
-+Pm07HqV0wJBAMKXBdak9PtQjNHyGEyzpqlZpM0auukgXY/EgOcVC86vof2fR5f9
-vhvMLbsxkFWziH1rt67H/8YAhnGpTt/PXxECQBONyFW6urm2HaVzDCBwofi5oDF+
-0kV+JEF/5IsSExnL9IzBfDJ6Z3uoiWU6iTlF00/zxMEVNFZOnBkUPGXe/7MCQHfi
-xdUVcl23pdrfVftDn8Wsli1Lb6abqykdPvGf9NNVP+9bB6frzAmiRPaUtcEnSEtF
-ZziGvd2Gi05RqmeXgpECQQCTS/meiClVDAn0Wnc3WgShKSBQINIiWUWApsAOdVSJ
-32yo5yR9qScoaW9TDroHiEfshdnC7NNh1fBbLZna96if
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQC1SgfZOYttRrKRt9Ag5V5BjlmceI6xVIou+2rxURyQeDq2mK7r
-G4aUNhwQ0atH4oeWy+lw214pLyTmxKHeCDOBZltTi1SQ2HV77MRiYesGXg/npI47
-U1COMfJC307jOItG1UeugT4xnnBCtgi3wO2nP7lyWxshTgx3IUaSoKVOpQIDAQAB
-AoGAC9E3kcFehVEGctk4h+xrqHpO/RQeuRB5sXZSEkjnQ8OSkDSDsm+o5iBg0/fW
-4mixzfKc1O53xNd94E0RABgowzpg3cuOkLWmBYyw//9av3EQUPH9ZKrr1cVgHUvN
-pTJckhiZTbMPCibdoeulorkjWJ2kgsz8d4NKpBz03VyUHkECQQDtbYze5rXNXtAc
-OyYJv33CyKf8D5e7A4Gv9KRAjQF/6dNniRxggzPB8uE30EeC/iJ2f/o8NcItSlxE
-y5PDxF8nAkEAw3hP/xqp5FVH78i3DL1X9WuQDy+eTXv9GCt7Y51jKLRcG5ArwQuy
-uIwx9Ki3REiVBsKNH+YPj9mhmNOLuFsDUwJAFr2IYY0NWqc7HYkYwpRBsldPp5fC
-u5nBYR34YWpf+2Vk5yS9wAyw92GQ6qybPNOkb18gk4W+nGHj5n7tHzH+vwJAMmoq
-f8pZvSl9t0uWYrPHJuZKLpCCjMuI2J4GYgfq1knGY9mIX27r9os6KzcEpZjuzuKI
-0YxdwSVJd4hARhk7PwJACI3n/qMb/AiYY9Kh2vUZFcV10BA4zN2bq69wmmSzsIqx
-wRBOALPPKRKDsS/aA7ZgPAAiHjXcyazXyWKeObeQ3w==
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDxMkCz+ZVgOik8HMyk9eUIGd0ylaJizzV0woUbmck+OpDStZq+
-ms/pdxMmTNJ4Bj0Zm9c4BWbK0jbnos68gaoxI8hdp3xBJUR5mawQNBYQuCmhXZb4
-R3/RXGiyhYqZKGUAlNnm3xw3WduIh1+z5amIhoYwcfAiJFc6W1gE28OUDwIDAQAB
-AoGAVG4P4jBCzs1tM8KtDC2bP6u2F4fzsPzxrG6PI6tAm8zqdyflBEWy8/mftW98
-2VDtwHIh81VIt0TAvXLrRWdqSF1KqaP1rGdfBBjy7VX/F/RM9BJkGyGGK4muFn5z
-ILkTyUokCIvCea59Nxjz8efk4UT8VKTrLUe/aW7AYtyFaRECQQD9hDdNGtkh2CiX
-BaMY8kbamWRNGO+hthD3bmtWaqBJBY2F/bgF0D1F71bMT2Po1JX01GLrPDX/WDIY
-JANfHYkHAkEA848js49pOq2Xeu7vQUbUGufjiAxq5WcMiM1qrNBIi8Nz7eSC20WO
-NB4f39UU7K0HndnpohEcCkBa+5j0efqCuQJBAPChlNQtDbhgMnbWtO6y2KoZOukr
-KBl4dTZGqr+FycpF6QUrxIZQGDjParXXDWAsmIGhLptVtXM/RZ1AYargn/UCQAb4
-zfjR3h1D4tYuCMNBl8i9YpH+aQDwFjfESY1w2OLHUYY5yFUmhI+RXTA3FUZBHbqz
-BjERdFAGz5PsKPNk7GECQGoi4PRFAA/VRgDQ5PVYqW86pfG0ULyneHBZIg57Urqg
-5Umq3ct6qZT+/H2pSonJYkNWKdMJiCK7jU6H5h7z47E=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDZdepJQjmYJg9hML3zcBe9ylsboTFonWN+psUeLh8TY2vvsCO3
-IbYe92XxAeccSsjRFSDp1MudskxXtKhLDuNbVBYQUTs/r1Hp49B9HqMwWd2OjLVp
-Al2jXjcCIgXibQS4+ysz1VnJ4550WWWyfwPlDN2TYhpVlE1c4b3MmRkEYQIDAQAB
-AoGAGiCCr56XUOJxwpmamN8E2zauz5kEWK9gPt1GnaOo9Clj1H5zLBOO0BWlV9mE
-rO+HRSemtrFsbVv4tCjud2Yohp2yAAe8nnW33Xf4KDLZ62wtP5HCXaIoNZKmTnpC
-QHc2I/k674jUGE4tCvrYwg0CJQQrpTpXizA8YECudxZ48okCQQD9gKVPdlBeEsF2
-OVKHF//n1LI6+2cD9sWoPzdXayVcpemDyTl+GIQYhqZDVWsMj6DvfOHHlNZdYGr2
-XrmCbvCvAkEA25peZpnAnnwcqgKUrbaNKq5rmYPtbdu5I6rloMUs/OiO2lHkXs9Q
-QN904G1dTYOcaEOVH5nMuwD04Es/7Lj/7wJBALE9SddV9Hjhiivbhiz4Ba8UUgzV
-C0CFP8sTb+EKA9RUGAFRJoZYI7t2ITcAuNjObwoieUVudbZRnFdnATMF1/cCQQCF
-SEvDOc4OYoWDKc3TINjM7s+ffNK9un3DiBWWXhXP6dXJ66oPYQP0W6s0Cyx1v0tO
-fLYlV9NKLGpzNzi1FBNBAkAO4WRyZXBK9BVBLyfJq77uptlLZW71yl2X1oSklFyM
-MpLH4u1SJorRypt7MsxPgcF4pAZSs/TWaCmx8nmSBcEE
------END RSA PRIVATE KEY-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 5 (0x5)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain5, CN=chain5/emailAddress=chain5
- Validity
- Not Before: May 13 01:23:13 2011 GMT
- Not After : May 12 01:23:13 2012 GMT
- Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=server, CN=server/emailAddress=server
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:d9:75:ea:49:42:39:98:26:0f:61:30:bd:f3:70:
- 17:bd:ca:5b:1b:a1:31:68:9d:63:7e:a6:c5:1e:2e:
- 1f:13:63:6b:ef:b0:23:b7:21:b6:1e:f7:65:f1:01:
- e7:1c:4a:c8:d1:15:20:e9:d4:cb:9d:b2:4c:57:b4:
- a8:4b:0e:e3:5b:54:16:10:51:3b:3f:af:51:e9:e3:
- d0:7d:1e:a3:30:59:dd:8e:8c:b5:69:02:5d:a3:5e:
- 37:02:22:05:e2:6d:04:b8:fb:2b:33:d5:59:c9:e3:
- 9e:74:59:65:b2:7f:03:e5:0c:dd:93:62:1a:55:94:
- 4d:5c:e1:bd:cc:99:19:04:61
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 2E:EE:9A:24:CA:AA:22:7C:B3:7F:13:56:FC:A8:FC:06:0F:FB:63:7D
- X509v3 Authority Key Identifier:
- DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain4/CN=chain4/emailAddress=chain4
- serial:04
-
- Signature Algorithm: sha1WithRSAEncryption
- d6:e7:97:51:80:37:cc:cf:b5:96:47:cc:4b:ca:62:f4:d1:43:
- a1:d2:8b:9a:21:50:99:04:9f:c0:00:f1:0c:71:18:82:88:63:
- 9e:86:6c:a1:2c:25:0e:c1:30:32:db:02:5b:47:ae:8d:5e:ba:
- 0f:3d:16:84:39:c6:30:91:8d:b9:23:1b:a9:58:52:9c:49:81:
- c9:87:e3:34:1d:dc:a0:dd:81:0b:1e:f6:d7:a7:2e:bd:dc:1c:
- 7b:d7:5c:0f:ec:da:09:81:45:36:63:76:e8:31:ba:cd:26:dc:
- 7a:80:18:c4:3e:be:14:14:07:dc:4b:1a:b5:c4:2c:38:10:f6:
- 13:84
------BEGIN CERTIFICATE-----
-MIIDZTCCAs6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
-dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjUxDzANBgNVBAMTBmNoYWluNTEVMBMGCSqG
-SIb3DQEJARYGY2hhaW41MB4XDTExMDUxMzAxMjMxM1oXDTEyMDUxMjAxMjMxM1ow
-fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
-dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGc2VydmVyMQ8wDQYDVQQD
-EwZzZXJ2ZXIxFTATBgkqhkiG9w0BCQEWBnNlcnZlcjCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEA2XXqSUI5mCYPYTC983AXvcpbG6ExaJ1jfqbFHi4fE2Nr77Aj
-tyG2Hvdl8QHnHErI0RUg6dTLnbJMV7SoSw7jW1QWEFE7P69R6ePQfR6jMFndjoy1
-aQJdo143AiIF4m0EuPsrM9VZyeOedFllsn8D5Qzdk2IaVZRNXOG9zJkZBGECAwEA
-AaOB8jCB7zAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
-YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQULu6aJMqqInyzfxNW/Kj8Bg/7Y30w
-gZQGA1UdIwSBjDCBiaGBg6SBgDB+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
-ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ8wDQYD
-VQQLEwZjaGFpbjQxDzANBgNVBAMTBmNoYWluNDEVMBMGCSqGSIb3DQEJARYGY2hh
-aW40ggEEMA0GCSqGSIb3DQEBBQUAA4GBANbnl1GAN8zPtZZHzEvKYvTRQ6HSi5oh
-UJkEn8AA8QxxGIKIY56GbKEsJQ7BMDLbAltHro1eug89FoQ5xjCRjbkjG6lYUpxJ
-gcmH4zQd3KDdgQse9tenLr3cHHvXXA/s2gmBRTZjdugxus0m3HqAGMQ+vhQUB9xL
-GrXELDgQ9hOE
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMCS1Ix
-FDASBgNVBAgTC0t5dW5nLWdpIGRvMRIwEAYDVQQHEwlTdS13b24gc2kxEDAOBgNV
-BAoTB1NhbXN1bmcxDDAKBgNVBAsTA0RNQzEQMA4GA1UEAxMHQ0EgY2VydDEdMBsG
-CSqGSIb3DQEJARYOY2FAc2Ftc3VuZy5jb20wHhcNMTEwNDAxMDgyNDAyWhcNMTIw
-MzMxMDgyNDAyWjBWMQswCQYDVQQGEwJLUjEUMBIGA1UECBMLS3l1bmctZ2kgZG8x
-EDAOBgNVBAoTB1NhbXN1bmcxDDAKBgNVBAsTA0RNQzERMA8GA1UEAxMIdGVzdHRl
-c3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOP+k1tVoVt6Sbvv/y41PP/2
-abO0S3EJW2p/twZ164Dzd7g21r63zUkBfD3pET0x2IL1N48QlTYwDj7bmzRH+i1v
-7Jxk4w6Op7Oho0mPjJ+Plvjfz5LCuwOOupw5V6TpZ2FtGaFcNWIK20BaLuZOyDAl
-m0HXGbfkuESZ9dayHvEtAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgEN
-BB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQ6leM2
-NG1RdqMk7cmJ1IVi2Zjk+DAfBgNVHSMEGDAWgBTNauriVKaL7CMpmNmXIOmNU7GR
-hTANBgkqhkiG9w0BAQUFAAOBgQCU+c0daLk+AHvSOetVRVFkkY3VMnWw7RURD8CU
-FDkb+Kz6huYlvh9pfkGn7HmxjUARJ6UpxokZ69toOv1UB0Ix4kyT3CCvf0EcnrjG
-1fAYrROOhNYlntSTDcgwB2VzXSZ9WEAOBj/B+/nGb7gkkAmf++4FKTMQLZvg5gQr
-700V7Q==
------END CERTIFICATE-----
+++ /dev/null
-afgnwthbgowjfkvbasdlkfgnaldfnglkwdafbkwjtghsghsfgusrfghadfht5ehadgfhsg
-hsfghsdrghsfh56h thdfghedrgrger[gfdghwdfhsadfhgsdfhasdfghasdfhsadfhgadfg
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIICsDCCAhmgAwIBAgIJAN8GoBDEijurMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQwHhcNMTEwNTE5MDExMzEyWhcNMTIwNTE4MDExMzEyWjBF
-MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
-ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDQXOd31QayaocvkpRZgLPd0d+bUaoMWQE5t6NtgKmvC83o3qZFoigKjox2BeTx
-+ywyhAMiLpob2Hn3Rl4OuKFIUiEn6xdpW+29HeenxK2cZRVmfdsqylqpkdfi3fQY
-aIDp4Z+aHXaVAN/5hz5UtRHKlMaz+euTLd6BhQPQX0txFwIDAQABo4GnMIGkMB0G
-A1UdDgQWBBSsnqdXF5mOVx9EXUG/y7O7nRjIWTB1BgNVHSMEbjBsgBSsnqdXF5mO
-Vx9EXUG/y7O7nRjIWaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
-U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAN8GoBDE
-ijurMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAzkDAU7L/iIuweO2n
-2AoFzTX9sIk+1vq5CC5jtgCOe9Sa92TJcKDOySxpZJz5gpW+bZi+BjNbYiSqMASg
-whlY63X+i0Ea5RKZTkoQZLfWw+dKKIlSqJfixkUPScOn7mmDM8sCMMXNJ/KaZqRK
-Ojl5x1BXedyIzOzk/7Dcz2jGQUs=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDQXOd31QayaocvkpRZgLPd0d+bUaoMWQE5t6NtgKmvC83o3qZF
-oigKjox2BeTx+ywyhAMiLpob2Hn3Rl4OuKFIUiEn6xdpW+29HeenxK2cZRVmfdsq
-ylqpkdfi3fQYaIDp4Z+aHXaVAN/5hz5UtRHKlMaz+euTLd6BhQPQX0txFwIDAQAB
-AoGBAMJNAGSUuGwEPxAzxjc4d4Jwxe4W11YwYZ4rCzF/+7wKa/euOKtSrbg6ee1N
-TdQBf5OT20Ay6O7yjbnzWp6ruWkCbTtRSd2GY/hUP+o0XEEeyRAEvWD6UCeWlUy9
-Geu8ePe30O6tvdBdS33+Y1OLHbSyA6UobT040HwiLOeKX67BAkEA8AAKZvtiuJmm
-muMkja4arMs1iGEezvMqBLhcqmqB4IOMbOWGgXUpdz/RVU8bkv6aoz7MmcIAyr+h
-POLh84mXZwJBAN5A7UQmBGiPd3eMI3012wf2N6MGbRk/5ZkVOO5q/0kPq3Mqdmfi
-oZpqUOLvTqdeYPJCIPKN3SAMne9v4oCautECQQDYVgEKcUG8yuvuJB+4Ap+S8J3x
-sDH4NCLFHHaTOuyVt56mLoN/QGA/WOxWLLfbWduEmUAOvVy/ZdtuqckpIPazAkBE
-RQdczpy+DYux8h8YoAlm2a/faOLsRZ9eNZGmUsGWDLUqjBmQ8aGYUB4Gh2HOsYPw
-BnYea4tIA/gji2e0/1JxAkEAswhUY3QeaXIawxdnswmeHu5KUhiM2LZXSo+DoOf2
-vNDPZviZX2LaZ79i1na3JkFaYJvLSemBICbLwWC/3GgOAg==
------END RSA PRIVATE KEY-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 5 (0x5)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain5, CN=chain5/emailAddress=chain5
- Validity
- Not Before: May 13 01:23:13 2011 GMT
- Not After : May 12 01:23:13 2012 GMT
- Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=server, CN=server/emailAddress=server
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:d9:75:ea:49:42:39:98:26:0f:61:30:bd:f3:70:
- 17:bd:ca:5b:1b:a1:31:68:9d:63:7e:a6:c5:1e:2e:
- 1f:13:63:6b:ef:b0:23:b7:21:b6:1e:f7:65:f1:01:
- e7:1c:4a:c8:d1:15:20:e9:d4:cb:9d:b2:4c:57:b4:
- a8:4b:0e:e3:5b:54:16:10:51:3b:3f:af:51:e9:e3:
- d0:7d:1e:a3:30:59:dd:8e:8c:b5:69:02:5d:a3:5e:
- 37:02:22:05:e2:6d:04:b8:fb:2b:33:d5:59:c9:e3:
- 9e:74:59:65:b2:7f:03:e5:0c:dd:93:62:1a:55:94:
- 4d:5c:e1:bd:cc:99:19:04:61
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 2E:EE:9A:24:CA:AA:22:7C:B3:7F:13:56:FC:A8:FC:06:0F:FB:63:7D
- X509v3 Authority Key Identifier:
- DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain4/CN=chain4/emailAddress=chain4
- serial:04
-
- Signature Algorithm: sha1WithRSAEncryption
- d6:e7:97:51:80:37:cc:cf:b5:96:47:cc:4b:ca:62:f4:d1:43:
- a1:d2:8b:9a:21:50:99:04:9f:c0:00:f1:0c:71:18:82:88:63:
- 9e:86:6c:a1:2c:25:0e:c1:30:32:db:02:5b:47:ae:8d:5e:ba:
- 0f:3d:16:84:39:c6:30:91:8d:b9:23:1b:a9:58:52:9c:49:81:
- c9:87:e3:34:1d:dc:a0:dd:81:0b:1e:f6:d7:a7:2e:bd:dc:1c:
- 7b:d7:5c:0f:ec:da:09:81:45:36:63:76:e8:31:ba:cd:26:dc:
- 7a:80:18:c4:3e:be:14:14:07:dc:4b:1a:b5:c4:2c:38:10:f6:
- 13:84
------BEGIN CERTIFICATE-----
-MIIDZTCCAs6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
-dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjUxDzANBgNVBAMTBmNoYWluNTEVMBMGCSqG
-SIb3DQEJARYGY2hhaW41MB4XDTExMDUxMzAxMjMxM1oXDTEyMDUxMjAxMjMxM1ow
-fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
-dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGc2VydmVyMQ8wDQYDVQQD
-EwZzZXJ2ZXIxFTATBgkqhkiG9w0BCQEWBnNlcnZlcjCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEA2XXqSUI5mCYPYTC983AXvcpbG6ExaJ1jfqbFHi4fE2Nr77Aj
-tyG2Hvdl8QHnHErI0RUg6dTLnbJMV7SoSw7jW1QWEFE7P69R6ePQfR6jMFndjoy1
-aQJdo143AiIF4m0EuPsrM9VZyeOedFllsn8D5Qzdk2IaVZRNXOG9zJkZBGECAwEA
-AaOB8jCB7zAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
-YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQULu6aJMqqInyzfxNW/Kj8Bg/7Y30w
-gZQGA1UdIwSBjDCBiaGBg6SBgDB+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
-ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ8wDQYD
-VQQLEwZjaGFpbjQxDzANBgNVBAMTBmNoYWluNDEVMBMGCSqGSIb3DQEJARYGY2hh
-aW40ggEEMA0GCSqGSIb3DQEBBQUAA4GBANbnl1GAN8zPtZZHzEvKYvTRQ6HSi5oh
-UJkEn8AA8QxxGIKIY56GbKEsJQ7BMDLbAltHro1eug89FoQ5xjCRjbkjG6lYUpxJ
-gcmH4zQd3KDdgQse9tenLr3cHHvXXA/s2gmBRTZjdugxus0m3HqAGMQ+vhQUB9xL
-GrXELDgQ9hOE
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDZdepJQjmYJg9hML3zcBe9ylsboTFonWN+psUeLh8TY2vvsCO3
-IbYe92XxAeccSsjRFSDp1MudskxXtKhLDuNbVBYQUTs/r1Hp49B9HqMwWd2OjLVp
-Al2jXjcCIgXibQS4+ysz1VnJ4550WWWyfwPlDN2TYhpVlE1c4b3MmRkEYQIDAQAB
-AoGAGiCCr56XUOJxwpmamN8E2zauz5kEWK9gPt1GnaOo9Clj1H5zLBOO0BWlV9mE
-rO+HRSemtrFsbVv4tCjud2Yohp2yAAe8nnW33Xf4KDLZ62wtP5HCXaIoNZKmTnpC
-QHc2I/k674jUGE4tCvrYwg0CJQQrpTpXizA8YECudxZ48okCQQD9gKVPdlBeEsF2
-OVKHF//n1LI6+2cD9sWoPzdXayVcpemDyTl+GIQYhqZDVWsMj6DvfOHHlNZdYGr2
-XrmCbvCvAkEA25peZpnAnnwcqgKUrbaNKq5rmYPtbdu5I6rloMUs/OiO2lHkXs9Q
-QN904G1dTYOcaEOVH5nMuwD04Es/7Lj/7wJBALE9SddV9Hjhiivbhiz4Ba8UUgzV
-C0CFP8sTb+EKA9RUGAFRJoZYI7t2ITcAuNjObwoieUVudbZRnFdnATMF1/cCQQCF
-SEvDOc4OYoWDKc3TINjM7s+ffNK9un3DiBWWXhXP6dXJ66oPYQP0W6s0Cyx1v0tO
-fLYlV9NKLGpzNzi1FBNBAkAO4WRyZXBK9BVBLyfJq77uptlLZW71yl2X1oSklFyM
-MpLH4u1SJorRypt7MsxPgcF4pAZSs/TWaCmx8nmSBcEE
------END RSA PRIVATE KEY-----
+++ /dev/null
-Bag Attributes
- localKeyID: 36 5A C4 1E 25 04 62 BD 9A E0 42 59 82 36 DD 24 FE AD 83 A0
-subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=server/CN=server/emailAddress=server
-issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain5/CN=chain5/emailAddress=chain5
------BEGIN CERTIFICATE-----
-MIIDZTCCAs6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
-dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjUxDzANBgNVBAMTBmNoYWluNTEVMBMGCSqG
-SIb3DQEJARYGY2hhaW41MB4XDTExMDUxMzAxMjMxM1oXDTEyMDUxMjAxMjMxM1ow
-fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
-dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGc2VydmVyMQ8wDQYDVQQD
-EwZzZXJ2ZXIxFTATBgkqhkiG9w0BCQEWBnNlcnZlcjCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEA2XXqSUI5mCYPYTC983AXvcpbG6ExaJ1jfqbFHi4fE2Nr77Aj
-tyG2Hvdl8QHnHErI0RUg6dTLnbJMV7SoSw7jW1QWEFE7P69R6ePQfR6jMFndjoy1
-aQJdo143AiIF4m0EuPsrM9VZyeOedFllsn8D5Qzdk2IaVZRNXOG9zJkZBGECAwEA
-AaOB8jCB7zAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
-YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQULu6aJMqqInyzfxNW/Kj8Bg/7Y30w
-gZQGA1UdIwSBjDCBiaGBg6SBgDB+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
-ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ8wDQYD
-VQQLEwZjaGFpbjQxDzANBgNVBAMTBmNoYWluNDEVMBMGCSqGSIb3DQEJARYGY2hh
-aW40ggEEMA0GCSqGSIb3DQEBBQUAA4GBANbnl1GAN8zPtZZHzEvKYvTRQ6HSi5oh
-UJkEn8AA8QxxGIKIY56GbKEsJQ7BMDLbAltHro1eug89FoQ5xjCRjbkjG6lYUpxJ
-gcmH4zQd3KDdgQse9tenLr3cHHvXXA/s2gmBRTZjdugxus0m3HqAGMQ+vhQUB9xL
-GrXELDgQ9hOE
------END CERTIFICATE-----
+++ /dev/null
-Bag Attributes
- localKeyID: 36 5A C4 1E 25 04 62 BD 9A E0 42 59 82 36 DD 24 FE AD 83 A0
-Key Attributes: <No Attributes>
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDZdepJQjmYJg9hML3zcBe9ylsboTFonWN+psUeLh8TY2vvsCO3
-IbYe92XxAeccSsjRFSDp1MudskxXtKhLDuNbVBYQUTs/r1Hp49B9HqMwWd2OjLVp
-Al2jXjcCIgXibQS4+ysz1VnJ4550WWWyfwPlDN2TYhpVlE1c4b3MmRkEYQIDAQAB
-AoGAGiCCr56XUOJxwpmamN8E2zauz5kEWK9gPt1GnaOo9Clj1H5zLBOO0BWlV9mE
-rO+HRSemtrFsbVv4tCjud2Yohp2yAAe8nnW33Xf4KDLZ62wtP5HCXaIoNZKmTnpC
-QHc2I/k674jUGE4tCvrYwg0CJQQrpTpXizA8YECudxZ48okCQQD9gKVPdlBeEsF2
-OVKHF//n1LI6+2cD9sWoPzdXayVcpemDyTl+GIQYhqZDVWsMj6DvfOHHlNZdYGr2
-XrmCbvCvAkEA25peZpnAnnwcqgKUrbaNKq5rmYPtbdu5I6rloMUs/OiO2lHkXs9Q
-QN904G1dTYOcaEOVH5nMuwD04Es/7Lj/7wJBALE9SddV9Hjhiivbhiz4Ba8UUgzV
-C0CFP8sTb+EKA9RUGAFRJoZYI7t2ITcAuNjObwoieUVudbZRnFdnATMF1/cCQQCF
-SEvDOc4OYoWDKc3TINjM7s+ffNK9un3DiBWWXhXP6dXJ66oPYQP0W6s0Cyx1v0tO
-fLYlV9NKLGpzNzi1FBNBAkAO4WRyZXBK9BVBLyfJq77uptlLZW71yl2X1oSklFyM
-MpLH4u1SJorRypt7MsxPgcF4pAZSs/TWaCmx8nmSBcEE
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDgTCCAuqgAwIBAgIJAMU+zh6oJmrXMA0GCSqGSIb3DQEBBQUAMIGIMQswCQYD
-VQQGEwJLUjEUMBIGA1UECBMLS3l1bmctZ2kgZG8xEjAQBgNVBAcTCVN1LXdvbiBz
-aTEQMA4GA1UEChMHU2Ftc3VuZzEMMAoGA1UECxMDRE1DMRAwDgYDVQQDEwdDQSBj
-ZXJ0MR0wGwYJKoZIhvcNAQkBFg5jYUBzYW1zdW5nLmNvbTAeFw0xMTAzMjkwMjQ1
-MzhaFw0xMjAzMjgwMjQ1MzhaMIGIMQswCQYDVQQGEwJLUjEUMBIGA1UECBMLS3l1
-bmctZ2kgZG8xEjAQBgNVBAcTCVN1LXdvbiBzaTEQMA4GA1UEChMHU2Ftc3VuZzEM
-MAoGA1UECxMDRE1DMRAwDgYDVQQDEwdDQSBjZXJ0MR0wGwYJKoZIhvcNAQkBFg5j
-YUBzYW1zdW5nLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwTDwxz9h
-2KaO4X29eKQxT3XCNRMnzSpx62rNLLGaXYrOMYHQcUDOkwEFRw4fV4yxqXgwk7Bv
-4C+anNX2jN6SkYGEj4mGDVrE0jaI60X04tf3fAb0Ltw2PEgKsB56X75PNAxGP8oh
-/y6fysoCAEyNhoYnwEsRrSfWY8iAm+hKAxUCAwEAAaOB8DCB7TAdBgNVHQ4EFgQU
-zWrq4lSmi+wjKZjZlyDpjVOxkYUwgb0GA1UdIwSBtTCBsoAUzWrq4lSmi+wjKZjZ
-lyDpjVOxkYWhgY6kgYswgYgxCzAJBgNVBAYTAktSMRQwEgYDVQQIEwtLeXVuZy1n
-aSBkbzESMBAGA1UEBxMJU3Utd29uIHNpMRAwDgYDVQQKEwdTYW1zdW5nMQwwCgYD
-VQQLEwNETUMxEDAOBgNVBAMTB0NBIGNlcnQxHTAbBgkqhkiG9w0BCQEWDmNhQHNh
-bXN1bmcuY29tggkAxT7OHqgmatcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOBgQB6dqH4U00mnavG0bUVTjhEwYbdQtpSc+fKB3+O9QY4PlLttyd3GfeKmsxe
-Z2RwUtUd3vjEDNPROcDAow6bHdy4B++qoojKVj1INJI0iDG/i6NUnDofsH+NS7mW
-J6FKF6ukwnTfk2HjvIfrLO6S8nSVa1dSoB2GHzg2kWgm36a9pw==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 0 (0x0)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=AU, ST=Some-State, L=root, O=Internet Widgits Pty Ltd, OU=root, CN=root/emailAddress=root
- Validity
- Not Before: May 13 01:21:41 2011 GMT
- Not After : May 12 01:21:41 2012 GMT
- Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain1, CN=chain1/emailAddress=chain1
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:ae:6d:d3:18:3f:b2:63:ab:fb:72:ce:ff:9a:8b:
- 07:4a:52:c5:99:0e:9e:5c:68:ce:82:67:07:7a:27:
- 11:98:a7:fe:3a:68:3f:4e:4b:74:d4:a5:77:15:87:
- 7e:9c:9f:10:82:2f:1c:e3:c0:c7:1e:8b:35:ab:3a:
- f6:13:44:81:43:22:a7:fa:06:36:9c:55:53:7a:9d:
- 18:9b:a0:f4:93:58:50:2c:cd:ab:ec:32:2f:fa:4f:
- ff:6e:6a:68:75:15:76:e1:b1:e1:67:f9:13:0a:d0:
- 9b:db:12:b9:fd:dd:51:19:e4:63:d0:d0:56:b5:6a:
- 00:a5:03:68:e7:77:21:b0:f9
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 01:d3:3c:dc:a0:62:14:99:b8:b1:99:cf:0c:4a:50:2b:f7:1e:
- 56:f6:de:ce:80:b4:32:bb:0c:5c:45:b7:78:e5:27:ee:90:0c:
- a0:db:ef:32:85:85:08:c6:4a:e6:22:7b:56:61:d5:b4:4e:a1:
- 7e:ed:60:c2:bf:bc:51:89:9a:b1:73:c2:e0:bb:3d:4e:fa:6f:
- 3e:32:b5:7f:b4:bc:0f:8a:ca:7d:f0:bf:da:b1:12:23:0e:cc:
- 57:e5:58:7c:23:38:b1:d8:b2:13:d8:6a:0d:20:bd:e9:66:51:
- 2d:e6:57:a1:33:17:69:6d:21:9f:18:37:23:6c:ca:0e:b0:c4:
- 47:86
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBhzELMAkGA1UEBhMCQVUx
-EzARBgNVBAgTClNvbWUtU3RhdGUxDTALBgNVBAcTBHJvb3QxITAfBgNVBAoTGElu
-dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UECxMEcm9vdDENMAsGA1UEAxME
-cm9vdDETMBEGCSqGSIb3DQEJARYEcm9vdDAeFw0xMTA1MTMwMTIxNDFaFw0xMjA1
-MTIwMTIxNDFaMH4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEw
-HwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAsTBmNoYWlu
-MTEPMA0GA1UEAxMGY2hhaW4xMRUwEwYJKoZIhvcNAQkBFgZjaGFpbjEwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAK5t0xg/smOr+3LO/5qLB0pSxZkOnlxozoJn
-B3onEZin/jpoP05LdNSldxWHfpyfEIIvHOPAxx6LNas69hNEgUMip/oGNpxVU3qd
-GJug9JNYUCzNq+wyL/pP/25qaHUVduGx4Wf5EwrQm9sSuf3dURnkY9DQVrVqAKUD
-aOd3IbD5AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
-AdM83KBiFJm4sZnPDEpQK/ceVvbezoC0MrsMXEW3eOUn7pAMoNvvMoWFCMZK5iJ7
-VmHVtE6hfu1gwr+8UYmasXPC4Ls9TvpvPjK1f7S8D4rKffC/2rESIw7MV+VYfCM4
-sdiyE9hqDSC96WZRLeZXoTMXaW0hnxg3I2zKDrDER4Y=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCubdMYP7Jjq/tyzv+aiwdKUsWZDp5caM6CZwd6JxGYp/46aD9O
-S3TUpXcVh36cnxCCLxzjwMceizWrOvYTRIFDIqf6BjacVVN6nRiboPSTWFAszavs
-Mi/6T/9uamh1FXbhseFn+RMK0JvbErn93VEZ5GPQ0Fa1agClA2jndyGw+QIDAQAB
-AoGATPoWoKrrlOT/EMmdL5yPWRNyNHupE2sFR7MkL5oyP8ZTgX8kAO933agwB4ZG
-L+RaqrkT7MbUmPwicTCSDCq9SCLSL+fQS/hujdRbsBhnLTuAiaIblmpDYO5z6Rma
-tUXnImdvKROpYmBNNzFzDlj0686KahdYGXJOTFYSST3QHEkCQQDap3/5ursNj1NY
-dehaiUhYD3mOqgrj/MhN+JHNR6Eb3qQQ1Aa/rQmEkPnmopNy7qc/B+6Y4CMxNLkM
-bHSyre2/AkEAzDibGZCBct4slqyuPyZTfgh3UQSaCQ4CSF7HG/Pj/ZeHqDnKoxR7
-v//WZy5gxHZ7CrSWM/laNOd6svdtQs1/RwJBAJ1UMK1MQxN6sYnRLSMX7MoQOHMC
-v1tUo/wWgzKl+7LF/F9vcHuy0kpk1quxB0+HkSe1WWT+wdPCD/R0hXOb2pkCQFt0
-ehjfuujbEDLF0B6dpkRJvE0+91BYwrLwJtCgzxgQ1QKEJvgTQzv/cV+xyEoTGRT5
-PE64Oyp4A13EKl0BNB8CQF7C0zzEBE/MngPizBU6KEfo47c0hD57IUVGcIA3juwm
-AELZem13BOjaDk9CEZppfk1lpdU0ZKmkIodlDwLVgLE=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN PUBLIC KEY-----
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCubdMYP7Jjq/tyzv+aiwdKUsWZ
-Dp5caM6CZwd6JxGYp/46aD9OS3TUpXcVh36cnxCCLxzjwMceizWrOvYTRIFDIqf6
-BjacVVN6nRiboPSTWFAszavsMi/6T/9uamh1FXbhseFn+RMK0JvbErn93VEZ5GPQ
-0Fa1agClA2jndyGw+QIDAQAB
------END PUBLIC KEY-----
+++ /dev/null
-this is test file
+++ /dev/null
-+Y\87K~\9f³bê\ 2\94\11PP\13[íÀ\13l\91È\9aÚâþ\97áyH`3Ã\\90U\8e\fA¬oJI\88QO-8\8f®Õ¹¸\f
-|1\11m\ 5\f\90Y· \8a2U\98NJÒ\83ÂîvÍ\e&Ñïj\rA\1d\83\8fTÃ\9dìñz\13\15;î)z«qºÏÂ#<2ÀY\14\ 5\8c\7f4M\ 4\ 44îà
-!!(°:J\98
\ No newline at end of file
+++ /dev/null
-K1mHS36fs2LqApQRUFATW+3AE2yRyJra4v6X4XlIYDPDXJBVjgxBrG9KSYhRTy04
-j67VubgMCnwxEW0FDJBZtwmKMlWYTkrSg8Luds0bJtHvag1BHYOPVMOd7PF6ExU7
-7il6q3G6z8IjPDLAWRQFjH80TQQENO7gCiEhKLA6Spg=
+++ /dev/null
-this is test2
+++ /dev/null
-/scenario1/utc_SecurityFW_cert_svc_load_buf_to_context_func
-/scenario1/utc_SecurityFW_cert_svc_load_file_to_context_func
-/scenario1/utc_SecurityFW_cert_svc_load_PFX_file_to_context_func
-/scenario1/utc_SecurityFW_cert_svc_push_buf_into_context_func
-/scenario1/utc_SecurityFW_cert_svc_push_file_into_context_func
-/scenario1/utc_SecurityFW_cert_svc_add_certificate_to_store_func
-/scenario1/utc_SecurityFW_cert_svc_delete_certificate_from_store_func
-/scenario1/utc_SecurityFW_cert_svc_verify_certificate_func
-/scenario1/utc_SecurityFW_cert_svc_verify_signature_func
-/scenario1/utc_SecurityFW_cert_svc_extract_certificate_data_func
-/scenario1/utc_SecurityFW_cert_svc_search_certificate_func
-/scenario1/utc_SecurityFW_cert_svc_check_ocsp_status_func
+++ /dev/null
-/*
- * certification service
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Kidong Kim <kd0228.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <error.h>
-
-#include <cert-service.h>
-#include <tet_api.h>
-
-#define CERT_PATH "./data/Broot.pem"
-
-static void startup(void);
-static void cleanup(void);
-
-void (*tet_startup)(void) = startup;
-void (*tet_cleanup)(void) = cleanup;
-
-static void utc_SecurityFW_cert_svc_add_certificate_to_store_func_01(void);
-static void utc_SecurityFW_cert_svc_add_certificate_to_store_func_02(void);
-
-enum {
- POSITIVE_TC_IDX = 0x01,
- NEGATIVE_TC_IDX,
-};
-
-struct tet_testlist tet_testlist[] = {
- { utc_SecurityFW_cert_svc_add_certificate_to_store_func_01, POSITIVE_TC_IDX },
- { utc_SecurityFW_cert_svc_add_certificate_to_store_func_02, NEGATIVE_TC_IDX },
- { NULL, 0 }
-};
-
-static void startup(void)
-{
-}
-
-static void cleanup(void)
-{
-}
-
-/**
- * @brief Positive test case of cert_svc_add_certificate_to_store()
- */
-static void utc_SecurityFW_cert_svc_add_certificate_to_store_func_01(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
-
- ret = cert_svc_add_certificate_to_store(CERT_PATH, "code-signing_java_operator");
-
- if(ret != CERT_SVC_ERR_NO_ERROR) {
- tetResult = TET_FAIL;
- printf("[ERR] ret = [%d]\n", ret);
- }
- else
- tetResult = TET_PASS;
-
- cert_svc_delete_certificate_from_store("Broot.pem", "code-signing_java_operator");
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
-
-/**
- * @brief Negative test case of cert_svc_add_certificate_to_store()
- */
-static void utc_SecurityFW_cert_svc_add_certificate_to_store_func_02(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
-
- ret = cert_svc_add_certificate_to_store(NULL, "ssl");
-
- if(ret != CERT_SVC_ERR_INVALID_PARAMETER) {
- tetResult = TET_FAIL;
- printf("[ERR] ret = [%d]\n", ret);
- }
- else
- tetResult = TET_PASS;
-
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
+++ /dev/null
-/*
- * certification service
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Kidong Kim <kd0228.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <cert-service.h>
-#include <tet_api.h>
-
-#define CERT_PATH "./data/Broot.pem"
-
-static void startup(void);
-static void cleanup(void);
-
-void (*tet_startup)(void) = startup;
-void (*tet_cleanup)(void) = cleanup;
-
-static void utc_SecurityFW_cert_svc_check_ocsp_status_func_01(void);
-
-enum {
- POSITIVE_TC_IDX = 0x01,
- NEGATIVE_TC_IDX,
-};
-
-struct tet_testlist tet_testlist[] = {
- { utc_SecurityFW_cert_svc_check_ocsp_status_func_01, POSITIVE_TC_IDX },
- { NULL, 0 }
-};
-
-static void startup(void)
-{
-}
-
-static void cleanup(void)
-{
-}
-
-/**
- * @brief Positive test case of cert_svc_check_ocsp_status()
- */
-static void utc_SecurityFW_cert_svc_check_ocsp_status_func_01(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- CERT_CONTEXT* ctx = NULL;
- char* uri = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- if((ret = cert_svc_load_file_to_context(ctx, CERT_PATH)) != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- ret = cert_svc_check_ocsp_status(ctx, uri);
- if(ret != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_FAIL;
- }
- else
- tetResult = TET_PASS;
-
-err:
- cert_svc_cert_context_final(ctx);
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
+++ /dev/null
-/*
- * certification service
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Kidong Kim <kd0228.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <error.h>
-
-#include <cert-service.h>
-#include <tet_api.h>
-
-#define CERT_PATH "./data/Broot.pem"
-
-static void startup(void);
-static void cleanup(void);
-
-void (*tet_startup)(void) = startup;
-void (*tet_cleanup)(void) = cleanup;
-
-static void utc_SecurityFW_cert_svc_delete_certificate_from_store_func_01(void);
-static void utc_SecurityFW_cert_svc_delete_certificate_from_store_func_02(void);
-
-enum {
- POSITIVE_TC_IDX = 0x01,
- NEGATIVE_TC_IDX,
-};
-
-struct tet_testlist tet_testlist[] = {
- { utc_SecurityFW_cert_svc_delete_certificate_from_store_func_01, POSITIVE_TC_IDX },
- { utc_SecurityFW_cert_svc_delete_certificate_from_store_func_02, NEGATIVE_TC_IDX },
- { NULL, 0 }
-};
-
-static void startup(void)
-{
-}
-
-static void cleanup(void)
-{
-}
-
-/**
- * @brief Positive test case of cert_svc_delete_certificate_from_store()
- */
-static void utc_SecurityFW_cert_svc_delete_certificate_from_store_func_01(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- cert_svc_add_certificate_to_store(CERT_PATH, "code-signing_java_operator");
-
- ret = cert_svc_delete_certificate_from_store("Broot.pem", "code-signing_java_operator");
-
- if(ret != CERT_SVC_ERR_NO_ERROR) {
- tetResult = TET_FAIL;
- printf("[ERR] ret = [%d]\n", ret);
- }
- else
- tetResult = TET_PASS;
-
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
-
-/**
- * @brief Negative test case of cert_svc_delete_certificate_from_store()
- */
-static void utc_SecurityFW_cert_svc_delete_certificate_from_store_func_02(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- cert_svc_add_certificate_to_store(CERT_PATH, "code-signing_java_operator");
-
- ret = cert_svc_delete_certificate_from_store(NULL, NULL);
-
- if(ret != CERT_SVC_ERR_INVALID_PARAMETER) {
- tetResult = TET_FAIL;
- printf("[ERR] ret = [%d]\n", ret);
- }
- else
- tetResult = TET_PASS;
-
- cert_svc_delete_certificate_from_store("Broot.pem", "code-signing_java_operator");
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
+++ /dev/null
-/*
- * certification service
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Kidong Kim <kd0228.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <error.h>
-
-#include <cert-service.h>
-#include <tet_api.h>
-
-#define CERT_PATH "./data/Broot.pem"
-
-static void startup(void);
-static void cleanup(void);
-
-void (*tet_startup)(void) = startup;
-void (*tet_cleanup)(void) = cleanup;
-
-static void utc_SecurityFW_cert_svc_extract_certificate_data_func_01(void);
-static void utc_SecurityFW_cert_svc_extract_certificate_data_func_02(void);
-
-enum {
- POSITIVE_TC_IDX = 0x01,
- NEGATIVE_TC_IDX,
-};
-
-struct tet_testlist tet_testlist[] = {
- { utc_SecurityFW_cert_svc_extract_certificate_data_func_01, POSITIVE_TC_IDX },
- { utc_SecurityFW_cert_svc_extract_certificate_data_func_02, NEGATIVE_TC_IDX },
- { NULL, 0 }
-};
-
-static void startup(void)
-{
-}
-
-static void cleanup(void)
-{
-}
-
-/**
- * @brief Positive test case of cert_svc_extract_certificate_data()
- */
-static void utc_SecurityFW_cert_svc_extract_certificate_data_func_01(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- CERT_CONTEXT* ctx = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- if((ret = cert_svc_load_file_to_context(ctx, CERT_PATH)) != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- ret = cert_svc_extract_certificate_data(ctx);
- if(ret != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_FAIL;
- }
- else
- tetResult = TET_PASS;
-
-err:
- cert_svc_cert_context_final(ctx);
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
-
-/**
- * @brief Negative test case of cert_svc_extract_certificate_data()
- */
-static void utc_SecurityFW_cert_svc_extract_certificate_data_func_02(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- CERT_CONTEXT* ctx = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- if((ret = cert_svc_load_file_to_context(ctx, CERT_PATH)) != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- ret = cert_svc_extract_certificate_data(NULL);
- if(ret != CERT_SVC_ERR_INVALID_PARAMETER) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_FAIL;
- }
- else
- tetResult = TET_PASS;
-
-err:
- cert_svc_cert_context_final(ctx);
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
+++ /dev/null
-/*
- * certification service
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Kidong Kim <kd0228.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <error.h>
-
-#include <cert-service.h>
-#include <tet_api.h>
-
-#define CERT_PATH "./data/pfx/pfxtest.pfx"
-
-static void startup(void);
-static void cleanup(void);
-
-void (*tet_startup)(void) = startup;
-void (*tet_cleanup)(void) = cleanup;
-
-static void utc_SecurityFW_cert_svc_load_PFX_file_to_context_func_01(void);
-static void utc_SecurityFW_cert_svc_load_PFX_file_to_context_func_02(void);
-
-enum {
- POSITIVE_TC_IDX = 0x01,
- NEGATIVE_TC_IDX,
-};
-
-struct tet_testlist tet_testlist[] = {
- { utc_SecurityFW_cert_svc_load_PFX_file_to_context_func_01, POSITIVE_TC_IDX },
- { utc_SecurityFW_cert_svc_load_PFX_file_to_context_func_02, NEGATIVE_TC_IDX },
- { NULL, 0 }
-};
-
-static void startup(void)
-{
-}
-
-static void cleanup(void)
-{
-}
-
-/**
- * @brief Positive test case of cert_svc_load_PFX_file_to_context()
- */
-static void utc_SecurityFW_cert_svc_load_PFX_file_to_context_func_01(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- CERT_CONTEXT* ctx = NULL;
- unsigned char* prikey = NULL;
- int prikeyLen = 0;
- char* passphrase = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- ret = cert_svc_load_PFX_file_to_context(ctx, &prikey, &prikeyLen, CERT_PATH, passphrase);
- if(ret != CERT_SVC_ERR_NO_ERROR) {
- tetResult = TET_FAIL;
- printf("[ERR] ret = [%d]\n", ret);
- }
- else
- tetResult = TET_PASS;
-
- if(prikey != NULL)
- free(prikey);
- cert_svc_cert_context_final(ctx);
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
-
-/**
- * @brief Negative test case of cert_svc_load_PFX_file_to_context()
- */
-static void utc_SecurityFW_cert_svc_load_PFX_file_to_context_func_02(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- CERT_CONTEXT* ctx = NULL;
- unsigned char* prikey = NULL;
- int prikeyLen = 0;
- char* passphrase = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- ret = cert_svc_load_PFX_file_to_context(ctx, &prikey, &prikeyLen, NULL, passphrase);
- if(ret != CERT_SVC_ERR_INVALID_PARAMETER) {
- tetResult = TET_FAIL;
- printf("[ERR] ret = [%d]\n", ret);
- }
- else
- tetResult = TET_PASS;
-
- if(prikey != NULL)
- free(prikey);
- cert_svc_cert_context_final(ctx);
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
+++ /dev/null
-/*
- * certification service
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Kidong Kim <kd0228.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <error.h>
-
-#include <cert-service.h>
-#include <tet_api.h>
-
-#define CERT_PATH "./data/Broot.pem"
-
-static void startup(void);
-static void cleanup(void);
-
-void (*tet_startup)(void) = startup;
-void (*tet_cleanup)(void) = cleanup;
-
-static void utc_SecurityFW_cert_svc_load_buf_to_context_func_01(void);
-static void utc_SecurityFW_cert_svc_load_buf_to_context_func_02(void);
-
-enum {
- POSITIVE_TC_IDX = 0x01,
- NEGATIVE_TC_IDX,
-};
-
-struct tet_testlist tet_testlist[] = {
- { utc_SecurityFW_cert_svc_load_buf_to_context_func_01, POSITIVE_TC_IDX },
- { utc_SecurityFW_cert_svc_load_buf_to_context_func_02, NEGATIVE_TC_IDX },
- { NULL, 0 }
-};
-
-static void startup(void)
-{
-}
-
-static void cleanup(void)
-{
-}
-
-/**
- * @brief Positive test case of cert_svc_load_buf_to_context()
- */
-static void utc_SecurityFW_cert_svc_load_buf_to_context_func_01(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- CERT_CONTEXT* ctx = NULL;
- char* buf = NULL;
- int fileLen = 0, readLen = 0;
- FILE* fp = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- if(!(fp = fopen(CERT_PATH, "r"))) {
- perror("fopen");
- tetResult = TET_UNINITIATED;
- goto err;
- }
- fseek(fp, 0L, SEEK_END);
- fileLen = ftell(fp);
- fseek(fp, 0L, SEEK_SET);
- buf = (char*)malloc(sizeof(char) * (fileLen + 1));
- memset(buf, 0x00, (fileLen + 1));
-
- if(fileLen != fread(buf, sizeof(char), fileLen, fp)) {
- perror("fread");
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- ret = cert_svc_load_buf_to_context(ctx, buf);
- if(ret != CERT_SVC_ERR_NO_ERROR) {
- tetResult = TET_FAIL;
- printf("[ERR] ret = [%d]\n", ret);
- }
- else
- tetResult = TET_PASS;
-
-err:
- if(buf != NULL)
- free(buf);
- if(fp != NULL)
- fclose(fp);
- cert_svc_cert_context_final(ctx);
-
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
-
-/**
- * @brief Negative test case of cert_svc_load_buf_to_context()
- */
-static void utc_SecurityFW_cert_svc_load_buf_to_context_func_02(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- CERT_CONTEXT* ctx = NULL;
- char* buf = NULL;
- int fileLen = 0, readLen = 0;
- FILE* fp = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- if(!(fp = fopen(CERT_PATH, "r"))) {
- perror("fopen");
- tetResult = TET_UNINITIATED;
- goto err;
- }
- fseek(fp, 0L, SEEK_END);
- fileLen = ftell(fp);
- fseek(fp, 0L, SEEK_SET);
- buf = (char*)malloc(sizeof(char) * (fileLen + 1));
- memset(buf, 0x00, (fileLen + 1));
-
- if(fileLen != fread(buf, sizeof(char), fileLen, fp)) {
- perror("fread");
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- ret = cert_svc_load_buf_to_context(ctx, NULL);
- if(ret != CERT_SVC_ERR_INVALID_PARAMETER) {
- tetResult = TET_FAIL;
- printf("[ERR] ret = [%d]\n", ret);
- }
- else
- tetResult = TET_PASS;
-
-err:
- if(buf != NULL)
- free(buf);
- if(fp != NULL)
- fclose(fp);
- cert_svc_cert_context_final(ctx);
-
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
+++ /dev/null
-/*
- * certification service
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Kidong Kim <kd0228.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <error.h>
-
-#include <cert-service.h>
-#include <tet_api.h>
-
-#define CERT_PATH "./data/Broot.pem"
-
-static void startup(void);
-static void cleanup(void);
-
-void (*tet_startup)(void) = startup;
-void (*tet_cleanup)(void) = cleanup;
-
-static void utc_SecurityFW_cert_svc_load_file_to_context_func_01(void);
-static void utc_SecurityFW_cert_svc_load_file_to_context_func_02(void);
-
-enum {
- POSITIVE_TC_IDX = 0x01,
- NEGATIVE_TC_IDX,
-};
-
-struct tet_testlist tet_testlist[] = {
- { utc_SecurityFW_cert_svc_load_file_to_context_func_01, POSITIVE_TC_IDX },
- { utc_SecurityFW_cert_svc_load_file_to_context_func_02, NEGATIVE_TC_IDX },
- { NULL, 0 }
-};
-
-static void startup(void)
-{
-}
-
-static void cleanup(void)
-{
-}
-
-/**
- * @brief Positive test case of cert_svc_load_file_to_context()
- */
-static void utc_SecurityFW_cert_svc_load_file_to_context_func_01(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- CERT_CONTEXT* ctx = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- ret = cert_svc_load_file_to_context(ctx, CERT_PATH);
- if(ret != CERT_SVC_ERR_NO_ERROR) {
- tetResult = TET_FAIL;
- printf("[ERR] ret = [%d]\n", ret);
- }
- else
- tetResult = TET_PASS;
-
- cert_svc_cert_context_final(ctx);
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
-
-/**
- * @brief Negative test case of cert_svc_load_file_to_context()
- */
-static void utc_SecurityFW_cert_svc_load_file_to_context_func_02(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- CERT_CONTEXT* ctx = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- ret = cert_svc_load_file_to_context(ctx, NULL);
- if(ret != CERT_SVC_ERR_INVALID_PARAMETER) {
- tetResult = TET_FAIL;
- printf("[ERR] ret = [%d]\n", ret);
- }
- else
- tetResult = TET_PASS;
-
- cert_svc_cert_context_final(ctx);
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
+++ /dev/null
-/*
- * certification service
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Kidong Kim <kd0228.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <error.h>
-
-#include <cert-service.h>
-#include <tet_api.h>
-
-#define CERT_PATH "./data/Broot.pem"
-
-static void startup(void);
-static void cleanup(void);
-
-void (*tet_startup)(void) = startup;
-void (*tet_cleanup)(void) = cleanup;
-
-static void utc_SecurityFW_cert_svc_push_buf_into_context_func_01(void);
-static void utc_SecurityFW_cert_svc_push_buf_into_context_func_02(void);
-
-enum {
- POSITIVE_TC_IDX = 0x01,
- NEGATIVE_TC_IDX,
-};
-
-struct tet_testlist tet_testlist[] = {
- { utc_SecurityFW_cert_svc_push_buf_into_context_func_01, POSITIVE_TC_IDX },
- { utc_SecurityFW_cert_svc_push_buf_into_context_func_02, NEGATIVE_TC_IDX },
- { NULL, 0 }
-};
-
-static void startup(void)
-{
-}
-
-static void cleanup(void)
-{
-}
-
-/**
- * @brief Positive test case of cert_svc_push_buf_into_context()
- */
-static void utc_SecurityFW_cert_svc_push_buf_into_context_func_01(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- CERT_CONTEXT* ctx = NULL;
- char* buf = NULL;
- int fileLen = 0, readLen = 0;
- FILE* fp = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- if(!(fp = fopen(CERT_PATH, "r"))) {
- perror("fopen");
- tetResult = TET_UNINITIATED;
- goto err;
- }
- fseek(fp, 0L, SEEK_END);
- fileLen = ftell(fp);
- fseek(fp, 0L, SEEK_SET);
- buf = (char*)malloc(sizeof(char) * (fileLen + 1));
- memset(buf, 0x00, (fileLen + 1));
-
- if(fileLen != fread(buf, sizeof(char), fileLen, fp)) {
- perror("fread");
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- ret = cert_svc_push_buf_into_context(ctx, buf);
- if(ret != CERT_SVC_ERR_NO_ERROR) {
- tetResult = TET_FAIL;
- printf("[ERR] ret = [%d]\n", ret);
- }
- else
- tetResult = TET_PASS;
-
-err:
- if(buf != NULL)
- free(buf);
- if(fp != NULL)
- fclose(fp);
- cert_svc_cert_context_final(ctx);
-
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
-
-/**
- * @brief Negative test case of cert_svc_push_buf_into_context()
- */
-static void utc_SecurityFW_cert_svc_push_buf_into_context_func_02(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- CERT_CONTEXT* ctx = NULL;
- char* buf = NULL;
- int fileLen = 0, readLen = 0;
- FILE* fp = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- if(!(fp = fopen(CERT_PATH, "r"))) {
- perror("fopen");
- tetResult = TET_UNINITIATED;
- goto err;
- }
- fseek(fp, 0L, SEEK_END);
- fileLen = ftell(fp);
- fseek(fp, 0L, SEEK_SET);
- buf = (char*)malloc(sizeof(char) * (fileLen + 1));
- memset(buf, 0x00, (fileLen + 1));
-
- if(fileLen != fread(buf, sizeof(char), fileLen, fp)) {
- perror("fread");
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- ret = cert_svc_push_buf_into_context(ctx, NULL);
- if(ret != CERT_SVC_ERR_INVALID_PARAMETER) {
- tetResult = TET_FAIL;
- printf("[ERR] ret = [%d]\n", ret);
- }
- else
- tetResult = TET_PASS;
-
-err:
- if(buf != NULL)
- free(buf);
- if(fp != NULL)
- fclose(fp);
- cert_svc_cert_context_final(ctx);
-
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
+++ /dev/null
-/*
- * certification service
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Kidong Kim <kd0228.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <error.h>
-
-#include <cert-service.h>
-#include <tet_api.h>
-
-#define CERT_PATH "./data/Broot.pem"
-
-static void startup(void);
-static void cleanup(void);
-
-void (*tet_startup)(void) = startup;
-void (*tet_cleanup)(void) = cleanup;
-
-static void utc_SecurityFW_cert_svc_push_file_into_context_func_01(void);
-static void utc_SecurityFW_cert_svc_push_file_into_context_func_02(void);
-
-enum {
- POSITIVE_TC_IDX = 0x01,
- NEGATIVE_TC_IDX,
-};
-
-struct tet_testlist tet_testlist[] = {
- { utc_SecurityFW_cert_svc_push_file_into_context_func_01, POSITIVE_TC_IDX },
- { utc_SecurityFW_cert_svc_push_file_into_context_func_02, NEGATIVE_TC_IDX },
- { NULL, 0 }
-};
-
-static void startup(void)
-{
-}
-
-static void cleanup(void)
-{
-}
-
-/**
- * @brief Positive test case of cert_svc_push_file_into_context()
- */
-static void utc_SecurityFW_cert_svc_push_file_into_context_func_01(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- CERT_CONTEXT* ctx = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- ret = cert_svc_push_file_into_context(ctx, CERT_PATH);
- if(ret != CERT_SVC_ERR_NO_ERROR) {
- tetResult = TET_FAIL;
- printf("[ERR] ret = [%d]\n", ret);
- }
- else
- tetResult = TET_PASS;
-
- cert_svc_cert_context_final(ctx);
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
-
-/**
- * @brief Negative test case of cert_svc_push_file_into_context()
- */
-static void utc_SecurityFW_cert_svc_push_file_into_context_func_02(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- CERT_CONTEXT* ctx = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- ret = cert_svc_push_file_into_context(ctx, NULL);
- if(ret != CERT_SVC_ERR_INVALID_PARAMETER) {
- tetResult = TET_FAIL;
- printf("[ERR] ret = [%d]\n", ret);
- }
- else
- tetResult = TET_PASS;
-
- cert_svc_cert_context_final(ctx);
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
+++ /dev/null
-/*
- * certification service
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Kidong Kim <kd0228.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <error.h>
-
-#include <cert-service.h>
-#include <tet_api.h>
-
-static void startup(void);
-static void cleanup(void);
-
-void (*tet_startup)(void) = startup;
-void (*tet_cleanup)(void) = cleanup;
-
-static void utc_SecurityFW_cert_svc_search_certificate_func_01(void);
-static void utc_SecurityFW_cert_svc_search_certificate_func_02(void);
-
-enum {
- POSITIVE_TC_IDX = 0x01,
- NEGATIVE_TC_IDX,
-};
-
-struct tet_testlist tet_testlist[] = {
- { utc_SecurityFW_cert_svc_search_certificate_func_01, POSITIVE_TC_IDX },
- { utc_SecurityFW_cert_svc_search_certificate_func_02, NEGATIVE_TC_IDX },
- { NULL, 0 }
-};
-
-static void startup(void)
-{
- cert_svc_add_certificate_to_store("./data/Broot.pem", "ssl");
-}
-
-static void cleanup(void)
-{
- cert_svc_delete_certificate_from_store("Broot.pem", "ssl");
-}
-
-/**
- * @brief Positive test case of cert_svc_search_certificate()
- */
-static void utc_SecurityFW_cert_svc_search_certificate_func_01(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- search_field fldNo = ISSUER_EMAILADDRESS;
- char* fldData = "EmailR";
- CERT_CONTEXT* ctx = NULL;
- cert_svc_filename_list* start = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- ret = cert_svc_search_certificate(ctx, fldNo, fldData);
- if(ret != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_FAIL;
- }
- else {
- start = ctx->fileNames;
- printf("[LOG] path: [%s]\n", start->filename);
- tetResult = TET_PASS;
- }
-
- cert_svc_cert_context_final(ctx);
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
-
-/**
- * @brief Negative test case of cert_svc_search_certificate()
- */
-static void utc_SecurityFW_cert_svc_search_certificate_func_02(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- search_field fldNo = ISSUER_EMAILADDRESS;
- char* fldData = "EmailR";
- CERT_CONTEXT* ctx = NULL;
- cert_svc_filename_list* start = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- ret = cert_svc_search_certificate(ctx, -1, fldData);
- if(ret != CERT_SVC_ERR_INVALID_PARAMETER) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_FAIL;
- }
- else
- tetResult = TET_PASS;
-
- cert_svc_cert_context_final(ctx);
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
+++ /dev/null
-/*
- * certification service
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Kidong Kim <kd0228.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <error.h>
-
-#include <cert-service.h>
-#include <tet_api.h>
-
-#define TARGET_CERT "./data/cert_chain/server.crt"
-#define CHAIN1_CERT "./data/cert_chain/chain1.crt"
-#define CHAIN2_CERT "./data/cert_chain/chain2.crt"
-#define CHAIN3_CERT "./data/cert_chain/chain3.crt"
-#define CHAIN4_CERT "./data/cert_chain/chain4.crt"
-#define CHAIN5_CERT "./data/cert_chain/chain5.crt"
-
-static void startup(void);
-static void cleanup(void);
-
-void (*tet_startup)(void) = startup;
-void (*tet_cleanup)(void) = cleanup;
-
-static void utc_SecurityFW_cert_svc_verify_certificate_func_01(void);
-static void utc_SecurityFW_cert_svc_verify_certificate_func_02(void);
-
-enum {
- POSITIVE_TC_IDX = 0x01,
- NEGATIVE_TC_IDX,
-};
-
-struct tet_testlist tet_testlist[] = {
- { utc_SecurityFW_cert_svc_verify_certificate_func_01, POSITIVE_TC_IDX },
- { utc_SecurityFW_cert_svc_verify_certificate_func_02, NEGATIVE_TC_IDX },
- { NULL, 0 }
-};
-
-static void startup(void)
-{
- cert_svc_add_certificate_to_store("./data/cert_chain/ca.crt", "ssl");
-}
-
-static void cleanup(void)
-{
- cert_svc_delete_certificate_from_store("ca.crt", "ssl");
-}
-
-/**
- * @brief Positive test case of cert_svc_verify_certificate()
- */
-static void utc_SecurityFW_cert_svc_verify_certificate_func_01(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- int validity = 0;
- CERT_CONTEXT* ctx = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- if((ret = cert_svc_load_file_to_context(ctx, TARGET_CERT)) != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- if((ret = cert_svc_push_file_into_context(ctx, CHAIN1_CERT)) != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- if((ret = cert_svc_push_file_into_context(ctx, CHAIN2_CERT)) != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- if((ret = cert_svc_push_file_into_context(ctx, CHAIN3_CERT)) != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- if((ret = cert_svc_push_file_into_context(ctx, CHAIN4_CERT)) != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- if((ret = cert_svc_push_file_into_context(ctx, CHAIN5_CERT)) != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- ret = cert_svc_verify_certificate(ctx, &validity);
- if(ret != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_FAIL;
- }
- else {
- printf("[LOG] verify_certificate, validity: [%d]\n", validity);
- tetResult = TET_PASS;
- }
-
-err:
- cert_svc_cert_context_final(ctx);
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
-
-/**
- * @brief Negative test case of cert_svc_verify_certificate()
- */
-static void utc_SecurityFW_cert_svc_verify_certificate_func_02(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- int validity = 0;
- CERT_CONTEXT* ctx = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- if((ret = cert_svc_load_file_to_context(ctx, TARGET_CERT)) != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- if((ret = cert_svc_push_file_into_context(ctx, CHAIN1_CERT)) != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- if((ret = cert_svc_push_file_into_context(ctx, CHAIN2_CERT)) != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- if((ret = cert_svc_push_file_into_context(ctx, CHAIN3_CERT)) != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- if((ret = cert_svc_push_file_into_context(ctx, CHAIN4_CERT)) != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- if((ret = cert_svc_push_file_into_context(ctx, CHAIN5_CERT)) != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- ret = cert_svc_verify_certificate(NULL, &validity);
- if(ret != CERT_SVC_ERR_INVALID_PARAMETER) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_FAIL;
- }
- else {
- printf("[LOG] verify_certificate, validity: [%d]\n", validity);
- tetResult = TET_PASS;
- }
-
-err:
- cert_svc_cert_context_final(ctx);
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
+++ /dev/null
-/*
- * certification service
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Kidong Kim <kd0228.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <error.h>
-
-#include <cert-service.h>
-#include <tet_api.h>
-
-#define CERT_PATH "./data/signing/chain1.crt"
-#define MSG_PATH "./data/signing/msg"
-#define SIG_PATH "./data/signing/msg.sig.enc"
-
-static void startup(void);
-static void cleanup(void);
-
-void (*tet_startup)(void) = startup;
-void (*tet_cleanup)(void) = cleanup;
-
-static void utc_SecurityFW_cert_svc_verify_signature_func_01(void);
-static void utc_SecurityFW_cert_svc_verify_signature_func_02(void);
-
-enum {
- POSITIVE_TC_IDX = 0x01,
- NEGATIVE_TC_IDX,
-};
-
-struct tet_testlist tet_testlist[] = {
- { utc_SecurityFW_cert_svc_verify_signature_func_01, POSITIVE_TC_IDX },
- { utc_SecurityFW_cert_svc_verify_signature_func_02, NEGATIVE_TC_IDX },
- { NULL, 0 }
-};
-
-static void startup(void)
-{
-}
-
-static void cleanup(void)
-{
-}
-
-/**
- * @brief Positive test case of cert_svc_verify_signature()
- */
-static void utc_SecurityFW_cert_svc_verify_signature_func_01(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- int validity = 0, i =0, j = 0;
- CERT_CONTEXT* ctx = NULL;
- unsigned char *msg = NULL, *sig = NULL, *tmpsig = NULL;
- int msgLen = 0, sigLen = 0;
- FILE *fp_msg = NULL, *fp_sig = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- if((ret = cert_svc_load_file_to_context(ctx, CERT_PATH)) != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- fp_msg = fopen(MSG_PATH, "rb");
- fseek(fp_msg, 0L, SEEK_END);
- msgLen = ftell(fp_msg);
- fseek(fp_msg, 0L, SEEK_SET);
- msg = (unsigned char*)malloc(sizeof(unsigned char) * (msgLen + 1));
- memset(msg, 0x00, (msgLen + 1));
- fread(msg, sizeof(unsigned char), msgLen, fp_msg);
-
- fp_sig = fopen(SIG_PATH, "rb");
- fseek(fp_sig, 0L, SEEK_END);
- sigLen = ftell(fp_sig);
- fseek(fp_sig, 0L, SEEK_SET);
- sig = (unsigned char*)malloc(sizeof(unsigned char) * (sigLen + 1));
- memset(sig, 0x00, (sigLen + 1));
- tmpsig = (unsigned char*)malloc(sizeof(unsigned char) * (sigLen + 1));
- memset(tmpsig, 0x00, (sigLen + 1));
- fread(sig, sizeof(unsigned char), sigLen, fp_sig);
-
- for(i = 0; i < sigLen; i++) {
- if(sig[i] != '\n') {
- tmpsig[j] = sig[i];
- j++;
- }
- }
-
- ret = cert_svc_verify_signature(ctx, msg, msgLen, tmpsig, NULL, &validity);
-
- if(ret != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_FAIL;
- }
- else {
- printf("[LOG] verify_signature, validity: [%d]\n", validity);
- tetResult = TET_PASS;
- }
-
-err:
- if(msg != NULL) free(msg);
- if(sig != NULL) free(sig);
- if(tmpsig != NULL) free(tmpsig);
- if(fp_msg != NULL) fclose(fp_msg);
- if(fp_sig != NULL) fclose(fp_sig);
- cert_svc_cert_context_final(ctx);
-
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
-
-/**
- * @brief Negative test case of cert_svc_verify_signature()
- */
-static void utc_SecurityFW_cert_svc_verify_signature_func_02(void)
-{
- int tetResult = TET_FAIL;
- int ret = CERT_SVC_ERR_NO_ERROR;
- int validity = 0, i =0, j = 0;
- CERT_CONTEXT* ctx = NULL;
- unsigned char *msg = NULL, *sig = NULL, *tmpsig = NULL;
- int msgLen = 0, sigLen = 0;
- FILE *fp_msg = NULL, *fp_sig = NULL;
-
- ctx = cert_svc_cert_context_init();
-
- if((ret = cert_svc_load_file_to_context(ctx, CERT_PATH)) != CERT_SVC_ERR_NO_ERROR) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_UNINITIATED;
- goto err;
- }
-
- fp_msg = fopen(MSG_PATH, "rb");
- fseek(fp_msg, 0L, SEEK_END);
- msgLen = ftell(fp_msg);
- fseek(fp_msg, 0L, SEEK_SET);
- msg = (unsigned char*)malloc(sizeof(unsigned char) * (msgLen + 1));
- memset(msg, 0x00, (msgLen + 1));
- fread(msg, sizeof(unsigned char), msgLen, fp_msg);
-
- fp_sig = fopen(SIG_PATH, "rb");
- fseek(fp_sig, 0L, SEEK_END);
- sigLen = ftell(fp_sig);
- fseek(fp_sig, 0L, SEEK_SET);
- sig = (unsigned char*)malloc(sizeof(unsigned char) * (sigLen + 1));
- memset(sig, 0x00, (sigLen + 1));
- fread(sig, sizeof(unsigned char), sigLen, fp_sig);
- tmpsig = (unsigned char*)malloc(sizeof(unsigned char) * (sigLen + 1));
- memset(tmpsig, 0x00, (sigLen + 1));
-
- for(i = 0; i < sigLen; i++) {
- if(sig[i] != '\n') {
- tmpsig[j] = sig[i];
- j++;
- }
- }
-
- ret = cert_svc_verify_signature(ctx, NULL, 0, sig, NULL, &validity);
-
- if(ret != CERT_SVC_ERR_INVALID_PARAMETER) {
- printf("[ERR] ret = [%d]\n", ret);
- tetResult = TET_FAIL;
- }
- else {
- printf("[LOG] verify_signature, validity: [%d]\n", validity);
- tetResult = TET_PASS;
- }
-
-err:
- if(msg != NULL) free(msg);
- if(sig != NULL) free(sig);
- if(tmpsig != NULL) free(tmpsig);
- if(fp_msg != NULL) fclose(fp_msg);
- if(fp_sig != NULL) fclose(fp_sig);
- cert_svc_cert_context_final(ctx);
-
- printf("[%d] [%s]\n", tetResult, __FILE__);
- tet_result(tetResult);
-}
+++ /dev/null
-# TET reserved codes
-0 "PASS"
-1 "FAIL"
-2 "UNRESOLVED"
-3 "NOTINUSE"
-4 "UNSUPPORTED"
-5 "UNTESTED"
-6 "UNINITIATED"
-7 "NORESULT"
-
-# Test suite additional codes
-33 "INSPECT"
+++ /dev/null
-all
- ^TEST
-##### Scenarios for TEST #####
-
-# Test scenario
-TEST
- :include:/scenario1/tslist
+++ /dev/null
-TET_OUTPUT_CAPTURE=False
-TET_BUILD_TOOL=make
-TET_PASS_TC_NAME=True
-TET_API_COMPLIANT=True
+++ /dev/null
-TET_OUTPUT_CAPTURE=False
-TET_CLEAN_TOOL=make clean
-TET_API_COMPLIANT=True
+++ /dev/null
-TET_OUTPUT_CAPTURE=True
-TET_API_COMPLIANT=True
-TET_PASS_TC_NAME=True
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include/cert-svc
+prefix=@PREFIX@
+exec_prefix=@EXEC_PREFIX@
+libdir=@LIBDIR@
+includedir=@INCLUDEDIR@
Name: cert-svc-vcore
Description: cert-svc-vcore
Version: @VERSION@
-Requires: cert-svc libxml-2.0 libxslt openssl libsoup-2.4 dpl-efl secure-storage xmlsec1
-Libs: -lcert-svc-vcore -L${libdir}
-Cflags: -I${includedir}
-
+Requires: cert-svc libxml-2.0 libxslt openssl libsoup-2.4 secure-storage xmlsec1
+Libs: -L${libdir} -lcert-svc-vcore
+Cflags: -I${includedir}/cert-svc
--- /dev/null
+<manifest>
+ <define>
+ <domain name="cert-svc" />
+ <provide>
+ <label name="cert-svc::private-key" />
+ <label name="cert-svc::certs-sharing" />
+ <label name="cert-svc::db" />
+ </provide>
+ </define>
+ <assign>
+ <filesystem path="/usr/lib/libcert-svc.so.1" label="_" />
+ <filesystem path="/usr/lib/libcert-svc.so.1.0.0" label="_" />
+ <filesystem path="/usr/lib/libcert-svc-vcore.so.1" label="_" />
+ <filesystem path="/usr/lib/libcert-svc-vcore.so.1.0.0" label="_" />
+ <filesystem path="/usr/share/cert-svc" label="_" type="transmutable"/>
+ <filesystem path="/opt/share/cert-svc/ca-certificate.crt" label="_"/>
+ </assign>
+ <request>
+ <domain name="cert-svc" />
+ </request>
+</manifest>
+++ /dev/null
-cert-svc (1.0.1-31) unstable; urgency=low
-
- * Add dependencies to xmlsec1 and libxml-2.0.
-
- * Git : framework/security/cert-svc
- * Tag : cert-svc_1.0.1-31
-
- -- Bartlomiej Grzelewski <b.grzelewski@samsung.com> Thu, 17 Aug 2012 10:45:00 +0200
-
-cert-svc (1.0.1-30) unstable; urgency=low
-
- * Remove UI from cert-svc repository.
-
- * Git : slp/pkgs/c/cert-svc
- * Tag : cert-svc_1.0.1-30
-
- -- Bartlomiej Grzelewski <b.grzelewski@samsung.com> Thu, 16 Aug 2012 16:25:00 +0200
-
-cert-svc (1.0.1-29) unstable; urgency=low
-
- * Fixed cert-svc-vcore pc file
-
- * Git : slp/pkgs/c/cert-svc
- * Tag : cert-svc_1.0.1-29
-
- -- Tomasz Swierczek <t.swierczek@samsung.com> Tue, 14 Aug 2012 10:12:00 +0200
-
-
-cert-svc (1.0.1-28) unstable; urgency=low
-
- * Remove "com.samsung" from source
- * Add an "delete pkcs12/pfx" funcionality and screen to Cert UI
- * Switch dependencies from ui-gadget to ui-gadget-1
- * Link ubuntu certificates into cert-svc store.
- * Fix api.
-
- * Git : framework/security/cert-svc
- * Tag : cert-svc_1.0.1-28
-
- -- Tomasz Swierczek <t.swierczek@samsung.com> Mon, 13 Aug 2012 18:51:00 +0200
-
-cert-svc (1.0.1-27) unstable; urgency=low
-
- * Selection screen added as separate EFL gadget
-
- * Git : slp/pkgs/c/cert-svc
- * Tag : cert-svc_1.0.1-27
-
- -- Tomasz Swierczek <t.swierczek@samsung.com> Tue, 31 Jul 2012 17:14:00 +0200
-
-cert-svc (1.0.1-26) unstable; urgency=low
-
- * Selection screen runs correctly with another EFL app
- * Added test for selection screen
- * Corrected comments in cert-ui-api.h
-
- * Git : slp/pkgs/c/cert-svc
- * Tag : cert-svc_1.0.1-26
-
- -- Tomasz Swierczek <t.swierczek@samsung.com> Wed, 25 Jul 2012 18:39:00 +0200
-
-cert-svc (1.0.1-25) unstable; urgency=low
-
- * another RPMization
- * added selection screen
- * added pkcs12 container install/browse menu
- * added cert-svc-ui-api library
-
- * Git : slp/pkgs/c/cert-svc
- * Tag : cert-svc_1.0.1-25
-
- -- Tomasz Swierczek <t.swierczek@samsung.com> Tue, 24 Jul 2012 22:55:00 +0200
-
-cert-svc (1.0.1-24) unstable; urgency=low
-
- * added selection screen
- * added pkcs12 container install/browse menu
- * added cert-svc-ui-api library
-
- * Git : slp/pkgs/c/cert-svc
- * Tag : cert-svc_1.0.1-24
-
- -- Tomasz Swierczek <t.swierczek@samsung.com> Tue, 24 Jul 2012 22:55:00 +0200
-
-cert-svc (1.0.1-23) unstable; urgency=low
-
- * Redebianized.
- * Remove deprecated dependency from tapi and pkgmgr.
-
- * Git : slp/pkgs/c/cert-svc
- * Tag : cert-svc_1.0.1-23
-
- -- Bartlomiej Grzelewski <b.grzelewski@samsung.com> Mon, 18 Jul 2012 18:05:11 +0100
-
-cert-svc (1.0.1-22) unstable; urgency=low
-
- * Redebianized.
- * Remove deprecated function call from lib.
-
- * Git : slp/pkgs/c/cert-svc
- * Tag : cert-svc_1.0.1-22
-
- -- Bartlomiej Grzelewski <b.grzelewski@samsung.com> Mon, 17 Jul 2012 18:15:00 +0100
-
-cert-svc (1.0.1-19) unstable; urgency=low
-
- * Redebianized
-
- * Git : slp/pkgs/c/cert-svc
- * Tag : cert-svc_1.0.1-19
-
- -- Tomasz Swierczek <t.swierczek@samsung.com> Mon, 04 Jun 2012 17:41:00 +0100
-
-cert-svc (1.0.1-18) unstable; urgency=low
-
- * Move VCore to cert-svc repository
- * Add test for vcore c-api.
- * Added Cert UI Package
-
- * Git : slp/pkgs/c/cert-svc
- * Tag : cert-svc_1.0.1-18
-
- -- Tomasz Swierczek <t.swierczek@samsung.com> Mon, 04 Jun 2012 17:20:00 +0100
-
-cert-svc (1.0.1-17) unstable; urgency=low
-
- * add certificate store for MDM
- * Git: slp/pkgs/c/cert-svc
- * Tag: cert-svc_1.0.1-17
-
- -- Kidong Kim <kd0228.kim@samsung.com> Thu, 02 Feb 2012 09:29:17 +0900
-
-cert-svc (1.0.1-16) unstable; urgency=low
-
- * 11/12/21
- * - remove self-signed certificate from certificate chain
- * Git: slp/pkgs/c/cert-svc
- * Tag: cert-svc_1.0.1-16
-
- -- Kidong Kim <kd0228.kim@samsung.com> Wed, 21 Dec 2011 10:06:41 +0900
-
-cert-svc (1.0.1-15) unstable; urgency=low
-
- * 11/12/07
- * - add boiler-plate on testcases
- * Git: 165.213.180.234:slp/pkgs/c/cert-svc
- * Tag: cert-svc_1.0.1-15
-
- -- Kidong Kim <kd0228.kim@samsung.com> Wed, 07 Dec 2011 09:47:17 +0900
-
-cert-svc (1.0.1-14) unstable; urgency=low
-
- * 11/12/02
- * - change license : LGPL -> apache
- * Git: 165.213.180.234:slp/pkgs/c/cert-svc
- * Tag: cert-svc_1.0.1-14
-
- -- Kidong Kim <kd0228.kim@samsung.com> Fri, 02 Dec 2011 16:59:02 +0900
-
-cert-svc (1.0.1-13) unstable; urgency=low
-
- * 11/11/30
- * - make all certificate stores and change ownership and permission of those
- * - use dlog instead of console(fprintf) for logging
- * - get length of private key when using PFX format certificate
- * Git: 165.213.180.234:slp/pkgs/c/cert-svc
- * Tag: cert-svc_1.0.1-13
-
- -- Kidong Kim <kd0228.kim@samsung.com> Wed, 30 Nov 2011 16:17:49 +0900
-
-cert-svc (1.0.1-12) unstable; urgency=low
-
- * add testcases
- * Git: 165.213.180.234:slp/pkgs/c/cert-svc
- * Tag: cert-svc_1.0.1-12
-
- -- Kidong Kim <kd0228.kim@samsung.com> Fri, 14 Oct 2011 14:00:11 +0900
-
-cert-svc (1.0.1-11) unstable; urgency=low
-
- * fix dependency problem
- * Git: 165.213.180.234:slp/pkgs/c/cert-svc
- * Tag: cert-svc_1.0.1-11
-
- -- Kidong Kim <kd0228.kim@samsung.com> Mon, 29 Aug 2011 09:39:01 +0900
-
-cert-svc (1.0.1-10) unstable; urgency=low
-
- * remove dnet dependency
- * Git: 165.213.180.234:slp/pkgs/c/cert-svc
- * Tag: cert-svc_1.0.1-10
-
- -- Kidong Kim <kd0228.kim@samsung.com> Fri, 26 Aug 2011 10:18:08 +0900
-
-cert-svc (1.0.1-9) unstable; urgency=low
-
- * fix name field parsing problem (temp)
- * Git: 165.213.180.234:slp/pkgs/c/cert-svc
- * Tag: cert-svc_1.0.1-9
-
- -- Kidong Kim <kd0228.kim@samsung.com> Mon, 25 Jul 2011 17:22:13 +0900
-
-cert-svc (1.0.1-8) unstable; urgency=low
-
- * fix search problem
- * Git: 165.213.180.234:slp/pkgs/c/cert-svc
- * Tag: cert-svc_1.0.1-8
-
- -- Kidong Kim <kd0228.kim@samsung.com> Thu, 14 Jul 2011 10:04:11 +0900
-
-cert-svc (1.0.1-7) unstable; urgency=low
-
- * fix install bug
- * Git: 165.213.180.234:slp/pkgs/c/cert-svc
- * Tag: cert-svc_1.0.1-7
-
- -- Kidong Kim <kd0228.kim@samsung.com> Wed, 13 Jul 2011 12:27:53 +0900
-
-cert-svc (1.0.1-6) unstable; urgency=low
-
- * fix boiler-plate
- * Git: 165.213.180.234:slp/pkgs/c/cert-svc
- * Tag: cert-svc_1.0.1-6
-
- -- Kidong Kim <kd0228.kim@samsung.com> Wed, 13 Jul 2011 10:12:13 +0900
-
-cert-svc (1.0.1-5) unstable; urgency=low
-
- * fix bug - verify certificate, postinst
- * Git: 165.213.180.234:slp/pkgs/c/cert-svc
- * Tag: cert-svc_1.0.1-5
-
- -- Kidong Kim <kd0228.kim@samsung.com> Thu, 23 Jun 2011 15:27:48 +0900
-
-cert-svc (1.0.1-4) unstable; urgency=low
-
- * fix bug - cannot calculate message length if message is not character string
- * Git: 165.213.180.234:slp/pkgs/c/cert-svc
- * Tag: cert-svc_1.0.1-4
-
- -- Kidong Kim <kd0228.kim@samsung.com> Sat, 18 Jun 2011 12:56:47 +0900
-
-cert-svc (1.0.1-3) unstable; urgency=low
-
- * fix full-build error
- * Git: 165.213.180.234:slp/pkgs/c/cert-svc
- * Tag: cert-svc_1.0.1-3
-
- -- Kidong Kim <kd0228.kim@samsung.com> Tue, 14 Jun 2011 10:15:33 +0900
-
-cert-svc (1.0.1-2) unstable; urgency=low
-
- * fix installation bug
- * Git: 165.213.180.234:slp/pkgs/c/cert-svc
- * Tag: cert-svc_1.0.1-2
-
- -- Kidong Kim <kd0228.kim@samsung.com> Sat, 11 Jun 2011 10:36:30 +0900
-
-cert-svc (1.0.1-1) unstable; urgency=low
-
- * add dpkg-pki-sig, fix some bugs
- * Git: 165.213.180.234:slp/pkgs/c/cert-svc
- * Tag: cert-svc_1.0.1-1
-
- -- Kidong Kim <kd0228.kim@samsung.com> Fri, 10 Jun 2011 11:38:26 +0900
-
-cert-svc (1.0.0-1) unstable; urgency=low
-
- * Initial Release
- * Git: 165.213.180.234:slp/pkgs/c/cert-svc
- * Tag: cert-svc_1.0.0-1
-
- -- Kidong Kim <kd0228.kim@samsung.com> Tue, 07 Jun 2011 13:48:44 +0900
+++ /dev/null
-mgr-app (0.0.1-1) unstable; urgency=low
-
- * first source package for building
-
- -- ManHyun Hwang <mh222.hwang@samsung.com> Thu, 30 JUN 2011 13:43:34 +0900
-
+++ /dev/null
-libug-setting-manage-application-efl (0.0.1-1) unstable; urgency=low
-
- * first source package for building
-
- -- ManHyun Hwang <mh222.hwang@samsung.com> Thu, 30 JUN 2011 13:43:34 +0900
-
+++ /dev/null
-Name=manage application
-Exec=${PREFIX}/bin/mgr-app
-Hidden=False
-Version=@VERSION@
-Type=Application
-X-TIZEN-TaskManage=True
-X-TIZEN-Multiple=False
-
-Name[en_US]=manage application
-Name[nl_NL]=manage application
-Name[de_DE]=manage application
-Name[zh_HK]=manage application
-Name[zh_CN]=manage application
-Name[ru_RU]=manage application
-Name[ko_KR]=manage application
-Name[zh_TW]=manage application
-Name[ja_JP]=manage application
-Name[es_ES]=manage application
-Name[el_GR]=manage application
-Name[it_IT]=manage application
-Name[tr_TR]=manage application
-Name[pt_PT]=manage application
-Name[fr_FR]=manage application
-
+++ /dev/null
-#!/bin/sh
-
-# file owner
-if [ ${USER} == "root" ]
-then
- echo "Test if"
-else
- eche "Test else"
-fi
-
+++ /dev/null
-Source: cert-svc
-Section: libs
-Priority: extra
-Maintainer: KiDong Kim <kd0228.kim@samsung.com>
-Build-Depends: debhelper (>= 5),
- libappcore-efl-dev,
- autotools-dev,
- libelm-dev,
- libslp-setting-dev,
- libui-gadget-dev,
- libbundle-dev,
- libaul-1-dev,
- libefreet-dev,
- libeina-dev,
- shared-mime-info,
-# java-runtime-dev,
- libail-0-dev,
- libpkgmgr-client-dev,
- libjava-parser-dev,
- debhelper (>= 7.0.50),
- libssl-dev,
- dlog-dev,
- ca-certificates,
- wrt-commons-dev,
- libxmlsec1-dev,
- libsoup2.4-dev,
- libecore-dev,
- libxml2-dev,
- libpcre-dev,
- libslp-tapi-dev,
- libappsvc-dev
-
-Package: libcert-svc1-ui
-Section: libs
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, libappsvc-dev
-Description: Manage Application package
-
-#Package: libug-setting-manage-application-efl-dbg
-#Section: debug
-#Architecture: any
-#Depends: ${shlibs:Depends}, ${misc:Depends}, libug-setting-manage-application-efl-0 (= ${binary:Version})
-#Description: Manage Application debug(unstripped) package
-
-Package: libcert-svc-dev
-Section: libdevel
-Architecture: any
-Depends: ${misc:Depends}, libcert-svc1 (= ${binary:Version}), libssl-dev, dlog-dev
-Description: Certification service development package
-
-Package: libcert-svc1
-Section: libs
-Architecture: any
-Provides: libcert-svc-0
-Replaces: libcert-svc-0
-Depends: ${shlibs:Depends}, ${misc:Depends}, sqlite3
-Description: Certification service library and executable
-
-Package: libcert-svc1-dbg
-Section: debug
-Architecture: any
-Provides: libcert-svc-dbg
-Replaces: libcert-svc-dbg
-Depends: ${misc:Depends}, libcert-svc1 (= ${binary:Version})
-Description: debug package of cert-svc library
-
-Package: libcert-svc1-test
-Section: libs
-Architecture: any
-Depends: ${misc:Depends}, ${shlibs:Depends}, libcert-svc1 (= ${binary:Version})
-Description: test program for cert-svc
+++ /dev/null
-Source: mgr-app
-Section: libs
-Priority: extra
-Maintainer: SangJun Na <juni.na@samsung.com>, Manhyun Hwang <mh222.hwang@samsung.com>, Eunmi Son <eunmi.son@samsung.com>
-Build-Depends: debhelper (>= 5),
- libappcore-efl-dev,
- autotools-dev,
- libelm-dev,
- libslp-setting-dev,
- libui-gadget-dev,
- libbundle-dev,
- libaul-1-dev,
- libefreet-dev,
- libeina-dev,
- shared-mime-info,
-# java-runtime-dev,
- libail-0-dev,
- libpkgmgr-client-dev,
- libjava-parser-dev
-
-Package: mgr-app-0
-Section: libs
-Architecture: armel
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Description: Manage Application package
-
-Package: mgr-app-dbg
-Section: debug
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, mgr-app-0 (= ${binary:Version})
-Description: Manage Application debug(unstripped) package
+++ /dev/null
-Source: libug-setting-manage-application-efl
-Section: libs
-Priority: extra
-Maintainer: SangJun Na <juni.na@samsung.com>, Manhyun Hwang <mh222.hwang@samsung.com>, Eunmi Son <eunmi.son@samsung.com>
-Build-Depends: debhelper (>= 5),
- libappcore-efl-dev,
- autotools-dev,
- libelm-dev,
- libslp-setting-dev,
- libui-gadget-dev,
- libbundle-dev,
- libaul-1-dev,
- libefreet-dev,
- libeina-dev,
- shared-mime-info,
-# java-runtime-dev,
- libail-0-dev,
- libpkgmgr-client-dev,
- libjava-parser-dev
-
-Package: libug-setting-manage-application-efl-0
-Section: libs
-Architecture: armel
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Description: Manage Application package
-
-Package: libug-setting-manage-application-efl-dbg
-Section: debug
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, libug-setting-manage-application-efl-0 (= ${binary:Version})
-Description: Manage Application debug(unstripped) package
+++ /dev/null
-/usr/include/*
-/usr/lib/pkgconfig/*
-/usr/lib/*.so
+++ /dev/null
-/usr/bin/cert-svc-test*
-/opt/apps/widget/tests/vcore_widget_uncompressed/*
-/opt/apps/widget/tests/vcore_keys/*
-/opt/apps/widget/tests/vcore_certs/*
-/opt/apps/widget/tests/pkcs12/*
-/opt/share/cert-svc/certs/code-signing/wac/root_cacert0.pem
+++ /dev/null
-/opt/ug/lib/libmgr-cert-common.so
-/opt/ug/lib/libmgr-cert-view.so
-/opt/ug/lib/libug-setting-manage-certificates-efl.so.*
-/opt/ug/lib/libug-setting-manage-certificates-efl.so
-/opt/ug/res/edje/ug-setting-manage-certificates-efl/
-/opt/ug/res/images/ug-setting-manage-certificates-efl/
-/opt/ug/res/locale/*/*/ug-setting-manage-certificates-efl.mo
+++ /dev/null
-/usr/share/cert-svc/ca-certs/code-signing/java/operator
-/usr/share/cert-svc/ca-certs/code-signing/java/manufacture
-/usr/share/cert-svc/ca-certs/code-signing/java/thirdparty
-/usr/share/cert-svc/ca-certs/code-signing/debian
-/usr/share/cert-svc/ca-certs/code-signing/wac
-/opt/share/cert-svc/certs/code-signing/java/operator
-/opt/share/cert-svc/certs/code-signing/java/manufacture
-/opt/share/cert-svc/certs/code-signing/java/thirdparty
-/opt/share/cert-svc/certs/code-signing/wac
-/opt/share/cert-svc/certs/sim/operator
-/opt/share/cert-svc/certs/sim/thirdparty
-/opt/share/cert-svc/certs/ssl
-/opt/share/cert-svc/certs/user
-/opt/share/cert-svc/certs/trusteduser
-/opt/share/cert-svc/certs/mdm/security/cert
+++ /dev/null
-/usr/bin/cert_svc_create_clean_db.sh
-/usr/lib/*.so.*
-/usr/bin/dpkg-pki-sig
-/opt/share/cert-svc/targetinfo
-/usr/share/cert-svc/cert_svc_vcore_db.sql
-/usr/share/cert-svc/fingerprint_list.xml
-/usr/share/cert-svc/fingerprint_list.xsd
-/usr/share/cert-svc/schema.xsd
-/opt/share/cert-svc/certs/code-signing/wac/wac0.root.preproduction.pem
-/opt/share/cert-svc/certs/code-signing/wac/wac0.root.production.pem
-/opt/share/cert-svc/certs/code-signing/wac/wac0.publisherid.pem
-/opt/share/cert-svc/certs/code-signing/wac/tizen0.root.preproduction.cert.pem
-
+++ /dev/null
-/opt/etc/ssl/certs/ /usr/share/cert-svc/ca-certs/ssl
+++ /dev/null
-#!/bin/sh -e
-
-USE_CERT=6524
-
-case "$1" in
- configure)
- if [ `whoami` = "root" ]
- then
- chown -R root:${USE_CERT} /opt/share/cert-svc/certs/
- chmod -R 0775 /opt/share/cert-svc/certs/
- fi
-
- if [ -z ${2} ]
- then
- echo "This is new install of wrt-security"
- echo "Calling /usr/bin/cert_svc_create_clean_db.sh"
- /usr/bin/cert_svc_create_clean_db.sh
- else
- # Find out old and new version of databases
- VCORE_OLD_DB_VERSION=`sqlite3 /opt/dbspace/.cert_svc_vcore.db ".tables" | grep "DB_VERSION_"`
- VCORE_NEW_DB_VERSION=`cat /usr/share/cert-svc/cert_svc_vcore_db.sql | tr '[:blank:]' '\n' | grep DB_VERSION_`
- echo "OLD vcore database version ${VCORE_OLD_DB_VERSION}"
- echo "NEW vcore database version ${VCORE_NEW_DB_VERSION}"
-
- if [ ${VCORE_OLD_DB_VERSION} -a ${VCORE_NEW_DB_VERSION} ]
- then
- if [ ${VCORE_OLD_DB_VERSION} = ${VCORE_NEW_DB_VERSION} ]
- then
- echo "Equal database detected so db installation ignored"
- else
- echo "Calling /usr/bin/cert_svc_create_clean_db.sh"
- /usr/bin/cert_svc_create_clean_db.sh
- fi
- else
- echo "Calling /usr/bin/cert_svc_create_clean_db.sh"
- /usr/bin/cert_svc_create_clean_db.sh
- fi
- fi
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
+++ /dev/null
-#!/usr/bin/make -f
-# -*- makefile -*-
-# Sample debian/rules that uses debhelper.
-# This file was originally written by Joey Hess and Craig Small.
-# As a special exception, when this file is copied by dh-make into a
-# dh-make output file, you may use that output file without restriction.
-# This special exception was added by Craig Small in version 0.37 of dh-make.
-
-# Uncomment this to turn on verbose mode.
-#export DH_VERBOSE=1
-
-ppTYPE ?= ugapp
-
-CFLAGS ?= -Wall -g
-LDFLAGS ?=
-ifneq (,$(findstring app,$(TYPE)))
- PKGNAME ?= mgr-app
- PREFIX ?= /opt/apps/mgr-app
- RESDIR ?= /opt/apps/mgr-app/res
- DATADIR ?= /opt/apps/mgr-app/data
-else
- PKGNAME ?= libug-setting-manage-certificates-efl
- PREFIX ?= /opt/ug
- RESDIR ?= /opt/ug/res
- DATADIR ?= /opt/ug/res/etc
-endif
-
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
- CFLAGS += -O0
- BUILD_TYPE=Debug
-else
- CFLAGS += -O2
- BUILD_TYPE=Release
-endif
-
-LDFLAGS += -Wl,--rpath=$(PREFIX)/lib -Wl,--as-needed
-
-CMAKE_BUILD_DIR ?= $(CURDIR)/cmake_build_tmp
-CMAKE_CERT_SVC_BUILD_DIR ?= $(CURDIR)/library
-
-
-configure: configure-stamp
-configure-stamp:
- dh_testdir
- # Add here commands to configure the package.
- cd $(CMAKE_CERT_SVC_BUILD_DIR) && cmake .
- mkdir -p $(CMAKE_BUILD_DIR) && cd $(CMAKE_BUILD_DIR) && CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" cmake ../ui/ -DCMAKE_INSTALL_PREFIX="$(PREFIX)" -DCMAKE_BUILD_TYPE="$(BUILD_TYPE)" -DPKGNAME="$(PKGNAME)" -DTYPE="$(TYPE)"
- touch $(CMAKE_BUILD_DIR)/configure-stamp
- touch $(CMAKE_CERT_SVC_BUILD_DIR)/configure-stamp
-
-build: build-stamp
-build-stamp: configure-stamp
- dh_testdir
-
- # Add here commands to compile the package.
- cd $(CMAKE_CERT_SVC_BUILD_DIR) && $(MAKE)
- cd $(CMAKE_BUILD_DIR) && $(MAKE)
-
- for f in `find $(CURDIR)/debian/ -name "$(PREFIX)*.in"`; do \
- cat $$f > $${f%.in}; \
- sed -i -e "s#@PREFIX@#$(PREFIX)#g" $${f%.in}; \
- sed -i -e "s#@RESDIR@#$(RESDIR)#g" $${f%.in}; \
- sed -i -e "s#@DATADIR@#$(DATADIR)#g" $${f%.in}; \
- sed -i -e "s#@PKGNAME@#$(PKGNAME)#g" $${f%.in}; \
- done
-
- touch $(CMAKE_BUILD_DIR)/$@
- touch $(CMAKE_CERT_SVC_BUILD_DIR)/$@
-
-clean:
- dh_testdir
- dh_testroot
- rm -f build-stamp configure-stamp
-
- # Add here commands to clean up after the build process.
- rm -rf $(CMAKE_BUILD_DIR)
-
- for f in `find $(CURDIR)/debian/ -name "*.in"`; do \
- rm -f $${f%.in}; \
- done
- dh_clean
-
-install: build
- dh_testdir
- dh_testroot
- dh_clean -k
- dh_installdirs
-
- cd $(CMAKE_BUILD_DIR) && $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install
- cd $(CMAKE_CERT_SVC_BUILD_DIR) && $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install
-
-
-# Build architecture-independent files here.
-binary-indep: build install
-# We have nothing to do by default.
-
-# Build architecture-dependent files here.
-binary-arch: build install
- dh_testdir
- dh_testroot
- #dh_installchangelogs
- #dh_installdocs
- #dh_installexamples
- dh_install --sourcedir=debian/tmp
- #dh_installmenu
- #dh_installdebconf
- #dh_installlogrotate
- #dh_installemacsen
- #dh_installpam
- #dh_installmime
- #dh_python
- #dh_installinit
- #dh_installcron
- #dh_installinfo
- dh_installman
- dh_link
- #dh_strip --dbg-package=$(PKGNAME)-dbg
- dh_compress
- dh_fixperms
- #dh_perl
- dh_makeshlibs
- dh_installdeb
- dh_shlibdeps
- dh_gencontrol
- dh_md5sums
- dh_builddeb
-
-binary: binary-indep binary-arch
-.PHONY: build clean binary-indep binary-arch binary install configure
-
-
SET(ETC_DIR ${PROJECT_SOURCE_DIR}/etc)
- INSTALL(FILES
+INSTALL(FILES
${ETC_DIR}/cert_svc_create_clean_db.sh
DESTINATION /usr/bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-INSTALL(FILES
- ${ETC_DIR}/schema.xsd
- DESTINATION /usr/share/cert-svc/
- )
-
-INSTALL(FILES
- ${ETC_DIR}/fingerprint_list.xsd
- DESTINATION /usr/share/cert-svc/
- )
-
-INSTALL(FILES
- ${ETC_DIR}/fingerprint_list.xml
- DESTINATION /usr/share/cert-svc/
)
-
-ADD_SUBDIRECTORY(certificates)
chown root:6026 /opt/dbspace/.$name.db-journal
chmod 660 /opt/dbspace/.$name.db
chmod 660 /opt/dbspace/.$name.db-journal
+ if [ -f /usr/lib/rpm-plugins/msm.so ]
+ then
+ chsmack -a "cert-svc::db" /opt/dbspace/.$name.db
+ chsmack -a "cert-svc::db" /opt/dbspace/.$name.db-journal
+ fi
done
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- b3:cb:d1:5b:de:6e:66:95
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=Suwon, O=Samsung Electronics, OU=SLP, CN=SLP WebApp Temporary CA/emailAddress=yunchan.cho@samsung.com
- Validity
- Not Before: Dec 8 10:27:32 2011 GMT
- Not After : Nov 30 10:27:32 2021 GMT
- Subject: C=KR, ST=Suwon, O=Samsung Electronics, OU=SLP, CN=SLP WebApp Temporary CA/emailAddress=yunchan.cho@samsung.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (1024 bit)
- Modulus:
- 00:cb:46:b8:94:81:b1:83:d7:29:05:2a:33:01:9e:
- 66:15:f8:be:bb:95:17:dd:7a:c4:c2:f5:d9:e4:aa:
- fd:c8:8d:a9:48:65:fc:3d:dc:47:d7:2a:2f:5e:c7:
- 1f:22:ed:e0:98:e6:43:6d:74:82:ca:7d:22:9c:60:
- 44:18:cd:ca:d6:6b:16:ca:ed:63:c9:7a:f1:00:df:
- e4:6b:33:47:2f:78:75:61:d7:c9:29:3e:a9:ee:76:
- dd:2e:fe:9d:e7:3c:0d:02:f4:e9:2d:46:74:49:52:
- ef:a0:d6:9d:4d:08:65:ea:6b:35:72:a5:08:d8:46:
- 46:03:99:7c:66:8c:60:c4:91
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- 47:A8:8F:CD:1F:22:BA:69:85:13:55:21:2D:C2:19:2D:5F:FF:DC:03
- X509v3 Authority Key Identifier:
- keyid:47:A8:8F:CD:1F:22:BA:69:85:13:55:21:2D:C2:19:2D:5F:FF:DC:03
-
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- c2:c4:62:f2:ec:6f:2b:05:9c:09:cc:ae:e9:77:a9:1d:66:6b:
- 03:7b:01:3a:e6:29:bb:2a:b8:15:d8:a1:7d:9b:05:b4:8c:cb:
- ae:c7:eb:68:c0:e3:29:c7:e7:5a:ca:1a:0c:3a:ab:91:80:4f:
- 9b:36:d4:45:b4:7b:2c:ef:f3:fd:cb:84:84:85:42:3d:ec:18:
- 3f:5f:9e:b1:1f:8d:0a:57:89:51:e4:eb:7e:da:e9:79:82:61:
- 38:ad:ca:94:43:71:00:73:13:b9:e9:ef:bc:68:c5:ff:5e:0a:
- f6:b9:2a:3d:1d:21:77:22:d0:4e:e7:ad:da:31:0b:51:fa:44:
- cd:fa
------BEGIN CERTIFICATE-----
-MIIC9jCCAl+gAwIBAgIJALPL0VvebmaVMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYD
-VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xHDAaBgNVBAoME1NhbXN1bmcgRWxlY3Ry
-b25pY3MxDDAKBgNVBAsMA1NMUDEgMB4GA1UEAwwXU0xQIFdlYkFwcCBUZW1wb3Jh
-cnkgQ0ExJjAkBgkqhkiG9w0BCQEWF3l1bmNoYW4uY2hvQHNhbXN1bmcuY29tMB4X
-DTExMTIwODEwMjczMloXDTIxMTEzMDEwMjczMlowgZMxCzAJBgNVBAYTAktSMQ4w
-DAYDVQQIDAVTdXdvbjEcMBoGA1UECgwTU2Ftc3VuZyBFbGVjdHJvbmljczEMMAoG
-A1UECwwDU0xQMSAwHgYDVQQDDBdTTFAgV2ViQXBwIFRlbXBvcmFyeSBDQTEmMCQG
-CSqGSIb3DQEJARYXeXVuY2hhbi5jaG9Ac2Ftc3VuZy5jb20wgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAMtGuJSBsYPXKQUqMwGeZhX4vruVF916xML12eSq/ciN
-qUhl/D3cR9cqL17HHyLt4JjmQ210gsp9IpxgRBjNytZrFsrtY8l68QDf5GszRy94
-dWHXySk+qe523S7+nec8DQL06S1GdElS76DWnU0IZeprNXKlCNhGRgOZfGaMYMSR
-AgMBAAGjUDBOMB0GA1UdDgQWBBRHqI/NHyK6aYUTVSEtwhktX//cAzAfBgNVHSME
-GDAWgBRHqI/NHyK6aYUTVSEtwhktX//cAzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
-DQEBBQUAA4GBAMLEYvLsbysFnAnMrul3qR1mawN7ATrmKbsquBXYoX2bBbSMy67H
-62jA4ynH51rKGgw6q5GAT5s21EW0eyzv8/3LhISFQj3sGD9fnrEfjQpXiVHk637a
-6XmCYTitypRDcQBzE7np77xoxf9eCva5Kj0dIXci0E7nrdoxC1H6RM36
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIID9DCCAtygAwIBAgIOZscBAQACO65mNg72468wDQYJKoZIhvcNAQEFBQAwgZQx
-CzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMTEwLwYD
-VQQLEyhQcmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMTQw
-MgYDVQQDEytQcmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENB
-IElJMB4XDTA2MDYwODE0MTYwMVoXDTI1MTIzMTIyNTk1OVowgZQxCzAJBgNVBAYT
-AkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMTEwLwYDVQQLEyhQcmUt
-UHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMTQwMgYDVQQDEytQ
-cmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBIElJMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Ewnr8E24AqXnf1Lu7w/g79Hht+W
-lvWQg7cPC7685oj0htT0SmDy94uQaC3qRzBJktLKCyuniABykhdTr04rGWgzqD8n
-EzcFCt5k0gF39l3ND/JL+S2YJK/f/xc884hjcLsHUU7cAd6mDlVkOszFK86DNbu0
-noz0y1y462RIOvPCjkYl/GJ5zL62bdDbgFqrWMPZ54JFG0Rj1v575ygfOd2LwOXe
-xjzqfYI4JOx9frKWakPTehW+0UY5UdF0cMvHuLJie9H0vOobR4vtkenbS283b6j7
-0WCoU/BeAr4qskvMs9WwkwDquO4XnzYQDsEVgjBu4H2W0ihNUYJbRo8wtQIDAQAB
-o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU
-DTX6+fYyziPR1HZxViaGOj66QOYwDQYJKoZIhvcNAQEFBQADggEBALZ0pfjOfePn
-D/6QDCt+cjQ5+U4eKcOlJMXrpEAlnC6oAnN1hqbOQaj44aIAbNap36E/Hl9s0Uga
-c4nz73o5uPvdDmbWzNnMz6ey5NU0XXNzHxQWFdb0+Z7Cho5txoZjjynYXmyQc3RJ
-rrPI+6Uej6sEv15ZGirjABza6pNJ+2NLojLyUb+8et3OCLS+wJ4qrX/5uwgL50Lt
-0M2iPdZv+gjZwNmNWYIflYrSXa3ujclH+EAkkk/G1JxPzhVI3cII3y2DUZQAPCcX
-XQDXIX2zJo7bYaUYJhlEeiGX17cdXMXDT1tbXKKg2mRIga1K4lknn9U/vzkjMJXL
-GA38dUZRZ2Y=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDijCCAnKgAwIBAgIOMwoBAQAuBBKsIqIni7QwDQYJKoZIhvcNAQELBQAwYDEL
-MAkGA1UEBhMCR0IxJTAjBgNVBAoMHFdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBM
-dGQxKjAoBgNVBAMMIVdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQgVEVTVDAe
-Fw0xMTAzMDMxNTA3MTlaFw0zNjAzMDMxNTA3MTlaMGAxCzAJBgNVBAYTAkdCMSUw
-IwYDVQQKDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkMSowKAYDVQQDDCFX
-QUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkIFRFU1QwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQC1PB3UrpAQgLSVqHRPhHqdDJsjKQe/CT9oS4lA+mI/
-vkhAvam/EvcNrNHcLVvSph+Mj0d2Y2J9wkcNW7fS3qZJXtpMNU36r7XdBk9kiYhc
-PwJbckCo9Pp8YFxkuR6xV6Cc4o54mO2mumxDQ1hbwCsc5CT7yQz0FVVhCE01X6JJ
-D61DvqmAzCUpehmEXthNV/s/o8fL+I2mD75p8vNDyIZHSJX59czO3PriT3tH2h+0
-tQx7NEWG70fQEU2CzcH9UngPYU7xXqNOhT9GmI/yL3HTeYGNH3i5VHrBjxeTF11t
-IWSUDWQX1W0Y7TbN06XcGcuqPgjZ9xMcV7S4OiCBJz5nAgMBAAGjQjBAMA8GA1Ud
-EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQp5dzy2tJEArpT
-qcQWNXG6J7y5WTANBgkqhkiG9w0BAQsFAAOCAQEAoXuyi8AjMx2yKVpss7xpVi5v
-aUjcHU3AlptjNCFrXI6Bw+KJGNo8ydYlEASRd5dL/pJ6/V+UuUt9EngjUSdYOZGB
-OgCeB2sJI8EZSay2LLhOCmkAxltC94Y/KRzkKqsYvNc6yvF85d+d4gbokf4APjmR
-1TSlZLZsVhwfR0k0mer2rHQGE5Ljezdk7ZGeEMLdn6WFScwjo980EI0OqEoJU3on
-+1TTBYudZ4o3qMgHiFwJafUJ6i3zuYbi9x86zMqeI4dJTbsTKLM0QV8vIdzI9fkV
-t1tO/uBBAsNFUv8PAYwP4AFyGvyJbR4uxwxuQZKrltgjSTkPGYR14JtrGk7Y9g==
------END CERTIFICATE-----
-
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDgTCCAmmgAwIBAgIPAKTxAAEALtiV8/+rhB6+MA0GCSqGSIb3DQEBCwUAMFsx
-CzAJBgNVBAYTAkdCMSUwIwYDVQQKDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMg
-THRkMSUwIwYDVQQDDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkMB4XDTEx
-MDMxNDE0MDEwNFoXDTM2MDMxNDE0MDEwNFowWzELMAkGA1UEBhMCR0IxJTAjBgNV
-BAoMHFdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQxJTAjBgNVBAMMHFdBQyBB
-cHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQDCf6RHUPVBUY4YXYMdrmt5yO95eRCOG6vJtI9w0UM2w/2fihD5SMYa
-3cCVam4j6F8FSspMIx+4CTCwdDSUixBGENwGEhD4qxqqV3KTObmxmYbELa97S1IP
-qwoFelzUX6e+qHmYHi+eu/hONeiZaPBLtUtCd6ppCd5ACrD/kf/Ug/tfUtngozjG
-sJ1UB10Ezi3fKs3OkkZMuecJvjWmDpRAyvIeeV8xfzeyn+DMpvhnI9RrSY0j4huE
-ud6Lzzg0jV8+m54v0j7hv9klyNcGiZ+bmHr0LIyAtT+uktcms/4p3V9j01SI9Tmw
-HcHKDXnM6kuThWpr6DR9KFSZ8zD2Nx5nAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB
-Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBT5bKdU2+CGE17R+o/rMCZHHMn+
-WzANBgkqhkiG9w0BAQsFAAOCAQEAXmO+J5suIGuzbfYBoTdr8gahFfWEbhm1y6mJ
-eZAc+Mf5L+In20p+Oj5uy6LsTmJsE9VE/+gi1eALKl9EhgYhET2ZlAzRFCN5dTWv
-NTAFxJfGMkn2U5iW+luJ+lejyYBqEEFRpzwhXZbVDZQLim4CU75H75KzFkUgTulG
-5M6U/Plt6S1rKgMkeYiR27W4C2NZMFXYqctt0m+eKEa3ueZE9pYUxqVcvQKSI017
-Nbc1kSkcuSKFV2Bk2T5dh5jQvywykdWLubAe6XiiC5CIT31kcSX6AlVhgNxWRRKP
-QFO7lWqxnQMR2Or38ve7oSg1oL5Sx80fcbp3ovaYSKt5jnVWfg==
------END CERTIFICATE-----
-
+++ /dev/null
-<CertificateSet>
- <CertificateDomain name="wacpublisher">
- <FingerprintSHA1>AF:90:29:D2:B2:E1:6F:D6:7E:7E:EC:8E:BE:74:FA:4C:00:9C:49:FE</FingerprintSHA1><!-- root.cert.pem w3c signature tests -->
- <FingerprintSHA1>A6:00:BC:53:AC:37:5B:6A:03:C3:7A:8A:E0:1B:87:8B:82:94:9B:C2</FingerprintSHA1><!-- wac.publisher.pem -->
- <FingerprintSHA1>C2:C4:B5:72:9A:CF:D9:72:C5:DE:C1:E1:30:FF:74:7F:7A:AF:27:12</FingerprintSHA1><!-- root_cacert.pem certificate for internal tests -->
- </CertificateDomain>
- <CertificateDomain name="wacroot">
- <FingerprintSHA1>AF:90:29:D2:B2:E1:6F:D6:7E:7E:EC:8E:BE:74:FA:4C:00:9C:49:FE</FingerprintSHA1><!-- root.cert.pem w3c signature tests -->
- <FingerprintSHA1>C2:C4:B5:72:9A:CF:D9:72:C5:DE:C1:E1:30:FF:74:7F:7A:AF:27:12</FingerprintSHA1><!-- root_cacert.pem certificate for internal tests -->
- <FingerprintSHA1>A0:59:D3:37:E8:C8:2E:7F:38:84:7D:21:A9:9E:19:A9:8E:EC:EB:E1</FingerprintSHA1><!-- wac.root.production.pem -->
- <FingerprintSHA1>8D:1F:CB:31:68:11:DA:22:59:26:58:13:6C:C6:72:C9:F0:DE:84:2A</FingerprintSHA1><!-- wac.root.preproduction.pem -->
- </CertificateDomain>
- <CertificateDomain name="developer">
- <FingerprintSHA1>4A:9D:7A:4B:3B:29:D4:69:0A:70:B3:80:EC:A9:44:6B:03:7C:9A:38</FingerprintSHA1><!-- operator.root.cert.pem internal tests-->
- </CertificateDomain>
- <CertificateDomain name="wacmember">
- </CertificateDomain>
- <CertificateDomain name="tizenmember">
- <FingerprintSHA1>AD:A1:44:89:6A:35:6D:17:01:E9:6F:46:C6:00:7B:78:BE:2E:D9:4E</FingerprintSHA1><!-- tizen.root.preproduction.cert.pem for internal test of SDK -->
- </CertificateDomain>
-</CertificateSet>
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE schema
- PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "http://www.w3.org/2001/XMLSchema.dtd"
- [
- <!ATTLIST schema
- xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
- <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
- <!ENTITY % p ''>
- <!ENTITY % s ''>
- ]>
-
-<!-- Schema for XML Signatures
- http://www.w3.org/2000/09/xmldsig#
- $Revision: 1.1 $ on $Date: 2002/02/08 20:32:26 $ by $Author: reagle $
-
- Copyright 2001 The Internet Society and W3C (Massachusetts Institute
- of Technology, Institut National de Recherche en Informatique et en
- Automatique, Keio University). All Rights Reserved.
- http://www.w3.org/Consortium/Legal/
-
- This document is governed by the W3C Software License [1] as described
- in the FAQ [2].
-
- [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
- [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
--->
-
-
-<schema xmlns="http://www.w3.org/2001/XMLSchema"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- targetNamespace="http://www.w3.org/2000/09/xmldsig#"
- version="0.1" elementFormDefault="qualified">
-
-<!-- Basic Types Defined for Signatures -->
-
-<simpleType name="CryptoBinary">
- <restriction base="base64Binary">
- </restriction>
-</simpleType>
-
-<!-- Start Signature -->
-
-<element name="Signature" type="ds:SignatureType"/>
-<complexType name="SignatureType">
- <sequence>
- <element ref="ds:SignedInfo"/>
- <element ref="ds:SignatureValue"/>
- <element ref="ds:KeyInfo" minOccurs="0"/>
- <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="SignatureValue" type="ds:SignatureValueType"/>
- <complexType name="SignatureValueType">
- <simpleContent>
- <extension base="base64Binary">
- <attribute name="Id" type="ID" use="optional"/>
- </extension>
- </simpleContent>
- </complexType>
-
-<!-- Start SignedInfo -->
-
-<element name="SignedInfo" type="ds:SignedInfoType"/>
-<complexType name="SignedInfoType">
- <sequence>
- <element ref="ds:CanonicalizationMethod"/>
- <element ref="ds:SignatureMethod"/>
- <element ref="ds:Reference" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
- <complexType name="CanonicalizationMethodType" mixed="true">
- <sequence>
- <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
- <!-- (0,unbounded) elements from (1,1) namespace -->
- </sequence>
- <attribute name="Algorithm" type="anyURI" use="required"/>
- </complexType>
-
- <element name="SignatureMethod" type="ds:SignatureMethodType"/>
- <complexType name="SignatureMethodType" mixed="true">
- <sequence>
- <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
- <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
- <!-- (0,unbounded) elements from (1,1) external namespace -->
- </sequence>
- <attribute name="Algorithm" type="anyURI" use="required"/>
- </complexType>
-
-<!-- Start Reference -->
-
-<element name="Reference" type="ds:ReferenceType"/>
-<complexType name="ReferenceType">
- <sequence>
- <element ref="ds:Transforms" minOccurs="0"/>
- <element ref="ds:DigestMethod"/>
- <element ref="ds:DigestValue"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
- <attribute name="URI" type="anyURI" use="optional"/>
- <attribute name="Type" type="anyURI" use="optional"/>
-</complexType>
-
- <element name="Transforms" type="ds:TransformsType"/>
- <complexType name="TransformsType">
- <sequence>
- <element ref="ds:Transform" maxOccurs="unbounded"/>
- </sequence>
- </complexType>
-
- <element name="Transform" type="ds:TransformType"/>
- <complexType name="TransformType" mixed="true">
- <choice minOccurs="0" maxOccurs="unbounded">
- <any namespace="##other" processContents="lax"/>
- <!-- (1,1) elements from (0,unbounded) namespaces -->
- <element name="XPath" type="string"/>
- </choice>
- <attribute name="Algorithm" type="anyURI" use="required"/>
- </complexType>
-
-<!-- End Reference -->
-
-<element name="DigestMethod" type="ds:DigestMethodType"/>
-<complexType name="DigestMethodType" mixed="true">
- <sequence>
- <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Algorithm" type="anyURI" use="required"/>
-</complexType>
-
-<element name="DigestValue" type="ds:DigestValueType"/>
-<simpleType name="DigestValueType">
- <restriction base="base64Binary"/>
-</simpleType>
-
-<!-- End SignedInfo -->
-
-<!-- Start KeyInfo -->
-
-<element name="KeyInfo" type="ds:KeyInfoType"/>
-<complexType name="KeyInfoType" mixed="true">
- <choice maxOccurs="unbounded">
- <element ref="ds:KeyName"/>
- <element ref="ds:KeyValue"/>
- <element ref="ds:RetrievalMethod"/>
- <element ref="ds:X509Data"/>
- <element ref="ds:PGPData"/>
- <element ref="ds:SPKIData"/>
- <element ref="ds:MgmtData"/>
- <any processContents="lax" namespace="##other"/>
- <!-- (1,1) elements from (0,unbounded) namespaces -->
- </choice>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="KeyName" type="string"/>
- <element name="MgmtData" type="string"/>
-
- <element name="KeyValue" type="ds:KeyValueType"/>
- <complexType name="KeyValueType" mixed="true">
- <choice>
- <element ref="ds:DSAKeyValue"/>
- <element ref="ds:RSAKeyValue"/>
- <element ref="ds:ECKeyValue"/>
- <any namespace="##other" processContents="lax"/>
- </choice>
- </complexType>
-
-<!-- ECDSA KEY DEFINITIONS -->
-
- <element name="ECKeyValue" type="ds:ECKeyValueType"/>
- <complexType name="ECKeyValueType">
- <sequence>
- <choice>
- <element name="ECParameters" type="ds:ECParametersType"/>
- <element name="NamedCurve" type="ds:NamedCurveType"/>
- </choice>
- <element name="PublicKey" type="ds:ECPointType"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
- </complexType>
-
- <complexType name="NamedCurveType">
- <attribute name="URI" type="anyURI" use="required"/>
- </complexType>
-
- <simpleType name="ECPointType">
- <restriction base="ds:CryptoBinary"/>
- </simpleType>
-
- <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
- <complexType name="RetrievalMethodType">
- <sequence>
- <element ref="ds:Transforms" minOccurs="0"/>
- </sequence>
- <attribute name="URI" type="anyURI"/>
- <attribute name="Type" type="anyURI" use="optional"/>
- </complexType>
-
- <complexType name="ECParametersType">
- <sequence>
- <element name="FieldID" type="ds:FieldIDType"/>
- <element name="Curve" type="ds:CurveType"/>
- <element name="Base" type="ds:ECPointType"/>
- <element name="Order" type="ds:CryptoBinary"/>
- <element name="CoFactor" type="integer" minOccurs="0"/>
- <element name="ValidationData" type="ds:ECValidationDataType" minOccurs="0"/>
- </sequence>
- </complexType>
-
- <complexType name="FieldIDType">
- <choice>
- <element ref="ds:Prime"/>
- <element ref="ds:TnB"/>
- <element ref="ds:PnB"/>
- <element ref="ds:GnB"/>
- <any namespace="##other" processContents="lax"/>
- </choice>
- </complexType>
-
- <element name="Prime" type="ds:PrimeFieldParamsType"/>
- <complexType name="PrimeFieldParamsType">
- <sequence>
- <element name="P" type="ds:CryptoBinary"/>
- </sequence>
- </complexType>
-
- <element name="GnB" type="ds:CharTwoFieldParamsType"/>
- <complexType name="CharTwoFieldParamsType">
- <sequence>
- <element name="M" type="positiveInteger"/>
- </sequence>
- </complexType>
-
- <element name="TnB" type="ds:TnBFieldParamsType"/>
- <complexType name="TnBFieldParamsType">
- <complexContent>
- <extension base="ds:CharTwoFieldParamsType">
- <sequence>
- <element name="K" type="positiveInteger"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
-
- <element name="PnB" type="ds:PnBFieldParamsType"/>
- <complexType name="PnBFieldParamsType">
- <complexContent>
- <extension base="ds:CharTwoFieldParamsType">
- <sequence>
- <element name="K1" type="positiveInteger"/>
- <element name="K2" type="positiveInteger"/>
- <element name="K3" type="positiveInteger"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
-
- <complexType name="CurveType">
- <sequence>
- <element name="A" type="ds:CryptoBinary"/>
- <element name="B" type="ds:CryptoBinary"/>
- </sequence>
- </complexType>
-
- <complexType name="ECValidationDataType">
- <sequence>
- <element name="seed" type="ds:CryptoBinary"/>
- </sequence>
- <attribute name="hashAlgorithm" type="anyURI" use="required"/>
- </complexType>
-
-
-<!-- Start X509Data -->
-
-<element name="X509Data" type="ds:X509DataType"/>
-<complexType name="X509DataType">
- <sequence maxOccurs="unbounded">
- <choice>
- <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
- <element name="X509SKI" type="base64Binary"/>
- <element name="X509SubjectName" type="string"/>
- <element name="X509Certificate" type="base64Binary"/>
- <element name="X509CRL" type="base64Binary"/>
- <any namespace="##other" processContents="lax"/>
- </choice>
- </sequence>
-</complexType>
-
-<complexType name="X509IssuerSerialType">
- <sequence>
- <element name="X509IssuerName" type="string"/>
- <element name="X509SerialNumber" type="integer"/>
- </sequence>
-</complexType>
-
-<!-- End X509Data -->
-
-<!-- Begin PGPData -->
-
-<element name="PGPData" type="ds:PGPDataType"/>
-<complexType name="PGPDataType">
- <choice>
- <sequence>
- <element name="PGPKeyID" type="base64Binary"/>
- <element name="PGPKeyPacket" type="base64Binary" minOccurs="0"/>
- <any namespace="##other" processContents="lax" minOccurs="0"
- maxOccurs="unbounded"/>
- </sequence>
- <sequence>
- <element name="PGPKeyPacket" type="base64Binary"/>
- <any namespace="##other" processContents="lax" minOccurs="0"
- maxOccurs="unbounded"/>
- </sequence>
- </choice>
-</complexType>
-
-<!-- End PGPData -->
-
-<!-- Begin SPKIData -->
-
-<element name="SPKIData" type="ds:SPKIDataType"/>
-<complexType name="SPKIDataType">
- <sequence maxOccurs="unbounded">
- <element name="SPKISexp" type="base64Binary"/>
- <any namespace="##other" processContents="lax" minOccurs="0"/>
- </sequence>
-</complexType>
-
-<!-- End SPKIData -->
-
-<!-- End KeyInfo -->
-
-<!-- Start Object (Manifest, SignatureProperty) -->
-
-<element name="Object" type="ds:ObjectType"/>
-<complexType name="ObjectType" mixed="true">
- <sequence minOccurs="0" maxOccurs="unbounded">
- <any namespace="##any" processContents="lax"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
- <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
- <attribute name="Encoding" type="anyURI" use="optional"/>
-</complexType>
-
-<element name="Manifest" type="ds:ManifestType"/>
-<complexType name="ManifestType">
- <sequence>
- <element ref="ds:Reference" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
-<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
-<complexType name="SignaturePropertiesType">
- <sequence>
- <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
- <complexType name="SignaturePropertyType" mixed="true">
- <choice maxOccurs="unbounded">
- <any namespace="##other" processContents="lax"/>
- <!-- (1,1) elements from (1,unbounded) namespaces -->
- </choice>
- <attribute name="Target" type="anyURI" use="required"/>
- <attribute name="Id" type="ID" use="optional"/>
- </complexType>
-
-<!-- End Object (Manifest, SignatureProperty) -->
-
-<!-- Start Algorithm Parameters -->
-
-<simpleType name="HMACOutputLengthType">
- <restriction base="integer"/>
-</simpleType>
-
-<!-- Start KeyValue Element-types -->
-
-<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
-<complexType name="DSAKeyValueType">
- <sequence>
- <sequence minOccurs="0">
- <element name="P" type="ds:CryptoBinary"/>
- <element name="Q" type="ds:CryptoBinary"/>
- </sequence>
- <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
- <element name="Y" type="ds:CryptoBinary"/>
- <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
- <sequence minOccurs="0">
- <element name="Seed" type="ds:CryptoBinary"/>
- <element name="PgenCounter" type="ds:CryptoBinary"/>
- </sequence>
- </sequence>
-</complexType>
-
-<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
-<complexType name="RSAKeyValueType">
- <sequence>
- <element name="Modulus" type="ds:CryptoBinary"/>
- <element name="Exponent" type="ds:CryptoBinary"/>
- </sequence>
-</complexType>
-
-<!-- End KeyValue Element-types -->
-
-<!-- End Signature -->
-
-</schema>
/*********************************************************************************/
/* Logging */
/*********************************************************************************/
-#ifdef CERT_SVC_LOG
+#ifdef LOG_TAG
+#undef LOG_TAG
+#endif
#define LOG_TAG "CERT_SVC"
#include <dlog.h>
-#elif CERT_SVC_LOG_CONSOLE
-#define SLOGV(FMT, ARG ...) fprintf(stderr, FMT, ##ARG)
-#define SLOGD(FMT, ARG ...) fprintf(stderr, FMT, ##ARG)
-#define SLOGI(FMT, ARG ...) fprintf(stderr, FMT, ##ARG)
-#define SLOGE(FMT, ARG ...) fprintf(stderr, FMT, ##ARG)
-#define SLOGW(FMT, ARG ...) fprintf(stderr, FMT, ##ARG)
-#define SLOGF(FMT, ARG ...) fprintf(stderr, FMT, ##ARG)
-
-#else
-#define SLOGV(FMT, ARG ...) {}
-#define SLOGD(FMT, ARG ...) {}
-#define SLOGI(FMT, ARG ...) {}
-#define SLOGE(FMT, ARG ...) {}
-#define SLOGW(FMT, ARG ...) {}
-#define SLOGF(FMT, ARG ...) {}
-
-#endif
#ifdef __cplusplus
}
#define CERT_SERVICE_PROCESS_H
#include <time.h>
+#include <openssl/x509v3.h>
#ifdef __cplusplus
extern "C" {
/* Variable definitions */
/*********************************************************************************/
+struct cert_svc_inode_set;
+
/*********************************************************************************/
/* Variable definitions */
/*********************************************************************************/
int parse_name_fld_data(unsigned char* str, cert_svc_name_fld_data* fld);
int parse_time_fld_data(unsigned char* before, unsigned char* after, cert_svc_validity_fld_data* fld);
+int _parse_name_fld_data(unsigned char* str, cert_svc_name_fld_data* fld);
int search_data_field(search_field fldName, char* fldData, cert_svc_cert_descriptor* certDesc);
-int get_filelist_recur(char* dirName, cert_svc_filename_list* fileNames, int* fileNum);
-int get_all_certificates(cert_svc_filename_list* allCerts);
+int get_filelist_recur(char* dirName, cert_svc_filename_list* fileNames,
+ struct cert_svc_inode_set *visited);
+int get_all_certificates(cert_svc_filename_list** allCerts);
int sort_cert_chain(cert_svc_linked_list** unsorted, cert_svc_linked_list** sorted);
cert_svc_linked_list* find_issuer_from_list(cert_svc_linked_list* list, cert_svc_linked_list* p);
-int is_CAcert(cert_svc_mem_buff* cert, int* isCA);
+int is_CACert(cert_svc_mem_buff* cert, int* isCA);
int compare_period(int year, int month, int day, int hour, int min, int sec, struct tm* tm);
int is_expired(cert_svc_mem_buff* cert, int* isExpired);
-
+int VerifyCallbackfunc(int ok, X509_STORE_CTX* store);
+int _get_all_certificates(char* const *paths, cert_svc_filename_list **lst);
+
int _verify_certificate(cert_svc_mem_buff* certBuf, cert_svc_linked_list** certList, cert_svc_filename_list* fileNames, int* validity);
+int _verify_certificate_with_caflag(cert_svc_mem_buff* certBuf, cert_svc_linked_list** certList, int checkCaFlag, cert_svc_filename_list* fileNames, int* validity);
int _verify_signature(cert_svc_mem_buff* certBuf, unsigned char* message, int msgLen, unsigned char* signature, char* algo, int* validity);
int _extract_certificate_data(cert_svc_mem_buff* cert, cert_svc_cert_descriptor* certDesc);
int _search_certificate(cert_svc_filename_list** fileNames, search_field fldName, char* fldData);
-int _check_ocsp_status(cert_svc_mem_buff* cert, const char* uri);
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+int _check_ocsp_status(cert_svc_mem_buff* cert, cert_svc_linked_list** certList, const char* uri);
+#endif
+int _remove_selfsigned_cert_in_chain(cert_svc_linked_list** certList);
int release_certificate_buf(cert_svc_mem_buff* certBuf);
int release_certificate_data(cert_svc_cert_descriptor* certDesc);
int release_cert_list(cert_svc_linked_list* certList);
int release_filename_list(cert_svc_filename_list* fileNames);
+
+int get_visibility(CERT_CONTEXT* context, int* visibility);
#ifdef __cplusplus
}
#ifndef CERT_SERVICE_UTIL_H
#define CERT_SERVICE_UTIL_H
+#include <openssl/x509v3.h>
+
#ifdef __cplusplus
extern "C" {
#endif // __cplusplus
int cert_svc_util_get_file_size(const char* filepath, unsigned long int* length);
int cert_svc_util_load_file_to_buffer(const char* filePath, cert_svc_mem_buff* certBuf);
-int cert_svc_util_load_PFX_file_to_buffer(const char* filePath, cert_svc_mem_buff* certBuf, cert_svc_linked_list* certLink, unsigned char** privateKey, int* priKeyLen, char* passPhrase);
+int cert_svc_util_load_PFX_file_to_buffer(const char* filePath, cert_svc_mem_buff* certBuf, cert_svc_linked_list** certLink, unsigned char** privateKey, int* priKeyLen, char* passPhrase);
int cert_svc_util_get_cert_path(const char* fileName, const char* location, char* retBuf);
int cert_svc_util_base64_encode(char* in, int inLen, char* out, int* outLen);
int cert_svc_util_base64_decode(char* in, int inLen, char* out, int* outLen);
-
+int cert_svc_util_get_extension(const char* filePath, cert_svc_mem_buff* certBuf);
+int push_cert_into_linked_list(cert_svc_linked_list** certLink, X509* popedCert);
+int get_visibility_by_fingerprint(const char* fingerprint, int* visibility);
#ifdef __cplusplus
}
#endif // __cplusplus
#define CERT_SVC_ERR_INVALID_PARAMETER -15
#define CERT_SVC_ERR_PERMISSION_DENIED -16
#define CERT_SVC_ERR_IS_EXPIRED -17
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+#define CERT_SVC_ERR_OCSP_REVOKED -18
+#define CERT_SVC_ERR_OCSP_UNKNOWN -19
+#define CERT_SVC_ERR_OCSP_VERIFICATION_ERROR -20
+#define CERT_SVC_ERR_OCSP_NO_SUPPORT -21
+#define CERT_SVC_ERR_OCSP_NETWORK_FAILED -22
+#define CERT_SVC_ERR_OCSP_INTERNAL -23
+#define CERT_SVC_ERR_OCSP_REMOTE -24
+#endif
/* default certificate file path */
#define CERT_SVC_STORE_PATH "/opt/share/cert-svc/certs/"
-#define CERT_SVC_STORE_PATH_KEYS "/opt/share/cert-svc/keys/"
-#define CERT_SVC_STORE_PATH_DEFAULT "//* opt/share/cert-svc/certs/ssl/ */"
-#define CERT_SVC_SEARCH_PATH_RO "/usr/share/cert-svc/ca-certs/"
+#define CERT_SVC_STORE_PATH_DEFAULT "/opt/share/cert-svc/certs/ssl/"
+#define CERT_SVC_SEARCH_PATH_RO "/usr/share/cert-svc/certs/"
#define CERT_SVC_SEARCH_PATH_RW "/opt/share/cert-svc/certs/"
-#define CERT_SVC_STORE_PATH_PKCS12 "/opt/share/cert-svc/pkcs12"
/*********************************************************************************/
/* Type definitions */
SEARCH_FIELD_END = 16,
} search_field;
+typedef enum cert_svc_visibility_t {
+ CERT_SVC_VISIBILITY_DEVELOPER = 1,
+ CERT_SVC_VISIBILITY_TEST = 1 << 1,
+ CERT_SVC_VISIBILITY_VERIFY = 1 << 2,
+ CERT_SVC_VISIBILITY_PUBLIC = 1 << 6,
+ CERT_SVC_VISIBILITY_PARTNER = 1 << 7,
+ CERT_SVC_VISIBILITY_PARTNER_OPERATOR = 1 << 8,
+ CERT_SVC_VISIBILITY_PARTNER_MANUFACTURER = 1 << 9,
+ CERT_SVC_VISIBILITY_PLATFORM = 1 << 10
+} cert_svc_visibility;
+
typedef struct {
unsigned int firstSecond;
unsigned int firstMinute;
int cert_svc_add_certificate_to_store(const char* filePath, const char* location);
int cert_svc_delete_certificate_from_store(const char* fileName, const char* location);
int cert_svc_verify_certificate(CERT_CONTEXT* ctx, int* validity);
+int cert_svc_verify_certificate_with_caflag(CERT_CONTEXT* ctx, int* validity);
int cert_svc_verify_signature(CERT_CONTEXT* ctx, unsigned char* message, int msgLen, unsigned char* signature, char* algo, int* validity);
int cert_svc_extract_certificate_data(CERT_CONTEXT* ctx);
int cert_svc_search_certificate(CERT_CONTEXT* ctx, search_field fldName, char* fldData);
+int cert_svc_get_visibility(CERT_CONTEXT* ctx, int* visibility);
+int cert_svc_get_visibility_by_root_certificate(const char* cert_data, int data_len, int* visibility);
+
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
int cert_svc_check_ocsp_status(CERT_CONTEXT* ctx, const char* uri);
+#endif
+char* cert_svc_get_certificate_crt_file_path(void);
#ifdef __cplusplus
}
#endif // __cplusplus
fi
echo "*** pre-requirement ***"
-mkdir ./demoCA
-touch ./demoCA/serial
+/bin/mkdir ./demoCA
+/bin/touch ./demoCA/serial
echo "00" > ./demoCA/serial
-touch ./demoCA/index.txt
+/bin/touch ./demoCA/index.txt
echo "*** make key pair for SDK ***"
-openssl genrsa -out ${SDK_keyname} 1024
+/usr/bin/openssl genrsa -out ${SDK_keyname} 1024
echo "*** make certificate request ***"
-openssl req -new -days 3650 -key ${SDK_keyname} -out ${SDK_certreqname} \
+/usr/bin/openssl req -new -days 3650 -key ${SDK_keyname} -out ${SDK_certreqname} \
-subj '/C=KR/ST=Kyung-gi do/L=SuWon-si/O=Samsung/OU=DMC/CN='$5
echo "*** make SDK cert ***"
-openssl ca -in ${SDK_certreqname} -out ${SDK_certname} -keyfile ${CA_keyname} -cert ${CA_certname} -outdir . << EOF
+/usr/bin/openssl ca -in ${SDK_certreqname} -out ${SDK_certname} -keyfile ${CA_keyname} -cert ${CA_certname} -outdir . << EOF
y
y
EOF
echo "*** remove temporary files ***"
-rm -f ${SDK_certreqname}
-rm -f *.pem
-rm -rf ./demoCA
+/bin/rm -f ${SDK_certreqname}
+/bin/rm -f *.pem
+/bin/rm -rf ./demoCA
-#sbs-git:slp/pkgs/c/cert-svc cert-svc 1.0.1 ad7eb7efcefb37b06017c69cb2fc44e6f7b6cab7
+%define tizen_feature_certsvc_ocsp_crl 0
+%define certsvc_build_test_package 0
+
Name: cert-svc
Summary: Certification service
Version: 1.0.1
-Release: 31
+Release: 45
Group: System/Libraries
-License: SAMSUNG
+License: Apache-2.0
Source0: %{name}-%{version}.tar.gz
-
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig
-
BuildRequires: cmake
BuildRequires: pkgconfig(dlog)
BuildRequires: pkgconfig(openssl)
-BuildRequires: pkgconfig(evas)
-BuildRequires: pkgconfig(dpl-efl)
-BuildRequires: pkgconfig(libsoup-2.4)
-BuildRequires: pkgconfig(libpcre)
BuildRequires: pkgconfig(libpcrecpp)
BuildRequires: pkgconfig(xmlsec1)
BuildRequires: pkgconfig(secure-storage)
BuildRequires: pkgconfig(glib-2.0)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(libxslt)
-
+BuildRequires: pkgconfig(icu-i18n)
+BuildRequires: pkgconfig(libsoup-2.4)
+BuildRequires: boost-devel
+%if 0%{?tizen_feature_certsvc_ocsp_crl}
+BuildRequires: pkgconfig(vconf)
+BuildRequires: pkgconfig(sqlite3)
+%endif
Provides: libcert-svc-vcore.so.1
%description
Certification service
-
%package devel
Summary: Certification service (development files)
Group: Development/Libraries
%description devel
Certification service (developement files)
+%if 0%{?certsvc_build_test_package}
%package test
Summary: Certification service (tests)
Group: System/Misc
+Requires: boost-devel
Requires: %{name} = %{version}-%{release}
%description test
Certification service (tests)
+%endif
%prep
%setup -q
%build
-cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix}
+
+export CFLAGS="$CFLAGS -DTIZEN_DEBUG_ENABLE"
+export CXXFLAGS="$CXXFLAGS -DTIZEN_DEBUG_ENABLE"
+export FFLAGS="$FFLAGS -DTIZEN_DEBUG_ENABLE"
+
+
+export CFLAGS="$CFLAGS -DTIZEN_ENGINEER_MODE"
+export CXXFLAGS="$CXXFLAGS -DTIZEN_ENGINEER_MODE"
+export FFLAGS="$FFLAGS -DTIZEN_ENGINEER_MODE"
+
+%ifarch %{ix86}
+export CFLAGS="$CFLAGS -DTIZEN_EMULATOR_MODE"
+export CXXFLAGS="$CXXFLAGS -DTIZEN_EMULATOR_MODE"
+export FFLAGS="$FFLAGS -DTIZEN_EMULATOR_MODE"
+%endif
+
+%{!?build_type:%define build_type "RELEASE"}
+cmake . -DPREFIX=%{_prefix} \
+ -DEXEC_PREFIX=%{_exec_prefix} \
+ -DLIBDIR=%{_libdir} \
+ -DBINDIR=%{_bindir} \
+ -DINCLUDEDIR=%{_includedir} \
+ -DTIZEN_ENGINEER_MODE=1 \
+%if 0%{?tizen_feature_certsvc_ocsp_crl}
+ -DTIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL=1 \
+%endif
+%if 0%{?certsvc_build_test_package}
+ -DCERTSVC_BUILD_TEST_PACKAGE=1 \
+%endif
+ -DCMAKE_BUILD_TYPE=%{build_type}
+
make %{?jobs:-j%jobs}
%install
rm -rf %{buildroot}
+mkdir -p %{buildroot}/usr/share/license
+mkdir -p %{buildroot}/opt/share/cert-svc
+cp LICENSE.APLv2 %{buildroot}/usr/share/license/%{name}
%make_install
+ln -sf /opt/etc/ssl/certs %{buildroot}/opt/share/cert-svc/certs/ssl
+touch %{buildroot}/opt/share/cert-svc/pkcs12/storage
+chmod 766 %{buildroot}/opt/share/cert-svc/pkcs12/storage
%clean
rm -rf %{buildroot}
%post
/sbin/ldconfig
+%if 0%{?tizen_feature_certsvc_ocsp_crl}
if [ -z ${2} ]; then
- echo "This is new install of wrt-security"
+ echo "This is new install of cert-svc"
echo "Calling /usr/bin/cert_svc_create_clean_db.sh"
/usr/bin/cert_svc_create_clean_db.sh
else
/usr/bin/cert_svc_create_clean_db.sh
fi
fi
-
-ln -s /opt/etc/ssl/certs /usr/share/cert-svc/ca-certs/ssl
+rm /usr/bin/cert_svc_create_clean_db.sh
+%endif #tizen_feature_certsvc_ocsp_crl
%postun
/sbin/ldconfig
-rm /usr/share/cert-svc/ca-certs/ssl
%files
%defattr(-,root,root,-)
-%{_bindir}/cert_svc_create_clean_db.sh
+%manifest %{name}.manifest
+%attr(0755,root,root) %{_bindir}/cert_svc_create_clean_db.sh
%{_libdir}/*.so.*
-%{_bindir}/dpkg-pki-sig
+#%{_bindir}/dpkg-pki-sig
/opt/share/cert-svc/targetinfo
+%if 0%{?tizen_feature_certsvc_ocsp_crl}
%{_datadir}/cert-svc/cert_svc_vcore_db.sql
-%{_datadir}/cert-svc/fingerprint_list.xml
-%{_datadir}/cert-svc/fingerprint_list.xsd
-%{_datadir}/cert-svc/schema.xsd
+%endif
+%{_datadir}/license/%{name}
%dir %attr(0755,root,use_cert) /usr/share/cert-svc
-%dir %attr(0755,root,use_cert) /usr/share/cert-svc/ca-certs
-%dir %attr(0755,root,use_cert) /usr/share/cert-svc/ca-certs/code-signing
-%dir %attr(0755,root,use_cert) /usr/share/cert-svc/ca-certs/code-signing/native
-%dir %attr(0755,root,use_cert) /usr/share/cert-svc/ca-certs/code-signing/wac
-%dir %attr(0777,root,use_cert) /opt/share/cert-svc
-%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs
-%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/code-signing
-%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/code-signing/wac
-%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/sim
-%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/sim/operator
-%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/sim/thirdparty
-%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/ssl
+#%dir %attr(0755,root,use_cert) /usr/share/cert-svc/ca-certs
+#%dir %attr(0755,root,use_cert) /usr/share/cert-svc/ca-certs/code-signing
+#%dir %attr(0755,root,use_cert) /usr/share/cert-svc/ca-certs/code-signing/native
+#%dir %attr(0755,root,use_cert) /usr/share/cert-svc/ca-certs/code-signing/wac
+%dir %attr(0775,root,use_cert) /usr/share/cert-svc/certs/code-signing
+%dir %attr(0775,root,use_cert) /usr/share/cert-svc/certs/code-signing/wac
+%dir %attr(0775,root,use_cert) /usr/share/cert-svc/certs/code-signing/tizen
+%dir %attr(0775,root,use_cert) /opt/share/cert-svc
+%dir %attr(0775,root,use_cert) /opt/share/cert-svc/certs
+#%dir %attr(0775,root,use_cert) /opt/share/cert-svc/certs/code-signing
+#%dir %attr(0775,root,use_cert) /opt/share/cert-svc/certs/code-signing/wac
+#%dir %attr(0775,root,use_cert) /opt/share/cert-svc/certs/code-signing/tizen
+%dir %attr(0775,root,use_cert) /opt/share/cert-svc/certs/sim
+%dir %attr(0775,root,use_cert) /opt/share/cert-svc/certs/sim/operator
+%dir %attr(0775,root,use_cert) /opt/share/cert-svc/certs/sim/thirdparty
%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/user
%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/trusteduser
-%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/mdm
-%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/mdm/security
-%dir %attr(0777,root,use_cert) /opt/share/cert-svc/certs/mdm/security/cert
+%dir %attr(0775,root,use_cert) /opt/share/cert-svc/certs/mdm
+%dir %attr(0775,root,use_cert) /opt/share/cert-svc/certs/mdm/security
+%dir %attr(0775,root,use_cert) /opt/share/cert-svc/certs/mdm/security/cert
%dir %attr(0777,root,use_cert) /opt/share/cert-svc/pkcs12
-/opt/share/cert-svc/certs/code-signing/wac/wac0.root.preproduction.pem
-/opt/share/cert-svc/certs/code-signing/wac/wac0.root.production.pem
-/opt/share/cert-svc/certs/code-signing/wac/wac0.publisherid.pem
-/opt/share/cert-svc/certs/code-signing/wac/tizen0.root.preproduction.cert.pem
+%dir %attr(0700, root, root) /opt/share/cert-svc/pin
+%if 0%{?tizen_feature_certsvc_ocsp_crl}
+%attr(0755,root,use_cert) /usr/share/cert-svc/certs/fota/*
+%endif
+/opt/share/cert-svc/pin/.pin
+/opt/share/cert-svc/certs/ssl
+/opt/share/cert-svc/pkcs12/storage
+%attr(0755,root,app) /opt/share/cert-svc/ca-certificate.crt
%files devel
%defattr(-,root,root,-)
%{_libdir}/pkgconfig/*
%{_libdir}/*.so
+%if 0%{?certsvc_build_test_package}
+%pre test
+rm -rf /usr/share/cert-svc/certs/code-signing/wac/root_cacert0.pem
+##rm -rf /opt/share/cert-svc/certs/code-signing/wac/root_cacert0.pem
+
%files test
%defattr(-,root,root,-)
%{_bindir}/cert-svc-test*
/opt/apps/widget/tests/vcore_widget_uncompressed/*
+/opt/apps/widget/tests/vcore_widget_uncompressed_negative_hash/*
+/opt/apps/widget/tests/vcore_widget_uncompressed_negative_signature/*
+/opt/apps/widget/tests/vcore_widget_uncompressed_negative_certificate/*
+/opt/apps/widget/tests/vcore_widget_uncompressed_partner/*
+/opt/apps/widget/tests/vcore_widget_uncompressed_partner_operator/*
/opt/apps/widget/tests/vcore_keys/*
/opt/apps/widget/tests/vcore_certs/*
+/opt/apps/widget/tests/vcore_config/*
/opt/apps/widget/tests/pkcs12/*
-/opt/share/cert-svc/certs/code-signing/wac/root_cacert0.pem
+/opt/apps/widget/tests/reference/*
+/opt/etc/ssl/certs/8956b9bc.0
+/usr/share/cert-svc/certs/code-signing/wac/root_cacert0.pem
+#/opt/share/cert-svc/certs/code-signing/wac/root_cacert0.pem
/opt/share/cert-svc/pkcs12/*
+/opt/share/cert-svc/cert-type/*
+/opt/share/cert-svc/tests/orig_c/data/caflag/*
+%if 0%{?tizen_feature_certsvc_ocsp_crl}
+/opt/share/cert-svc/tests/orig_c/data/ocsp/*
+%endif #tizen_feature_certsvc_ocsp_crl
+/opt/share/cert-svc/certs/root_ca*.der
+/opt/share/cert-svc/certs/second_ca*.der
+%endif
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB
+lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
+SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG
+A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe
+MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v
+d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh
+cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn
+0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ
+M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a
+MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd
+oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI
+DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy
+oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0
+dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy
+bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF
+BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM
+//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli
+CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE
+CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t
+3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS
+KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV
+BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X
+DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ
+BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4
+QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny
+gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw
+zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q
+130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2
+JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw
+ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT
+AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj
+AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG
+9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h
+bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc
+fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu
+HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w
+t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw
+WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGizCCBXOgAwIBAgIEO0XlaDANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJF
+UzEfMB0GA1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UECxMGUEtJ
+R1ZBMScwJQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmEwHhcN
+MDEwNzA2MTYyMjQ3WhcNMjEwNzAxMTUyMjQ3WjBoMQswCQYDVQQGEwJFUzEfMB0G
+A1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UECxMGUEtJR1ZBMScw
+JQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGKqtXETcvIorKA3Qdyu0togu8M1JAJke+
+WmmmO3I2F0zo37i7L3bhQEZ0ZQKQUgi0/6iMweDHiVYQOTPvaLRfX9ptI6GJXiKj
+SgbwJ/BXufjpTjJ3Cj9BZPPrZe52/lSqfR0grvPXdMIKX/UIKFIIzFVd0g/bmoGl
+u6GzwZTNVOAydTGRGmKy3nXiz0+J2ZGQD0EbtFpKd71ng+CT516nDOeB0/RSrFOy
+A8dEJvt55cs0YFAQexvba9dHq198aMpunUEDEO5rmXteJajCq+TA81yc477OMUxk
+Hl6AovWDfgzWyoxVjr7gvkkHD6MkQXpYHYTqWBLI4bft75PelAgxAgMBAAGjggM7
+MIIDNzAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnBr
+aS5ndmEuZXMwEgYDVR0TAQH/BAgwBgEB/wIBAjCCAjQGA1UdIASCAiswggInMIIC
+IwYKKwYBBAG/VQIBADCCAhMwggHoBggrBgEFBQcCAjCCAdoeggHWAEEAdQB0AG8A
+cgBpAGQAYQBkACAAZABlACAAQwBlAHIAdABpAGYAaQBjAGEAYwBpAPMAbgAgAFIA
+YQDtAHoAIABkAGUAIABsAGEAIABHAGUAbgBlAHIAYQBsAGkAdABhAHQAIABWAGEA
+bABlAG4AYwBpAGEAbgBhAC4ADQAKAEwAYQAgAEQAZQBjAGwAYQByAGEAYwBpAPMA
+bgAgAGQAZQAgAFAAcgDhAGMAdABpAGMAYQBzACAAZABlACAAQwBlAHIAdABpAGYA
+aQBjAGEAYwBpAPMAbgAgAHEAdQBlACAAcgBpAGcAZQAgAGUAbAAgAGYAdQBuAGMA
+aQBvAG4AYQBtAGkAZQBuAHQAbwAgAGQAZQAgAGwAYQAgAHAAcgBlAHMAZQBuAHQA
+ZQAgAEEAdQB0AG8AcgBpAGQAYQBkACAAZABlACAAQwBlAHIAdABpAGYAaQBjAGEA
+YwBpAPMAbgAgAHMAZQAgAGUAbgBjAHUAZQBuAHQAcgBhACAAZQBuACAAbABhACAA
+ZABpAHIAZQBjAGMAaQDzAG4AIAB3AGUAYgAgAGgAdAB0AHAAOgAvAC8AdwB3AHcA
+LgBwAGsAaQAuAGcAdgBhAC4AZQBzAC8AYwBwAHMwJQYIKwYBBQUHAgEWGWh0dHA6
+Ly93d3cucGtpLmd2YS5lcy9jcHMwHQYDVR0OBBYEFHs100DSHHgZZu90ECjcPk+y
+eAT8MIGVBgNVHSMEgY0wgYqAFHs100DSHHgZZu90ECjcPk+yeAT8oWykajBoMQsw
+CQYDVQQGEwJFUzEfMB0GA1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0G
+A1UECxMGUEtJR1ZBMScwJQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVu
+Y2lhbmGCBDtF5WgwDQYJKoZIhvcNAQEFBQADggEBACRhTvW1yEICKrNcda3Fbcrn
+lD+laJWIwVTAEGmiEi8YPyVQqHxK6sYJ2fR1xkDar1CdPaUWu20xxsdzCkj+IHLt
+b8zog2EWRpABlUt9jppSCS/2bxzkoXHPjCpaF3ODR00PNvsETUlR4hTJZGH71BTg
+9J63NI8KJr2XXPR5OkowGcytT6CYirQxlyric21+eLj4iIlPsSKRZEv1UN4D2+XF
+ducTZnV+ZfsBn5OHiJ35Rld8TWCvmHMTI6QgkYH60GFmuH3Rr9ZvHmw96RH9qfmC
+IoaZM3Fa6hlXPZHNqcCjbgcTpsnt+GijnsNacgmHKNHEc8RzGF9QdRYxn7fofMM=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
+yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
+ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL
+MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
+ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln
+biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
+U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1
+nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex
+t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz
+SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG
+BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
+rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/
+NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
+BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH
+BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
+aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv
+MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
+p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
+5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
+WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
+4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
+hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDoDCCAoigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJKUDEc
+MBoGA1UEChMTSmFwYW5lc2UgR292ZXJubWVudDEWMBQGA1UECxMNQXBwbGljYXRp
+b25DQTAeFw0wNzEyMTIxNTAwMDBaFw0xNzEyMTIxNTAwMDBaMEMxCzAJBgNVBAYT
+AkpQMRwwGgYDVQQKExNKYXBhbmVzZSBHb3Zlcm5tZW50MRYwFAYDVQQLEw1BcHBs
+aWNhdGlvbkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp23gdE6H
+j6UG3mii24aZS2QNcfAKBZuOquHMLtJqO8F6tJdhjYq+xpqcBrSGUeQ3DnR4fl+K
+f5Sk10cI/VBaVuRorChzoHvpfxiSQE8tnfWuREhzNgaeZCw7NCPbXCbkcXmP1G55
+IrmTwcrNwVbtiGrXoDkhBFcsovW8R0FPXjQilbUfKW1eSvNNcr5BViCH/OlQR9cw
+FO5cjFW6WY2H/CPek9AEjP3vbb3QesmlOmpyM8ZKDQUXKi17safY1vC+9D/qDiht
+QWEjdnjDuGWk81quzMKq2edY3rZ+nYVunyoKb58DKTCXKB28t89UKU5RMfkntigm
+/qJj5kEW8DOYRwIDAQABo4GeMIGbMB0GA1UdDgQWBBRUWssmP3HMlEYNllPqa0jQ
+k/5CdTAOBgNVHQ8BAf8EBAMCAQYwWQYDVR0RBFIwUKROMEwxCzAJBgNVBAYTAkpQ
+MRgwFgYDVQQKDA/ml6XmnKzlm73mlL/lupwxIzAhBgNVBAsMGuOCouODl+ODquOC
+seODvOOCt+ODp+ODs0NBMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBADlqRHZ3ODrso2dGD/mLBqj7apAxzn7s2tGJfHrrLgy9mTLnsCTWw//1sogJ
+hyzjVOGjprIIC8CFqMjSnHH2HZ9g/DgzE+Ge3Atf2hZQKXsvcJEPmbo0NI2VdMV+
+eKlmXb3KIXdCEKxmJj3ekav9FfBv7WxfEPjzFvYDio+nEhEMy/0/ecGc/WLuo89U
+DNErXxc+4z6/wCs+CZv+iKZ+tJIX/COUgb1up8WMwusRRdv4QcmWdupwX3kSa+Sj
+B1oF7ydJzyGfikwJcGapJsErEU4z0g781mzSDjJkaP+tBXhfAx2o45CsJOAPQKdL
+rosot4LKGAfmt1t06SAZf7IbiVQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF5zCCA8+gAwIBAgIITK9zQhyOdAIwDQYJKoZIhvcNAQEFBQAwgYAxODA2BgNV
+BAMML0VCRyBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx
+c8SxMTcwNQYDVQQKDC5FQkcgQmlsacWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXpt
+ZXRsZXJpIEEuxZ4uMQswCQYDVQQGEwJUUjAeFw0wNjA4MTcwMDIxMDlaFw0xNjA4
+MTQwMDMxMDlaMIGAMTgwNgYDVQQDDC9FQkcgRWxla3Ryb25payBTZXJ0aWZpa2Eg
+SGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTE3MDUGA1UECgwuRUJHIEJpbGnFn2ltIFRl
+a25vbG9qaWxlcmkgdmUgSGl6bWV0bGVyaSBBLsWeLjELMAkGA1UEBhMCVFIwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDuoIRh0DpqZhAy2DE4f6en5f2h
+4fuXd7hxlugTlkaDT7byX3JWbhNgpQGR4lvFzVcfd2NR/y8927k/qqk153nQ9dAk
+tiHq6yOU/im/+4mRDGSaBUorzAzu8T2bgmmkTPiab+ci2hC6X5L8GCcKqKpE+i4s
+tPtGmggDg3KriORqcsnlZR9uKg+ds+g75AxuetpX/dfreYteIAbTdgtsApWjluTL
+dlHRKJ2hGvxEok3MenaoDT2/F08iiFD9rrbskFBKW5+VQarKD7JK/oCZTqNGFav4
+c0JqwmZ2sQomFd2TkuzbqV9UIlKRcF0T6kjsbgNs2d1s/OsNA/+mgxKb8amTD8Um
+TDGyY5lhcucqZJnSuOl14nypqZoaqsNW2xCaPINStnuWt6yHd6i58mcLlEOzrz5z
++kI2sSXFCjEmN1ZnuqMLfdb3ic1nobc6HmZP9qBVFCVMLDMNpkGMvQQxahByCp0O
+Lna9XvNRiYuoP1Vzv9s6xiQFlpJIqkuNKgPlV5EQ9GooFW5Hd4RcUXSfGenmHmMW
+OeMRFeNYGkS9y8RsZteEBt8w9DeiQyJ50hBs37vmExH8nYQKE3vwO9D8owrXieqW
+fo1IhR5kX9tUoqzVegJ5a9KK8GfaZXINFHDk6Y54jzJ0fFfy1tb0Nokb+Clsi7n2
+l9GkLqq+CxnCRelwXQIDAJ3Zo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIBBjAdBgNVHQ4EFgQU587GT/wWZ5b6SqMHwQSny2re2kcwHwYDVR0jBBgw
+FoAU587GT/wWZ5b6SqMHwQSny2re2kcwDQYJKoZIhvcNAQEFBQADggIBAJuYml2+
+8ygjdsZs93/mQJ7ANtyVDR2tFcU22NU57/IeIl6zgrRdu0waypIN30ckHrMk2pGI
+6YNw3ZPX6bqz3xZaPt7gyPvT/Wwp+BVGoGgmzJNSroIBk5DKd8pNSe/iWtkqvTDO
+TLKBtjDOWU/aWR1qeqRFsIImgYZ29fUQALjuswnoT4cCB64kXPBfrAowzIpAoHME
+wfuJJPaaHFy3PApnNgUIMbOv2AFoKuB4j3TeuFGkjGwgPaL7s9QJ/XvCgKqTbCmY
+Iai7FvOpEl90tYeY8pUm3zTvilORiF0alKM/fCL414i6poyWqD1SNGKfAB5UVUJn
+xk1Gj7sURT0KlhaOEKGXmdXTMIXM3rRyt7yKPBgpaP3ccQfuJDlq+u2lrDgv+R4Q
+DgZxGhBM/nV+/x5XOULK1+EVoVZVWRvRo68R2E7DpSvvkL/A7IITW43WciyTTo9q
+Kd+FPNMN4KIYEsxVL0e3p5sC/kH2iExt2qkBR4NkJ2IQgtYSe14DHzSpyZH+r11t
+hie3I6p1GMog57AP14kOpmciY/SDQSsGS7tY1dHXt7kQY9iJSrSq3RZj9W6+YKH4
+7ejWkE8axsWgKdOnIaj1Wjz3x0miIZpKlVIglnKaZsv30oZDfCK+lvm9AahH3eU7
+QPl1K5srRmSGjR70j/sHd9DqSaIcjVIUpgqT
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIHqDCCBpCgAwIBAgIRAMy4579OKRr9otxmpRwsDxEwDQYJKoZIhvcNAQEFBQAw
+cjELMAkGA1UEBhMCSFUxETAPBgNVBAcTCEJ1ZGFwZXN0MRYwFAYDVQQKEw1NaWNy
+b3NlYyBMdGQuMRQwEgYDVQQLEwtlLVN6aWdubyBDQTEiMCAGA1UEAxMZTWljcm9z
+ZWMgZS1Temlnbm8gUm9vdCBDQTAeFw0wNTA0MDYxMjI4NDRaFw0xNzA0MDYxMjI4
+NDRaMHIxCzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVzdDEWMBQGA1UEChMN
+TWljcm9zZWMgTHRkLjEUMBIGA1UECxMLZS1Temlnbm8gQ0ExIjAgBgNVBAMTGU1p
+Y3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDtyADVgXvNOABHzNuEwSFpLHSQDCHZU4ftPkNEU6+r+ICbPHiN1I2u
+uO/TEdyB5s87lozWbxXGd36hL+BfkrYn13aaHUM86tnsL+4582pnS4uCzyL4ZVX+
+LMsvfUh6PXX5qqAnu3jCBspRwn5mS6/NoqdNAoI/gqyFxuEPkEeZlApxcpMqyabA
+vjxWTHOSJ/FrtfX9/DAFYJLG65Z+AZHCabEeHXtTRbjcQR/Ji3HWVBTji1R4P770
+Yjtb9aPs1ZJ04nQw7wHb4dSrmZsqa/i9phyGI0Jf7Enemotb9HI6QMVJPqW+jqpx
+62z69Rrkav17fVVA71hu5tnVvCSrwe+3AgMBAAGjggQ3MIIEMzBnBggrBgEFBQcB
+AQRbMFkwKAYIKwYBBQUHMAGGHGh0dHBzOi8vcmNhLmUtc3ppZ25vLmh1L29jc3Aw
+LQYIKwYBBQUHMAKGIWh0dHA6Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNydDAP
+BgNVHRMBAf8EBTADAQH/MIIBcwYDVR0gBIIBajCCAWYwggFiBgwrBgEEAYGoGAIB
+AQEwggFQMCgGCCsGAQUFBwIBFhxodHRwOi8vd3d3LmUtc3ppZ25vLmh1L1NaU1ov
+MIIBIgYIKwYBBQUHAgIwggEUHoIBEABBACAAdABhAG4A+gBzAO0AdAB2AOEAbgB5
+ACAA6QByAHQAZQBsAG0AZQB6AOkAcwDpAGgAZQB6ACAA6QBzACAAZQBsAGYAbwBn
+AGEAZADhAHMA4QBoAG8AegAgAGEAIABTAHoAbwBsAGcA4QBsAHQAYQB0APMAIABT
+AHoAbwBsAGcA4QBsAHQAYQB0AOEAcwBpACAAUwB6AGEAYgDhAGwAeQB6AGEAdABh
+ACAAcwB6AGUAcgBpAG4AdAAgAGsAZQBsAGwAIABlAGwAagDhAHIAbgBpADoAIABo
+AHQAdABwADoALwAvAHcAdwB3AC4AZQAtAHMAegBpAGcAbgBvAC4AaAB1AC8AUwBa
+AFMAWgAvMIHIBgNVHR8EgcAwgb0wgbqggbeggbSGIWh0dHA6Ly93d3cuZS1zemln
+bm8uaHUvUm9vdENBLmNybIaBjmxkYXA6Ly9sZGFwLmUtc3ppZ25vLmh1L0NOPU1p
+Y3Jvc2VjJTIwZS1Temlnbm8lMjBSb290JTIwQ0EsT1U9ZS1Temlnbm8lMjBDQSxP
+PU1pY3Jvc2VjJTIwTHRkLixMPUJ1ZGFwZXN0LEM9SFU/Y2VydGlmaWNhdGVSZXZv
+Y2F0aW9uTGlzdDtiaW5hcnkwDgYDVR0PAQH/BAQDAgEGMIGWBgNVHREEgY4wgYuB
+EGluZm9AZS1zemlnbm8uaHWkdzB1MSMwIQYDVQQDDBpNaWNyb3NlYyBlLVN6aWdu
+w7MgUm9vdCBDQTEWMBQGA1UECwwNZS1TemlnbsOzIEhTWjEWMBQGA1UEChMNTWlj
+cm9zZWMgS2Z0LjERMA8GA1UEBxMIQnVkYXBlc3QxCzAJBgNVBAYTAkhVMIGsBgNV
+HSMEgaQwgaGAFMegSXUWYYTbMUuE0vE3QJDvTtz3oXakdDByMQswCQYDVQQGEwJI
+VTERMA8GA1UEBxMIQnVkYXBlc3QxFjAUBgNVBAoTDU1pY3Jvc2VjIEx0ZC4xFDAS
+BgNVBAsTC2UtU3ppZ25vIENBMSIwIAYDVQQDExlNaWNyb3NlYyBlLVN6aWdubyBS
+b290IENBghEAzLjnv04pGv2i3GalHCwPETAdBgNVHQ4EFgQUx6BJdRZhhNsxS4TS
+8TdAkO9O3PcwDQYJKoZIhvcNAQEFBQADggEBANMTnGZjWS7KXHAM/IO8VbH0jgds
+ZifOwTsgqRy7RlRw7lrMoHfqaEQn6/Ip3Xep1fvj1KcExJW4C+FEaGAHQzAxQmHl
+7tnlJNUb3+FKG6qfx1/4ehHqE5MAyopYse7tDk2016g2JnzgOsHVV4Lxdbb9iV/a
+86g4nzUGCM4ilb7N1fy+W955a9x6qWVmvrElWl/tftOsRm1M9DKHtCAE4Gx4sHfR
+hUZLphK3dehKyVZs15KrnfVJONJPU+NVkBHbmJbGSfI+9J8b4PeI3CVimUTYc78/
+MPMMNz7UwiiAc7EBt51alhQBS6kRnSlqLtBdgcDPsiBDxwPgN05dCtxZICU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDqzCCApOgAwIBAgIRAMcoRwmzuGxFjB36JPU2TukwDQYJKoZIhvcNAQEFBQAw
+PDEbMBkGA1UEAxMSQ29tU2lnbiBTZWN1cmVkIENBMRAwDgYDVQQKEwdDb21TaWdu
+MQswCQYDVQQGEwJJTDAeFw0wNDAzMjQxMTM3MjBaFw0yOTAzMTYxNTA0NTZaMDwx
+GzAZBgNVBAMTEkNvbVNpZ24gU2VjdXJlZCBDQTEQMA4GA1UEChMHQ29tU2lnbjEL
+MAkGA1UEBhMCSUwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGtWhf
+HZQVw6QIVS3joFd67+l0Kru5fFdJGhFeTymHDEjWaueP1H5XJLkGieQcPOqs49oh
+gHMhCu95mGwfCP+hUH3ymBvJVG8+pSjsIQQPRbsHPaHA+iqYHU4Gk/v1iDurX8sW
+v+bznkqH7Rnqwp9D5PGBpX8QTz7RSmKtUxvLg/8HZaWSLWapW7ha9B20IZFKF3ue
+Mv5WJDmyVIRD9YTC2LxBkMyd1mja6YJQqTtoz7VdApRgFrFD2UNd3V2Hbuq7s8lr
+9gOUCXDeFhF6K+h2j0kQmHe5Y1yLM5d19guMsqtb3nQgJT/j8xH5h2iGNXHDHYwt
+6+UarA9z1YJZQIDTAgMBAAGjgacwgaQwDAYDVR0TBAUwAwEB/zBEBgNVHR8EPTA7
+MDmgN6A1hjNodHRwOi8vZmVkaXIuY29tc2lnbi5jby5pbC9jcmwvQ29tU2lnblNl
+Y3VyZWRDQS5jcmwwDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaAFMFL7XC29z58
+ADsAj8c+DkWfHl3sMB0GA1UdDgQWBBTBS+1wtvc+fAA7AI/HPg5Fnx5d7DANBgkq
+hkiG9w0BAQUFAAOCAQEAFs/ukhNQq3sUnjO2QiBq1BW9Cav8cujvR3qQrFHBZE7p
+iL1DRYHjZiM/EoZNGeQFsOY3wo3aBijJD4mkU6l1P7CW+6tMM1X5eCZGbxs2mPtC
+dsGCuY7e+0X5YxtiOzkGynd6qDwJz2w2PQ8KRUtpFhpFfTMDZflScZAmlaxMDPWL
+kz/MdXSFmLr/YnpNH4n+rr2UAJm/EaXc4HnFFgt9AmEd6oX5AhVP51qJThRv4zdL
+hfXBPGHg/QVBspJ/wx2g0K5SZGBrGMYmnNj1ZOQ2GmKfig8+/21OGVZOIJFsnzQz
+OjRXUDpvgV4GxvU+fE6OK85lBi5d0ipTdF7Tbieejw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNTIyMjM0OFoXDTE5MDYy
+NTIyMjM0OFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYWYJ6ibiWuqYvaG9Y
+LqdUHAZu9OqNSLwxlBfw8068srg1knaw0KWlAdcAAxIiGQj4/xEjm84H9b9pGib+
+TunRf50sQB1ZaG6m+FiwnRqP0z/x3BkGgagO4DrdyFNFCQbmD3DD+kCmDuJWBQ8Y
+TfwggtFzVXSNdnKgHZ0dwN0/cQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFBoPUn0
+LBwGlN+VYH+Wexf+T3GtZMjdd9LvWVXoP+iOBSoh8gfStadS/pyxtuJbdxdA6nLW
+I8sogTLDAHkY7FkXicnGah5xyf23dKUlRWnFSKsZ4UWKJWsZ7uW7EvV/96aNUcPw
+nXS3qT6gpf+2SQMT2iLM7XGCK5nPOrf1LXLI
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn
+MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL
+ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg
+b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa
+MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB
+ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw
+IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B
+AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb
+unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d
+BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq
+7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3
+0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX
+roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG
+A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j
+aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p
+26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA
+BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud
+EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN
+BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz
+aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB
+AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd
+p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi
+1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc
+XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0
+eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu
+tGWaIZDgqtCYvDi1czyL+Nw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
+ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
+KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
+ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1
+MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE
+ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j
+b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF
+bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg
+U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA
+A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/
+I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3
+wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC
+AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb
+oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5
+BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
+dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk
+MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
+b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu
+dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0
+MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi
+E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa
+MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI
+hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN
+95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd
+2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmsCEDKIjprS9esTR/h/xCA3JfgwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC68OTP+cSuhVS5B1f5j8V/aBH4xBewRNzjMHPVKmIquNDM
+HO0oW369atyzkSTKQWI8/AIBvxwWMZQFl3Zuoq29YRdsTjCG8FE3KlDHqGKB3FtK
+qsGgtG7rL+VXxbErQHDbWk2hjh+9Ax/YA9SPTJlxvOKCzFjomDqG04Y48wApHwID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAIWMEsGnuVAVess+rLhDityq3RS6iYF+ATwj
+cSGIL4LcY/oCRaxFWdcqWERbt5+BO5JoPeI3JPV7bI92NZYJqFmduc4jq3TWg/0y
+cyfYaT5DdPauxYma51N86Xv2S/PBZYPejYqcPIiNOVn8qj8ijaHBZlCBckztImRP
+T8qAkbYp
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAjugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJOTzEd
+MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3Mg
+Q2xhc3MgMyBDQSAxMB4XDTA1MDUwOTE0MTMwM1oXDTE1MDUwOTE0MTMwM1owSzEL
+MAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0wGwYD
+VQQDDBRCdXlwYXNzIENsYXNzIDMgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKSO13TZKWTeXx+HgJHqTjnmGcZEC4DVC69TB4sSveZn8AKxifZg
+isRbsELRwCGoy+Gb72RRtqfPFfV0gGgEkKBYouZ0plNTVUhjP5JW3SROjvi6K//z
+NIqeKNc0n6wv1g/xpC+9UrJJhW05NfBEMJNGJPO251P7vGGvqaMU+8IXF4Rs4HyI
++MkcVyzwPX6UvCWThOiaAJpFBUJXgPROztmuOfbIUxAMZTpHe2DC1vqRycZxbL2R
+hzyRhkmr8w+gbCZ2Xhysm3HljbybIR6c1jh+JIAVMYKWsUnTYjdbiAwKYjT+p0h+
+mbEwi5A3lRyoH6UsjfRVyNvdWQrCrXig9IsCAwEAAaNCMEAwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUOBTmyPCppAP0Tj4io1vy1uCtQHQwDgYDVR0PAQH/BAQD
+AgEGMA0GCSqGSIb3DQEBBQUAA4IBAQABZ6OMySU9E2NdFm/soT4JXJEVKirZgCFP
+Bdy7pYmrEzMqnji3jG8CcmPHc3ceCQa6Oyh7pEfJYWsICCD8igWKH7y6xsL+z27s
+EzNxZy5p+qksP2bAEllNC1QCkoS72xLvg3BweMhT+t/Gxv/ciC8HwEmdMldg0/L2
+mSlf56oBzKwzqBwKu5HEA6BvtjT5htOzdlSY9EqBs1OdTUDs5XcTRa9bqh/YL0yC
+e/4qxFi7T/ye/QNlGioOw6UgFpRreaaiErS7GqQjel/wroQk5PMr+4okoyeYZdow
+dXb8GZHo2+ubPzK/QJcHJrrM85SFSnonk8+QQtS4Wxam58tAA915
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFtTCCA52gAwIBAgIIYY3HhjsBggUwDQYJKoZIhvcNAQEFBQAwRDEWMBQGA1UE
+AwwNQUNFRElDT00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00x
+CzAJBgNVBAYTAkVTMB4XDTA4MDQxODE2MjQyMloXDTI4MDQxMzE2MjQyMlowRDEW
+MBQGA1UEAwwNQUNFRElDT00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZF
+RElDT00xCzAJBgNVBAYTAkVTMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEA/5KV4WgGdrQsyFhIyv2AVClVYyT/kGWbEHV7w2rbYgIB8hiGtXxaOLHkWLn7
+09gtn70yN78sFW2+tfQh0hOR2QetAQXW8713zl9CgQr5auODAKgrLlUTY4HKRxx7
+XBZXehuDYAQ6PmXDzQHe3qTWDLqO3tkE7hdWIpuPY/1NFgu3e3eM+SW10W2ZEi5P
+Grjm6gSSrj0RuVFCPYewMYWveVqc/udOXpJPQ/yrOq2lEiZmueIM15jO1FillUAK
+t0SdE3QrwqXrIhWYENiLxQSfHY9g5QYbm8+5eaA9oiM/Qj9r+hwDezCNzmzAv+Yb
+X79nuIQZ1RXve8uQNjFiybwCq0Zfm/4aaJQ0PZCOrfbkHQl/Sog4P75n/TSW9R28
+MHTLOO7VbKvU/PQAtwBbhTIWdjPp2KOZnQUAqhbm84F9b32qhm2tFXTTxKJxqvQU
+fecyuB+81fFOvW8XAjnXDpVCOscAPukmYxHqC9FK/xidstd7LzrZlvvoHpKuE1XI
+2Sf23EgbsCTBheN3nZqk8wwRHQ3ItBTutYJXCb8gWH8vIiPYcMt5bMlL8qkqyPyH
+K9caUPgn6C9D4zq92Fdx/c6mUlv53U3t5fZvie27k5x2IXXwkkwp9y+cAS7+UEae
+ZAwUswdbxcJzbPEHXEUkFDWug/FqTYl6+rPYLWbwNof1K1MCAwEAAaOBqjCBpzAP
+BgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKaz4SsrSbbXc6GqlPUB53NlTKxQ
+MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUprPhKytJttdzoaqU9QHnc2VMrFAw
+RAYDVR0gBD0wOzA5BgRVHSAAMDEwLwYIKwYBBQUHAgEWI2h0dHA6Ly9hY2VkaWNv
+bS5lZGljb21ncm91cC5jb20vZG9jMA0GCSqGSIb3DQEBBQUAA4ICAQDOLAtSUWIm
+fQwng4/F9tqgaHtPkl7qpHMyEVNEskTLnewPeUKzEKbHDZ3Ltvo/Onzqv4hTGzz3
+gvoFNTPhNahXwOf9jU8/kzJPeGYDdwdY6ZXIfj7QeQCM8htRM5u8lOk6e25SLTKe
+I6RF+7YuE7CLGLHdztUdp0J/Vb77W7tH1PwkzQSulgUV1qzOMPPKC8W64iLgpq0i
+5ALudBF/TP94HTXa5gI06xgSYXcGCRZj6hitoocf8seACQl1ThCojz2GuHURwCRi
+ipZ7SkXp7FnFvmuD5uHorLUwHv4FB4D54SMNUI8FmP8sX+g7tq3PgbUhh8oIKiMn
+MCArz+2UW6yyetLHKKGKC5tNSixthT8Jcjxn4tncB7rrZXtaAWPWkFtPF2Y9fwsZ
+o5NjEFIqnxQWWOLcpfShFosOkYuByptZ+thrkQdlVV9SH686+5DdaaVbnG0OLLb6
+zqylfDJKZ0DcMDQj3dcEI2bw/FWAp/tmGYI1Z2JwOV5vx+qQQEQIHriy1tvuWacN
+GHk0vFQYXlPKNFHtRQrmjseCNj6nOGOpMCwXEGCSn1WHElkQwg9naRHMTh5+Spqt
+r0CodaxWkHS4oJyleW/c6RrIaQXpuvoDs3zk4E7Czp3otkYNbn5XOmeUwssfnHdK
+Z05phkOTOPu220+DkdRgfks+KzgHVZhepA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
+VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0
+ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G
+CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y
+OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx
+FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp
+Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o
+dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP
+kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc
+cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U
+fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7
+N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC
+xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1
++rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
+A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM
+Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG
+SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h
+mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk
+ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775
+tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c
+2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t
+HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQQFADBTMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1aWZheCBT
+ZWN1cmUgZUJ1c2luZXNzIENBLTEwHhcNOTkwNjIxMDQwMDAwWhcNMjAwNjIxMDQw
+MDAwWjBTMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5j
+LjEmMCQGA1UEAxMdRXF1aWZheCBTZWN1cmUgZUJ1c2luZXNzIENBLTEwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAM4vGbwXt3fek6lfWg0XTzQaDJj0ItlZ1MRo
+RvC0NcWFAyDGr0WlIVFFQesWWDYyb+JQYmT5/VGcqiTZ9J2DKocKIdMSODRsjQBu
+WqDZQu4aIZX5UkxVWsUPOE9G+m34LjXWHXzr4vCwdYDIqROsvojvOm6rXyo4YgKw
+Env+j6YDAgMBAAGjZjBkMBEGCWCGSAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTAD
+AQH/MB8GA1UdIwQYMBaAFEp4MlIR21kWNl7fwRQ2QGpHfEyhMB0GA1UdDgQWBBRK
+eDJSEdtZFjZe38EUNkBqR3xMoTANBgkqhkiG9w0BAQQFAAOBgQB1W6ibAxHm6VZM
+zfmpTMANmvPMZWnmJXbMWbfWVMMdzZmsGd20hdXgPfxiIKeES1hl8eL5lSE/9dR+
+WB5Hh1Q+WKG1tfgq73HnvMP2sUlG4tega+VWeponmHxGYhTnyfxuAxJ5gDgdSIKN
+/Bf+KpYrtWKmpj29f5JZzVoqgrI3eQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy
+c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE
+BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0
+IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV
+VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8
+cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT
+QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh
+F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v
+c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w
+mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd
+VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX
+teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ
+f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe
+Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+
+nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB
+/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY
+MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG
+9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc
+aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX
+IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn
+ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z
+uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN
+Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja
+QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW
+koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9
+ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt
+DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm
+bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBk
+MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0
+YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg
+Q0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4MTgyMjA2MjBaMGQxCzAJBgNVBAYT
+AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp
+Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9
+m2BtRsiMMW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdih
+FvkcxC7mlSpnzNApbjyFNDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/
+TilftKaNXXsLmREDA/7n29uj/x2lzZAeAR81sH8A25Bvxn570e56eqeqDFdvpG3F
+EzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkCb6dJtDZd0KTeByy2dbco
+kdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn7uHbHaBu
+HYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNF
+vJbNcA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo
+19AOeCMgkckkKmUpWyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjC
+L3UcPX7ape8eYIVpQtPM+GP+HkM5haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJW
+bjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNYMUJDLXT5xp6mig/p/r+D5kNX
+JLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw
+FDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j
+BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzc
+K6FptWfUjNP9MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzf
+ky9NfEBWMXrrpA9gzXrzvsMnjgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7Ik
+Vh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQMbFamIp1TpBcahQq4FJHgmDmHtqB
+sfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4HVtA4oJVwIHaM190e
+3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtlvrsR
+ls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ip
+mXeascClOS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HH
+b6D0jqTsNFFbjCYDcKF31QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksf
+rK/7DZBaZmBwXarNeNQk7shBoJMBkpxqnvy5JMWzFYJ+vq6VK+uxwNrjAWALXmms
+hFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCyx/yP2FS1k2Kdzs9Z+z0Y
+zirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMWNY6E0F/6
+MBr1mmz0DlP5OlvRHA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE
+BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz
+dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL
+MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp
+cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP
+Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr
+ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL
+MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1
+yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr
+VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/
+nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG
+XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj
+vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt
+Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g
+N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC
+nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDIjCCAougAwIBAgIQNKT/9jCvTKU8MxdCoZRmdTANBgkqhkiG9w0BAQUFADCB
+xDELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
+Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
+CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhh
+d3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0
+ZS5jb20wHhcNOTYwODAxMDAwMDAwWhcNMjEwMTAxMjM1OTU5WjCBxDELMAkGA1UE
+BhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
+MR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlm
+aWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZl
+ciBDQTEmMCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl
+/Kj0R1HahbUgdJSGHg91yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF
+/rFrKbYvScg71CcEJRCXL+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982
+OsK1ZiIS1ocNAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF
+BQADgYEAvkBpQW/G28GnvwfAReTQtUMeTJUzNelewj4o9qgNUNX/4gwP/FACjq6R
+ua00io2fJ3GqGcxL6ATK1BdrEhrWxl/WzV7/iXa/2EjYWb0IiokdV81FHlK6EpqE
++hiJX+j5MDVqAWC5mYCDhQpu2vTJj15zLTFKY6B08h+LItIpPus=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE
+BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz
+dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG
+A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U
+cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf
+qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ
+JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ
++jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS
+s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5
+HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7
+70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG
+V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S
+qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S
+5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia
+C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX
+OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE
+FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
+BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2
+KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg
+Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B
+8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ
+MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc
+0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ
+u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF
+u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH
+YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8
+GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO
+RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e
+KeC2uAloGRwYQw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEZDCCA0ygAwIBAgIQRL4Mi1AAJLQR0zYwS8AzdzANBgkqhkiG9w0BAQUFADCB
+ozELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xKzApBgNVBAMTIlVUTi1VU0VSRmlyc3Qt
+TmV0d29yayBBcHBsaWNhdGlvbnMwHhcNOTkwNzA5MTg0ODM5WhcNMTkwNzA5MTg1
+NzQ5WjCBozELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0
+IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYD
+VQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xKzApBgNVBAMTIlVUTi1VU0VS
+Rmlyc3QtTmV0d29yayBBcHBsaWNhdGlvbnMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCz+5Gh5DZVhawGNFugmliy+LUPBXeDrjKxdpJo7CNKyXY/45y2
+N3kDuatpjQclthln5LAbGHNhSuh+zdMvZOOmfAz6F4CjDUeJT1FxL+78P/m4FoCH
+iZMlIJpDgmkkdihZNaEdwH+DBmQWICzTSaSFtMBhf1EI+GgVkYDLpdXuOzr0hARe
+YFmnjDRy7rh4xdE7EkpvfmUnuaRVxblvQ6TFHSyZwFKkeEwVs0CYCGtDxgGwenv1
+axwiP8vv/6jQOkt2FZ7S0cYu49tXGzKiuG/ohqY/cKvlcJKrRB5AUPuco2LkbG6g
+yN7igEL66S/ozjIEj3yNtxyjNTwV3Z7DrpelAgMBAAGjgZEwgY4wCwYDVR0PBAQD
+AgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPqGydvguul49Uuo1hXf8NPh
+ahQ8ME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9V
+VE4tVVNFUkZpcnN0LU5ldHdvcmtBcHBsaWNhdGlvbnMuY3JsMA0GCSqGSIb3DQEB
+BQUAA4IBAQCk8yXM0dSRgyLQzDKrm5ZONJFUICU0YV8qAhXhi6r/fWRRzwr/vH3Y
+IWp4yy9Rb/hCHTO967V7lMPDqaAt39EpHx3+jz+7qEUqf9FuVSTiuwL7MT++6Lzs
+QCv4AdRWOOTKRIK1YSAhZ2X28AvnNPilwpyjXEAfhZOVBt5P1CeptqX8Fs1zMT+4
+ZSfP1FMa8Kxun08FDAOBp4QpxFq9ZFdyrTvPNximmMatBrTcCKME1SmklpoSZ0qM
+YEWd8SOasACcaLWYUNPvji6SZbFIPiG+FTAqDbUMo2s/rn9X9R+WfN9v3YIwLGUb
+QErNaLly7HF27FSOH4UMAWr6pjisH8SE
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDKTCCAhECCF9gWF8AAAAAMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkpQ
+MSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzLCBJbmMuMRsw
+GQYDVQQDExJTZWN1cmVTaWduIFJvb3RDQTEwHhcNOTkwOTE1MTUwMDAxWhcNMjAw
+OTE1MTQ1OTU5WjBXMQswCQYDVQQGEwJKUDErMCkGA1UEChMiSmFwYW4gQ2VydGlm
+aWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEbMBkGA1UEAxMSU2VjdXJlU2lnbiBSb290
+Q0ExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJAMS3EpHNr2aHl6
+pLrn0syNr+hHkJkfxirql2PoH84XV8Yas6jHfIftNTWAurpubb4X/swtG2zvigBJ
+FuHuBl5KB12rPdFQuJFG1NTaFdiUXA7K19q/oPdJPMi7zuomgQoULZwNN0VrQcpX
+izjwJh8x/M80jo93wT/jq1Q8J7TOMkxVE2L8/joWJc8ba6Ijt+DqAmm79yJxbXwL
+GZOhl5zjkWkfaOQvfRBtj2euwRCisF5jSpf35niprSa7VMnftO7FntMl3RNoU/mP
+6Ozl3oHWeD7uUEC0ATysFcGCOy5/8VIni3Lg59v5iynDw0orM4mrXCoH/HwjHitP
+CCL+wQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQBV7W97k+VFMU5o1VWBoggfbN0J
+xXgacFfI3wiBrmZ3xnUP5O9JiwNcbP8ckKRystMWErIG+EaGrr+nFduFTfrCLU2z
+tbBD73x+B9tfs1dGUXYHhkT9B+rxy0tFTWanMybE+UOqjRKz1I1otvcCebQtWtcD
+mAQsaZmv9GY7ZKyywCvIaVSeTE5IGI3OV7U7UeUb1/o5YNtWRRO+52bVI/Z8SACw
+TO80jSKssi7RTDjN+lgDBu46c4cKBTrK5K/Uwe4chX8lFs8nAR+EincI0NNG6CDs
+n6SM8bzNxBI2gB7HCSiv6Ai+wNOyPtcuZz2jzrs0+uKFzazOVR1FW3iF04V6
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJTSzET
+MBEGA1UEBxMKQnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcgYS5zLjERMA8GA1UE
+AxMIQ0EgRGlzaWcwHhcNMDYwMzIyMDEzOTM0WhcNMTYwMzIyMDEzOTM0WjBKMQsw
+CQYDVQQGEwJTSzETMBEGA1UEBxMKQnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcg
+YS5zLjERMA8GA1UEAxMIQ0EgRGlzaWcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCS9jHBfYj9mQGp2HvycXXxMcbzdWb6UShGhJd4NLxs/LxFWYgmGErE
+Nx+hSkS943EE9UQX4j/8SFhvXJ56CbpRNyIjZkMhsDxkovhqFQ4/61HhVKndBpnX
+mjxUizkDPw/Fzsbrg3ICqB9x8y34dQjbYkzo+s7552oftms1grrijxaSfQUMbEYD
+XcDtab86wYqg6I7ZuUUohwjstMoVvoLdtUSLLa2GDGhibYVW8qwUYzrG0ZmsNHhW
+S8+2rT+MitcE5eN4TPWGqvWP+j1scaMtymfraHtuM6kMgiioTGohQBUgDCZbg8Kp
+FhXAJIJdKxatymP2dACw30PEEGBWZ2NFAgMBAAGjgf8wgfwwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUjbJJaJ1yCCW5wCf1UJNWSEZx+Y8wDgYDVR0PAQH/BAQD
+AgEGMDYGA1UdEQQvMC2BE2Nhb3BlcmF0b3JAZGlzaWcuc2uGFmh0dHA6Ly93d3cu
+ZGlzaWcuc2svY2EwZgYDVR0fBF8wXTAtoCugKYYnaHR0cDovL3d3dy5kaXNpZy5z
+ay9jYS9jcmwvY2FfZGlzaWcuY3JsMCygKqAohiZodHRwOi8vY2EuZGlzaWcuc2sv
+Y2EvY3JsL2NhX2Rpc2lnLmNybDAaBgNVHSAEEzARMA8GDSuBHpGT5goAAAABAQEw
+DQYJKoZIhvcNAQEFBQADggEBAF00dGFMrzvY/59tWDYcPQuBDRIrRhCA/ec8J9B6
+yKm2fnQwM6M6int0wHl5QpNt/7EpFIKrIYwvF/k/Ji/1WcbvgAa3mkkp7M5+cTxq
+EEHA9tOasnxakZzArFvITV734VP/Q3f8nktnbNfzg9Gg4H8l37iYC5oyOGwwoPP/
+CBUz91BKez6jPiCp3C9WgArtQVCwyfTssuMmRAAOb54GvCKWU3BlxFAKRmukLyeB
+EicTXxChds6KezfqwzlhA5WYOudsiCUI/HloDYd9Yvi0X/vF2Ey9WLw/Q1vUHgFN
+PGO+I++MzVpQuGhU+QqZMxEA4Z7CRneC9VkGjCFMhwnN5ag=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl
+MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe
+U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX
+DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy
+dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj
+YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV
+OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr
+zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM
+VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ
+hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO
+ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw
+awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs
+OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF
+coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc
+okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8
+t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy
+1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/
+SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEKzCCAxOgAwIBAgIEOsylTDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJE
+SzEVMBMGA1UEChMMVERDIEludGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQg
+Um9vdCBDQTAeFw0wMTA0MDUxNjMzMTdaFw0yMTA0MDUxNzAzMTdaMEMxCzAJBgNV
+BAYTAkRLMRUwEwYDVQQKEwxUREMgSW50ZXJuZXQxHTAbBgNVBAsTFFREQyBJbnRl
+cm5ldCBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLhA
+vJHVYx/XmaCLDEAedLdInUaMArLgJF/wGROnN4NrXceO+YQwzho7+vvOi20jxsNu
+Zp+Jpd/gQlBn+h9sHvTQBda/ytZO5GhgbEaqHF1j4QeGDmUApy6mcca8uYGoOn0a
+0vnRrEvLznWv3Hv6gXPU/Lq9QYjUdLP5Xjg6PEOo0pVOd20TDJ2PeAG3WiAfAzc1
+4izbSysseLlJ28TQx5yc5IogCSEWVmb/Bexb4/DPqyQkXsN/cHoSxNK1EKC2IeGN
+eGlVRGn1ypYcNIUXJXfi9i8nmHj9eQY6otZaQ8H/7AQ77hPv01ha/5Lr7K7a8jcD
+R0G2l8ktCkEiu7vmpwIDAQABo4IBJTCCASEwEQYJYIZIAYb4QgEBBAQDAgAHMGUG
+A1UdHwReMFwwWqBYoFakVDBSMQswCQYDVQQGEwJESzEVMBMGA1UEChMMVERDIElu
+dGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQgUm9vdCBDQTENMAsGA1UEAxME
+Q1JMMTArBgNVHRAEJDAigA8yMDAxMDQwNTE2MzMxN1qBDzIwMjEwNDA1MTcwMzE3
+WjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUbGQBx/2FbazI2p5QCIUItTxWqFAw
+HQYDVR0OBBYEFGxkAcf9hW2syNqeUAiFCLU8VqhQMAwGA1UdEwQFMAMBAf8wHQYJ
+KoZIhvZ9B0EABBAwDhsIVjUuMDo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQBO
+Q8zR3R0QGwZ/t6T609lN+yOfI1Rb5osvBCiLtSdtiaHsmGnc540mgwV5dOy0uaOX
+wTUA/RXaOYE6lTGQ3pfphqiZdwzlWqCE/xIWrG64jcN7ksKsLtB9KOy282A4aW8+
+2ARVPp7MVdK6/rtHBNcK2RYKNCn1WBPVT8+PVkuzHu7TmHnaCB4Mb7j4Fifvwm89
+9qNLPg7kbWzbO0ESm70NRyN/PErQr8Cv9u8btRXE64PECV90i9kR+8JWsTz4cMo0
+jUNAE4z9mQNUecYu6oah9jrUCbz0vGbMPVjQV0kK7iXiQe4T+Zs4NNEA9X7nlB38
+aQNiuJkFBT1reBK9sG9l
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE
+BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h
+cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy
+MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg
+Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9
+thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM
+cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG
+L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i
+NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h
+X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b
+m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy
+Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja
+EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T
+KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF
+6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh
+OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD
+VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD
+VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp
+cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv
+ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl
+AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF
+661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9
+am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1
+ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481
+PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS
+3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k
+SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF
+3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM
+ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g
+StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz
+Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB
+jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x
+FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz
+MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv
+cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz
+Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO
+0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao
+wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj
+7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS
+8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT
+BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg
+JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC
+NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3
+6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/
+3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm
+D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS
+CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR
+3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIEAJiWijANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJO
+TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSYwJAYDVQQDEx1TdGFh
+dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQTAeFw0wMjEyMTcwOTIzNDlaFw0xNTEy
+MTYwOTE1MzhaMFUxCzAJBgNVBAYTAk5MMR4wHAYDVQQKExVTdGFhdCBkZXIgTmVk
+ZXJsYW5kZW4xJjAkBgNVBAMTHVN0YWF0IGRlciBOZWRlcmxhbmRlbiBSb290IENB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNK1URF6gaYUmHFtvszn
+ExvWJw56s2oYHLZhWtVhCb/ekBPHZ+7d89rFDBKeNVU+LCeIQGv33N0iYfXCxw71
+9tV2U02PjLwYdjeFnejKScfST5gTCaI+Ioicf9byEGW07l8Y1Rfj+MX94p2i71MO
+hXeiD+EwR+4A5zN9RGcaC1Hoi6CeUJhoNFIfLm0B8mBF8jHrqTFoKbt6QZ7GGX+U
+tFE5A3+y3qcym7RHjm+0Sq7lr7HcsBthvJly3uSJt3omXdozSVtSnA71iq3DuD3o
+BmrC1SoLbHuEvVYFy4ZlkuxEK7COudxwC0barbxjiDn622r+I/q85Ej0ZytqERAh
+SQIDAQABo4GRMIGOMAwGA1UdEwQFMAMBAf8wTwYDVR0gBEgwRjBEBgRVHSAAMDww
+OgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cucGtpb3ZlcmhlaWQubmwvcG9saWNpZXMv
+cm9vdC1wb2xpY3kwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSofeu8Y6R0E3QA
+7Jbg0zTBLL9s+DANBgkqhkiG9w0BAQUFAAOCAQEABYSHVXQ2YcG70dTGFagTtJ+k
+/rvuFbQvBgwp8qiSpGEN/KtcCFtREytNwiphyPgJWPwtArI5fZlmgb9uXJVFIGzm
+eafR2Bwp/MIgJ1HI8XxdNGdphREwxgDS1/PTfLbwMVcoEoJz6TMvplW0C5GUR5z6
+u3pCMuiufi3IvKwUv9kP2Vv8wfl6leF9fpb8cbDCTMjfRTTJzg3ynGQI0DvDKcWy
+7ZAEwbEpkcUwb8GpcjPM/l0WFywRaed+/sWDCN+83CI6LiBpIzlWYGeQiy52OfsR
+iJf2fL1LuCAWZwWN4jvBcj+UlTfHXbme2JOhF4//DGYVwSR8MnwDHTuhWEUykw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC
+VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ
+cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ
+BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt
+VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D
+0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9
+ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G
+A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs
+aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I
+flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGZjCCBE6gAwIBAgIPB35Sk3vgFeNX8GmMy+wMMA0GCSqGSIb3DQEBBQUAMHsx
+CzAJBgNVBAYTAkNPMUcwRQYDVQQKDD5Tb2NpZWRhZCBDYW1lcmFsIGRlIENlcnRp
+ZmljYWNpw7NuIERpZ2l0YWwgLSBDZXJ0aWPDoW1hcmEgUy5BLjEjMCEGA1UEAwwa
+QUMgUmHDrXogQ2VydGljw6FtYXJhIFMuQS4wHhcNMDYxMTI3MjA0NjI5WhcNMzAw
+NDAyMjE0MjAyWjB7MQswCQYDVQQGEwJDTzFHMEUGA1UECgw+U29jaWVkYWQgQ2Ft
+ZXJhbCBkZSBDZXJ0aWZpY2FjacOzbiBEaWdpdGFsIC0gQ2VydGljw6FtYXJhIFMu
+QS4xIzAhBgNVBAMMGkFDIFJhw616IENlcnRpY8OhbWFyYSBTLkEuMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq2uJo1PMSCMI+8PPUZYILrgIem08kBeG
+qentLhM0R7LQcNzJPNCNyu5LF6vQhbCnIwTLqKL85XXbQMpiiY9QngE9JlsYhBzL
+fDe3fezTf3MZsGqy2IiKLUV0qPezuMDU2s0iiXRNWhU5cxh0T7XrmafBHoi0wpOQ
+Y5fzp6cSsgkiBzPZkc0OnB8OIMfuuzONj8LSWKdf/WU34ojC2I+GdV75LaeHM/J4
+Ny+LvB2GNzmxlPLYvEqcgxhaBvzz1NS6jBUJJfD5to0EfhcSM2tXSExP2yYe68yQ
+54v5aHxwD6Mq0Do43zeX4lvegGHTgNiRg0JaTASJaBE8rF9ogEHMYELODVoqDA+b
+MMCm8Ibbq0nXl21Ii/kDwFJnmxL3wvIumGVC2daa49AZMQyth9VXAnow6IYm+48j
+ilSH5L887uvDdUhfHjlvgWJsxS3EF1QZtzeNnDeRyPYL1epjb4OsOMLzP96a++Ej
+YfDIJss2yKHzMI+ko6Kh3VOz3vCaMh+DkXkwwakfU5tTohVTP92dsxA7SH2JD/zt
+A/X7JWR1DhcZDY8AFmd5ekD8LVkH2ZD6mq093ICK5lw1omdMEWux+IBkAC1vImHF
+rEsm5VoQgpukg3s0956JkSCXjrdCx2bD0Omk1vUgjcTDlaxECp1bczwmPS9KvqfJ
+pxAe+59QafMCAwEAAaOB5jCB4zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIBBjAdBgNVHQ4EFgQU0QnQ6dfOeXRU+Tows/RtLAMDG2gwgaAGA1UdIASBmDCB
+lTCBkgYEVR0gADCBiTArBggrBgEFBQcCARYfaHR0cDovL3d3dy5jZXJ0aWNhbWFy
+YS5jb20vZHBjLzBaBggrBgEFBQcCAjBOGkxMaW1pdGFjaW9uZXMgZGUgZ2FyYW50
+7WFzIGRlIGVzdGUgY2VydGlmaWNhZG8gc2UgcHVlZGVuIGVuY29udHJhciBlbiBs
+YSBEUEMuMA0GCSqGSIb3DQEBBQUAA4ICAQBclLW4RZFNjmEfAygPU3zmpFmps4p6
+xbD/CHwso3EcIRNnoZUSQDWDg4902zNc8El2CoFS3UnUmjIz75uny3XlesuXEpBc
+unvFm9+7OSPI/5jOCk0iAUgHforA1SBClETvv3eiiWdIG0ADBaGJ7M9i4z0ldma/
+Jre7Ir5v/zlXdLp6yQGVwZVR6Kss+LGGIOk/yzVb0hfpKv6DExdA7ohiZVvVO2Dp
+ezy4ydV/NgIlqmjCMRW3MGXrfx1IebHPOeJCgBbT9ZMj/EyXyVo3bHwi2ErN0o42
+gzmRkBDI8ck1fj+404HGIGQatlDCIaR43NAvO2STdPCWkPHv+wlaNECW8DYSwaN0
+jJN+Qd53i+yG2dIPPy3RzECiiWZIHiCznCNZc6lEc7wkeZBWN7PGKX6jD/EpOe9+
+XCgycDWs2rjIdWb8m0w5R44bb5tNAlQiM+9hup4phO9OSzNHdpdqy35f/RWmnkJD
+W2ZaiogN9xa5P1FlK2Zqi9E4UqLWRhH6/JocdJ6PlwsCT2TG9WjTSy3/pDceiz+/
+RL5hRqGEPQgnTIEgd4kI6mdAXmwIUV80WoyWaM3X94nCHNMyAK9Sy9NgWyo6R35r
+MDOhYil/SrnhLecUIw4OGEfhefwVVdCx/CVxY3UzHCMrr1zZ7Ud3YA47Dx7SwNxk
+BYn8eNZcLCZDqQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB
+mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT
+MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ
+BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg
+MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0
+BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz
++uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm
+hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn
+5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W
+JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL
+DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC
+huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB
+AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB
+zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN
+kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD
+AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH
+SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G
+spki4cErx5z481+oghLrGREt
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3LpRFpxlmr8Y+1
+GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaStBO3IFsJ
++mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0Gbd
+U6LM8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLm
+NxdLMEYH5IBtptiWLugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XY
+ufTsgsbSPZUd5cBPhMnZo0QoBmrXRazwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/
+ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAj/ola09b5KROJ1WrIhVZPMq1
+CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXttmhwwjIDLk5Mq
+g6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm
+fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c
+2NU8Qh0XwRJdRTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/
+bLvSHgCwIe34QWKCudiyxLtGUPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAregAwIBAgIDAWweMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
+dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MDgxNzIyMDAw
+MFoXDTE1MDgxNzIyMDAwMFowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
+dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
+ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM
+EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj
+lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ
+znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH
+2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1
+k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs
+2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD
+VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
+AQEAVdRU0VlIXLOThaq/Yy/kgM40ozRiPvbY7meIMQQDbwvUB/tOdQ/TLtPAF8fG
+KOwGDREkDg6lXb+MshOWcdzUzg4NCmgybLlBMRmrsQd7TZjTXLDR8KdCoLXEjq/+
+8T/0709GAHbrAvv5ndJAlseIOrifEXnzgGWovR/TeIGgUUw3tKZdJXDRZslo+S4R
+FGjxVJgIrCaSD96JntT6s3kr0qN51OyLrIdTaEJMUVF0HhsnLuP1Hyl0Te2v9+GS
+mYHovjrHF1D2t8b8m7CKa9aIA5GPBnc6hQLdmNVDeD/GMBWsm2vLV7eJUYs66MmE
+DNuxUCAKGkq6ahq97BvIxYSazQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDNjCCAp+gAwIBAgIQNhIilsXjOKUgodJfTNcJVDANBgkqhkiG9w0BAQUFADCB
+zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
+Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
+CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
+d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
+cnZlckB0aGF3dGUuY29tMB4XDTk2MDgwMTAwMDAwMFoXDTIxMDEwMTIzNTk1OVow
+gc4xCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcT
+CUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNV
+BAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRo
+YXd0ZSBQcmVtaXVtIFNlcnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1z
+ZXJ2ZXJAdGhhd3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2
+aovXwlue2oFBYo847kkEVdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560
+ZXUCTe/LCaIhUdib0GfQug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j
++ao6hnO2RlNYyIkFvYMRuHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBlkKyID1bZ5jA01CbH0FDxkt5r1DmI
+CSLGpmODA/eZd9iy5Ri4XWPz1HP7bJyZePFLeH0ZJMMrAoT4vCLZiiLXoPxx7JGH
+IPG47LHlVYCsPVLIOQ7C8MAFT9aCdYy9X9LcdpoFEsmvcsPcJX6kTY4XpeCHf+Ga
+WuFg3GQjPEIuTQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDKTCCApKgAwIBAgIENnAVljANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL
+EwhEU1RDQSBFMTAeFw05ODEyMTAxODEwMjNaFw0xODEyMTAxODQwMjNaMEYxCzAJ
+BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x
+ETAPBgNVBAsTCERTVENBIEUxMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCg
+bIGpzzQeJN3+hijM3oMv+V7UQtLodGBmE5gGHKlREmlvMVW5SXIACH7TpWJENySZ
+j9mDSI+ZbZUTu0M7LklOiDfBu1h//uG9+LthzfNHwJmm8fOR6Hh8AMthyUQncWlV
+Sn5JTe2io74CTADKAqjuAQIxZA9SLRN0dja1erQtcQIBA6OCASQwggEgMBEGCWCG
+SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx
+JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI
+RFNUQ0EgRTExDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMTAxODEw
+MjNagQ8yMDE4MTIxMDE4MTAyM1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFGp5
+fpFpRhgTCgJ3pVlbYJglDqL4MB0GA1UdDgQWBBRqeX6RaUYYEwoCd6VZW2CYJQ6i
++DAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
+SIb3DQEBBQUAA4GBACIS2Hod3IEGtgllsofIH160L+nEHvI8wbsEkBFKg05+k7lN
+QseSJqBcNJo4cvj9axY+IO6CizEqkzaFI4iKPANo08kJD038bKTaKHKTDomAsH3+
+gG9lbRgzl4vCa4nuYD3Im+9/KzJic5PLPON74nZ4RbyhkwS7hp86W0N6w4pl
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC
+VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
+Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
+KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl
+cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw
+NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw
+NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy
+ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV
+BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo
+Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4
+4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9
+KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI
+rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi
+94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB
+sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi
+gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo
+kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE
+vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA
+A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t
+O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua
+AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP
+9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/
+eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m
+0vdXcDazv/wor3ElhVsT/h5/WrQ8
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x
+GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx
+MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg
+Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ
+iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa
+/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ
+jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI
+HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7
+sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w
+gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF
+MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw
+KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG
+AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L
+URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO
+H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm
+I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY
+iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc
+f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
+bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2
+MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
+ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lk
+hsmj76CGv2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym
+1BW32J/X3HGrfpq/m44zDyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsW
+OqMFf6Dch9Wc/HKpoH145LcxVR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb
+2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQko
+O3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAU
+AK3Zo/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
+BQUAA4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF
+Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAb
+LjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTIdGcL+oir
+oQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43gKd8hdIaC2y+C
+MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds
+sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
+NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY
+dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
+WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
+v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
+UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
+IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
+W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
+EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp
+ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz
+NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
+EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE
+AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD
+E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH
+/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy
+DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh
+GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR
+tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA
+AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX
+WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu
+9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr
+gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo
+2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO
+LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI
+4uJEvlz36hz1
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES
+MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU
+V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz
+WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO
+LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm
+aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE
+AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH
+K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX
+RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z
+rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx
+3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq
+hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC
+MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls
+XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D
+lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn
+aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ
+YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB
+8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy
+dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1
+YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3
+dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh
+IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD
+LUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQG
+EwJFUzE7MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8g
+KE5JRiBRLTA4MDExNzYtSSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBD
+ZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZlZ2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQu
+bmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJhcnF1aWEgRW50aXRhdHMg
+ZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUNDMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R
+85iKw5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm
+4CgPukLjbo73FCeTae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaV
+HMf5NLWUhdWZXqBIoH7nF2W4onW4HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNd
+QlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0aE9jD2z3Il3rucO2n5nzbcc8t
+lGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw0JDnJwIDAQAB
+o4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4
+opvpXY0wfwYDVR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBo
+dHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidW
+ZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAwDQYJKoZIhvcN
+AQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJlF7W2u++AVtd0x7Y
+/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNaAl6k
+SBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhy
+Rp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS
+Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xl
+nJ2lYJU6Un/10asIbvPuW/mIPX64b24D5EI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGfTCCBWWgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwga8xCzAJBgNVBAYTAkhV
+MRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMe
+TmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0
+dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBLb3pqZWd5em9pIChDbGFzcyBB
+KSBUYW51c2l0dmFueWtpYWRvMB4XDTk5MDIyNDIzMTQ0N1oXDTE5MDIxOTIzMTQ0
+N1owga8xCzAJBgNVBAYTAkhVMRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhC
+dWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQu
+MRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBL
+b3pqZWd5em9pIChDbGFzcyBBKSBUYW51c2l0dmFueWtpYWRvMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHSMD7tM9DceqQWC2ObhbHDqeLVu0ThEDaiD
+zl3S1tWBxdRL51uUcCbbO51qTGL3cfNk1mE7PetzozfZz+qMkjvN9wfcZnSX9EUi
+3fRc4L9t875lM+QVOr/bmJBVOMTtplVjC7B4BPTjbsE/jvxReB+SnoPC/tmwqcm8
+WgD/qaiYdPv2LD4VOQ22BFWoDpggQrOxJa1+mm9dU7GrDPzr4PN6s6iz/0b2Y6LY
+Oph7tqyF/7AlT3Rj5xMHpQqPBffAZG9+pyeAlt7ULoZgx2srXnN7F+eRP2QM2Esi
+NCubMvJIH5+hCoR64sKtlz2O1cH5VqNQ6ca0+pii7pXmKgOM3wIDAQABo4ICnzCC
+ApswDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB/wQIMAYBAf8CAQQwEQYJYIZIAYb4
+QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1GSUdZRUxFTSEgRXplbiB0
+YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3MgU3pvbGdhbHRhdGFz
+aSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBhbGFwamFuIGtlc3p1bHQu
+IEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExvY2sgS2Z0LiB0ZXJtZWtm
+ZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEgZGlnaXRhbGlzIGFsYWlyYXMg
+ZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXogZWxvaXJ0IGVsbGVub3J6ZXNpIGVs
+amFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJhc2EgbWVndGFsYWxoYXRv
+IGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGphbiBhIGh0dHBzOi8vd3d3
+Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVub3J6
+ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1
+YW5jZSBhbmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3Qg
+dG8gdGhlIE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRs
+b2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNAbmV0bG9jay5uZXQuMA0G
+CSqGSIb3DQEBBAUAA4IBAQBIJEb3ulZv+sgoA0BO5TE5ayZrU3/b39/zcT0mwBQO
+xmd7I6gMc90Bu8bKbjc5VdXHjFYgDigKDtIqpLBJUsY4B/6+CgmM0ZjPytoUMaFP
+0jn8DxEsQ8Pdq5PHVT5HfBgaANzze9jyf1JsIPQLX2lS9O74silg6+NJMSEN1rUQ
+QeJBCWziGppWS3cC9qCbmieH6FUpccKQn0V4GuEVZD3QDtigdp+uxdAu6tYPVuxk
+f1qbFFgBJ34TUMdrKuZoPL9coAob4Q566eKAw+np9v1sEZ7Q5SgnK1QyQhSCdeZK
+8CtmdWOMovsEPoMOmzbwGOQmIMOM8CgHrTwXZoi1/baI
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDEr
+MCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoG
+A1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0
+MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZp
+Y2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RD
+QTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvLTJsz
+i1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8
+h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOV
+MdrAG/LuYpmGYz+/3ZMqg6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9
+UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni
+8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsC
+h8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB
+AKChOBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xm
+KbabfSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ
+X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWr
+QbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR7SXf+Of5
+pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN
+QSdJQO7e5iNEOdyhIta6A/I=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL
+MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp
+IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi
+BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw
+MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh
+d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig
+YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v
+dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/
+BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6
+papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K
+DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3
+KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox
+XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP
+MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx
+MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV
+BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o
+Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt
+5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s
+3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej
+vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu
+8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw
+DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil
+zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/
+3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD
+FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6
+Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2
+ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY
+MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t
+dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5
+WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD
+VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8
+9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ
+DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9
+Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N
+QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ
+xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G
+A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG
+kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr
+Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5
+Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU
+JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot
+RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDKTCCApKgAwIBAgIENm7TzjANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL
+EwhEU1RDQSBFMjAeFw05ODEyMDkxOTE3MjZaFw0xODEyMDkxOTQ3MjZaMEYxCzAJ
+BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x
+ETAPBgNVBAsTCERTVENBIEUyMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC/
+k48Xku8zExjrEH9OFr//Bo8qhbxe+SSmJIi2A7fBw18DW9Fvrn5C6mYjuGODVvso
+LeE4i7TuqAHhzhy2iCoiRoX7n6dwqUcUP87eZfCocfdPJmyMvMa1795JJ/9IKn3o
+TQPMx7JSxhcxEzu1TdvIxPbDDyQq2gyd55FbgM2UnQIBA6OCASQwggEgMBEGCWCG
+SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx
+JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI
+RFNUQ0EgRTIxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxOTE3
+MjZagQ8yMDE4MTIwOTE5MTcyNlowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFB6C
+TShlgDzJQW6sNS5ay97u+DlbMB0GA1UdDgQWBBQegk0oZYA8yUFurDUuWsve7vg5
+WzAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
+SIb3DQEBBQUAA4GBAEeNg61i8tuwnkUiBbmi1gMOOHLnnvx75pO2mqWilMg0HZHR
+xdf0CiUPPXiBng+xZ8SQTGPdXqfiup/1902lMXucKS1M/mQ+7LZT/uqb7YLbdHVL
+B3luHtgZg3Pe9T7Qtd7nS2h9Qy4qIOF+oHhEngj1mPnHfxsb1gYgAlihw6ID
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn
+MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL
+ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo
+YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9
+MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy
+NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G
+A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA
+A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0
+Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s
+QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV
+eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795
+B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh
+z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T
+AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i
+ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w
+TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH
+MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD
+VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE
+VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh
+bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B
+AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM
+bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi
+ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG
+VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c
+ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/
+AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD
+VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0
+IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3
+MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD
+aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx
+MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy
+cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG
+A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl
+BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed
+KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7
+G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2
+zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4
+ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG
+HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2
+Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V
+yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e
+beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r
+6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh
+wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog
+zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW
+BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr
+ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp
+ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk
+cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt
+YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC
+CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow
+KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI
+hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ
+UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz
+X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x
+fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz
+a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd
+Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd
+SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O
+AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso
+M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge
+v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z
+09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDEl
+MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMh
+U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIz
+MloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09N
+IFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNlY3VyaXR5IENvbW11
+bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSE
+RMqm4miO/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gO
+zXppFodEtZDkBp2uoQSXWHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5
+bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4zZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDF
+MxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4bepJz11sS6/vmsJWXMY1
+VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK9U2vP9eC
+OKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HW
+tWS3irO4G8za+6xmiEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZ
+q51ihPZRwSzJIxXYKLerJRO1RuGGAv8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDb
+EJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnWmHyojf6GPgcWkuF75x3sM3Z+
+Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEWT1MKZPlO9L9O
+VL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe
+MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0
+ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
+Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw
+IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL
+SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH
+SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh
+ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X
+DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1
+TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ
+fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA
+sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU
+WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS
+nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH
+dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip
+NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC
+AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF
+MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH
+ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB
+uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl
+PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP
+JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/
+gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2
+j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6
+5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB
+o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS
+/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z
+Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE
+W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D
+hNQ+IIX3Sj0rnP0qCglN6oH4EZw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY
+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo
+R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx
+MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
+Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9
+AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA
+ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0
+7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W
+kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI
+mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ
+KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1
+6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl
+4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K
+oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj
+UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU
+AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx
+FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg
+Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG
+A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr
+b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ
+jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn
+PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh
+ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9
+nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h
+q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED
+MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC
+mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3
+7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB
+oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs
+EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO
+fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi
+AmvZWg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM
+MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D
+ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU
+cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3
+WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg
+Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw
+IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH
+UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM
+TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU
+BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM
+kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x
+AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV
+HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y
+sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL
+I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8
+J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY
+VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
+03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x
+GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv
+b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV
+BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W
+YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM
+V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB
+4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr
+H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd
+8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv
+vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT
+mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe
+btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc
+T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt
+WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ
+c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A
+4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD
+VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG
+CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0
+aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0
+aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu
+dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw
+czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G
+A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC
+TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg
+Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0
+7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem
+d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd
++LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B
+4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN
+t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x
+DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57
+k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s
+zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j
+Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT
+mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK
+4SVhM7JZG+Ju1zdXtg2pEto=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAomgAwIBAgIEN3DPtTANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEXMBUGA1UEChMORXF1aWZheCBTZWN1cmUxJjAkBgNVBAsTHUVxdWlmYXggU2Vj
+dXJlIGVCdXNpbmVzcyBDQS0yMB4XDTk5MDYyMzEyMTQ0NVoXDTE5MDYyMzEyMTQ0
+NVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkVxdWlmYXggU2VjdXJlMSYwJAYD
+VQQLEx1FcXVpZmF4IFNlY3VyZSBlQnVzaW5lc3MgQ0EtMjCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEA5Dk5kx5SBhsoNviyoynF7Y6yEb3+6+e0dMKP/wXn2Z0G
+vxLIPw7y1tEkshHe0XMJitSxLJgJDR5QRrKDpkWNYmi7hRsgcDKqQM2mll/EcTc/
+BPO3QSQ5BxoeLmFYoBIL5aXfxavqN3HMHMg3OrmXUqesxWoklE6ce8/AatbfIb0C
+AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEX
+MBUGA1UEChMORXF1aWZheCBTZWN1cmUxJjAkBgNVBAsTHUVxdWlmYXggU2VjdXJl
+IGVCdXNpbmVzcyBDQS0yMQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTkw
+NjIzMTIxNDQ1WjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUUJ4L6q9euSBIplBq
+y/3YIHqngnYwHQYDVR0OBBYEFFCeC+qvXrkgSKZQasv92CB6p4J2MAwGA1UdEwQF
+MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
+A4GBAAyGgq3oThr1jokn4jVYPSm0B482UJW/bsGe68SQsoWou7dC4A8HOd/7npCy
+0cE+U58DRLB+S/Rv5Hwf5+Kx5Lia78O9zt4LMjTZ3ijtM2vE1Nc9ElirfQkty3D1
+E4qUoSek1nDFbZS1yX2doNLGCEnZZpum0/QL3MUmV+GRMOrN
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL
+MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT
+IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw
+MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy
+ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N
+T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR
+FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J
+cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW
+BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
+BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm
+fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv
+GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDVTCCAj2gAwIBAgIESTMAATANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQGEwJD
+TjEOMAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwHhcNMDcwNDE2
+MDcwOTE0WhcNMjcwNDE2MDcwOTE0WjAyMQswCQYDVQQGEwJDTjEOMAwGA1UEChMF
+Q05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDTNfc/c3et6FtzF8LRb+1VvG7q6KR5smzDo+/hn7E7SIX1mlwh
+IhAsxYLO2uOabjfhhyzcuQxauohV3/2q2x8x6gHx3zkBwRP9SFIhxFXf2tizVHa6
+dLG3fdfA6PZZxU3Iva0fFNrfWEQlMhkqx35+jq44sDB7R3IJMfAw28Mbdim7aXZO
+V/kbZKKTVrdvmW7bCgScEeOAH8tjlBAKqeFkgjH5jCftppkA9nCTGPihNIaj3XrC
+GHn2emU1z5DrvTOTn1OrczvmmzQgLx3vqR1jGqCA2wMv+SYahtKNu6m+UjqHZ0gN
+v7Sg2Ca+I19zN38m5pIEo3/PIKe38zrKy5nLAgMBAAGjczBxMBEGCWCGSAGG+EIB
+AQQEAwIABzAfBgNVHSMEGDAWgBRl8jGtKvf33VKWCscCwQ7vptU7ETAPBgNVHRMB
+Af8EBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUZfIxrSr3991SlgrHAsEO
+76bVOxEwDQYJKoZIhvcNAQEFBQADggEBAEs17szkrr/Dbq2flTtLP1se31cpolnK
+OOK5Gv+e5m4y3R6u6jW39ZORTtpC4cMXYFDy0VwmuYK36m3knITnA3kXr5g9lNvH
+ugDnuL8BV8F3RTIMO/G0HAiw/VGgod2aHRM2mm23xzy54cXZF/qD1T0VoDy7Hgvi
+yJA/qIYM/PmLXoXLT1tLYhFHxUV8BS9BsZ4QaRuZluBVeftOhpm4lNqGOGqTo+fL
+buXf6iFViZx9fX+Y9QCJ7uOEwFyWtcVG6kbghVW2G8kS1sHNzYDzAgE8yGnLRUhj
+2JTQ7IUOO04RZfSCjKY9ri4ilAnIXOo8gV0WKgOXFlUJ24pBgp5mmxE=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT
+AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD
+QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP
+MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do
+0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ
+UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d
+RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ
+OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv
+JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C
+AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O
+BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ
+LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY
+MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ
+44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I
+Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw
+i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN
+9u6wWk5JRFRYX0KD
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVy
+c2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYD
+VQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1
+c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0DE81
+WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUG
+FF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdq
+XbboW0W63MOhBW9Wjo8QJqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxL
+se4YuU6W3Nx2/zu+z18DwPw76L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwb
+KNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8Fd
+IgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73
+y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRt
+hAAnZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgoc
+QIgfksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4
+Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAfBgNV
+HSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8EBAMCAYYwDQYJ
+KoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z
+dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQ
+L1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgr
+Fg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSo
+ag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpqA1Ihn0CoZ1Dy81of398j9tx4TuaY
+T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz
+GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m
+1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV
+OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH
+6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX
+QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE
+BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz
+dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL
+MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp
+cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y
+YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua
+kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL
+QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp
+6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG
+yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i
+QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ
+KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO
+tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu
+QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ
+Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u
+olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48
+x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
+HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs
+ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw
+MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6
+b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj
+aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp
+Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg
+nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1
+HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N
+Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN
+dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0
+HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G
+CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU
+sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3
+4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg
+8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K
+pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1
+mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID+zCCAuOgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBtzE/MD0GA1UEAww2VMOc
+UktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx
+c8SxMQswCQYDVQQGDAJUUjEPMA0GA1UEBwwGQU5LQVJBMVYwVAYDVQQKDE0oYykg
+MjAwNSBUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8
+dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjAeFw0wNTA1MTMxMDI3MTdaFw0xNTAz
+MjIxMDI3MTdaMIG3MT8wPQYDVQQDDDZUw5xSS1RSVVNUIEVsZWt0cm9uaWsgU2Vy
+dGlmaWthIEhpem1ldCBTYcSfbGF5xLFjxLFzxLExCzAJBgNVBAYMAlRSMQ8wDQYD
+VQQHDAZBTktBUkExVjBUBgNVBAoMTShjKSAyMDA1IFTDnFJLVFJVU1QgQmlsZ2kg
+xLBsZXRpxZ9pbSB2ZSBCaWxpxZ9pbSBHw7x2ZW5sacSfaSBIaXptZXRsZXJpIEEu
+xZ4uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylIF1mMD2Bxf3dJ7
+XfIMYGFbazt0K3gNfUW9InTojAPBxhEqPZW8qZSwu5GXyGl8hMW0kWxsE2qkVa2k
+heiVfrMArwDCBRj1cJ02i67L5BuBf5OI+2pVu32Fks66WJ/bMsW9Xe8iSi9BB35J
+YbOG7E6mQW6EvAPs9TscyB/C7qju6hJKjRTP8wrgUDn5CDX4EVmt5yLqS8oUBt5C
+urKZ8y1UiBAG6uEaPj1nH/vO+3yC6BFdSsG5FOpU2WabfIl9BJpiyelSPJ6c79L1
+JuTm5Rh8i27fbMx4W09ysstcP4wFjdFMjK2Sx+F4f2VsSQZQLJ4ywtdKxnWKWU51
+b0dewQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAV
+9VX/N5aAWSGk/KEVTCD21F/aAyT8z5Aa9CEKmu46sWrv7/hg0Uw2ZkUd82YCdAR7
+kjCo3gp2D++Vbr3JN+YaDayJSFvMgzbC9UZcWYJWtNX+I7TYVBxEq8Sn5RTOPEFh
+fEPmzcSBCYsk+1Ql1haolgxnB2+zUEfjHCQo3SqYpGH+2+oSN7wBGjSFvW5P55Fy
+B0SFHljKVETd96y5y4khctuPwGkplyqjrhgjlxxBKot8KsF8kOipKMDTkcatKIdA
+aLX/7KfS0zgYnNN9aV3wxqUeJBujR/xpB2jn5Jq07Q+hh4cCzofSSE7hvP/L8XKS
+RGQDJereW26fyfJOrN3H
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDYTCCAkmgAwIBAgIQCgEBAQAAAnwAAAAKAAAAAjANBgkqhkiG9w0BAQUFADA6
+MRkwFwYDVQQKExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0EgU2VjdXJp
+dHkgMjA0OCBWMzAeFw0wMTAyMjIyMDM5MjNaFw0yNjAyMjIyMDM5MjNaMDoxGTAX
+BgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAbBgNVBAsTFFJTQSBTZWN1cml0eSAy
+MDQ4IFYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt49VcdKA3Xtp
+eafwGFAyPGJn9gqVB93mG/Oe2dJBVGutn3y+Gc37RqtBaB4Y6lXIL5F4iSj7Jylg
+/9+PjDvJSZu1pJTOAeo+tWN7fyb9Gd3AIb2E0S1PRsNO3Ng3OTsor8udGuorryGl
+wSMiuLgbWhOHV4PR8CDn6E8jQrAApX2J6elhc5SYcSa8LWrg903w8bYqODGBDSnh
+AMFRD0xS+ARaqn1y07iHKrtjEAMqs6FPDVpeRrc9DvV07Jmf+T0kgYim3WBU6JU2
+PcYJk5qjEoAAVZkZR73QpXzDuvsf9/UP+Ky5tfQ3mBMY3oVbtwyCO4dvlTlYMNpu
+AWgXIszACwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAfBgNVHSMEGDAWgBQHw1EwpKrpRa41JPr/JCwz0LGdjDAdBgNVHQ4EFgQUB8NR
+MKSq6UWuNST6/yQsM9CxnYwwDQYJKoZIhvcNAQEFBQADggEBAF8+hnZuuDU8TjYc
+HnmYv/3VEhF5Ug7uMYm83X/50cYVIeiKAVQNOvtUudZj1LGqlk2iQk3UUx+LEN5/
+Zb5gEydxiKRz44Rj0aRV4VCT5hsOedBnvEbIvz8XDZXmxpBp3ue0L96VfdASPz0+
+f00/FGj1EVDVwfSQpQgdMWD/YIwjVAqv/qFuxdF6Kmh4zx6CCiC0H63lhbJqaHVO
+rSU3lIW+vaHU6rcMSzyd6BIA8F+sDeGscGNz9395nzIlQnQFgCi/vcEkllgVsRch
+6YlL2weIZ/QVrXA+L02FO8K32/6YaCOJ4XQP3vTFhGMpG8zLB8kApKnXwiJPZ9d3
+7CAFYd4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
+ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
+MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
+LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
+RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
+PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
+xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
+Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
+hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
+EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
+MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
+FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
+nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
+eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
+hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
+Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
+vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
++OkuE6N36B9K
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b
+N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t
+KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu
+kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm
+CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ
+Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu
+imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te
+2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe
+DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC
+/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p
+F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt
+TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMjIzM1oXDTE5MDYy
+NjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfD
+cnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs
+2Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqY
+JJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliE
+Zwgs3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJ
+n0WuPIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A
+PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x
+GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv
+b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV
+BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W
+YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa
+GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg
+Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J
+WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB
+rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp
++ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1
+ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i
+Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz
+PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og
+/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH
+oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI
+yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud
+EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2
+A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL
+MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT
+ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f
+BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn
+g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl
+fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K
+WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha
+B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc
+hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR
+TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD
+mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z
+ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y
+4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza
+8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIOSkcAAQAC5aBd1j8AUb8wDQYJKoZIhvcNAQEFBQAwdjEL
+MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNV
+BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExJTAjBgNVBAMTHFRDIFRydXN0
+Q2VudGVyIENsYXNzIDMgQ0EgSUkwHhcNMDYwMTEyMTQ0MTU3WhcNMjUxMjMxMjI1
+OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21i
+SDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQTElMCMGA1UEAxMc
+VEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALTgu1G7OVyLBMVMeRwjhjEQY0NVJz/GRcekPewJDRoeIMJW
+Ht4bNwcwIi9v8Qbxq63WyKthoy9DxLCyLfzDlml7forkzMA5EpBCYMnMNWju2l+Q
+Vl/NHE1bWEnrDgFPZPosPIlY2C8u4rBo6SI7dYnWRBpl8huXJh0obazovVkdKyT2
+1oQDZogkAHhg8fir/gKya/si+zXmFtGt9i4S5Po1auUZuV3bOx4a+9P/FRQI2Alq
+ukWdFHlgfa9Aigdzs5OW03Q0jTo3Kd5c7PXuLjHCINy+8U9/I1LZW+Jk2ZyqBwi1
+Rb3R0DHBq1SfqdLDYmAD8bs5SpJKPQq5ncWg/jcCAwEAAaOCATQwggEwMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTUovyfs8PYA9NX
+XAek0CSnwPIA1DCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy
+dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18zX2NhX0lJLmNybIaBn2xkYXA6
+Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUyMENsYXNz
+JTIwMyUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290
+Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u
+TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEANmDkcPcGIEPZIxpC8vijsrlN
+irTzwppVMXzEO2eatN9NDoqTSheLG43KieHPOh6sHfGcMrSOWXaiQYUlN6AT0PV8
+TtXqluJucsG7Kv5sbviRmEb8yRtXW+rIGjs/sFGYPAfaLFkB2otE6OF0/ado3VS6
+g0bsyEa1+K+XwDsJHI/OcpY9M1ZwvJbL2NV9IJqDnxrcOfHFcqMRA/07QlIp2+gB
+95tejNaNhk4Z+rwcvsUhpYeeeC422wlxo3I0+GzjBgnyXlal092Y+tTmBvTwtiBj
+S+opvaqCZh77gaqnN60TGOaSw4HBM7uIHqHn4rS9MWwOUT1v+5ZWgOI2F9Hc5A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
+R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
+9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
+fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
+iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
+1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
+MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
+ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
+uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
+Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
+tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
+PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
+hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
+5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFnDCCA4SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJGUjET
+MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxJjAk
+BgNVBAMMHUNlcnRpbm9taXMgLSBBdXRvcml0w6kgUmFjaW5lMB4XDTA4MDkxNzA4
+Mjg1OVoXDTI4MDkxNzA4Mjg1OVowYzELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNl
+cnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMSYwJAYDVQQDDB1DZXJ0
+aW5vbWlzIC0gQXV0b3JpdMOpIFJhY2luZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBAJ2Fn4bT46/HsmtuM+Cet0I0VZ35gb5j2CN2DpdUzZlMGvE5x4jY
+F1AMnmHawE5V3udauHpOd4cN5bjr+p5eex7Ezyh0x5P1FMYiKAT5kcOrJ3NqDi5N
+8y4oH3DfVS9O7cdxbwlyLu3VMpfQ8Vh30WC8Tl7bmoT2R2FFK/ZQpn9qcSdIhDWe
+rP5pqZ56XjUl+rSnSTV3lqc2W+HN3yNw2F1MpQiD8aYkOBOo7C+ooWfHpi2GR+6K
+/OybDnT0K0kCe5B1jPyZOQE51kqJ5Z52qz6WKDgmi92NjMD2AR5vpTESOH2VwnHu
+7XSu5DaiQ3XV8QCb4uTXzEIDS3h65X27uK4uIJPT5GHfceF2Z5c/tt9qc1pkIuVC
+28+BA5PY9OMQ4HL2AHCs8MF6DwV/zzRpRbWT5BnbUhYjBYkOjUjkJW+zeL9i9Qf6
+lSTClrLooyPCXQP8w9PlfMl1I9f09bze5N/NgL+RiH2nE7Q5uiy6vdFrzPOlKO1E
+nn1So2+WLhl+HPNbxxaOu2B9d2ZHVIIAEWBsMsGoOBvrbpgT1u449fCfDu/+MYHB
+0iSVL1N6aaLwD4ZFjliCK0wi1F6g530mJ0jfJUaNSih8hp75mxpZuWW/Bd22Ql09
+5gBIgl4g9xGC3srYn+Y3RyYe63j3YcNBZFgCQfna4NH4+ej9Uji29YnfAgMBAAGj
+WzBZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQN
+jLZh2kS40RR9w759XkjwzspqsDAXBgNVHSAEEDAOMAwGCiqBegFWAgIAAQEwDQYJ
+KoZIhvcNAQEFBQADggIBACQ+YAZ+He86PtvqrxyaLAEL9MW12Ukx9F1BjYkMTv9s
+ov3/4gbIOZ/xWqndIlgVqIrTseYyCYIDbNc/CMf4uboAbbnW/FIyXaR/pDGUu7ZM
+OH8oMDX/nyNTt7buFHAAQCvaR6s0fl6nVjBhK4tDrP22iCj1a7Y+YEq6QpA0Z43q
+619FVDsXrIvkxmUP7tCMXWY5zjKn2BCXwH40nJ+U8/aGH88bc62UeYdocMMzpXDn
+2NU4lG9jeeu/Cg4I58UvD0KgKxRA/yHgBcUn4YQRE7rWhh1BCxMjidPJC+iKunqj
+o3M3NYB9Ergzd0A4wPpeMNLytqOx1qKVl4GbUu1pTP+A5FPbVFsDbVRfsbjvJL1v
+nxHDx2TCDyhihWZeGnuyt++uNckZM6i4J9szVb9o4XVIRFb7zdNIu0eJOqxp9YDG
+5ERQL1TEqkPFMTFYvZbF6nVsmnWxTfj3l/+WFvKXTej28xH5On2KOG4Ey+HTRRWq
+pdEdnV1j6CTmNhTih60bWfVEm/vXd3wfAXBioSAaosUaKPQhA+4u2cGA6rnZgtZb
+dsLLO7XSAPCjDuGtbkD326C00EauFddEwk01+dIL8hf2rGbVJLJP0RyZwG71fet0
+BLj5TXcJ17TPBzAJ8bgAVtkXFhYKK4bfjwEZGuW7gmP/vgt2Fl43N+bYdJeimUV5
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB
+gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk
+MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY
+UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx
+NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3
+dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy
+dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6
+38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP
+KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q
+DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4
+qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa
+JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi
+PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P
+BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs
+jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0
+eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD
+ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR
+vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt
+qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa
+IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy
+i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ
+O+7ETPTsJ3xCwnR8gooJybQDJbw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
+YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
+MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
+GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
+BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
+3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
+YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
+rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
+ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
+oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
+MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
+QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
+b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
+AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
+GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
+Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
+G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
+l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
+smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1aWZheCBT
+ZWN1cmUgR2xvYmFsIGVCdXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0MDAwMFoXDTIw
+MDYyMTA0MDAwMFowWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0VxdWlmYXggU2Vj
+dXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJlIEdsb2JhbCBlQnVzaW5l
+c3MgQ0EtMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuucXkAJlsTRVPEnC
+UdXfp9E3j9HngXNBUmCbnaEXJnitx7HoJpQytd4zjTov2/KaelpzmKNc6fuKcxtc
+58O/gGzNqfTWK8D3+ZmqY6KxRwIP1ORROhI8bIpaVIRw28HFkM9yRcuoWcDNM50/
+o5brhTMhHD4ePmBudpxnhcXIw2ECAwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgAH
+MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1dr
+aGwwHQYDVR0OBBYEFL6ooHRyUGtEt8kj2Puo/7NXa2hsMA0GCSqGSIb3DQEBBAUA
+A4GBADDiAVGqx+pf2rnQZQ8w1j7aDRRJbpGTJxQx78T3LUX47Me/okENI7SS+RkA
+Z70Br83gcfxaz2TE4JaY0KNA4gGK7ycH8WUBikQtBmV1UsCGECAhX2xrD2yuCRyv
+8qIYNMR1pHMc8Y3c7635s3a0kr/clRAevsvIO1qEYBlWlKlV
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4
+pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0
+13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk
+U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i
+F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY
+oJ2daZH9
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJOTzEd
+MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3Mg
+Q2xhc3MgMiBDQSAxMB4XDTA2MTAxMzEwMjUwOVoXDTE2MTAxMzEwMjUwOVowSzEL
+MAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0wGwYD
+VQQDDBRCdXlwYXNzIENsYXNzIDIgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAIs8B0XY9t/mx8q6jUPFR42wWsE425KEHK8T1A9vNkYgxC7McXA0
+ojTTNy7Y3Tp3L8DrKehc0rWpkTSHIln+zNvnma+WwajHQN2lFYxuyHyXA8vmIPLX
+l18xoS830r7uvqmtqEyeIWZDO6i88wmjONVZJMHCR3axiFyCO7srpgTXjAePzdVB
+HfCuuCkslFJgNJQ72uA40Z0zPhX0kzLFANq1KWYOOngPIVJfAuWSeyXTkh4vFZ2B
+5J2O6O+JzhRMVB0cgRJNcKi+EAUXfh/RuFdV7c27UsKwHnjCTTZoy1YmwVLBvXb3
+WNVyfh9EdrsAiR0WnVE1703CVu9r4Iw7DekCAwEAAaNCMEAwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUP42aWYv8e3uco684sDntkHGA1sgwDgYDVR0PAQH/BAQD
+AgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAVGn4TirnoB6NLJzKyQJHyIdFkhb5jatLP
+gcIV1Xp+DCmsNx4cfHZSldq1fyOhKXdlyTKdqC5Wq2B2zha0jX94wNWZUYN/Xtm+
+DKhQ7SLHrQVMdvvt7h5HZPb3J31cKA9FxVxiXqaakZG3Uxcu3K1gnZZkOb1naLKu
+BctN518fV4bVIJwo+28TOPX2EZL2fZleHwzoq0QkKXJAPTZSr4xYkHPB7GEseaHs
+h7U/2k3ZIQAw3pDaDtMaSKk+hQsUi4y8QZ5q9w5wwDX3OaJdZtB7WZ+oRxKaJyOk
+LY4ng5IgodcVf/EuGO70SH8vf/GhGLWhC5SgYiAynB321O+/TIho
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr
+MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl
+cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv
+bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw
+CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h
+dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l
+cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h
+2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E
+lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV
+ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq
+299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t
+vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL
+dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF
+AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR
+zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3
+LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd
+7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw
+++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt
+398znM/jra6O1I7mT1GvFpLgXPYHDw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM
+MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD
+QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM
+MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD
+QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E
+jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo
+ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI
+ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu
+Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg
+AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7
+HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA
+uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa
+TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg
+xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q
+CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x
+O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs
+6GAqm4VKQPNriiTsBhYscw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID5TCCAs2gAwIBAgIEOeSXnjANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBGYXJnbyBD
+ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMgRmFyZ28gUm9v
+dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDAxMDExMTY0MTI4WhcNMjEwMTE0
+MTY0MTI4WjCBgjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSww
+KgYDVQQLEyNXZWxscyBGYXJnbyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0G
+A1UEAxMmV2VsbHMgRmFyZ28gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVqDM7Jvk0/82bfuUER84A4n13
+5zHCLielTWi5MbqNQ1mXx3Oqfz1cQJ4F5aHiidlMuD+b+Qy0yGIZLEWukR5zcUHE
+SxP9cMIlrCL1dQu3U+SlK93OvRw6esP3E48mVJwWa2uv+9iWsWCaSOAlIiR5NM4O
+JgALTqv9i86C1y8IcGjBqAr5dE8Hq6T54oN+J3N0Prj5OEL8pahbSCOz6+MlsoCu
+ltQKnMJ4msZoGK43YjdeUXWoWGPAUe5AeH6orxqg4bB4nVCMe+ez/I4jsNtlAHCE
+AQgAFG5Uhpq6zPk3EPbg3oQtnaSFN9OH4xXQwReQfhkhahKpdv0SAulPIV4XAgMB
+AAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wTAYDVR0gBEUwQzBBBgtghkgBhvt7hwcB
+CzAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LndlbGxzZmFyZ28uY29tL2NlcnRw
+b2xpY3kwDQYJKoZIhvcNAQEFBQADggEBANIn3ZwKdyu7IvICtUpKkfnRLb7kuxpo
+7w6kAOnu5+/u9vnldKTC2FJYxHT7zmu1Oyl5GFrvm+0fazbuSCUlFLZWohDo7qd/
+0D+j0MNdJu4HzMPBJCGHHt8qElNvQRbn7a6U+oxy+hNH8Dx+rn0ROhPs7fpvcmR7
+nX1/Jv16+yWt6j4pf0zjAFcysLPp7VMX2YuyFA4w6OXVE8Zkr8QA1dhYJPz1j+zx
+x32l2w8n0cbyQIjmH/ZhqPRCyLk306m+LFZ4wnKbWV01QIroTmMatukgalHizqSQ
+33ZwmVxwQ023tqcZZE6St8WRPH9IFmV7Fv3L/PvZ1dZPIWU7Sn9Ho/s=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
+b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
+cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c
+JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP
+mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+
+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4
+VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/
+AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB
+AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun
+pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC
+dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf
+fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm
+NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx
+H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB
+rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
+Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
+MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV
+BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa
+Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl
+LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u
+MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl
+ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm
+gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8
+YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf
+b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9
+9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S
+zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk
+OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV
+HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA
+2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW
+oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu
+t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c
+KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM
+m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu
+MdRAGmI0Nj81Aa6sY6A=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFTzCCBLigAwIBAgIBaDANBgkqhkiG9w0BAQQFADCBmzELMAkGA1UEBhMCSFUx
+ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0
+b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMTQwMgYDVQQD
+EytOZXRMb2NrIEV4cHJlc3N6IChDbGFzcyBDKSBUYW51c2l0dmFueWtpYWRvMB4X
+DTk5MDIyNTE0MDgxMVoXDTE5MDIyMDE0MDgxMVowgZsxCzAJBgNVBAYTAkhVMREw
+DwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9u
+c2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE0MDIGA1UEAxMr
+TmV0TG9jayBFeHByZXNzeiAoQ2xhc3MgQykgVGFudXNpdHZhbnlraWFkbzCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6+ywbGGKIyWvYCDj2Z/8kwvbXY2wobNA
+OoLO/XXgeDIDhlqGlZHtU/qdQPzm6N3ZW3oDvV3zOwzDUXmbrVWg6dADEK8KuhRC
+2VImESLH0iDMgqSaqf64gXadarfSNnU+sYYJ9m5tfk63euyucYT2BDMIJTLrdKwW
+RMbkQJMdf60CAwEAAaOCAp8wggKbMBIGA1UdEwEB/wQIMAYBAf8CAQQwDgYDVR0P
+AQH/BAQDAgAGMBEGCWCGSAGG+EIBAQQEAwIABzCCAmAGCWCGSAGG+EIBDQSCAlEW
+ggJNRklHWUVMRU0hIEV6ZW4gdGFudXNpdHZhbnkgYSBOZXRMb2NrIEtmdC4gQWx0
+YWxhbm9zIFN6b2xnYWx0YXRhc2kgRmVsdGV0ZWxlaWJlbiBsZWlydCBlbGphcmFz
+b2sgYWxhcGphbiBrZXN6dWx0LiBBIGhpdGVsZXNpdGVzIGZvbHlhbWF0YXQgYSBO
+ZXRMb2NrIEtmdC4gdGVybWVrZmVsZWxvc3NlZy1iaXp0b3NpdGFzYSB2ZWRpLiBB
+IGRpZ2l0YWxpcyBhbGFpcmFzIGVsZm9nYWRhc2FuYWsgZmVsdGV0ZWxlIGF6IGVs
+b2lydCBlbGxlbm9yemVzaSBlbGphcmFzIG1lZ3RldGVsZS4gQXogZWxqYXJhcyBs
+ZWlyYXNhIG1lZ3RhbGFsaGF0byBhIE5ldExvY2sgS2Z0LiBJbnRlcm5ldCBob25s
+YXBqYW4gYSBodHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIGNpbWVuIHZhZ3kg
+a2VyaGV0byBheiBlbGxlbm9yemVzQG5ldGxvY2submV0IGUtbWFpbCBjaW1lbi4g
+SU1QT1JUQU5UISBUaGUgaXNzdWFuY2UgYW5kIHRoZSB1c2Ugb2YgdGhpcyBjZXJ0
+aWZpY2F0ZSBpcyBzdWJqZWN0IHRvIHRoZSBOZXRMb2NrIENQUyBhdmFpbGFibGUg
+YXQgaHR0cHM6Ly93d3cubmV0bG9jay5uZXQvZG9jcyBvciBieSBlLW1haWwgYXQg
+Y3BzQG5ldGxvY2submV0LjANBgkqhkiG9w0BAQQFAAOBgQAQrX/XDDKACtiG8XmY
+ta3UzbM2xJZIwVzNmtkFLp++UOv0JhQQLdRmF/iewSf98e3ke0ugbLWrmldwpu2g
+pO0u9f38vf5NNwgMvOOWgyL1SRt/Syu0VMGAfJlOHdCM7tCs5ZL6dVb+ZKATj7i4
+Fp1hBWeAyNDYpQcCNJgEjTME1A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG
+EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3
+MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl
+cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR
+dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB
+pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM
+b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm
+aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz
+IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT
+lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz
+AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5
+VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG
+ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2
+BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG
+AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M
+U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh
+bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C
++C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC
+bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F
+uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2
+XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL
+MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
+ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln
+biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
+U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp
+U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg
+SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln
+biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm
+GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve
+fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ
+aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj
+aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW
+kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC
+4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga
+FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC
+TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz
+MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw
+IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR
+dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp
+li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D
+rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ
+WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug
+F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU
+xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC
+Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv
+dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw
+ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl
+IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh
+c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy
+ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh
+Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI
+KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T
+KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq
+y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p
+dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD
+VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL
+MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk
+fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8
+7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R
+cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y
+mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW
+xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK
+SnQ2+Q==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
+AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
+yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
+38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
+AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
+DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
+HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFSzCCBLSgAwIBAgIBaTANBgkqhkiG9w0BAQQFADCBmTELMAkGA1UEBhMCSFUx
+ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0
+b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMTIwMAYDVQQD
+EylOZXRMb2NrIFV6bGV0aSAoQ2xhc3MgQikgVGFudXNpdHZhbnlraWFkbzAeFw05
+OTAyMjUxNDEwMjJaFw0xOTAyMjAxNDEwMjJaMIGZMQswCQYDVQQGEwJIVTERMA8G
+A1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExvY2sgSGFsb3phdGJpenRvbnNh
+Z2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZhbnlraWFkb2sxMjAwBgNVBAMTKU5l
+dExvY2sgVXpsZXRpIChDbGFzcyBCKSBUYW51c2l0dmFueWtpYWRvMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQCx6gTsIKAjwo84YM/HRrPVG/77uZmeBNwcf4xK
+gZjupNTKihe5In+DCnVMm8Bp2GQ5o+2So/1bXHQawEfKOml2mrriRBf8TKPV/riX
+iK+IA4kfpPIEPsgHC+b5sy96YhQJRhTKZPWLgLViqNhr1nGTLbO/CVRY7QbrqHvc
+Q7GhaQIDAQABo4ICnzCCApswEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8E
+BAMCAAYwEQYJYIZIAYb4QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1G
+SUdZRUxFTSEgRXplbiB0YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFu
+b3MgU3pvbGdhbHRhdGFzaSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBh
+bGFwamFuIGtlc3p1bHQuIEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExv
+Y2sgS2Z0LiB0ZXJtZWtmZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEgZGln
+aXRhbGlzIGFsYWlyYXMgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXogZWxvaXJ0
+IGVsbGVub3J6ZXNpIGVsamFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJh
+c2EgbWVndGFsYWxoYXRvIGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGph
+biBhIGh0dHBzOi8vd3d3Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJo
+ZXRvIGF6IGVsbGVub3J6ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBP
+UlRBTlQhIFRoZSBpc3N1YW5jZSBhbmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmlj
+YXRlIGlzIHN1YmplY3QgdG8gdGhlIE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBo
+dHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNA
+bmV0bG9jay5uZXQuMA0GCSqGSIb3DQEBBAUAA4GBAATbrowXr/gOkDFOzT4JwG06
+sPgzTEdM43WIEJessDgVkcYplswhwG08pXTP2IKlOcNl40JwuyKQ433bNXbhoLXa
+n3BukxowOR0w2y7jfLKRstE3Kfq51hdcR0/jHTjrn9V7lagonhVK0dHQKwCXoOKS
+NitjrFgBazMpUIaD8QFI
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB
+gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
+BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw
+MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
+YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
+RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3
+UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI
+2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8
+Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp
++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+
+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O
+nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW
+/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g
+PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u
+QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY
+SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv
+IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/
+RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4
+zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
+BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB
+ZQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
+MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
+dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
+BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
+cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
+AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
+ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
+IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
+MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
+A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
+7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
+1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEAjCCAuqgAwIBAgIFORFFEJQwDQYJKoZIhvcNAQEFBQAwgYUxCzAJBgNVBAYT
+AkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQ
+TS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEOMAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG
+9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMB4XDTAyMTIxMzE0MjkyM1oXDTIw
+MTAxNzE0MjkyMlowgYUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAM
+BgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEO
+MAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2
+LmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh/R0GLFMzvABIaI
+s9z4iPf930Pfeo2aSVz2TqrMHLmh6yeJ8kbpO0px1R2OLc/mratjUMdUC24SyZA2
+xtgv2pGqaMVy/hcKshd+ebUyiHDKcMCWSo7kVc0dJ5S/znIq7Fz5cyD+vfcuiWe4
+u0dzEvfRNWk68gq5rv9GQkaiv6GFGvm/5P9JhfejcIYyHF2fYPepraX/z9E0+X1b
+F8bc1g4oa8Ld8fUzaJ1O/Id8NhLWo4DoQw1VYZTqZDdH6nfK0LJYBcNdfrGoRpAx
+Vs5wKpayMLh35nnAvSk7/ZR3TL0gzUEl4C7HG7vupARB0l2tEmqKm0f7yd1GQOGd
+PDPQtQIDAQABo3cwdTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBRjAVBgNV
+HSAEDjAMMAoGCCqBegF5AQEBMB0GA1UdDgQWBBSjBS8YYFDCiQrdKyFP/45OqDAx
+NjAfBgNVHSMEGDAWgBSjBS8YYFDCiQrdKyFP/45OqDAxNjANBgkqhkiG9w0BAQUF
+AAOCAQEABdwm2Pp3FURo/C9mOnTgXeQp/wYHE4RKq89toB9RlPhJy3Q2FLwV3duJ
+L92PoF189RLrn544pEfMs5bZvpwlqwN+Mw+VgQ39FuCIvjfwbF3QMZsyK10XZZOY
+YLxuj7GoPB7ZHPOpJkL5ZB3C55L29B5aqhlSXa/oovdgoPaN8In1buAKBQGVyYsg
+Crpa/JosPL3Dt8ldeCUFP1YUmwza+zpI/pdpXsoQhvdOlgQITeywvl3cO45Pwf2a
+NjSaTFR+FwNIlQgRHAdvhQh+XU3Endv7rs6y0bO4g2wdsrN58dhwmX7wEwLOXt1R
+0982gaEbeC9xs/FZTEYYKKuF0mBWWg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFs
+IENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMTkwMzA0MDUwMDAwWjBEMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg
+R2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvPE1A
+PRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6CsgncbzYEbYwbLVjDHZ3CB5JIG/NTL8
+Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96xPqfCfWbB9X5SJBri1WeR0IIQ13hL
+TytCOb1kLUCgsBDTOEhGiKEMuzozKmKY+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL
+5mkWRxHCJ1kDs6ZgwiFAVvqgx306E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7
+S4wMcoKK+xfNAGw6EzywhIdLFnopsk/bHdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe
+2HSPqht/XvT+RSIhAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FHE4NvICMVNHK266ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNHK266ZUap
+EBVYIAUJMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6td
+EPx7srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv
+/NgdRN3ggX+d6YvhZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywN
+A0ZF66D0f0hExghAzN4bcLUprbqLOzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0
+abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkCx1YAzUm5s2x7UwQa4qjJqhIF
+I8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqFH4z1Ir+rzoPz
+4iIprn2DQKi6bA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEPDCCAySgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvjE/MD0GA1UEAww2VMOc
+UktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx
+c8SxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMV0wWwYDVQQKDFRUw5xS
+S1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kg
+SGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtIDIwMDUwHhcNMDUxMTA3MTAwNzU3
+WhcNMTUwOTE2MTAwNzU3WjCBvjE/MD0GA1UEAww2VMOcUktUUlVTVCBFbGVrdHJv
+bmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGEwJU
+UjEPMA0GA1UEBwwGQW5rYXJhMV0wWwYDVQQKDFRUw5xSS1RSVVNUIEJpbGdpIMSw
+bGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWe
+LiAoYykgS2FzxLFtIDIwMDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCpNn7DkUNMwxmYCMjHWHtPFoylzkkBH3MOrHUTpvqeLCDe2JAOCtFp0if7qnef
+J1Il4std2NiDUBd9irWCPwSOtNXwSadktx4uXyCcUHVPr+G1QRT0mJKIx+XlZEdh
+R3n9wFHxwZnn3M5q+6+1ATDcRhzviuyV79z/rxAc653YsKpqhRgNF8k+v/Gb0AmJ
+Qv2gQrSdiVFVKc8bcLyEVK3BEx+Y9C52YItdP5qtygy/p1Zbj3e41Z55SZI/4PGX
+JHpsmxcPbe9TmJEr5A++WXkHeLuXlfSfadRYhwqp48y2WBmfJiGxxFmNskF1wK1p
+zpwACPI2/z7woQ8arBT9pmAPAgMBAAGjQzBBMB0GA1UdDgQWBBTZN7NOBf3Zz58S
+Fq62iS/rJTqIHDAPBgNVHQ8BAf8EBQMDBwYAMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQEFBQADggEBAHJglrfJ3NgpXiOFX7KzLXb7iNcX/nttRbj2hWyfIvwq
+ECLsqrkw9qtY1jkQMZkpAL2JZkH7dN6RwRgLn7Vhy506vvWolKMiVW4XSf/SKfE4
+Jl3vpao6+XF75tpYHdN0wgH6PmlYX63LaL4ULptswLbcoCb6dxriJNoaN+BnrdFz
+gw2lGh1uEpJ+hGIAF728JRhX8tepb1mIvDS3LoV4nZbcFMMsilKbloxSZj2GFotH
+uFEJjOp9zYhys2AzsfAKRO8P9Qk3iCQOLGsgOqL6EfJANZxEaGM7rDNvY7wsu/LS
+y3Z9fYjYHcgFHW68lKlmjHdxx/qR+i9Rnuk5UrbnBEI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB
+vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W
+ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
+Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX
+MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0
+IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y
+IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh
+bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF
+9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH
+H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H
+LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN
+/BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT
+rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw
+WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs
+exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud
+DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4
+sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+
+seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz
+4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+
+BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR
+lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3
+7M2CYfE45k+XmCpajQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE
+BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu
+IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow
+RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY
+U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv
+Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br
+YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF
+nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH
+6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt
+eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/
+c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ
+MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH
+HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf
+jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6
+5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB
+rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
+F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c
+wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0
+cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB
+AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp
+WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9
+xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ
+2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ
+IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8
+aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X
+em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR
+dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/
+OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+
+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy
+tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIOHaIAAQAC7LdggHiNtgYwDQYJKoZIhvcNAQEFBQAweTEL
+MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJDAiBgNV
+BAsTG1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQTEmMCQGA1UEAxMdVEMgVHJ1
+c3RDZW50ZXIgVW5pdmVyc2FsIENBIEkwHhcNMDYwMzIyMTU1NDI4WhcNMjUxMjMx
+MjI1OTU5WjB5MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIg
+R21iSDEkMCIGA1UECxMbVEMgVHJ1c3RDZW50ZXIgVW5pdmVyc2FsIENBMSYwJAYD
+VQQDEx1UQyBUcnVzdENlbnRlciBVbml2ZXJzYWwgQ0EgSTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKR3I5ZEr5D0MacQ9CaHnPM42Q9e3s9B6DGtxnSR
+JJZ4Hgmgm5qVSkr1YnwCqMqs+1oEdjneX/H5s7/zA1hV0qq34wQi0fiU2iIIAI3T
+fCZdzHd55yx4Oagmcw6iXSVphU9VDprvxrlE4Vc93x9UIuVvZaozhDrzznq+VZeu
+jRIPFDPiUHDDSYcTvFHe15gSWu86gzOSBnWLknwSaHtwag+1m7Z3W0hZneTvWq3z
+wZ7U10VOylY0Ibw+F1tvdwxIAUMpsN0/lm7mlaoMwCC2/T42J5zjXM9OgdwZu5GQ
+fezmlwQek8wiSdeXhrYTCjxDI3d+8NzmzSQfO4ObNDqDNOMCAwEAAaNjMGEwHwYD
+VR0jBBgwFoAUkqR1LKSevoFE63n8isWVpesQdXMwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFJKkdSyknr6BROt5/IrFlaXrEHVzMA0G
+CSqGSIb3DQEBBQUAA4IBAQAo0uCG1eb4e/CX3CJrO5UUVg8RMKWaTzqwOuAGy2X1
+7caXJ/4l8lfmXpWMPmRgFVp/Lw0BxbFg/UU1z/CyvwbZ71q+s2IhtNerNXxTPqYn
+8aEt2hojnczd7Dwtnic0XQ/CNnm8yUpiLe1r2X1BQ3y2qsrtYbE3ghUJGooWMNjs
+ydZHcnhLEEYUjl8Or+zHL6sQ17bxbuyGssLoDZJz3KL0Dzq/YSMQiZxIQG5wALPT
+ujdEWBF6AmqI8Dc08BnprNRlc/ZpjGSUOnmFKbAWKwyCPwacx/0QK54PLLae4xW/
+2TYcuiUaUj0a7CIMHOCkoj3w6DnPgcB77V0fb8XQC9eY
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEXjCCA0agAwIBAgIQRL4Mi1AAIbQR0ypoBqmtaTANBgkqhkiG9w0BAQUFADCB
+kzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xGzAZBgNVBAMTElVUTiAtIERBVEFDb3Jw
+IFNHQzAeFw05OTA2MjQxODU3MjFaFw0xOTA2MjQxOTA2MzBaMIGTMQswCQYDVQQG
+EwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYD
+VQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cu
+dXNlcnRydXN0LmNvbTEbMBkGA1UEAxMSVVROIC0gREFUQUNvcnAgU0dDMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+5YEKIrblXEjr8uRgnn4AgPLit6
+E5Qbvfa2gI5lBZMAHryv4g+OGQ0SR+ysraP6LnD43m77VkIVni5c7yPeIbkFdicZ
+D0/Ww5y0vpQZY/KmEQrrU0icvvIpOxboGqBMpsn0GFlowHDyUwDAXlCCpVZvNvlK
+4ESGoE1O1kduSUrLZ9emxAW5jh70/P/N5zbgnAVssjMiFdC04MwXwLLA9P4yPykq
+lXvY8qdOD1R8oQ2AswkDwf9c3V6aPryuvEeKaq5xyh+xKrhfQgUL7EYw0XILyulW
+bfXv33i+Ybqypa4ETLyorGkVl73v67SMvzX41MPRKA5cOp9wGDMgd8SirwIDAQAB
+o4GrMIGoMAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRT
+MtGzz3/64PGgXYVOktKeRR20TzA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3Js
+LnVzZXJ0cnVzdC5jb20vVVROLURBVEFDb3JwU0dDLmNybDAqBgNVHSUEIzAhBggr
+BgEFBQcDAQYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GCSqGSIb3DQEBBQUAA4IB
+AQAnNZcAiosovcYzMB4p/OL31ZjUQLtgyr+rFywJNn9Q+kHcrpY6CiM+iVnJowft
+Gzet/Hy+UUla3joKVAgWRcKZsYfNjGjgaQPpxE6YsjuMFrMOoAyYUJuTqXAJyCyj
+j98C5OBxOvG0I3KgqgHf35g+FFCgMSa9KOlaMCZ1+XtgHI3zzVAmbQQnmt/VDUVH
+KWss5nbZqSl9Mt3JNjy9rjXxEZ4du5A/EkdOjtd+D2JzHVImOBwYSf0wdJrE5SIv
+2MCN7ZF6TACPcn9d2t0bi0Vr591pl6jFVkwPDPafepE39peC4N1xaf92P2BNPM/3
+mfnGV/TJVTl4uix5yaaIK/QI
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc
+MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj
+IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB
+IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE
+RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl
+U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290
+IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU
+ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC
+QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr
+rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S
+NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc
+QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH
+txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP
+BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
+AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp
+tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa
+IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl
+6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+
+xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU
+Cm26OWMohpLzGITY+9HPBVZkVw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
+bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv
+b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
+cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds
+b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH
+iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS
+r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4
+04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r
+GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9
+3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P
+lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDczCCAlugAwIBAgIBBDANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJLUjEN
+MAsGA1UECgwES0lTQTEuMCwGA1UECwwlS29yZWEgQ2VydGlmaWNhdGlvbiBBdXRo
+b3JpdHkgQ2VudHJhbDEWMBQGA1UEAwwNS0lTQSBSb290Q0EgMTAeFw0wNTA4MjQw
+ODA1NDZaFw0yNTA4MjQwODA1NDZaMGQxCzAJBgNVBAYTAktSMQ0wCwYDVQQKDARL
+SVNBMS4wLAYDVQQLDCVLb3JlYSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBDZW50
+cmFsMRYwFAYDVQQDDA1LSVNBIFJvb3RDQSAxMIIBIDANBgkqhkiG9w0BAQEFAAOC
+AQ0AMIIBCAKCAQEAvATk+hM58DSWIGtsaLv623f/J/es7C/n/fB/bW+MKs0lCVsk
+9KFo/CjsySXirO3eyDOE9bClCTqnsUdIxcxPjHmc+QZXfd3uOPbPFLKc6tPAXXdi
+8EcNuRpAU1xkcK8IWsD3z3X5bI1kKB4g/rcbGdNaZoNy4rCbvdMlFQ0yb2Q3lIVG
+yHK+d9VuHygvx2nt54OJM1jT3qC/QOhDUO7cTWu8peqmyGGO9cNkrwYV3CmLP3WM
+vHFE2/yttRcdbYmDz8Yzvb9Fov4Kn6MRXw+5H5wawkbMnChmn3AmPC7fqoD+jMUE
+CSVPzZNHPDfqAmeS/vwiJFys0izgXAEzisEZ2wIBA6MyMDAwHQYDVR0OBBYEFL+2
+J9gDWnZlTGEBQVYx5Yt7OtnMMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF
+BQADggEBABOvUQveimpb5poKyLGQSk6hAp3MiNKrZr097LuxQpVqslxa/6FjZJap
+aBV/JV6K+KRzwYCKhQoOUugy50X4TmWAkZl0Q+VFnUkq8JSV3enhMNITbslOsXfl
+BM+tWh6UCVrXPAgcrnrpFDLBRa3SJkhyrKhB2vAhhzle3/xk/2F0KpzZm4tfwjeT
+2KM3LzuTa7IbB6d/CVDv0zq+IWuKkDsnSlFOa56ch534eJAx7REnxqhZvvwYC/uO
+fi5C4e3nCSG9uRPFVmf0JqZCQ5BEVLRxm3bkGhKsGigA35vB1fjbXKP4krG9tNT5
+UNkAAk/bg9ART6RCVmE6fhMy04Qfybo=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
+BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dpc3NTaWdu
+IFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYxMDI1MDgzNjAw
+WjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMSMwIQYDVQQD
+ExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZcZB/HL37PZ/pEQtZ2Y5Wu669y
+IIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeTIsBQnIJ71NUERFzLtMKfkr4k2Htn
+IuJpX+UFeNSH2XFwMyVTtIc7KZAoNppVRDBopIOXfw0enHb/FZ1glwCNioUD7IC+
+6ixuEFGSzH7VozPY1kneWCqv9hbrS3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5ob
+jM89o03Oy3z2u5yg+gnOI2Ky6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcw
+izSC+13gzJ2BbWLuCB4ELE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl
++zC8bBsQWJj3Gl/QKTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrY
+zt3oEBSa/m0jh26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaP
+pZjydomyExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtF
+KwH3HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW
+ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGePAgMB
+AAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
+BBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCvzAeHFUdvOMW0
+ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4wLAYIKwYBBQUHAgEW
+IGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUA
+A4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfFwUF1TglxeeVtlspLpYhg0DB0
+uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQXOHtYyvkv+8Bldo1bAbl93oI9ZLi+
+FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vlpqD4U99REJNi54Av4tHgvI42Rncz7Lj7
+jposiU0xEQ8mngS7twSNC/K5/FqdOxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/
+u0IdUt1O2BReEMYxB+9xJ/cbOQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8D
+YSjFyMsSoEJL+WuICI20MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1
+puEa+S1BaYEUtLS17Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXa
+icYwu+uPyyIIoK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbG
+DI8Zf0NebvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51x
+kcsymxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z
+Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC
+VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
+cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs
+IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz
+dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy
+NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu
+dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt
+dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0
+aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T
+RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN
+cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW
+wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1
+U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0
+jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP
+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN
+BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/
+jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ
+Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v
+1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R
+nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH
+VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFFzCCA/+gAwIBAgIBETANBgkqhkiG9w0BAQUFADCCASsxCzAJBgNVBAYTAlRS
+MRgwFgYDVQQHDA9HZWJ6ZSAtIEtvY2FlbGkxRzBFBgNVBAoMPlTDvHJraXllIEJp
+bGltc2VsIHZlIFRla25vbG9qaWsgQXJhxZ90xLFybWEgS3VydW11IC0gVMOcQsSw
+VEFLMUgwRgYDVQQLDD9VbHVzYWwgRWxla3Ryb25payB2ZSBLcmlwdG9sb2ppIEFy
+YcWfdMSxcm1hIEVuc3RpdMO8c8O8IC0gVUVLQUUxIzAhBgNVBAsMGkthbXUgU2Vy
+dGlmaWthc3lvbiBNZXJrZXppMUowSAYDVQQDDEFUw5xCxLBUQUsgVUVLQUUgS8O2
+ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSAtIFPDvHLDvG0gMzAe
+Fw0wNzA4MjQxMTM3MDdaFw0xNzA4MjExMTM3MDdaMIIBKzELMAkGA1UEBhMCVFIx
+GDAWBgNVBAcMD0dlYnplIC0gS29jYWVsaTFHMEUGA1UECgw+VMO8cmtpeWUgQmls
+aW1zZWwgdmUgVGVrbm9sb2ppayBBcmHFn3TEsXJtYSBLdXJ1bXUgLSBUw5xCxLBU
+QUsxSDBGBgNVBAsMP1VsdXNhbCBFbGVrdHJvbmlrIHZlIEtyaXB0b2xvamkgQXJh
+xZ90xLFybWEgRW5zdGl0w7xzw7wgLSBVRUtBRTEjMCEGA1UECwwaS2FtdSBTZXJ0
+aWZpa2FzeW9uIE1lcmtlemkxSjBIBgNVBAMMQVTDnELEsFRBSyBVRUtBRSBLw7Zr
+IFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIC0gU8O8csO8bSAzMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAim1L/xCIOsP2fpTo6iBkcK4h
+gb46ezzb8R1Sf1n68yJMlaCQvEhOEav7t7WNeoMojCZG2E6VQIdhn8WebYGHV2yK
+O7Rm6sxA/OOqbLLLAdsyv9Lrhc+hDVXDWzhXcLh1xnnRFDDtG1hba+818qEhTsXO
+fJlfbLm4IpNQp81McGq+agV/E5wrHur+R84EpW+sky58K5+eeROR6Oqeyjh1jmKw
+lZMq5d/pXpduIF9fhHpEORlAHLpVK/swsoHvhOPc7Jg4OQOFCKlUAwUp8MmPi+oL
+hmUZEdPpCSPeaJMDyTYcIW7OjGbxmTDY17PDHfiBLqi9ggtm/oLL4eAagsNAgQID
+AQABo0IwQDAdBgNVHQ4EFgQUvYiHyY/2pAoLquvF/pEjnatKijIwDgYDVR0PAQH/
+BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAB18+kmP
+NOm3JpIWmgV050vQbTlswyb2zrgxvMTfvCr4N5EY3ATIZJkrGG2AA1nJrvhY0D7t
+wyOfaTyGOBye79oneNGEN3GKPEs5z35FBtYt2IpNeBLWrcLTy9LQQfMmNkqblWwM
+7uXRQydmwYj3erMgbOqwaSvHIOgMA8RBBZniP+Rr+KCGgceExh/VS4ESshYhLBOh
+gLJeDEoTniDYYkCrkOpkSi+sDQESeUWoL4cZaMjihccwsnX5OD+ywJO0a+IDRM5n
+oN+J1q2MdqMTw5RhK2vZbMEHCiIHhWyFJEapvj+LeISCfiQMnf2BN+MlqO02TpUs
+yZyQ2uypQjyttgI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
+RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
+bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5
+IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3
+MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3
+LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp
+YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG
+A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq
+K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe
+sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX
+MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT
+XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/
+HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH
+4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub
+j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo
+U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf
+zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b
+u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+
+bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er
+fF6adulZkMV8gzURZVE=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO
+TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh
+dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oX
+DTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl
+ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv
+b3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ5291
+qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8Sp
+uOUfiUtnvWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPU
+Z5uW6M7XxgpT0GtJlvOjCwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvE
+pMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp
+5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/M
+UGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTN
+GmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy
+5V6548r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv
+6q012iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK
+eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6
+B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYDVR0TAQH/
+BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcCARYxaHR0cDov
+L3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqG
+SIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLyS
+CZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen
+5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897
+IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJK
+gnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL
++63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxL
+vJxxcypFURmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkm
+bEgeqmiSBeGCc1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvk
+N1trSt8sV4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FC
+Y7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z
+ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+KAQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln
+biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF
+MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT
+d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8
+76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+
+bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c
+6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE
+emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd
+MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt
+MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y
+MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y
+FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi
+aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM
+gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB
+qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7
+lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn
+8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov
+L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6
+45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO
+UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5
+O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC
+bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv
+GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a
+77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC
+hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3
+92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp
+Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w
+ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt
+Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
+IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
+MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
+FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
+bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
+H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
+uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
+mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
+a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
+E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
+WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
+VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
+Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
+cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
+IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
+AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
+YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
+6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
+Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
+c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
+mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
+RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
+VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
+DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
+ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
+VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
+mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
+IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
+mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
+XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
+dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
+jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
+BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
+DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
+9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
+jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
+Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
+ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
+R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCB
+ijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHly
+aWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl
+ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQSBDQTAeFw0w
+NTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYDVQQGEwJDSDEQMA4G
+A1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIwIAYD
+VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBX
+SVNlS2V5IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAy0+zAJs9Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxR
+VVuuk+g3/ytr6dTqvirdqFEr12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2
+w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsF
+mQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg
+4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t9
+4B3RLoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw
+EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOx
+SPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VFvbBsUfk2
+ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4+vg1YFkCExh8
+vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa
+hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZi
+Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ
+/L7fCg0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
+CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
+nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
+43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
+T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
+gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
+BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
+TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
+DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
+hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
+06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
+PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
+YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG
+A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh
+bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE
+ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS
+b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5
+7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS
+J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y
+HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP
+t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz
+FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY
+XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
+MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw
+hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js
+MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA
+A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj
+Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx
+XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o
+omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc
+A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW
+WL1WMRJOEcgh4LMRkWXbtKaIOM5V
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
+MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
+Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9
+MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
+U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
+cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk
+pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf
+OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C
+Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT
+Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi
+HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM
+Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w
++2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+
+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3
+Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B
+26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID
+AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE
+FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j
+ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js
+LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM
+BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0
+Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy
+dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh
+cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh
+YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg
+dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp
+bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ
+YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT
+TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ
+9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8
+jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW
+FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz
+ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1
+ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L
+EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu
+L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq
+yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC
+O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V
+um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh
+NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
+bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyODA2
+MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
+ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC
+206B89enfHG8dWOgXeMHDEjsJcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFci
+KtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2
+JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9
+BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCAOVIyD+OEsnpD8l7e
+Xz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0gBe4lL8B
+PeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67
+Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEq
+Z8A9W6Wa6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZ
+o2C7HK2JNDJiuEMhBnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3
++L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGj
+YzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3OpaaEg5+31IqEj
+FNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNeeMA4GA1UdDwEB/wQE
+AwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7PmG2tZTiLMubekJcmn
+xPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIylvfEWK5t2
+LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc
+obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8
+CNyRnqjQ1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMe
+IjzCpjbdGe+n/BLzJsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMA
+DjMSW7yV5TKQqLPGbIOtd+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2F
+AjgQ5ANh1NolNscIWC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUX
+Om/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPb
+AZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQl
+Zvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uRuMRUvAaw
+RY8mkaKO/qk=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi
+MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu
+MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp
+dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV
+UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO
+ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz
+c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP
+OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl
+mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF
+BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4
+qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw
+gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB
+BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu
+bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp
+dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8
+6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/
+h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH
+/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv
+wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN
+pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIOLmoAAQACH9dSISwRXDswDQYJKoZIhvcNAQEFBQAwdjEL
+MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNV
+BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDIgQ0ExJTAjBgNVBAMTHFRDIFRydXN0
+Q2VudGVyIENsYXNzIDIgQ0EgSUkwHhcNMDYwMTEyMTQzODQzWhcNMjUxMjMxMjI1
+OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21i
+SDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQTElMCMGA1UEAxMc
+VEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAKuAh5uO8MN8h9foJIIRszzdQ2Lu+MNF2ujhoF/RKrLqk2jf
+tMjWQ+nEdVl//OEd+DFwIxuInie5e/060smp6RQvkL4DUsFJzfb95AhmC1eKokKg
+uNV/aVyQMrKXDcpK3EY+AlWJU+MaWss2xgdW94zPEfRMuzBwBJWl9jmM/XOBCH2J
+XjIeIqkiRUuwZi4wzJ9l/fzLganx4Duvo4bRierERXlQXa7pIXSSTYtZgo+U4+lK
+8edJsBTj9WLL1XK9H7nSn6DNqPoByNkN39r8R52zyFTfSUrxIan+GE7uSNQZu+99
+5OKdy1u2bv/jzVrndIIFuoAlOMvkaZ6vQaoahPUCAwEAAaOCATQwggEwMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTjq1RMgKHbVkO3
+kUrL84J6E1wIqzCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy
+dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18yX2NhX0lJLmNybIaBn2xkYXA6
+Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUyMENsYXNz
+JTIwMiUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290
+Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u
+TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEAjNfffu4bgBCzg/XbEeprS6iS
+GNn3Bzn1LL4GdXpoUxUc6krtXvwjshOg0wn/9vYua0Fxec3ibf2uWWuFHbhOIprt
+ZjluS5TmVfwLG4t3wVMTZonZKNaL80VKY7f9ewthXbhtvsPcW3nS7Yblok2+XnR8
+au0WOB9/WIFaGusyiC2y8zl3gK9etmF1KdsjTYjKUCjLhdLTEKJZbtOTVAB6okaV
+hgWcqRmY5TFyDADiZ9lA4CQze28suVyrZZ0srHbqNZn1l7kPJOzHdiEoZa5X6AeI
+dUpWoNIFOqTmjZKILPPy4cHGYdtBxceb9w4aUUXCYWvcZCcXjFq32nQozZfkvQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL
+MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj
+KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2
+MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV
+BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw
+NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV
+BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
+MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL
+So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal
+tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG
+CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT
+qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz
+rD6ogRLQy7rQkgu2npaqBA+K
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh
+MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE
+YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3
+MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo
+ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg
+MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN
+ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA
+PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w
+wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi
+EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY
+avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+
+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE
+sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h
+/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5
+IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy
+OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P
+TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
+HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER
+dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf
+ReYNnyicsbkqWletNw+vHX/bvZ8=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD
+VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0
+IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3
+MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMTIENoYW1iZXJz
+IG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEyMjk1MFoXDTM4MDcz
+MTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBj
+dXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIw
+EAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp
+MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW9
+28sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJq
+VKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072Q
+DuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR
+5gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfL
+ZEFHcpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a
+Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18Tl
+UlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s
++12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5
+Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj
+ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAx
+hduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNV
+HQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1
++HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN
+YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29t
+L2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVy
+ZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAt
+IDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRV
+HSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20w
+DQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwW
+PJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF
+5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpGqOt1
+glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaH
+FoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2
+pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MD
+xvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG
+tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTq
+jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1De
+fhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg
+OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ
+d0jQ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4
+MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8
+RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT
+gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm
+KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd
+QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ
+XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw
+DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o
+LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU
+RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp
+jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK
+6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX
+mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs
+Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH
+WD9f
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx
+KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd
+BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl
+YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1
+OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy
+aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50
+ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN
+8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/
+RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4
+hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5
+ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM
+EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj
+QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1
+A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy
+WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ
+1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30
+6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT
+91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml
+e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p
+TpPDpFQUWw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID4TCCAsmgAwIBAgIOYyUAAQACFI0zFQLkbPQwDQYJKoZIhvcNAQEFBQAwezEL
+MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJDAiBgNV
+BAsTG1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQTEoMCYGA1UEAxMfVEMgVHJ1
+c3RDZW50ZXIgVW5pdmVyc2FsIENBIElJSTAeFw0wOTA5MDkwODE1MjdaFw0yOTEy
+MzEyMzU5NTlaMHsxCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRl
+ciBHbWJIMSQwIgYDVQQLExtUQyBUcnVzdENlbnRlciBVbml2ZXJzYWwgQ0ExKDAm
+BgNVBAMTH1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQSBJSUkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC2pxisLlxErALyBpXsq6DFJmzNEubkKLF
+5+cvAqBNLaT6hdqbJYUtQCggbergvbFIgyIpRJ9Og+41URNzdNW88jBmlFPAQDYv
+DIRlzg9uwliT6CwLOunBjvvya8o84pxOjuT5fdMnnxvVZ3iHLX8LR7PH6MlIfK8v
+zArZQe+f/prhsq75U7Xl6UafYOPfjdN/+5Z+s7Vy+EutCHnNaYlAJ/Uqwa1D7KRT
+yGG299J5KmcYdkhtWyUB0SbFt1dpIxVbYYqt8Bst2a9c8SaQaanVDED1M4BDj5yj
+dipFtK+/fz6HP3bFzSreIMUWWMv5G/UPyw0RUmS40nZid4PxWJ//AgMBAAGjYzBh
+MB8GA1UdIwQYMBaAFFbn4VslQ4Dg9ozhcbyO5YAvxEjiMA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRW5+FbJUOA4PaM4XG8juWAL8RI
+4jANBgkqhkiG9w0BAQUFAAOCAQEAg8ev6n9NCjw5sWi+e22JLumzCecYV42Fmhfz
+dkJQEw/HkG8zrcVJYCtsSVgZ1OK+t7+rSbyUyKu+KGwWaODIl0YgoGhnYIg5IFHY
+aAERzqf2EQf27OysGh+yZm5WZ2B6dF7AbZc2rrUNXWZzwCUyRdhKBgePxLcHsU0G
+DeGl6/R1yrqc0L2z0zIkTO5+4nYES0lT2PLpVDP85XEfPRRclkvxOvIAu2y0+pZV
+CIgJwcyRGSmwIC3/yzikQOEXvnlhgP8HA4ZMTnsGnxGGjYnuJ8Tb4rwZjgvDwxPH
+LQNjO9Po5KIqwoIIlBZU8O8fJ5AluA0OKBtHd0e9HKgl8ZS0Zg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/
+MQswCQYDVQQGEwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MB4XDTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1ow
+PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qNw8XR
+IePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1q
+gQdW8or5BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKy
+yhwOeYHWtXBiCAEuTk8O1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAts
+F/tnyMKtsc2AtJfcdgEWFelq16TheEfOhtX7MfP6Mb40qij7cEwdScevLJ1tZqa2
+jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wovJ5pGfaENda1UhhXcSTvx
+ls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7Q3hub/FC
+VGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHK
+YS1tB6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoH
+EgKXTiCQ8P8NHuJBO9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThN
+Xo+EHWbNxWCWtFJaBYmOlXqYwZE8lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1Ud
+DgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNVHRMEBTADAQH/MDkGBGcqBwAE
+MTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg209yewDL7MTqK
+UWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ
+TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyf
+qzvS/3WXy6TjZwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaK
+ZEk9GhiHkASfQlK3T8v+R0F2Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFE
+JPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlUD7gsL0u8qV1bYH+Mh6XgUmMqvtg7
+hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6QzDxARvBMB1uUO07+1
+EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+HbkZ6Mm
+nD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WX
+udpVBrkk7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44Vbnz
+ssQwmSNOXfJIoRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDe
+LMDDav7v3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAl
+pYYsfPQS
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAmKgAwIBAgIENvEbGTANBgkqhkiG9w0BAQUFADA2MQswCQYDVQQGEwJF
+UzENMAsGA1UEChMERk5NVDEYMBYGA1UECxMPRk5NVCBDbGFzZSAyIENBMB4XDTk5
+MDMxODE0NTYxOVoXDTE5MDMxODE1MjYxOVowNjELMAkGA1UEBhMCRVMxDTALBgNV
+BAoTBEZOTVQxGDAWBgNVBAsTD0ZOTVQgQ2xhc2UgMiBDQTCBnTANBgkqhkiG9w0B
+AQEFAAOBiwAwgYcCgYEAmD+tGTaTPT7+dkIU/TVv8fqtInpY40bQXcZa+WItjzFe
+/rQw/lB0rNadHeBixkndFBJ9cQusBsE/1waH4JCJ1uXjA7LyJ7GfM8iqazZKo8Q/
+eUGdiUYvKz5j1DhWkaodsQ1CdU3zh07jD03MtGy/YhOH6tCbjrbi/xn0lAnVlmEC
+AQOjggEUMIIBEDARBglghkgBhvhCAQEEBAMCAAcwWAYDVR0fBFEwTzBNoEugSaRH
+MEUxCzAJBgNVBAYTAkVTMQ0wCwYDVQQKEwRGTk1UMRgwFgYDVQQLEw9GTk1UIENs
+YXNlIDIgQ0ExDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5OTAzMTgxNDU2
+MTlagQ8yMDE5MDMxODE0NTYxOVowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFECa
+dkSXdAfErBTLHo1POkV8MNdhMB0GA1UdDgQWBBRAmnZEl3QHxKwUyx6NTzpFfDDX
+YTAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
+SIb3DQEBBQUAA4GBAGFMoHxZY1tm+O5lE85DgEe5sjXJyITHa3NgReSdN531jiW5
++aqqyuP4Q5wvoIkFsUUylCoeA41dpt7PV5Xa3yZgX8vflR64zgjY+IrJT6lodZPj
+LwVMZGACokIeb4ZoZVUO2ENv8pExPqNHPCgFr0W2nSJMJntLfVsV+RlG3whd
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBb
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3Qx
+ETAPBgNVBAsTCERTVCBBQ0VTMRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0w
+MzExMjAyMTE5NThaFw0xNzExMjAyMTE5NThaMFsxCzAJBgNVBAYTAlVTMSAwHgYD
+VQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UECxMIRFNUIEFDRVMx
+FzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPu
+ktKe1jzIDZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7
+gLFViYsx+tC3dr5BPTCapCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZH
+fAjIgrrep4c9oW24MFbCswKBXy314powGCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4a
+ahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPyMjwmR/onJALJfh1biEIT
+ajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rk
+c3QuY29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjto
+dHRwOi8vd3d3LnRydXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMt
+aW5kZXguaHRtbDAdBgNVHQ4EFgQUCXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZI
+hvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V25FYrnJmQ6AgwbN99Pe7lv7Uk
+QIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6tFr8hlxCBPeP/
+h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq
+nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpR
+rscL9yuwNwXsvFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf2
+9w4LTJxoeHtxMcfrHuBnQfO3oKfN5XozNmr6mis=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGBzCCBO+gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBsjELMAkGA1UEBhMCRVMx
+DzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMGTWFkcmlkMS8wLQYDVQQKEyZJUFMg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgcy5sLiBpcHNDQTEOMAwGA1UECxMFaXBz
+Q0ExHTAbBgNVBAMTFGlwc0NBIEdsb2JhbCBDQSBSb290MSEwHwYJKoZIhvcNAQkB
+FhJnbG9iYWwwMUBpcHNjYS5jb20wHhcNMDkwOTA3MTQzODQ0WhcNMjkxMjI1MTQz
+ODQ0WjCBsjELMAkGA1UEBhMCRVMxDzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMG
+TWFkcmlkMS8wLQYDVQQKEyZJUFMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgcy5s
+LiBpcHNDQTEOMAwGA1UECxMFaXBzQ0ExHTAbBgNVBAMTFGlwc0NBIEdsb2JhbCBD
+QSBSb290MSEwHwYJKoZIhvcNAQkBFhJnbG9iYWwwMUBpcHNjYS5jb20wggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn78yAMLCRJE+waPjDyi0VOFVYguI4
+Y7D3o5Jvg7iwXrCMrFSxd9BQ4JezkK2Ksx85K0VW96ri33yy7G9TL5rL0OZmy8kT
+6HLitM0xV4cStZPo+nLO6kfyjLSwY9cEALdkNjmX6JXxiPlxDQMnjGHPCIOWT4PF
+Tuhc+AZw8QKqHB6pyKp+513NjTwUb2fQG6kjSIshKDqKTOYRMfkhLrJnZsYpbpST
+z0CW/LA9v7K0k79WcbalQYewWLVZIyhJuJj5UB4tFSgLTKxJ0YSpm5rnclS3ONDb
+yf6pc9VtEM2Odev+l/2APPy02Ej0mUYLiBSkti7bTGD0IcFsgJUU1a/VAgMBAAGj
+ggIkMIICIDAdBgNVHQ4EFgQUFaaWgLEVSzHDwpz25xMLS/MYzYYwgd8GA1UdIwSB
+1zCB1IAUFaaWgLEVSzHDwpz25xMLS/MYzYahgbikgbUwgbIxCzAJBgNVBAYTAkVT
+MQ8wDQYDVQQIEwZNYWRyaWQxDzANBgNVBAcTBk1hZHJpZDEvMC0GA1UEChMmSVBT
+IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IHMubC4gaXBzQ0ExDjAMBgNVBAsTBWlw
+c0NBMR0wGwYDVQQDExRpcHNDQSBHbG9iYWwgQ0EgUm9vdDEhMB8GCSqGSIb3DQEJ
+ARYSZ2xvYmFsMDFAaXBzY2EuY29tggEAMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD
+AgEGMEcGA1UdJQRAMD4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsG
+AQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwoDBDAdBgNVHREEFjAUgRJnbG9iYWww
+MUBpcHNjYS5jb20wHQYDVR0SBBYwFIESZ2xvYmFsMDFAaXBzY2EuY29tMEEGA1Ud
+HwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmxnbG9iYWwwMS5pcHNjYS5jb20vY3JsL2Ny
+bGdsb2JhbDAxLmNybDA4BggrBgEFBQcBAQQsMCowKAYIKwYBBQUHMAGGHGh0dHA6
+Ly9jcmxnbG9iYWwwMS5pcHNjYS5jb20wDQYJKoZIhvcNAQEFBQADggEBABj0rv6A
+D47Bd2+iWkdInyNVoVNr+V2nMKUkvkMv+MHRV/k+LIAlzEapNvNJWx32fNdjs00+
+ePantAJ3+HkNPmrLGGC4/QCvDN1U41SPIj3zEG8RDbUeeo0nzAi4W8O4Gl8rp2A/
+ABz3D1xCZmSehxKAcIng+lcoDk4fEC/ZBYC2gC8cafD2tmU0BW/K2T741F03Mse4
+K8z/c5MAceAByKpDvanxzvqA+fFDEpGmZeVgB01HuisvBPZKhSmIZRDJslNinGyb
+YFwaG9OuxR1ymQb/BcyGJnO01FQF3R5rADu3iejjkQIgEuvv6f4KKSOBI6MA2nDM
+kl83I9AcezVcA3o=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw
+PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz
+cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9
+MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz
+IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ
+ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR
+VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL
+kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd
+EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas
+H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0
+HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud
+DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4
+QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu
+Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/
+AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8
+yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR
+FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA
+ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB
+kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7
+l7+ijrRU
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
+rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
+OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
+xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
+7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
+aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
+SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
+ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
+AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
+R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
+JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
+Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFGTCCBAGgAwIBAgIEPki9xDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJE
+SzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wMzAyMTEw
+ODM5MzBaFw0zNzAyMTEwOTA5MzBaMDExCzAJBgNVBAYTAkRLMQwwCgYDVQQKEwNU
+REMxFDASBgNVBAMTC1REQyBPQ0VTIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEArGL2YSCyz8DGhdfjeebM7fI5kqSXLmSjhFuHnEz9pPPEXyG9VhDr
+2y5h7JNp46PMvZnDBfwGuMo2HP6QjklMxFaaL1a8z3sM8W9Hpg1DTeLpHTk0zY0s
+2RKY+ePhwUp8hjjEqcRhiNJerxomTdXkoCJHhNlktxmW/OwZ5LKXJk5KTMuPJItU
+GBxIYXvViGjaXbXqzRowwYCDdlCqT9HU3Tjw7xb04QxQBr/q+3pJoSgrHPb8FTKj
+dGqPqcNiKXEx5TukYBdedObaE+3pHx8b0bJoc8YQNHVGEBDjkAB2QMuLt0MJIf+r
+TpPGWOmlgtt3xDqZsXKVSQTwtyv6e1mO3QIDAQABo4ICNzCCAjMwDwYDVR0TAQH/
+BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgewGA1UdIASB5DCB4TCB3gYIKoFQgSkB
+AQEwgdEwLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuY2VydGlmaWthdC5kay9yZXBv
+c2l0b3J5MIGdBggrBgEFBQcCAjCBkDAKFgNUREMwAwIBARqBgUNlcnRpZmlrYXRl
+ciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMi4yMDguMTY5LjEu
+MS4xLiBDZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIg
+T0lEIDEuMi4yMDguMTY5LjEuMS4xLjARBglghkgBhvhCAQEEBAMCAAcwgYEGA1Ud
+HwR6MHgwSKBGoESkQjBAMQswCQYDVQQGEwJESzEMMAoGA1UEChMDVERDMRQwEgYD
+VQQDEwtUREMgT0NFUyBDQTENMAsGA1UEAxMEQ1JMMTAsoCqgKIYmaHR0cDovL2Ny
+bC5vY2VzLmNlcnRpZmlrYXQuZGsvb2Nlcy5jcmwwKwYDVR0QBCQwIoAPMjAwMzAy
+MTEwODM5MzBagQ8yMDM3MDIxMTA5MDkzMFowHwYDVR0jBBgwFoAUYLWF7FZkfhIZ
+J2cdUBVLc647+RIwHQYDVR0OBBYEFGC1hexWZH4SGSdnHVAVS3OuO/kSMB0GCSqG
+SIb2fQdBAAQQMA4bCFY2LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEACrom
+JkbTc6gJ82sLMJn9iuFXehHTuJTXCRBuo7E4A9G28kNBKWKnctj7fAXmMXAnVBhO
+inxO5dHKjHiIzxvTkIvmI/gLDjNDfZziChmPyQE+dF10yYscA+UYyAFMP8uXBV2Y
+caaYb7Z8vTd/vuGTJW1v8AqtFxjhA7wHKcitJuj4YfD9IQl+mo6paH1IYnK9AOoB
+mbgGglGBTvH1tJFUuSN6AJqfXY3gPGS5GhKSKseCRHI53OI8xthV9RVOyAUO28bQ
+YqbsFbS1AoLbrIyigfCbmTH1ICCoiGEKB5+U/NDXG8wuF/MEJ3Zn61SD/aSQfgY9
+BKNDLdr8C2LqL19iUw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE5jCCA86gAwIBAgIEO45L/DANBgkqhkiG9w0BAQUFADBdMRgwFgYJKoZIhvcN
+AQkBFglwa2lAc2suZWUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZp
+dHNlZXJpbWlza2Vza3VzMRAwDgYDVQQDEwdKdXVyLVNLMB4XDTAxMDgzMDE0MjMw
+MVoXDTE2MDgyNjE0MjMwMVowXTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMQsw
+CQYDVQQGEwJFRTEiMCAGA1UEChMZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEQ
+MA4GA1UEAxMHSnV1ci1TSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AIFxNj4zB9bjMI0TfncyRsvPGbJgMUaXhvSYRqTCZUXP00B841oiqBB4M8yIsdOB
+SvZiF3tfTQou0M+LI+5PAk676w7KvRhj6IAcjeEcjT3g/1tf6mTll+g/mX8MCgkz
+ABpTpyHhOEvWgxutr2TC+Rx6jGZITWYfGAriPrsfB2WThbkasLnE+w0R9vXW+RvH
+LCu3GFH+4Hv2qEivbDtPL+/40UceJlfwUR0zlv/vWT3aTdEVNMfqPxZIe5EcgEMP
+PbgFPtGzlc3Yyg/CQ2fbt5PgIoIuvvVoKIO5wTtpeyDaTpxt4brNj3pssAki14sL
+2xzVWiZbDcDq5WDQn/413z8CAwEAAaOCAawwggGoMA8GA1UdEwEB/wQFMAMBAf8w
+ggEWBgNVHSAEggENMIIBCTCCAQUGCisGAQQBzh8BAQEwgfYwgdAGCCsGAQUFBwIC
+MIHDHoHAAFMAZQBlACAAcwBlAHIAdABpAGYAaQBrAGEAYQB0ACAAbwBuACAAdgDk
+AGwAagBhAHMAdABhAHQAdQBkACAAQQBTAC0AaQBzACAAUwBlAHIAdABpAGYAaQB0
+AHMAZQBlAHIAaQBtAGkAcwBrAGUAcwBrAHUAcwAgAGEAbABhAG0ALQBTAEsAIABz
+AGUAcgB0AGkAZgBpAGsAYQBhAHQAaQBkAGUAIABrAGkAbgBuAGkAdABhAG0AaQBz
+AGUAawBzMCEGCCsGAQUFBwIBFhVodHRwOi8vd3d3LnNrLmVlL2Nwcy8wKwYDVR0f
+BCQwIjAgoB6gHIYaaHR0cDovL3d3dy5zay5lZS9qdXVyL2NybC8wHQYDVR0OBBYE
+FASqekej5ImvGs8KQKcYP2/v6X2+MB8GA1UdIwQYMBaAFASqekej5ImvGs8KQKcY
+P2/v6X2+MA4GA1UdDwEB/wQEAwIB5jANBgkqhkiG9w0BAQUFAAOCAQEAe8EYlFOi
+CfP+JmeaUOTDBS8rNXiRTHyoERF5TElZrMj3hWVcRrs7EKACr81Ptcw2Kuxd/u+g
+kcm2k298gFTsxwhwDY77guwqYHhpNjbRxZyLabVAyJRld/JXIWY7zoVAtjNjGr95
+HvxcHdMdkxuLDF2FvZkwMhgJkVLpfKG6/2SSmuz+Ne6ML678IIbsSt4beDI3poHS
+na9aEhbKmVv8b20OxaAehsmR0FyYgl9jDIpaq9iVpszLita/ZEuOyoqysOkhMp6q
+qIWYNIE5ITuoOlIyPfZrN4YGWhWY3PARZv40ILcD9EEQfTmEeZZyY7aWAuVrua0Z
+TbvGRNs2yyqcjg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
+MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
+v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
+eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
+tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
+C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
+zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
+mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
+V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
+bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
+3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
+J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
+291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
+AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
+TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
+HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs
+ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5
+MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy
+ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy
+dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p
+OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2
+8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K
+Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe
+hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk
+6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw
+DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q
+AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI
+bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB
+ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z
+qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd
+iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn
+0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN
+sSi6
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIQRJmNPMADJ72cdpW56tustTANBgkqhkiG9w0BAQUFADB1
+MQswCQYDVQQGEwJUUjEoMCYGA1UEChMfRWxla3Ryb25payBCaWxnaSBHdXZlbmxp
+Z2kgQS5TLjE8MDoGA1UEAxMzZS1HdXZlbiBLb2sgRWxla3Ryb25payBTZXJ0aWZp
+a2EgSGl6bWV0IFNhZ2xheWljaXNpMB4XDTA3MDEwNDExMzI0OFoXDTE3MDEwNDEx
+MzI0OFowdTELMAkGA1UEBhMCVFIxKDAmBgNVBAoTH0VsZWt0cm9uaWsgQmlsZ2kg
+R3V2ZW5saWdpIEEuUy4xPDA6BgNVBAMTM2UtR3V2ZW4gS29rIEVsZWt0cm9uaWsg
+U2VydGlmaWthIEhpem1ldCBTYWdsYXlpY2lzaTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAMMSIJ6wXgBljU5Gu4Bc6SwGl9XzcslwuedLZYDBS75+PNdU
+MZTe1RK6UxYC6lhj71vY8+0qGqpxSKPcEC1fX+tcS5yWCEIlKBHMilpiAVDV6wlT
+L/jDj/6z/P2douNffb7tC+Bg62nsM+3YjfsSSYMAyYuXjDtzKjKzEve5TfL0TW3H
+5tYmNwjy2f1rXKPlSFxYvEK+A1qBuhw1DADT9SN+cTAIJjjcJRFHLfO6IxClv7wC
+90Nex/6wN1CZew+TzuZDLMN+DfIcQ2Zgy2ExR4ejT669VmxMvLz4Bcpk9Ok0oSy1
+c+HCPujIyTQlCFzz7abHlJ+tiEMl1+E5YP6sOVkCAwEAAaNCMEAwDgYDVR0PAQH/
+BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ/uRLOU1fqRTy7ZVZoE
+VtstxNulMA0GCSqGSIb3DQEBBQUAA4IBAQB/X7lTW2M9dTLn+sR0GstG30ZpHFLP
+qk/CaOv/gKlR6D1id4k9CnU58W5dF4dvaAXBlGzZXd/aslnLpRCKysw5zZ/rTt5S
+/wzw9JKp8mxTq5vSR6AfdPebmvEvFZ96ZDAYBzwqD2fK/A+JYZ1lpTzlvBNbCNvj
+/+27BrtqBrF6T2XGgv0enIu1De5Iu7i9qgi0+6N8y5/NkHZchpZ4Vwpm+Vganf2X
+KWDeEaaQHBkc7gGWIjQ0LpH5t8Qn0Xvmv/uARFoW5evg1Ao4vOSR49XrXMGs3xtq
+fJ7lddK2l4fbzIcrQzqECK+rPNv3PGYxhrCdU3nt+CPeQuMtgvEP5fqX
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEvTCCA6WgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCVVMx
+IDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxs
+cyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9v
+dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMjEzMTcwNzU0WhcNMjIxMjE0
+MDAwNzU0WjCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdl
+bGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQD
+DC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDub7S9eeKPCCGeOARBJe+r
+WxxTkqxtnt3CxC5FlAM1iGd0V+PfjLindo8796jE2yljDpFoNoqXjopxaAkH5OjU
+Dk/41itMpBb570OYj7OeUt9tkTmPOL13i0Nj67eT/DBMHAGTthP796EfvyXhdDcs
+HqRePGj4S78NuR4uNuip5Kf4D8uCdXw1LSLWwr8L87T8bJVhHlfXBIEyg1J55oNj
+z7fLY4sR4r1e6/aN7ZVyKLSsEmLpSjPmgzKuBXWVvYSV2ypcm44uDLiBK0HmOFaf
+SZtsdvqKXfcBeYF8wYNABf5x/Qw/zE5gCQ5lRxAvAcAFP4/4s0HvWkJ+We/Slwxl
+AgMBAAGjggE0MIIBMDAPBgNVHRMBAf8EBTADAQH/MDkGA1UdHwQyMDAwLqAsoCqG
+KGh0dHA6Ly9jcmwucGtpLndlbGxzZmFyZ28uY29tL3dzcHJjYS5jcmwwDgYDVR0P
+AQH/BAQDAgHGMB0GA1UdDgQWBBQmlRkQ2eihl5H/3BnZtQQ+0nMKajCBsgYDVR0j
+BIGqMIGngBQmlRkQ2eihl5H/3BnZtQQ+0nMKaqGBi6SBiDCBhTELMAkGA1UEBhMC
+VVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNX
+ZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMg
+Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQEwDQYJKoZIhvcNAQEFBQADggEB
+ALkVsUSRzCPIK0134/iaeycNzXK7mQDKfGYZUMbVmO2rvwNa5U3lHshPcZeG1eMd
+/ZDJPHV3V3p9+N701NX3leZ0bh08rnyd2wIDBSxxSyU+B+NemvVmFymIGjifz6pB
+A4SXa5M4esowRBskRDPQ5NHcKDj0E0M1NSljqHyita04pO2t/caaH/+Xc/77szWn
+k4bGdpEA5qxRFsQnMlzbc9qlk1eOPm01JghZ1edE13YgY+esE2fDbbFwRnzVlhE9
+iW9dqKHrjQrawx0zbKPqZxmamX9LPYNRKh3KL4YMon4QLSvUFpULB6ouFJJJtylv
+2G0xffX8oRAHh84vWdw+WNs=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAx
+KzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAc
+BgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0
+IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFow
+cDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEe
+MBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3Nv
+ZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR5
+7qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbB
+RucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55Er
+GOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgko
+IQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJc
+PMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw
+72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBN
+aWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEh
+MB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs
+30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4F
+kYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+
+Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH
+/YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdS
+VLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQc
+BOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qA=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB
+qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
+Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
+MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
+BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw
+NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j
+LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG
+A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
+IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs
+W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta
+3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk
+6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6
+Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J
+NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP
+r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU
+DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz
+YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
+xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2
+/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/
+LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7
+jVaMaA==
+-----END CERTIFICATE-----
--- /dev/null
+<ProfileRequest><Email>kw1004.noh@samsung.com</Email><GrantedPrivilege>Public</GrantedPrivilege><DeveloperType>Individual</DeveloperType><TestDeviceInfo><TestDevice>1.0#0Zd3wV89tRh0pO3+zumLUhBs+Nc=</TestDevice></TestDeviceInfo><Certificate>MIINqQIBAzCCDW8GCSqGSIb3DQEHAaCCDWAEgg1cMIINWDCCCA8GCSqGSIb3DQEHBqCCCAAwggf8AgEAMIIH9QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI7C/7s4O3pXYCAggAgIIHyKiGAr8a0n7ESvqhEdpbdzdC1Fm1LV5j6KZPq3vJDkaX5o0RiHZwa1fw4N/Xr8Kszd2c8otM5GqaA93kE4cye+mGBJaaxlTmeRytKaZscYgXtQGSwxwwrWE0Fsh7NaNpLg20TsKINL6m/yMPFfpJ42qN/mAfpqIjbi7VfVcYdH1sfg8OOyBWn5Bhv29a+AJG5YrVMMFOta8UKxmnpnWCWgmjMWZwCu9HfUHpvQYaa58jyWD2fuBco8jRM/WX1GMakDcoylm8g50ieXuh/GYLuA/T+1DCZEMO91YikPVaSqvx9XVU/j4lVMjLOb3l7c11LWBIQ79DoGDiOZfxnGOBNwA5ryiovOE5//L8bcuIQg7VfDjnpmfA2w09HAAeWy4YA05MmsMajub3I5WO+Aq+g1UUfzg7Ki9M350uKk80amd8z0CAeKwExzcoJ1tIxu/FeCzCzQbpRRq7OGzUMYwaoULGhUypQJFjLJtkvLPpaVyq185mL9FrJ2iyGS0Qnwo260KuzLvwPpMBBBIrhnkMNR15sxa8tExcFXaLhZNvJYBRt9Oon35ep5OJx06aeunkUhM2peCowEpP+N17SL+vbE0eDnmLGyCyOCtIqVVkOGVPjfUKWTd2N9RFFNl9YZmzXxfaUpSuKlY3jcwlDCZfUhyggmPf+kwYCU+w2Kd6l+ctZgzRzaMJshdHTT0MD5TgBTzDvAPeXbCZcYZXZzfcsXgqkX4N0MMntcyMkXH+qyeBlq7a4krktu8WODNYFJFuIW11JZzYpMaJXvzoD/00+rwpjkeiedsQMNUgMqmsp06LaE2KUQ3NDwGKFKQug977x+ocGssbIRdthLNEJOUDmFbJxMsMVjB9vt2Uyp2q5gmERxjN6RsoHNs/ORfOwEs2Wq68LPh0V+/h8l9KGp6NyKeEtYVJ3Gb8skmcuSw43PuYnRQl1TscVepywlSsJzg+e1Anb7SFFHWUECdTLrmdBhmgzv9izY7BjI72fgnH2aaq9RVbTjfVhIGQeSFlATF3Gh8usHUDVCbZw9aHUNddII1qHjYmQkzNT8BUG57gOenJSp/C5Dp8d1soICEd+OV/lVvgIw8wL4ErXd+yvcmGaqw4VuxZZnGxlBp9oyp7QemT3JXhtUKOGaob0WhKNbWppeDII/CfxsGS41xFWKwhB8sQN63KAARsSK9cfc4BBMGv73njAx1kLn6/h1MDfMP+ZCEiWBXKmhFBi2M28GIH9hSAnEz3Ci/41658eFkpGaiktsRHXzC1bGlpCYSroMjQPIO7RDLsd0u3YtQfPAWDc+BgfSP36gF+iXbFd0dQ8/f1PUEzlia16nCLvM8LbBiaAb4VOcxmqzdXP5BtOAS3ByI07khd4okuQ3iIo2myRGQI90Jzte1dvPp2T4V0gqrtrQcehEAUdqHpAHRsBBNQfg6YyMzU+4fbRaNF/Fthec9ajG4cCXY/DHC/uNR1QkIj7/sSrTiGx136hWoRsnJLNqdi4Wz/E3bDK2gDbyGg1fw4J0qraDV00CSMpdwZzRqS0u2wHPrh/qonGsBDl8E6EIh9QiQArMzLMbQocXvO2SsdKsJfBREbRoYHsZGhu3qP8iB6j4nbdxlVrgDIgQ1euMg0hfPhiPVGVjnd/6GZLVNfWyfZQJdlBQF3ScFbEoGcGEuZOgRUdTqKMyyK9CyBKQ7GvRYFFDgieA5OSHGz07SQxpboNh8P5MGQW58huSMuY3bAv5sNPOf3a8uYlQrZxcFe/5MNIzMHdcRY6wXmZo0Oyv8f3fADZbVT1qrOO6AFKZYTZqRfFNHkrGj8hgpSzRZvsU0lVYqeyE8p259lxORNpe0GCkVPFeeoUqMcPO95Cjoo+7UvvlDye/+ppJy7396Rt6zDr0+8nNpqOk9/9f/jlJTS5WNGYrA6kKuMtBEOppb5T+O7peI/AFD5b8bcN8OzQZxJPawNxpOHfmVAjV2rGZWXeqJVBigLcJo8Gf/dIn9YeceLNTIWppG80uCrjQZkjmEfDwEpIEmsEvl2BIBdLsOcM35eok+yka8Dnmt/p7zmprn3XOuXMbjJnkMBqpzjwLFaoOxaYXsCS1YL3NJegrLJ3CWT5LnlSW6l0471zoS5u+0bBJtZhsIs3AX46mtq3RoU/LyYoiIyt2Gv37HN6QvuMADws5PHb0M3+ynalbXu2nvgQh2KW8ZHKibtQQtz1JK6PFegPtTnvcuAP1yTZGOnqci90kResW06Pj+1RiRhXGs0YCeQKLISyjg6aI+diiq3YJ6PEmKXCBKSCzf3rZFb/1JsUJZ5w90nzKHEB1OTJ83VeaugaQxmhDy1LJlqSlOW9RezVzzu5kgO4tT9K7xD6GNKib9tcC72pE5QlOplR0Dcm7bon+VgjPR6ee8O9J4b6z6k2pO+rPqWNoiBTgAZziZ3xyBtS8qL7clHXZy2jSB/1qYQ+wAjceOOJAwYBmSyeK/GxKtw2ffpkU1Wssxtv+bZUG5/6xKgJGjd92w5OYyk1dfLCwJdebGxvAhNF6Uq+nElbTCCFusnMspX4yGjVwGmFKy5PB+mVrZqXPkVm/MsTnFSot1GIPJv3tqb2Q5K0/rW3WGYUrLil5hjvMZ33H2wjeSLWvDclQAXLEXx/wFokI8jGbS+7/txOeOvZC4hwdrC9DCCBUEGCSqGSIb3DQEHAaCCBTIEggUuMIIFKjCCBSYGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZIhvcNAQwBAzAOBAgdGOMuGC9cXgICCAAEggTIMczwTNA01Zwjl0CZHjcw9NDOYxY1Jx6OoU6xeIlmnaDo4ZO6GZz5pTEh/B+fDmsgq2y1xFgLqLHUTtBIbSvvHYmg+dlWehMl4iY9TBwgKUGx3N0oUCliGpeGpQ2QTjkEvtafqSROUyvrNakUdw9EK/PX3UVhiPYZQLabJGCnhbkfUYJunqnzOPv+HUt+aY1eaK0sHCz9ujJadmMAPr1PDOMsxUfP1Ftjb6CNZeDExg9x5y/E5bXwN4EpyW4xCpRpvAkMP279x4F/PoJVNdFrxxBTyEqT56/R55KjEGLhWPqpIDTLk1nMyKwxSSXj/n51AtjoRULOWSKs5it5u9ob96FZaehdcEN5w4Y/56YVlJVe9MawvPGZBITT40U4p3amQTH9l4cbbGhwg6QgGMiDCTYdbDGN+OBXNs/FIPGffsZXTt69BQ96BEvmy9+uCLYW/OurK8I/b+fuDPU9Gx4acbEdKbfn3q6pZy9wic3J2UHshd6OW3+iobHIXkC3lxonCrGBQsepzoVeWUgEJyrD+5sObnKIlKOtOytQIW+9RR4RLmKxQAzZa6e04wfN5oTJ+Oroes/jOR0tOERsQdre9+jid/7kC/8fGen5khHmyRe8k+5y8Srij1mRbRJSMML6qCQzWHCYvaKnUNLEOlWaW+iz/D2dBhLglSW3XBT2ufcRmJKalvRf8nR30DqAVKQFLiDyrCRbdu9KkR6SehH3NvMXsSENYhjLl/yT6x9lMuQdP+gGxpW7DbFdSrzRCk5kqzXb4lgB3kxcXKLbDcFuMGQFKpoqekGtHvq/bz47pvKvjtCKPG9guFkJrvOGDsRab4NBdNb+VTc3+JRU8V8S7gIuM703m/xiNBsoLq2139J4qpppaMzguvWVZtBRVlMxHKYrDMZdi03bNsJyNSO2SZIaWH+nlPLnYoXor6jz2Fk1tcrIzSl/Imx6jHIGGqxJ+oghqCj0IxdTTQbYK76kT+2OD/g7sAhruBaAuLN9De9ZRfip1sZXQH8kdE4BHrC9SM1Vq+aY5lxtHqy2btggcMahgj+KyyPCJ2Mm01hMF/XQgsvr/q5FaRwzTUb60IKvqPLQAPUJ0P/UDIffYlWuiIwJgIyHR6KIJUbGJFJHh2r/a943c0GNYr8Q/4t4U5KqtuIADH7u+4UIqy0065tD3e8XCi6fchAx60OIb8yKWAoAJcofsYep9/zr9nEtmmJcd2f8eB1pckGdnuU+otRQBBoaakw34FI/lLRAN+HMSWHqx3W130H5OavbF2h5fgbQ/wtHbj+8yR1Rm9fvMkF1KuQifLyw3Ce4Qb/CzspQ52exV84+VODa8Cp0bMmmNc+9JsnRhkronB+LO7OoOZv6sg7bDO/Rm4mFDbAZuj/f1KS1EGlnclIuy4HM+esPMcikjU1AE8q7jhyqd748QSApwcjbEq4jWPwPfNAM6+h9SthexZtJ4xdoaIxzp/ACSuHehpUXKjDAWj87BotN7DArgRY5iAi7b63qJRI7YU+WzXD0FH63rk7TAuNQv0r5CZixiB4uPoz7un4z4b3UQUHLPJS+hDv7LsTCrovB1eq70nyurE5/F/KExIw+FVac1zKZxZagPBn/99p4jIniGNXe5XVZ5Eb0VOQAMSUwIwYJKoZIhvcNAQkVMRYEFHstNEPTLI7pu80XZb1oO0dedR4IMDEwITAJBgUrDgMCGgUABBQO3X5iulPzik/FdojhU2ttYRM6VgQIHN5OGC76IwQCAggA</Certificate><Signature>FYkKzcQS1MU3HkFpZtJFhFTDaXwxGZr1evufhdb09Uteaxi/bDBsp4Z/Vcb6lCF/
+xDlJXYBXO9u6qg+PuhbBZGkVbRz74PxbL+r56UKU40EvzH7PNsLS9Wu/YgQfTGgq
+hYYNR+7Vy8GJxOHnRQzFtOU+BS7mX2kinDdi1kG/EXu/7mJ+zelkgh4WMSU08xto
+Odcl3Tex7LGy/aAZVgKpZzdNFJ9j2KSkO09MUQCiPZDXGWT9MVeWA1fPypPYPhgk
+7O8TADBtnoD2VWssjfPYP1xgOffXcnFCOH/P8mG8rIcK0E0J3sDp8UKzFzhvuQOi
+wuPsfu52P3XTwDLDtGO5Zg==
+</Signature></ProfileRequest>
\ No newline at end of file
/*
* certification service
*
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
#include <dirent.h>
#include <error.h>
#include <sys/stat.h>
-
-#include <openssl/x509.h>
+#include <sys/types.h>
+#include <fts.h>
+#include <unistd.h>
+#include <openssl/ssl.h>
+#include <openssl/ocsp.h>
#include "cert-service.h"
#include "cert-service-util.h"
int len;
} name_field;
-static char** __get_field_by_tag(unsigned char* str, int *tag_len, cert_svc_name_fld_data* fld)
+int _check_certificate_author(cert_svc_mem_buff* first, cert_svc_mem_buff* second);
+static unsigned char** __get_field_by_tag(unsigned char* str, int *tag_len, cert_svc_name_fld_data* fld)
{
const struct {
- char* name;
+ const char* name;
int len;
- char **field;
+ unsigned char **field;
} tags[] = {
{"C=", 2, &(fld->countryName)},
{"ST=", 3, &(fld->stateOrProvinceName)},
{"CN=", 3, &(fld->commonName)},
{"emailAddress=", 13, &(fld->emailAddress)}
};
- char **field = NULL;
+ unsigned char **field = NULL;
if (str[0] == '/') {
int i = sizeof(tags) / sizeof(tags[0]) - 1;
- while (i >= 0 && strncmp(str + 1, tags[i].name, tags[i].len)) {
+ while (i >= 0 && strncmp((const char*)(str + 1), (const char*)(tags[i].name), tags[i].len)) {
i--;
}
if (i >= 0) {
int parse_name_fld_data(unsigned char* str, cert_svc_name_fld_data* fld)
{
int ret = CERT_SVC_ERR_NO_ERROR;
- char **prev_field = NULL;
- int i = 0, l;
- memset(fld, 0, sizeof(fld));
+ unsigned char **prev_field = NULL;
+ int i = 0, l = 0;
+ if (fld == NULL) {
+ ret = CERT_SVC_ERR_INVALID_PARAMETER;
+ return ret;
+ }
+ memset(fld, 0, sizeof(cert_svc_name_fld_data));
while (str[i] != '\0') {
int tag_len;
- char **field = __get_field_by_tag(str + i, &tag_len, fld);
+ unsigned char **field = __get_field_by_tag(str + i, &tag_len, fld);
while (field == NULL && str[i] != '\0') {
i++;
field = __get_field_by_tag(str + i, &tag_len, fld);
}
if (prev_field != NULL) {
- *prev_field = strndup(str + l, i - l);
+ *prev_field = (unsigned char*)strndup((const char*)(str + l), i - l);
}
if (field != NULL) {
i += tag_len;
return ret;
}
-
int _parse_name_fld_data(unsigned char* str, cert_svc_name_fld_data* fld)
-//int parse_name_fld_data(unsigned char* str, cert_svc_name_fld_data* fld)
{
int ret = CERT_SVC_ERR_NO_ERROR;
int i = 0, j = 0, last = -1;
};
for(i = 0; i < 7; i++) {
- if((tmpAddr = strstr(str, tmpFld[i].unitName)) != NULL)
+ if((tmpAddr = strstr((const char*)str, (const char*)(tmpFld[i].unitName))) != NULL)
tmpFld[i].address = tmpAddr;
else
tmpFld[i].address = NULL;
for(j = i + 1; j < 7; j++) {
if(tmpFld[j].address != NULL) {
last = j;
- tmpFld[i].len = (int)(tmpFld[j].address) - (int)(tmpFld[i].address) - strlen(tmpFld[i].unitName);
+ tmpFld[i].len = (int)(tmpFld[j].address) - (int)(tmpFld[i].address) - strlen((const char*)(tmpFld[i].unitName));
break;
}
}
}
}
- tmpFld[last].len = strlen(str) - ((int)(tmpFld[last].address) - (int)str) - strlen(tmpFld[last].unitName);
+ tmpFld[last].len = strlen((const char*)str) - ((int)(tmpFld[last].address) - (int)str) - strlen((const char*)(tmpFld[last].unitName));
if(tmpFld[0].address != NULL) {
(*fld).countryName = (unsigned char*)malloc(sizeof(unsigned char) * (tmpFld[0].len + 1));
- memset((*fld).countryName, 0x00, (tmpFld[0].len + 1));
- memcpy((*fld).countryName, (tmpFld[0].address + strlen(tmpFld[0].unitName)), tmpFld[0].len);
+ if ((*fld).countryName != NULL)
+ {
+ memset((*fld).countryName, 0x00, (tmpFld[0].len + 1));
+ memcpy((*fld).countryName, (tmpFld[0].address + strlen((const char*)(tmpFld[0].unitName))), tmpFld[0].len);
+ }
}
else
(*fld).countryName = NULL;
if(tmpFld[1].address != NULL) {
(*fld).stateOrProvinceName = (unsigned char*)malloc(sizeof(unsigned char) * (tmpFld[1].len + 1));
- memset((*fld).stateOrProvinceName, 0x00, (tmpFld[1].len + 1));
- memcpy((*fld).stateOrProvinceName, (tmpFld[1].address + strlen(tmpFld[1].unitName)), tmpFld[1].len);
+ if ((*fld).stateOrProvinceName != NULL) {
+ memset((*fld).stateOrProvinceName, 0x00, (tmpFld[1].len + 1));
+ memcpy((*fld).stateOrProvinceName, (tmpFld[1].address + strlen((const char*)(tmpFld[1].unitName))), tmpFld[1].len);
+ }
}
else
(*fld).stateOrProvinceName = NULL;
if(tmpFld[2].address != NULL) {
(*fld).localityName = (unsigned char*)malloc(sizeof(unsigned char) * (tmpFld[2].len + 1));
- memset((*fld).localityName, 0x00, (tmpFld[2].len + 1));
- memcpy((*fld).localityName, (tmpFld[2].address + strlen(tmpFld[2].unitName)), tmpFld[2].len);
+ if ((*fld).localityName != NULL) {
+ memset((*fld).localityName, 0x00, (tmpFld[2].len + 1));
+ memcpy((*fld).localityName, (tmpFld[2].address + strlen((const char*)(tmpFld[2].unitName))), tmpFld[2].len);
+ }
}
else
(*fld).localityName = NULL;
if(tmpFld[3].address != NULL) {
(*fld).organizationName = (unsigned char*)malloc(sizeof(unsigned char) * (tmpFld[3].len + 1));
- memset((*fld).organizationName, 0x00, (tmpFld[3].len + 1));
- memcpy((*fld).organizationName, (tmpFld[3].address + strlen(tmpFld[3].unitName)), tmpFld[3].len);
+ if ((*fld).organizationName != NULL) {
+ memset((*fld).organizationName, 0x00, (tmpFld[3].len + 1));
+ memcpy((*fld).organizationName, (tmpFld[3].address + strlen((const char*)(tmpFld[3].unitName))), tmpFld[3].len);
+ }
}
else
(*fld).organizationName = NULL;
if(tmpFld[4].address != NULL) {
(*fld).organizationUnitName = (unsigned char*)malloc(sizeof(unsigned char) * (tmpFld[4].len + 1));
- memset((*fld).organizationUnitName, 0x00, (tmpFld[4].len + 1));
- memcpy((*fld).organizationUnitName, (tmpFld[4].address + strlen(tmpFld[4].unitName)), tmpFld[4].len);
+ if ((*fld).organizationUnitName != NULL) {
+ memset((*fld).organizationUnitName, 0x00, (tmpFld[4].len + 1));
+ memcpy((*fld).organizationUnitName, (tmpFld[4].address + strlen((const char*)(tmpFld[4].unitName))), tmpFld[4].len);
+ }
}
else
(*fld).organizationUnitName = NULL;
if(tmpFld[5].address != NULL) {
(*fld).commonName = (unsigned char*)malloc(sizeof(unsigned char) * (tmpFld[5].len + 1));
- memset((*fld).commonName, 0x00, (tmpFld[5].len + 1));
- memcpy((*fld).commonName, (tmpFld[5].address + strlen(tmpFld[5].unitName)), tmpFld[5].len);
+ if ((*fld).commonName != NULL) {
+ memset((*fld).commonName, 0x00, (tmpFld[5].len + 1));
+ memcpy((*fld).commonName, (tmpFld[5].address + strlen((const char*)(tmpFld[5].unitName))), tmpFld[5].len);
+ }
}
else
(*fld).commonName = NULL;
if(tmpFld[6].address != NULL) {
(*fld).emailAddress = (unsigned char*)malloc(sizeof(unsigned char) * (tmpFld[6].len + 1));
- memset((*fld).emailAddress, 0x00, (tmpFld[6].len + 1));
- memcpy((*fld).emailAddress, (tmpFld[6].address + strlen(tmpFld[6].unitName)), tmpFld[6].len);
+ if ((*fld).emailAddress != NULL) {
+ memset((*fld).emailAddress, 0x00, (tmpFld[6].len + 1));
+ memcpy((*fld).emailAddress, (tmpFld[6].address + strlen((const char*)(tmpFld[6].unitName))), tmpFld[6].len);
+ }
}
else
(*fld).emailAddress = NULL;
-err:
return ret;
}
cert_svc_cert_descriptor* tmp2 = NULL;
tmp1 = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor));
+ if (tmp1 == NULL) {
+ SLOGE("[ERR][%s] Fail to allocate certificate descriptor.\n", __func__);
+ return NULL;
+ }
+
memset(tmp1, 0x00, sizeof(cert_svc_cert_descriptor));
if(_extract_certificate_data(p->certificate, tmp1) != CERT_SVC_ERR_NO_ERROR) {
for(q = list; q != NULL; q = q->next) {
tmp2 = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor));
+ if (tmp2 == NULL) {
+ SLOGE("[ERR][%s] Fail to allocate certificate descriptor.\n", __func__);
+ goto err;
+ }
+
memset(tmp2, 0x00, sizeof(cert_svc_cert_descriptor));
-
+
_extract_certificate_data(q->certificate, tmp2);
- if(!strncmp(tmp2->info.subjectStr, tmp1->info.issuerStr, strlen(tmp1->info.issuerStr))) { // success
+ if(!strncmp((const char*)(tmp2->info.subjectStr), (const char*)(tmp1->info.issuerStr), strlen((const char*)(tmp1->info.issuerStr)))) { // success
release_certificate_data(tmp1);
release_certificate_data(tmp2);
return q;
if((*unsorted) == NULL) {
for(p = (*sorted); p->next != NULL; p = p->next) {
tmp1 = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor));
+ if(tmp1 == NULL) {
+ SLOGE("[ERR][%s] Fail to allocate certificate descriptor.\n", __func__);
+ return CERT_SVC_ERR_MEMORY_ALLOCATION;
+ }
memset(tmp1, 0x00, sizeof(cert_svc_cert_descriptor));
tmp2 = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor));
+ if(tmp2 == NULL) {
+ release_certificate_data(tmp1);
+ SLOGE("[ERR][%s] Fail to allocate certificate descriptor.\n", __func__);
+ return CERT_SVC_ERR_MEMORY_ALLOCATION;
+ }
memset(tmp2, 0x00, sizeof(cert_svc_cert_descriptor));
_extract_certificate_data(p->certificate, tmp1);
_extract_certificate_data(p->next->certificate, tmp2);
- if(strncmp(tmp1->info.issuerStr, tmp2->info.subjectStr, strlen(tmp2->info.subjectStr))) {
+ if(strncmp((const char*)(tmp1->info.issuerStr), (const char*)(tmp2->info.subjectStr), strlen((const char*)(tmp2->info.subjectStr)))) {
SLOGE("[ERR][%s] Certificate chain is broken.\n", __func__);
release_certificate_data(tmp1);
release_certificate_data(tmp2);
{
int ret = CERT_SVC_ERR_NO_ERROR;
cert_svc_cert_descriptor* certDesc = NULL;
+ int visibility = 0;
time_t t;
struct tm* tm;
+ unsigned char * certdata = NULL;
+ int certSize = 0;
+ unsigned char *fingerprint = NULL;
// get current time
t = time(NULL);
// get descriptor
certDesc = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor));
+ if(certDesc == NULL) {
+ SLOGE("[ERR][%s] Fail to allocate certificate descriptor.\n", __func__);
+ return CERT_SVC_ERR_MEMORY_ALLOCATION;
+ }
memset(certDesc, 0x00, sizeof(cert_svc_cert_descriptor));
if((ret = _extract_certificate_data(cert, certDesc)) != CERT_SVC_ERR_NO_ERROR) {
goto err;
}
- // compare with not before - MUST bigger than this
- if(compare_period(((int)certDesc->info.validPeriod.firstYear - 1900),
- ((int)certDesc->info.validPeriod.firstMonth - 1),
- (int)certDesc->info.validPeriod.firstDay,
- (int)certDesc->info.validPeriod.firstHour,
- (int)certDesc->info.validPeriod.firstMinute,
- (int)certDesc->info.validPeriod.firstSecond,
- tm) != 1) {
- SLOGE("[ERR][%s] Certificate is expired.\n", __func__);
- ret = CERT_SVC_ERR_IS_EXPIRED;
+ certdata = cert->data;
+ certSize = cert->size;
+
+ if(certdata == NULL || !certSize)
+ {
+ SLOGE("cert is or invalid!");
+ ret = CERT_SVC_ERR_INVALID_CERTIFICATE;
(*isExpired) = 1;
goto err;
}
- // compare with not after - MUST smaller than this
- if(compare_period(((int)certDesc->info.validPeriod.secondYear - 1900),
- ((int)certDesc->info.validPeriod.secondMonth - 1),
- (int)certDesc->info.validPeriod.secondDay,
- (int)certDesc->info.validPeriod.secondHour,
- (int)certDesc->info.validPeriod.secondMinute,
- (int)certDesc->info.validPeriod.secondSecond,
- tm) != -1) {
- SLOGE("[ERR][%s] Certificate is expired.\n", __func__);
- ret = CERT_SVC_ERR_IS_EXPIRED;
+ ret = get_certificate_fingerprint(certdata, certSize, &fingerprint);
+ if(ret != CERT_SVC_ERR_NO_ERROR)
+ {
+ SLOGE("Failed to get fingerprint data! %d", ret);
+ (*isExpired) = 1;
+ goto err;
+ }
+
+ ret = get_visibility_by_fingerprint(fingerprint, &visibility);
+ if(ret != CERT_SVC_ERR_NO_ERROR)
+ {
+ SLOGE("Failed to get visibility! %d", ret);
(*isExpired) = 1;
goto err;
}
- (*isExpired) = 0; // not expired
+ if(visibility == CERT_SVC_VISIBILITY_TEST || visibility == CERT_SVC_VISIBILITY_VERIFY)
+ {
+ // compare with not before - MUST bigger than this
+ if(compare_period(((int)certDesc->info.validPeriod.firstYear - 1900),
+ ((int)certDesc->info.validPeriod.firstMonth - 1),
+ (int)certDesc->info.validPeriod.firstDay,
+ (int)certDesc->info.validPeriod.firstHour,
+ (int)certDesc->info.validPeriod.firstMinute,
+ (int)certDesc->info.validPeriod.firstSecond,
+ tm) != 1) {
+ SLOGE("[ERR][%s] Certificate is expired.\n", __func__);
+ ret = CERT_SVC_ERR_IS_EXPIRED;
+ (*isExpired) = 1;
+ goto err;
+ }
+
+ // compare with not after - MUST smaller than this
+ if(compare_period(((int)certDesc->info.validPeriod.secondYear - 1900),
+ ((int)certDesc->info.validPeriod.secondMonth - 1),
+ (int)certDesc->info.validPeriod.secondDay,
+ (int)certDesc->info.validPeriod.secondHour,
+ (int)certDesc->info.validPeriod.secondMinute,
+ (int)certDesc->info.validPeriod.secondSecond,
+ tm) != -1) {
+ SLOGE("[ERR][%s] Certificate is expired.\n", __func__);
+ ret = CERT_SVC_ERR_IS_EXPIRED;
+ (*isExpired) = 1;
+ goto err;
+ }
+ }
+ else// ignore check cert time with local time (internal concept)
+ {
+ (*isExpired) = 0; // not expired
+ }
err:
release_certificate_data(certDesc);
{
char buf[256] = {0, };
struct verify_context* verify_context = (struct verify_context*)X509_STORE_CTX_get_app_data(store);
- verify_context->depth += 1;
+
+ if(verify_context != NULL) {
+ verify_context->depth += 1;
+ }
+
if(store->current_cert != NULL)
X509_NAME_oneline(X509_get_subject_name(store->current_cert), buf, 256);
else
strncpy(buf, "test", 4);
- SLOGD("[%s] Certificate %i: %s\n", __func__, verify_context->depth, buf);
+
+ if(verify_context != NULL) {
+ SLOGD("[%s] Certificate %i: %s\n", __func__, verify_context->depth, buf);
+ }
return ok;
}
deleted = current;
certdesc = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor));
+ if(certdesc == NULL) {
+ SLOGE("[ERR][%s] Fail to allocate certificate descriptor.\n", __func__);
+ return CERT_SVC_ERR_MEMORY_ALLOCATION;
+ }
memset(certdesc, 0x00, sizeof(cert_svc_cert_descriptor));
if((ret = _extract_certificate_data(current->certificate, certdesc)) != CERT_SVC_ERR_NO_ERROR) {
SLOGE("[ERR][%s] Fail to extract certificate data.\n", __func__);
goto err;
}
-
- if(!strncmp(certdesc->info.subjectStr, certdesc->info.issuerStr, strlen(certdesc->info.issuerStr))) { // self-signed
+
+ if(!strncmp((const char*)(certdesc->info.subjectStr), (const char*)(certdesc->info.issuerStr), strlen((const char*)(certdesc->info.issuerStr)))) { // self-signed
if(first_tag == 0) { // first cert is self-signed
start = start->next;
prev = start;
return ret;
}
-int _verify_certificate(cert_svc_mem_buff* certBuf, cert_svc_linked_list** certList, cert_svc_filename_list* rootPath, int* validity)
+int _verify_certificate(cert_svc_mem_buff* certBuf, cert_svc_linked_list** certList, cert_svc_filename_list* rootPath, int* validity){
+ int ca_cflag_check_false = 0;
+
+ return _verify_certificate_with_caflag(certBuf, certList, ca_cflag_check_false, rootPath, validity);
+}
+
+int _verify_certificate_with_caflag(cert_svc_mem_buff* certBuf, cert_svc_linked_list** certList, int checkCaFlag, cert_svc_filename_list* rootPath, int* validity)
{
int ret = CERT_SVC_ERR_NO_ERROR;
cert_svc_linked_list* sorted = NULL;
cert_svc_cert_descriptor* findRoot = NULL;
cert_svc_filename_list* fileNames = NULL;
cert_svc_mem_buff* CACert = NULL;
- int fileNum = 0;
int isCA = -1, isExpired = -1;
// variables for verification
int certNum = 0;
X509** interCert = NULL;
X509* targetCert = NULL;
STACK_OF(X509) *tchain, *uchain;
+ STACK_OF(X509) *resultChain;
+ X509* tmpCert = NULL;
+ int caFlagValidity;
OpenSSL_add_all_algorithms();
tchain = sk_X509_new_null();
uchain = sk_X509_new_null();
findRoot = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor));
+ if(findRoot == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory for certificate descriptor.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
+
memset(findRoot, 0x00, sizeof(cert_svc_cert_descriptor));
if((*certList) != NULL) {
ret = _extract_certificate_data(p->certificate, findRoot);
}
- else
+ else
ret = _extract_certificate_data(certBuf, findRoot);
if(ret != CERT_SVC_ERR_NO_ERROR) {
goto err;
}
- if((ret = _search_certificate(&fileNames, SUBJECT_STR, findRoot->info.issuerStr)) != CERT_SVC_ERR_NO_ERROR) {
+ if((ret = _search_certificate(&fileNames, SUBJECT_STR, (char*)findRoot->info.issuerStr)) != CERT_SVC_ERR_NO_ERROR) {
SLOGE("[ERR][%s] Fail to search root certificate\n", __func__);
goto err;
}
}
CACert = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff));
+ if(CACert == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory for ca cert.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
+
memset(CACert, 0x00, sizeof(cert_svc_mem_buff));
// use the first found CA cert - ignore other certificate(s). assume that there is JUST one CA cert
}
// store root certicate path into ctx
- strncpy(rootPath->filename, fileNames->filename, strlen(fileNames->filename));
+ strncpy(rootPath->filename, fileNames->filename, CERT_SVC_MAX_FILE_NAME_SIZE - 1);
+ rootPath->filename[CERT_SVC_MAX_FILE_NAME_SIZE - 1] = '\0';
/* check validity - is CA?, is expired? */
if((ret = is_CACert(CACert, &isCA)) != CERT_SVC_ERR_NO_ERROR) {
ret = CERT_SVC_ERR_INVALID_OPERATION;
goto err;
}
-
+
certContent = certBuf->data;
d2i_X509(&targetCert, &certContent, certBuf->size);
-
+
q = sorted; // first item is the certificate that user want to verify
-
+
// insert all certificate(s) into chain
if(q != NULL) { // has 2 or more certificates
certIndex = 0;
interCert = (X509**)malloc(sizeof(X509*) * certNum);
+ if(interCert == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory for interim certificate.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
+
memset(interCert, 0x00, (sizeof(X509*) * certNum));
while(1) {
certContent = q->certificate->data;
if(((*validity) = X509_verify_cert(storeCtx)) != 1) {
SLOGE("[ERR][%s] Fail to verify certificate chain, validity: [%d]\n", __func__, (*validity));
SLOGE("err str: [%s]\n", X509_verify_cert_error_string(X509_STORE_CTX_get_error(storeCtx)));
+ goto err;
+ }
+
+ if(checkCaFlag) { // check strictly
+ resultChain = X509_STORE_CTX_get1_chain(storeCtx);
+ while((tmpCert = sk_X509_pop(resultChain))) {
+ caFlagValidity = X509_check_ca(tmpCert);
+ if(caFlagValidity != 1 && (tmpCert = sk_X509_pop(resultChain)) != NULL) { // the last one is not a CA.
+ (*validity) = 0;
+ SLOGE("[ERR][%s] Invalid CA Flag for CA Certificate, validity: [%d]\n", __func__, (*validity));
+ break;
+ }
+ }
}
err:
ret = CERT_SVC_ERR_INVALID_CERTIFICATE;
goto err;
}
-
+
/* load signature and decode */
- sigLen = strlen(signature);
+ sigLen = strlen((const char*)signature);
decodedSigLen = ((sigLen / 4) * 3) + 1;
if(!(decodedSig = (unsigned char*)malloc(sizeof(unsigned char) * decodedSigLen))) {
goto err;
}
memset(decodedSig, 0x00, decodedSigLen);
- if((ret = cert_svc_util_base64_decode(signature, sigLen, decodedSig, &decodedSigLen)) != CERT_SVC_ERR_NO_ERROR) {
+ if((ret = cert_svc_util_base64_decode((char*)signature, sigLen, (char*)decodedSig, &decodedSigLen)) != CERT_SVC_ERR_NO_ERROR) {
SLOGE("[ERR][%s] Fail to base64 decode.\n", __func__);
ret = CERT_SVC_ERR_INVALID_OPERATION;
goto err;
pkey = X509_get_pubkey(x);
/* make EVP_MD_CTX */
- mdctx = EVP_MD_CTX_create();
+ if(!(mdctx = EVP_MD_CTX_create())) {
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
+
if(algo == NULL) { // if hash algorithm is not defined,
if(!(md = EVP_get_digestbyobj(x->cert_info->signature->algorithm))) { // get hash algorithm
SLOGE("[ERR][%s] Fail to get hash algorithm.\n", __func__);
unsigned char* pubkeyTmp = NULL;
int pkeyLen = 0;
EVP_PKEY* evp = NULL;
- // get issuerUID, subjectUID
- unsigned char* issuerUid = NULL;
- unsigned char* subjectUid = NULL;
int issuerUidLen = 0, subjectUidLen = 0;
// get extension values
X509_EXTENSION* ext = NULL;
/* get type */
strncpy(certDesc->type, cert->type, 3);
+ certDesc->type[3] = '\0';
/* get version and serial number */
certDesc->info.version = get_ASN1_INTEGER(x->cert_info->version) + 1; // default is 0 --> version 1
certDesc->info.serialNumber = get_ASN1_INTEGER(x->cert_info->serialNumber);
/* get signature algorithm */
signatureAlgo = (char*)get_ASN1_OBJECT(x->cert_info->signature->algorithm);
- sigLen = strlen((char*)signatureAlgo);
+ if(signatureAlgo == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
+ sigLen = strlen((const char*)signatureAlgo);
certDesc->info.sigAlgo = (unsigned char*)malloc(sizeof(unsigned char) * (sigLen + 1));
+ if(certDesc->info.sigAlgo == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
memset(certDesc->info.sigAlgo, 0x00, (sigLen + 1));
memcpy(certDesc->info.sigAlgo, signatureAlgo, sigLen);
/* get issuer */
tmpIssuerStr = (unsigned char*)get_X509_NAME(x->cert_info->issuer);
- issuerStrLen = strlen(tmpIssuerStr);
+ issuerStrLen = strlen((const char*)tmpIssuerStr);
certDesc->info.issuerStr = (unsigned char*)malloc(sizeof(unsigned char) * (issuerStrLen + 1));
+ if(certDesc->info.issuerStr == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
memset(certDesc->info.issuerStr, 0x00, (issuerStrLen + 1));
memcpy(certDesc->info.issuerStr, tmpIssuerStr, issuerStrLen);
goto err;
}
/* get subject */
- tmpSubjectStr = get_X509_NAME(x->cert_info->subject);
- subjectStrLen = strlen(tmpSubjectStr);
+ tmpSubjectStr = (unsigned char*)get_X509_NAME(x->cert_info->subject);
+ subjectStrLen = strlen((const char*)tmpSubjectStr);
certDesc->info.subjectStr = (unsigned char*)malloc(sizeof(unsigned char) * (subjectStrLen + 1));
+ if(certDesc->info.subjectStr == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
memset(certDesc->info.subjectStr, 0x00, (subjectStrLen + 1));
memcpy(certDesc->info.subjectStr, tmpSubjectStr, subjectStrLen);
}
/* get public key algorithm */
publicKeyAlgo = (char*)get_ASN1_OBJECT(x->cert_info->key->algor->algorithm);
- publicKeyAlgoLen = strlen(publicKeyAlgo);
+ if(publicKeyAlgo == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
+
+ publicKeyAlgoLen = strlen((const char*)publicKeyAlgo);
certDesc->info.pubKeyAlgo = (unsigned char*)malloc(sizeof(unsigned char) * (publicKeyAlgoLen + 1));
+ if(certDesc->info.pubKeyAlgo == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
memset(certDesc->info.pubKeyAlgo, 0x00, (publicKeyAlgoLen + 1));
- memcpy(certDesc->info.pubKeyAlgo, publicKeyAlgo, publicKeyAlgoLen);
+ memcpy(certDesc->info.pubKeyAlgo, publicKeyAlgo, publicKeyAlgoLen);
/* get public key */
if((evp = X509_get_pubkey(x)) == NULL) {
SLOGE("[ERR][%s] Public key is null.\n", __func__);
}
pkeyLen = i2d_PublicKey(x->cert_info->key->pkey, NULL);
certDesc->info.pubKey = (unsigned char*)malloc(sizeof(unsigned char) * (pkeyLen + 1));
+ if(certDesc->info.pubKey == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
pubkeyTmp = certDesc->info.pubKey;
i2d_PublicKey(x->cert_info->key->pkey, &pubkeyTmp);
certDesc->info.pubKeyLen = pkeyLen;
if(x->cert_info->issuerUID != NULL) {
issuerUidLen = x->cert_info->issuerUID->length;
certDesc->info.issuerUID = (unsigned char*)malloc(sizeof(unsigned char) * (issuerUidLen + 1));
+ if(certDesc->info.issuerUID == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
memset(certDesc->info.issuerUID, 0x00, (issuerUidLen + 1));
memcpy(certDesc->info.issuerUID, x->cert_info->issuerUID->data, issuerUidLen);
}
- else
+ else
certDesc->info.issuerUID = NULL;
/* get subject UID */
if(x->cert_info->subjectUID != NULL) {
subjectUidLen = x->cert_info->subjectUID->length;
certDesc->info.subjectUID = (unsigned char*)malloc(sizeof(unsigned char) * (subjectUidLen + 1));
+ if(certDesc->info.subjectUID == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
memset(certDesc->info.subjectUID, 0x00, (subjectUidLen + 1));
memcpy(certDesc->info.subjectUID, x->cert_info->subjectUID->data, subjectUidLen);
}
- else
+ else
certDesc->info.subjectUID = NULL;
/* get extension fields */
if(x->cert_info->extensions != NULL) {
// certDesc->ext.numOfFields = x->cert_info->extensions->num;
certDesc->ext.numOfFields = sk_X509_EXTENSION_num(x->cert_info->extensions);
certDesc->ext.fields = (cert_svc_cert_fld_desc*)malloc(sizeof(cert_svc_cert_fld_desc) * certDesc->ext.numOfFields);
+ if(certDesc->ext.fields == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
- for(i = 0; i < certDesc->ext.numOfFields; i++) {
+ for(i = 0; i < (int)certDesc->ext.numOfFields; i++) {
ext = sk_X509_EXTENSION_value(x->cert_info->extensions, i);
if(ext != NULL) {
extObject = (char*)get_ASN1_OBJECT(ext->object);
- extObjLen = strlen(extObject);
+ if(extObject == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
+ extObjLen = strlen((const char*)extObject);
certDesc->ext.fields[i].name = (unsigned char*)malloc(sizeof(unsigned char) * (extObjLen + 1));
+ if(certDesc->ext.fields[i].name == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
memset(certDesc->ext.fields[i].name, 0x00, (extObjLen + 1));
memcpy(certDesc->ext.fields[i].name, extObject, extObjLen);
-
- extValue = ext->value->data;
+
+ extValue = (char*)ext->value->data;
extValLen = ext->value->length;
certDesc->ext.fields[i].data = (unsigned char*)malloc(sizeof(unsigned char) * (extValLen + 1));
+ if(certDesc->ext.fields[i].data == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
memset(certDesc->ext.fields[i].data, 0x00, (extValLen + 1));
memcpy(certDesc->ext.fields[i].data, extValue, extValLen);
}
/* get signature algorithm and signature */
sigAlgo = (char*)get_ASN1_OBJECT(x->sig_alg->algorithm);
- sigAlgoLen = strlen(sigAlgo);
+ if(sigAlgo == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
+ sigAlgoLen = strlen((const char*)sigAlgo);
certDesc->signatureAlgo = (unsigned char*)malloc(sizeof(unsigned char) * (sigAlgoLen + 1));
+ if(certDesc->signatureAlgo == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
memset(certDesc->signatureAlgo, 0x00, (sigAlgoLen + 1));
memcpy(certDesc->signatureAlgo, sigAlgo, sigAlgoLen);
sigDataLen = x->signature->length;
certDesc->signatureLen = sigDataLen;
certDesc->signatureData = (unsigned char*)malloc(sizeof(unsigned char) * (sigDataLen + 1));
+ if(certDesc->signatureData == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
memset(certDesc->signatureData, 0x00, (sigDataLen + 1));
memcpy(certDesc->signatureData, x->signature->data, sigDataLen);
return ret;
}
-int get_filelist_recur(char* dirName, cert_svc_filename_list* fileNames, int* fileNum)
-{
- int ret = CERT_SVC_ERR_NO_ERROR;
- struct dirent **items;
- int nItems, i;
- char tmpDirName[CERT_SVC_MAX_FILE_NAME_SIZE];
- char tmpFileName[CERT_SVC_MAX_FILE_NAME_SIZE];
- cert_svc_filename_list* new = NULL;
- cert_svc_filename_list* p = NULL;
-
- /* find file path with location */
- if(chdir(dirName) < 0) {
- SLOGE("[ERR][%s] Fail to open directory: [%s]\n", __func__, dirName);
- perror("open dir");
- ret = CERT_SVC_ERR_INVALID_OPERATION;
- goto err;
- }
-
- /* get all items in current directory */
- nItems = scandir(".", &items, NULL, alphasort);
-
- for(i = 0; i < nItems; i++) {
- struct stat fstat;
-
- // ignore current dir, parent dir
- if(!strncmp(items[i]->d_name, ".", 1) || !strncmp(items[i]->d_name, "..", 2))
- continue;
-
- // if directory, recursive call
- stat(items[i]->d_name, &fstat);
- if((fstat.st_mode & S_IFDIR) == S_IFDIR) {
- memset(tmpDirName, 0x00, CERT_SVC_MAX_FILE_NAME_SIZE);
- strncpy(tmpDirName, dirName, strlen(dirName));
- strncat(tmpDirName, items[i]->d_name, strlen(items[i]->d_name));
- strncat(tmpDirName, "/", 1);
-
- if((ret = get_filelist_recur(tmpDirName, fileNames, fileNum)) != CERT_SVC_ERR_NO_ERROR) {
- SLOGE("[ERR][%s] Fail to search file.\n", __func__);
- goto err;
- }
- continue;
- }
- else { // if file, get filename into filelist
- memset(tmpFileName, 0x00, CERT_SVC_MAX_FILE_NAME_SIZE);
- strncpy(tmpFileName, dirName, strlen(dirName));
- strncat(tmpFileName, items[i]->d_name, strlen(items[i]->d_name));
-
- (*fileNum)++;
- p = fileNames;
-
- if(p->filename == NULL) {
- if(!(p->filename = (char*)malloc(sizeof(char) * CERT_SVC_MAX_FILE_NAME_SIZE))) {
- SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
- ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
- goto err;
- }
- memset(p->filename, 0x00, CERT_SVC_MAX_FILE_NAME_SIZE);
- strncpy(p->filename, tmpFileName, strlen(tmpFileName));
- p->next = NULL;
- }
- else {
- while(p->next != NULL)
- p = p->next;
-
- new = (cert_svc_filename_list*)malloc(sizeof(cert_svc_filename_list));
- memset(new, 0x00, sizeof(cert_svc_filename_list));
- new->filename = (char*)malloc(sizeof(char) * CERT_SVC_MAX_FILE_NAME_SIZE);
- memset(new->filename, 0x00, CERT_SVC_MAX_FILE_NAME_SIZE);
-
- strncpy(new->filename, tmpFileName, strlen(tmpFileName));
- new->next = NULL;
-
- p->next = new;
- }
- }
- }
-
- chdir("..");
-
-err:
- for(i = 0; i < nItems; i++)
- free(items[i]);
- free(items);
-
- return ret;
-}
-
int search_data_field(search_field fldName, char* fldData, cert_svc_cert_descriptor* certDesc)
{
int ret = -1;
switch(fldName) {
case ISSUER_COUNTRY:
if(certDesc->info.issuer.countryName) {
- len = strlen(certDesc->info.issuer.countryName);
- if(!strncmp(fldData, certDesc->info.issuer.countryName, len)) {
- if(strlen(fldData) == len) ret = 1;
+ len = strlen((const char*)(certDesc->info.issuer.countryName));
+ if(!strncmp((const char*)fldData, (const char*)(certDesc->info.issuer.countryName), len)) {
+ if((int)strlen((const char*)fldData) == len) ret = 1;
else ret = 0;
}
else ret = 0;
break;
case ISSUER_STATEORPROVINCE:
if(certDesc->info.issuer.stateOrProvinceName) {
- len = strlen(certDesc->info.issuer.stateOrProvinceName);
- if(!strncmp(fldData, certDesc->info.issuer.stateOrProvinceName, len)) {
- if(strlen(fldData) == len) ret = 1;
+ len = strlen((const char*)(certDesc->info.issuer.stateOrProvinceName));
+ if(!strncmp((const char*)fldData, (const char*)(certDesc->info.issuer.stateOrProvinceName), len)) {
+ if((int)strlen(fldData) == len) ret = 1;
else ret = 0;
}
else ret = 0;
break;
case ISSUER_LOCALITY:
if(certDesc->info.issuer.localityName) {
- len = strlen(certDesc->info.issuer.localityName);
- if(!strncmp(fldData, certDesc->info.issuer.localityName, len)) {
- if(strlen(fldData) == len) ret = 1;
+ len = strlen((const char*)(certDesc->info.issuer.localityName));
+ if(!strncmp((const char*)fldData, (const char*)(certDesc->info.issuer.localityName), len)) {
+ if((int)strlen((const char*)fldData) == len) ret = 1;
else ret = 0;
}
else ret = 0;
break;
case ISSUER_ORGANIZATION:
if(certDesc->info.issuer.organizationName) {
- len = strlen(certDesc->info.issuer.organizationName);
- if(!strncmp(fldData, certDesc->info.issuer.organizationName, len)) {
- if(strlen(fldData) == len) ret = 1;
+ len = strlen((const char*)(certDesc->info.issuer.organizationName));
+ if(!strncmp((const char*)fldData, (const char*)(certDesc->info.issuer.organizationName), len)) {
+ if((int)strlen((const char*)fldData) == len) ret = 1;
else ret = 0;
}
else ret = 0;
break;
case ISSUER_ORGANIZATIONUNIT:
if(certDesc->info.issuer.organizationUnitName) {
- len = strlen(certDesc->info.issuer.organizationUnitName);
- if(!strncmp(fldData, certDesc->info.issuer.organizationUnitName, len)) {
- if(strlen(fldData) == len) ret = 1;
+ len = strlen((const char*)(certDesc->info.issuer.organizationUnitName));
+ if(!strncmp((const char*)fldData, (const char*)(certDesc->info.issuer.organizationUnitName), len)) {
+ if((int)strlen((const char*)fldData) == len) ret = 1;
else ret = 0;
}
else ret = 0;
break;
case ISSUER_COMMONNAME:
if(certDesc->info.issuer.commonName) {
- len = strlen(certDesc->info.issuer.commonName);
- if(!strncmp(fldData, certDesc->info.issuer.commonName, len)) {
- if(strlen(fldData) == len) ret = 1;
+ len = strlen((const char*)(certDesc->info.issuer.commonName));
+ if(!strncmp((const char*)fldData, (const char*)(certDesc->info.issuer.commonName), len)) {
+ if((int)strlen((const char*)fldData) == len) ret = 1;
else ret = 0;
}
else ret = 0;
break;
case ISSUER_EMAILADDRESS:
if(certDesc->info.issuer.emailAddress) {
- len = strlen(certDesc->info.issuer.emailAddress);
- if(!strncmp(fldData, certDesc->info.issuer.emailAddress, len)) {
- if(strlen(fldData) == len) ret = 1;
+ len = strlen((const char*)(certDesc->info.issuer.emailAddress));
+ if(!strncmp((const char*)fldData, (const char*)(certDesc->info.issuer.emailAddress), len)) {
+ if((int)strlen((const char*)fldData) == len) ret = 1;
else ret = 0;
}
else ret = 0;
break;
case ISSUER_STR:
if(certDesc->info.issuerStr) {
- len = strlen(certDesc->info.issuerStr);
- if(!strncmp(fldData, certDesc->info.issuerStr, len)) {
- if(strlen(fldData) == len) ret = 1;
+ len = strlen((const char*)(certDesc->info.issuerStr));
+ if(!strncmp((const char*)fldData, (const char*)(certDesc->info.issuerStr), len)) {
+ if((int)strlen((const char*)fldData) == len) ret = 1;
else ret = 0;
}
else ret = 0;
break;
case SUBJECT_COUNTRY:
if(certDesc->info.subject.countryName) {
- len = strlen(certDesc->info.subject.countryName);
- if(!strncmp(fldData, certDesc->info.subject.countryName, len)) {
- if(strlen(fldData) == len) ret = 1;
+ len = strlen((const char*)(certDesc->info.subject.countryName));
+ if(!strncmp((const char*)fldData, (const char*)(certDesc->info.subject.countryName), len)) {
+ if((int)strlen((const char*)fldData) == len) ret = 1;
else ret = 0;
}
else ret = 0;
break;
case SUBJECT_STATEORPROVINCE:
if(certDesc->info.subject.stateOrProvinceName) {
- len = strlen(certDesc->info.subject.stateOrProvinceName);
- if(!strncmp(fldData, certDesc->info.subject.stateOrProvinceName, len)) {
- if(strlen(fldData) == len) ret = 1;
+ len = strlen((const char*)(certDesc->info.subject.stateOrProvinceName));
+ if(!strncmp((const char*)fldData, (const char*)(certDesc->info.subject.stateOrProvinceName), len)) {
+ if((int)strlen((const char*)fldData) == len) ret = 1;
else ret = 0;
}
else ret = 0;
break;
case SUBJECT_LOCALITY:
if(certDesc->info.subject.localityName) {
- len = strlen(certDesc->info.subject.localityName);
- if(!strncmp(fldData, certDesc->info.subject.localityName, len)) {
- if(strlen(fldData) == len) ret = 1;
+ len = strlen((const char*)(certDesc->info.subject.localityName));
+ if(!strncmp((const char*)fldData, (const char*)(certDesc->info.subject.localityName), len)) {
+ if((int)strlen((const char*)fldData) == len) ret = 1;
else ret = 0;
}
else ret = 0;
break;
case SUBJECT_ORGANIZATION:
if(certDesc->info.subject.organizationName) {
- len = strlen(certDesc->info.subject.organizationName);
- if(!strncmp(fldData, certDesc->info.subject.organizationName, len)) {
- if(strlen(fldData) == len) ret = 1;
+ len = strlen((const char*)(certDesc->info.subject.organizationName));
+ if(!strncmp((const char*)fldData, (const char*)(certDesc->info.subject.organizationName), len)) {
+ if((int)strlen((const char*)fldData) == len) ret = 1;
else ret = 0;
}
else ret = 0;
break;
case SUBJECT_ORGANIZATIONUNIT:
if(certDesc->info.subject.organizationUnitName) {
- len = strlen(certDesc->info.subject.organizationUnitName);
- if(!strncmp(fldData, certDesc->info.subject.organizationUnitName, len)) {
- if(strlen(fldData) == len) ret = 1;
+ len = strlen((const char*)(certDesc->info.subject.organizationUnitName));
+ if(!strncmp((const char*)fldData, (const char*)(certDesc->info.subject.organizationUnitName), len)) {
+ if((int)strlen((const char*)fldData) == len) ret = 1;
else ret = 0;
}
else ret = 0;
break;
case SUBJECT_COMMONNAME:
if(certDesc->info.subject.commonName) {
- len = strlen(certDesc->info.subject.commonName);
- if(!strncmp(fldData, certDesc->info.subject.commonName, len)) {
- if(strlen(fldData) == len) ret = 1;
+ len = strlen((const char*)(certDesc->info.subject.commonName));
+ if(!strncmp((const char*)fldData, (const char*)(certDesc->info.subject.commonName), len)) {
+ if((int)strlen((const char*)fldData) == len) ret = 1;
else ret = 0;
}
else ret = 0;
break;
case SUBJECT_EMAILADDRESS:
if(certDesc->info.subject.emailAddress) {
- len = strlen(certDesc->info.subject.emailAddress);
- if(!strncmp(fldData, certDesc->info.subject.emailAddress, len)) {
- if(strlen(fldData) == len) ret = 1;
+ len = strlen((const char*)(certDesc->info.subject.emailAddress));
+ if(!strncmp((const char*)fldData, (const char*)(certDesc->info.subject.emailAddress), len)) {
+ if((int)strlen((const char*)fldData) == len) ret = 1;
else ret = 0;
}
else ret = 0;
break;
case SUBJECT_STR:
if(certDesc->info.subjectStr) {
- len = strlen(certDesc->info.subjectStr);
- if(!strncmp(fldData, certDesc->info.subjectStr, len)) {
- if(strlen(fldData) == len) ret = 1;
+ len = strlen((const char*)(certDesc->info.subjectStr));
+ if(!strncmp((const char*)fldData, (const char*)(certDesc->info.subjectStr), len)) {
+ if((int)strlen((const char*)fldData) == len) ret = 1;
else ret = 0;
}
else ret = 0;
return ret;
}
-int get_all_certificates(cert_svc_filename_list* allCerts)
+int _get_all_certificates(char* const *paths, cert_svc_filename_list **lst) {
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ FTS *fts = NULL;
+ FTSENT *ftsent;
+
+ char tmp[10];
+ int len;
+ cert_svc_filename_list *local = NULL;
+ cert_svc_filename_list *el;
+
+ if (NULL == (fts = fts_open(paths, FTS_LOGICAL, NULL))) {
+ ret = CERT_SVC_ERR_FILE_IO;
+ SLOGE("[ERR][%s] Fail to open directories.\n", __func__);
+ goto out;
+ }
+
+ while ((ftsent = fts_read(fts)) != NULL) {
+
+ if (ftsent->fts_info == FTS_ERR || ftsent->fts_info == FTS_NS) {
+ ret = CERT_SVC_ERR_FILE_IO;
+ SLOGE("[ERR][%s] Fail to read directories.\n", __func__);
+ goto out;
+ }
+
+ if (ftsent->fts_info != FTS_F)
+ continue;
+
+ if (-1 != readlink(ftsent->fts_path, tmp, 10))
+ continue;
+
+ el = (cert_svc_filename_list*)malloc(sizeof(cert_svc_filename_list));
+ if (!el) {
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
+ goto out;
+ }
+ el->next = local;
+ local = el;
+
+ len = strlen((const char*)(ftsent->fts_path));
+ local->filename = (char*)malloc(len+1);
+ if (!local->filename) {
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
+ goto out;
+ }
+ strncpy(local->filename, ftsent->fts_path, len+1);
+ }
+
+ *lst = local;
+ local = NULL;
+
+out:
+ while (local) {
+ el = local;
+ local = local->next;
+ free(el->filename);
+ free(el);
+ }
+
+ if (fts != NULL)
+ fts_close(fts);
+ return ret;
+}
+
+int get_all_certificates(cert_svc_filename_list** allCerts)
{
- int ret = CERT_SVC_ERR_NO_ERROR;
- int fileNum = 0;
- char buf[1024] = {0, };
- getcwd(buf, 1024);
+ int ret;
+ char ** buffer[] = {(char **)CERT_SVC_SEARCH_PATH_RO, (char **)CERT_SVC_SEARCH_PATH_RW, NULL};
- if((ret = get_filelist_recur(CERT_SVC_SEARCH_PATH_RO, allCerts, &fileNum)) != CERT_SVC_ERR_NO_ERROR) {
- SLOGE("[ERR][%s] Fail to get filelist.\n", __func__);
- ret = CERT_SVC_ERR_INVALID_OPERATION;
- goto err;
- }
- if((ret = get_filelist_recur(CERT_SVC_SEARCH_PATH_RW, allCerts, &fileNum)) != CERT_SVC_ERR_NO_ERROR) {
- SLOGE("[ERR][%s] Fail to get filelist.\n", __func__);
- ret = CERT_SVC_ERR_INVALID_OPERATION;
- goto err;
- }
+ if (!allCerts) {
+ SLOGE("[ERR][%s] Invalid argument.\n", __func__);
+ return CERT_SVC_ERR_INVALID_PARAMETER;
+ }
-err:
- chdir(buf);
- return ret;
+ if ((ret = _get_all_certificates((char* const *) buffer, allCerts)) != CERT_SVC_ERR_NO_ERROR) {
+ SLOGE("[ERR][%s] Fail to get filelist.\n", __func__);
+ return ret;
+ }
+
+ return CERT_SVC_ERR_NO_ERROR;
}
int _search_certificate(cert_svc_filename_list** fileNames, search_field fldName, char* fldData)
cert_svc_filename_list* allCerts = NULL;
cert_svc_filename_list* p = NULL;
cert_svc_filename_list* q = NULL;
- cert_svc_filename_list* new = NULL;
+ cert_svc_filename_list* newNode = NULL;
cert_svc_mem_buff* certBuf = NULL;
cert_svc_cert_descriptor* certDesc = NULL;
int matched = 0;
struct stat file_info;
- /* get all certificates from device */
- if(!(allCerts = (cert_svc_filename_list*)malloc(sizeof(cert_svc_filename_list)))) {
- SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
- ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
- goto err;
- }
- allCerts->filename = NULL;
- allCerts->next = NULL;
-
- if((ret = get_all_certificates(allCerts)) != CERT_SVC_ERR_NO_ERROR) {
+ if((ret = get_all_certificates(&allCerts)) != CERT_SVC_ERR_NO_ERROR) {
SLOGE("[ERR][%s] Fail to get all certificate file list, ret: [%d]\n", __func__, ret);
goto err;
}
while(1) {
if((lstat(p->filename, &file_info)) < 0) { // get file information
- SLOGE("[ERR][%s] Fail to get file information.\n", __func__);
+ SLOGE("[ERR][%s] Fail to get file(%s) information.\n", __func__, p->filename);
ret = CERT_SVC_ERR_INVALID_OPERATION;
goto err;
}
ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
goto err;
}
- if(!(certDesc = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor)))) {
- SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
- ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
- goto err;
- }
- // load content into descriptor buffer
+ // load content into buffer
if((ret = cert_svc_util_load_file_to_buffer(p->filename, certBuf)) != CERT_SVC_ERR_NO_ERROR) {
SLOGE("[ERR][%s] Fail to load file to buffer, filename: [%s], ret: [%d]\n", __func__, p->filename, ret);
free(certBuf);
certBuf = NULL;
- free(certDesc);
- certDesc = NULL;
goto fail_to_load_file;
}
+
+ // allocate memory
+ if(!(certDesc = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor)))) {
+ SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
+
+ // load content into descriptor buffer
if((ret = _extract_certificate_data(certBuf, certDesc)) != CERT_SVC_ERR_NO_ERROR) {
SLOGE("[ERR][%s] Fail to extract certificate data, filename: [%s], ret: [%d]\n", __func__, p->filename, ret);
goto fail_to_extract_file;
if(search_data_field(fldName, fldData, certDesc) == 1) { // found!!
matched = 1;
- if(!(new = (cert_svc_filename_list*)malloc(sizeof(cert_svc_filename_list)))) {
+ if(!(newNode = (cert_svc_filename_list*)malloc(sizeof(cert_svc_filename_list)))) {
SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
goto err;
}
- if(!(new->filename = (char*)malloc(sizeof(char) * CERT_SVC_MAX_FILE_NAME_SIZE))) {
+ if(!(newNode->filename = (char*)malloc(sizeof(char) * CERT_SVC_MAX_FILE_NAME_SIZE))) {
SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ free(newNode);
goto err;
}
- memset(new->filename, 0x00, CERT_SVC_MAX_FILE_NAME_SIZE);
-
- strncpy(new->filename, p->filename, strlen(p->filename));
- new->next = NULL;
+ memset(newNode->filename, 0x00, CERT_SVC_MAX_FILE_NAME_SIZE);
+
+ strncpy(newNode->filename, p->filename, CERT_SVC_MAX_FILE_NAME_SIZE - 1);
+ newNode->filename[CERT_SVC_MAX_FILE_NAME_SIZE - 1] = '\0';
+
+ newNode->next = NULL;
if((*fileNames) == NULL)
- (*fileNames) = new;
+ (*fileNames) = newNode;
else {
q = (*fileNames);
while(q->next != NULL)
q = q->next;
- q->next = new;
+ q->next = newNode;
}
}
return ret;
}
+X509 *__loadCert(const char *file) {
+ FILE *fp = fopen(file, "r");
+ if(fp == NULL)
+ return NULL;
+ X509 *cert;
+ if(!(cert = d2i_X509_fp(fp, NULL))) {
+ fseek(fp, 0, SEEK_SET);
+ cert = PEM_read_X509(fp, NULL, NULL, NULL);
+ }
+ fclose(fp);
+ return cert;
+}
+
+int __loadSystemCerts(STACK_OF(X509) *systemCerts) {
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ cert_svc_filename_list* allCerts = NULL;
+ cert_svc_filename_list* p = NULL;
+ struct stat file_info;
+ X509 *cert;
+
+ if((ret = get_all_certificates(&allCerts)) != CERT_SVC_ERR_NO_ERROR) {
+ SLOGE("[ERR][%s] Fail to get all certificate file list, ret: [%d]\n", __func__, ret);
+ goto err;
+ }
+
+ p = allCerts;
+ while(1) {
+ if((lstat(p->filename, &file_info)) < 0) { // get file information
+ SLOGE("[ERR][%s] Fail to get file(%s) information.\n", __func__, p->filename);
+ ret = CERT_SVC_ERR_INVALID_OPERATION;
+ goto err;
+ }
+ if((file_info.st_mode & S_IFLNK) == S_IFLNK) { // if symbolic link, continue
+// SLOGD("[LOG][%s] %s is symbolic link, ignored.\n", __func__, p->filename);
+ goto fail_to_load_file;
+ }
+
+ cert = __loadCert(p->filename);
+ if(cert != NULL) {
+ sk_X509_push(systemCerts, cert);
+ }
+fail_to_load_file:
+ if(p->next == NULL)
+ break;
+ p = p->next;
+ }
+
+ ret = CERT_SVC_ERR_NO_ERROR;
+err:
+ release_filename_list(allCerts);
+
+ return ret;
+}
+
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+int __ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *systemCerts, char *url, int *ocspStatus) {
+ OCSP_REQUEST *req = NULL;
+ OCSP_RESPONSE *resp = NULL;
+ OCSP_BASICRESP *bs = NULL;
+ OCSP_CERTID *certid = NULL;
+ BIO *cbio = NULL;
+ SSL_CTX *use_ssl_ctx = NULL;
+ char *host = NULL, *port = NULL, *path = NULL;
+ ASN1_GENERALIZEDTIME *rev = NULL;
+ ASN1_GENERALIZEDTIME *thisupd = NULL;
+ ASN1_GENERALIZEDTIME *nextupd = NULL;
+ int use_ssl = 0;
+ X509_OBJECT obj;
+ int i,tmpIdx;
+ long nsec = (5 * 60), maxage = -1; /* Maximum leeway in validity period: default 5 minutes */
+ int ret = 0;
+ char subj_buf[256];
+ int reason;
+ X509_STORE *trustedStore=NULL;
+
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+
+ if (!OCSP_parse_url(url, &host, &port, &path, &use_ssl)) {
+ /* report error */
+ return CERT_SVC_ERR_OCSP_NO_SUPPORT;
+ }
+
+ cbio = BIO_new_connect(host);
+ if (!cbio) {
+ /*BIO_printf(bio_err, "Error creating connect BIO\n");*/
+ /* report error */
+ return CERT_SVC_ERR_OCSP_NO_SUPPORT;
+ }
+
+ if (port) {
+ BIO_set_conn_port(cbio, port);
+ }
+
+ if (use_ssl == 1) {
+ BIO *sbio;
+ use_ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+ if (!use_ssl_ctx) {
+ /* report error */
+ return CERT_SVC_ERR_OCSP_INTERNAL;
+ }
+
+ SSL_CTX_set_mode(use_ssl_ctx, SSL_MODE_AUTO_RETRY);
+ sbio = BIO_new_ssl(use_ssl_ctx, 1);
+ if (!sbio) {
+ /* report error */
+ return CERT_SVC_ERR_OCSP_INTERNAL;
+ }
+
+ cbio = BIO_push(sbio, cbio);
+ if (!cbio) {
+ /* report error */
+ return CERT_SVC_ERR_OCSP_INTERNAL;
+ }
+ }
+
+ if (BIO_do_connect(cbio) <= 0) {
+ /*BIO_printf(bio_err, "Error connecting BIO\n");*/
+ /* report error */
+ /* free stuff */
+ if (host)
+ OPENSSL_free(host);
+ if (port)
+ OPENSSL_free(port);
+ if (path)
+ OPENSSL_free(path);
+ host = port = path = NULL;
+ if (use_ssl && use_ssl_ctx)
+ SSL_CTX_free(use_ssl_ctx);
+ use_ssl_ctx = NULL;
+ if (cbio)
+ BIO_free_all(cbio);
+ cbio = NULL;
+ return CERT_SVC_ERR_OCSP_NETWORK_FAILED;
+ }
+
+ req = OCSP_REQUEST_new();
+ if(!req) {
+ return CERT_SVC_ERR_OCSP_INTERNAL;
+ }
+ certid = OCSP_cert_to_id(NULL, cert, issuer);
+ if(certid == NULL) {
+ return CERT_SVC_ERR_OCSP_INTERNAL;
+ }
+
+ if(!OCSP_request_add0_id(req, certid)) {
+ return CERT_SVC_ERR_OCSP_INTERNAL;
+ }
+
+ resp = OCSP_sendreq_bio(cbio, path, req);
+
+ /* free some stuff we no longer need */
+ if (host)
+ OPENSSL_free(host);
+ if (port)
+ OPENSSL_free(port);
+ if (path)
+ OPENSSL_free(path);
+ host = port = path = NULL;
+ if (use_ssl && use_ssl_ctx)
+ SSL_CTX_free(use_ssl_ctx);
+ use_ssl_ctx = NULL;
+ if (cbio)
+ BIO_free_all(cbio);
+ cbio = NULL;
+
+ if (!resp) {
+ /*BIO_printf(bio_err, "Error querying OCSP responsder\n");*/
+ /* report error */
+ /* free stuff */
+ OCSP_REQUEST_free(req);
+ return CERT_SVC_ERR_OCSP_NETWORK_FAILED;
+ }
+
+ i = OCSP_response_status(resp);
+
+ if (i != 0) { // OCSP_RESPONSE_STATUS_SUCCESSFUL
+ /*BIO_printf(out, "Responder Error: %s (%ld)\n",
+ OCSP_response_status_str(i), i); */
+ /* report error */
+ /* free stuff */
+ OCSP_REQUEST_free(req);
+ OCSP_RESPONSE_free(resp);
+ return CERT_SVC_ERR_OCSP_REMOTE;
+ }
+
+ bs = OCSP_response_get1_basic(resp);
+ if (!bs) {
+ /* BIO_printf(bio_err, "Error parsing response\n");*/
+ /* report error */
+ /* free stuff */
+ OCSP_REQUEST_free(req);
+ OCSP_RESPONSE_free(resp);
+ return CERT_SVC_ERR_OCSP_REMOTE;
+ }
+
+ if(systemCerts != NULL) {
+ trustedStore = X509_STORE_new();
+ for(tmpIdx=0; tmpIdx<sk_X509_num(systemCerts); tmpIdx++) {
+ X509_STORE_add_cert(trustedStore, sk_X509_value(systemCerts, tmpIdx));
+ }
+ X509_STORE_add_cert(trustedStore, issuer);
+ }
+
+ int response = OCSP_basic_verify(bs, NULL, trustedStore, 0);
+ if (response <= 0) {
+ OCSP_REQUEST_free(req);
+ OCSP_RESPONSE_free(resp);
+ OCSP_BASICRESP_free(bs);
+ X509_STORE_free(trustedStore);
+
+// int err = ERR_get_error();
+// char errStr[100];
+// ERR_error_string(err,errStr);
+// printf("OCSP_basic_verify fail.error = %s\n", errStr);
+ return CERT_SVC_ERR_OCSP_VERIFICATION_ERROR;
+ }
+
+ if ((i = OCSP_check_nonce(req, bs)) <= 0) {
+ if (i == -1) {
+ /*BIO_printf(bio_err, "WARNING: no nonce in response\n");*/
+ } else {
+ /*BIO_printf(bio_err, "Nonce Verify error\n");*/
+ /* report error */
+ /* free stuff */
+ OCSP_REQUEST_free(req);
+ OCSP_RESPONSE_free(resp);
+ OCSP_BASICRESP_free(bs);
+ X509_STORE_free(trustedStore);
+ return CERT_SVC_ERR_OCSP_REMOTE;
+ }
+ }
+
+ ret = CERT_SVC_ERR_NO_ERROR;
+
+ (void)X509_NAME_oneline(X509_get_subject_name(cert), subj_buf, 255);
+ if(!OCSP_resp_find_status(bs, certid, ocspStatus, &reason,
+ &rev, &thisupd, &nextupd)) {
+ /* report error */
+
+ /* free stuff */
+ OCSP_RESPONSE_free(resp);
+ OCSP_REQUEST_free(req);
+ OCSP_BASICRESP_free(bs);
+ X509_STORE_free(trustedStore);
+
+ return CERT_SVC_ERR_OCSP_REMOTE;
+ }
+
+ /* Check validity: if invalid write to output BIO so we
+ * know which response this refers to.
+ */
+ if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage)) {
+ /* ERR_print_errors(out); */
+ /* report error */
+
+ /* free stuff */
+ OCSP_REQUEST_free(req);
+ OCSP_RESPONSE_free(resp);
+ OCSP_BASICRESP_free(bs);
+ X509_STORE_free(trustedStore);
+
+ return CERT_SVC_ERR_OCSP_VERIFICATION_ERROR;
+ }
+
+ if (req) {
+ OCSP_REQUEST_free(req);
+ req = NULL;
+ }
+
+ if (resp) {
+ OCSP_RESPONSE_free(resp);
+ resp = NULL;
+ }
+
+ if (bs) {
+ OCSP_BASICRESP_free(bs);
+ bs = NULL;
+ }
+
+ if(trustedStore) {
+ X509_STORE_free(trustedStore);
+ trustedStore = NULL;
+ }
+
+ if (reason != -1) {
+ char *reason_str = NULL;
+ reason_str = OCSP_crl_reason_str(reason);
+ }
+
+
+ return ret;
+}
+
+int _check_ocsp_status(cert_svc_mem_buff* certBuf, cert_svc_linked_list** certList, const char* uri)
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ int ocspStatus;
+ cert_svc_linked_list* sorted = NULL;
+ cert_svc_linked_list* p = NULL;
+ cert_svc_linked_list* q = NULL;
+ cert_svc_cert_descriptor* findRoot = NULL;
+ cert_svc_filename_list* fileNames = NULL;
+ cert_svc_mem_buff* CACert = NULL;
+ // variables for verification
+ int certNum = 0;
+ cert_svc_mem_buff* childCert;
+ cert_svc_mem_buff* parentCert;
+
+ findRoot = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor));
+ if(findRoot == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory for certificate descriptor.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
+
+ memset(findRoot, 0x00, sizeof(cert_svc_cert_descriptor));
+ if(certList != NULL && (*certList) != NULL) {
+ /* remove self-signed certificate in certList */
+ if((ret = _remove_selfsigned_cert_in_chain(certList)) != CERT_SVC_ERR_NO_ERROR) {
+ SLOGE("[ERR][%s] Fail to remove self-signed certificate in chain.\n", __func__);
+ goto err;
+ }
+ /* sort certList */
+ if((ret = sort_cert_chain(certList, &sorted)) != CERT_SVC_ERR_NO_ERROR) {
+ SLOGE("[ERR][%s] Fail to sort certificate chain.\n", __func__);
+ goto err;
+ }
+
+ /* find root cert from store, the SUBJECT field of root cert is same with ISSUER field of certList[0] */
+ p = sorted;
+ while(p->next != NULL) {
+ certNum++;
+ p = p->next;
+ }
+ certNum++;
+ ret = _extract_certificate_data(p->certificate, findRoot);
+ }
+ else {
+ ret = _extract_certificate_data(certBuf, findRoot);
+ }
+
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ SLOGE("[ERR][%s] Fail to extract certificate data\n", __func__);
+ goto err;
+ }
+ if((ret = _search_certificate(&fileNames, SUBJECT_STR, findRoot->info.issuerStr)) != CERT_SVC_ERR_NO_ERROR) {
+ ret = CERT_SVC_ERR_NO_ROOT_CERT;
+ SLOGE("[ERR][%s] Fail to search root certificate\n", __func__);
+ goto err;
+ }
+ if(fileNames->filename == NULL) {
+ SLOGE("[ERR][%s] There is no CA certificate.\n", __func__);
+ ret = CERT_SVC_ERR_NO_ROOT_CERT;
+ goto err;
+ }
+
+ CACert = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff));
+ if(CACert == NULL) {
+ SLOGE("[ERR][%s] Failed to allocate memory for ca cert.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
+ memset(CACert, 0x00, sizeof(cert_svc_mem_buff));
+ // use the first found CA cert - ignore other certificate(s). assume that there is JUST one CA cert
+ if((ret = cert_svc_util_load_file_to_buffer(fileNames->filename, CACert)) != CERT_SVC_ERR_NO_ERROR) {
+ SLOGE("[ERR][%s] Fail to load CA cert to buffer.\n", __func__);
+ goto err;
+ }
+ // =============================
+ q = sorted; // first item is the certificate that user want to verify
+
+ childCert = certBuf;
+ // To check oscp for all certificate chain except root
+ if(q != NULL) { // has 2 or more certificates
+ for( ; q != NULL; q = q->next) {
+ parentCert = q->certificate;
+ // OCSP Check
+ if(CERT_SVC_ERR_NO_ERROR != (ret = _verify_ocsp(childCert, parentCert, uri, &ocspStatus))) {
+ SLOGE("[ERR][%s] Error Occurred during OCSP Checking.\n", __func__);
+ goto err;
+ }
+ if(ocspStatus != 0) { // CERT_SVC_OCSP_GOOD
+ SLOGE("[ERR][%s] Invalid Certificate OCSP Status. ocspStatus=%d.\n", __func__, ocspStatus);
+
+ switch(ocspStatus) {
+ case 0 : //OCSP_GOOD
+ ret = CERT_SVC_ERR_NO_ERROR;
+ break;
+ case 1 : //OCSP_REVOCKED
+ ret = CERT_SVC_ERR_OCSP_REVOKED;
+ break;
+ case 2 : //OCSP_UNKNOWN
+ ret = CERT_SVC_ERR_OCSP_UNKNOWN;
+ break;
+ default :
+ ret = CERT_SVC_ERR_OCSP_REMOTE;
+ break;
+ }
+ goto err;
+ }
+
+ // move to next
+ childCert = parentCert;
+ }
+ }
+
+ // Final OCSP Check
+ parentCert = CACert;
+ if(CERT_SVC_ERR_NO_ERROR != (ret = _verify_ocsp(childCert, parentCert, uri, &ocspStatus))) {
+ SLOGE("[ERR][%s] Error Occurred during OCSP Checking.\n", __func__);
+ goto err;
+ }
+ switch(ocspStatus) {
+ case 0 : //OCSP_GOOD
+ ret = CERT_SVC_ERR_NO_ERROR;
+ break;
+ case 1 : //OCSP_REVOCKED
+ ret = CERT_SVC_ERR_OCSP_REVOKED;
+ break;
+ case 2 : //OCSP_UNKNOWN
+ ret = CERT_SVC_ERR_OCSP_UNKNOWN;
+ break;
+ default :
+ ret = CERT_SVC_ERR_OCSP_REMOTE;
+ break;
+ }
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ SLOGE("[ERR][%s] Invalid Certificate OCSP Status. ocspStatus=%d.\n", __func__, ocspStatus);
+ goto err;
+ }
+ // =============================
+err:
+ release_certificate_buf(CACert);
+ release_filename_list(fileNames);
+ release_certificate_data(findRoot);
+ release_cert_list(sorted);
+ return ret;
+}
-int _check_ocsp_status(cert_svc_mem_buff* cert, const char* uri)
+int _verify_ocsp(cert_svc_mem_buff* child, cert_svc_mem_buff* parent, const char* uri, int* ocspStatus)
{
int ret = CERT_SVC_ERR_NO_ERROR;
+ X509 *childCert = NULL;
+ X509 *parentCert= NULL;
+ char *childData=NULL;
+ char *parentData=NULL;
+ char *certAiaUrl= NULL;
+ char *targetUrl= NULL;
+ STACK_OF(OPENSSL_STRING) *aia = NULL;
+ STACK_OF(X509) *systemCerts=NULL;
+ int i;
+ childData = malloc(child->size + 1);
+ memset(childData, 0x00, (child->size + 1));
+ memcpy(childData, (child->data), child->size);
+ parentData = malloc(parent->size + 1);
+ memset(parentData, 0x00, (parent->size + 1));
+ memcpy(parentData, (parent->data), parent->size);
+ d2i_X509(&childCert, &childData, child->size);
+ d2i_X509(&parentCert, &parentData, parent->size);
// check parameter
// - 1. if AIA field of cert is exist, use that
// - 2. if AIA field of cert is not exist, use uri
// - 3. if AIA field of cert is not exist and uri is NULL, fail to check ocsp
+ aia = X509_get1_ocsp(childCert);
+ if (aia) {
+ certAiaUrl = sk_OPENSSL_STRING_value(aia, 0);
+ }
+ if(uri != NULL) {
+ targetUrl = uri;
+ }else {
+ targetUrl = certAiaUrl;
+ }
+ if(targetUrl == NULL) {
+ SLOGE("[ERR][%s] No URI for OCSP.\n", __func__);
+ ret = CERT_SVC_ERR_OCSP_NO_SUPPORT;
+ goto err;
+ }
+ // Load Trusted Store
+ systemCerts = sk_X509_new_null();
+ ret = __loadSystemCerts(systemCerts) ;
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ SLOGE("[ERR][%s] Fail to extract certificate data\n", __func__);
+ goto err;
+ }
+
+ // Do OCSP Check
+ ret = __ocsp_verify(childCert, parentCert, systemCerts, targetUrl, ocspStatus);
+ SLOGD("[%s] OCSP Response. ocspstaus=%d, ret=%d.\n", __func__, *ocspStatus, ret);
+
+err:
+ if(childData != NULL && *childData != NULL)
+ free(childData);
+ if(parentData != NULL && *parentData != NULL)
+ free(parentData);
+ if(childCert != NULL)
+ X509_free(childCert);
+ if(parentCert != NULL)
+ X509_free(parentCert);
+ if(aia != NULL)
+ X509_email_free(aia);
+ if(systemCerts != NULL) {
+ for(i=0; i<sk_X509_num(systemCerts); i++)
+ X509_free(sk_X509_value(systemCerts,i));
+ sk_X509_free(systemCerts);
+ }
return ret;
}
+#endif
int release_certificate_buf(cert_svc_mem_buff* certBuf)
{
/* parse cert descriptor extension fields */
if(certDesc->ext.numOfFields > 0) {
- for(i = 0; i < certDesc->ext.numOfFields; i++) {
+ for(i = 0; i < (int)certDesc->ext.numOfFields; i++) {
if(certDesc->ext.fields[i].name != NULL) free(certDesc->ext.fields[i].name);
if(certDesc->ext.fields[i].data != NULL) free(certDesc->ext.fields[i].data);
}
curCert = startCert;
startCert = startCert->next;
- if(curCert->certificate->data != NULL) {
- free(curCert->certificate->data);
- curCert->certificate->data = NULL;
- }
if(curCert->certificate != NULL) {
+ if(curCert->certificate->data != NULL) {
+ free(curCert->certificate->data);
+ curCert->certificate->data = NULL;
+ }
free(curCert->certificate);
curCert->certificate = NULL;
}
+
curCert->next = NULL;
+
if(curCert != NULL) {
free(curCert);
curCert = NULL;
return ret;
}
+
+
+void __print_finger_print(const unsigned char *fingerPrint, unsigned int length)
+{
+ int i=0;
+ char buffer[21] = {0,};
+
+ for(; i<20; i++)
+ snprintf(buffer+i, 20, "%0X", fingerPrint[i]);
+
+ SLOGE("FingerPrint : %s", buffer);
+}
+
+int get_visibility(CERT_CONTEXT* context, int* visibility)
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ unsigned char * cert = NULL;
+ int certSize = 0;
+ unsigned char *fingerprint = NULL;
+
+ if(!context->certBuf)
+ {
+ SLOGE("certBuf is NULL!");
+ return CERT_SVC_ERR_INVALID_PARAMETER;
+ }
+ if(!context->certBuf->size)
+ {
+ SLOGE("certBuf size is wrong");
+ return CERT_SVC_ERR_INVALID_PARAMETER;
+ }
+
+ cert = context->certBuf->data;
+ certSize = context->certBuf->size;
+
+ if(cert == NULL || !certSize)
+ {
+ SLOGE("cert is or invalid!");
+ return CERT_SVC_ERR_INVALID_CERTIFICATE;
+ }
+
+ ret = get_certificate_fingerprint(cert, certSize, &fingerprint);
+ if(ret != CERT_SVC_ERR_NO_ERROR)
+ {
+ SLOGE("Failed to get fingerprint data! %d", ret);
+ return ret;
+ }
+
+ ret = get_visibility_by_fingerprint(fingerprint, visibility);
+ if(ret != CERT_SVC_ERR_NO_ERROR)
+ {
+ SLOGE("Failed to get visibility! %d", ret);
+ return ret;
+ }
+
+ return CERT_SVC_ERR_NO_ERROR;
+}
char pathLocation[CERT_SVC_MAX_FILE_NAME_SIZE];
char buf[CERT_SVC_MAX_FILE_NAME_SIZE];
char* token = NULL;
+ char* context = NULL;
char seps[] = "_";
+ int nameSize = 0 ;
- memset(buf, 0x00, CERT_SVC_MAX_FILE_NAME_SIZE);
- memset(pathLocation, 0x00, CERT_SVC_MAX_FILE_NAME_SIZE);
+ if (originalName == NULL) {
+ SLOGE("[ERR][%s] Check your parameter. Maybe file path is NULL.\n", __func__);
+ ret = CERT_SVC_ERR_INVALID_PARAMETER;
+ goto err;
+ }
+
+ nameSize = strlen(originalName);
+
+ if (nameSize <= 0 || nameSize >= CERT_SVC_MAX_FILE_NAME_SIZE) {
+ SLOGE("[ERR][%s] Check your parameter. File path is too long.\n", __func__);
+ ret = CERT_SVC_ERR_INVALID_PARAMETER;
+ goto err;
+ }
+
+ memset(buf, 0x00, sizeof(buf));
+ memset(pathLocation, 0x00, sizeof(pathLocation));
- if(location == NULL) // use default path
- strncpy(buf, CERT_SVC_STORE_PATH_DEFAULT, strlen(CERT_SVC_STORE_PATH_DEFAULT));
+ if(location == NULL) { // use default path
+ strncpy(buf, CERT_SVC_STORE_PATH_DEFAULT, sizeof(buf) - 1);
+ }
else {
- strncpy(pathLocation, location, strlen(location));
- strncpy(buf, CERT_SVC_STORE_PATH, strlen(CERT_SVC_STORE_PATH));
- token = strtok(pathLocation, seps);
+ int locSize = strlen(location) + strlen(CERT_SVC_STORE_PATH);
+
+ if (locSize <= 0 || locSize >= CERT_SVC_MAX_FILE_NAME_SIZE) {
+ SLOGE("[ERR][%s] Check your parameter. Location is too long.\n", __func__);
+ ret = CERT_SVC_ERR_INVALID_PARAMETER;
+ goto err;
+ }
+
+ strncpy(pathLocation, location, sizeof(pathLocation) - 1);
+
+ strncpy(buf, CERT_SVC_STORE_PATH, sizeof(buf) - 1);
+
+ token = strtok_r(pathLocation, seps, &context);
+
while(token) {
- strncat(buf, token, strlen(token));
- strncat(buf, "/", 1);
- token = strtok(NULL, seps);
+ if((strlen(buf) + strlen(token)) < (CERT_SVC_MAX_FILE_NAME_SIZE - 1)) {
+ strncat(buf, token, strlen(token));
+ strncat(buf, "/", 1);
+ token = strtok_r(NULL, seps, &context);
+ }
+ else {
+ ret = CERT_SVC_ERR_INVALID_PARAMETER;
+ goto err;
+ }
}
}
- strncat(buf, originalName, strlen(originalName));
- strncpy(outBuf, buf, CERT_SVC_MAX_FILE_NAME_SIZE);
+ if ((nameSize + strlen(buf)) >= CERT_SVC_MAX_FILE_NAME_SIZE) {
+ SLOGE("[ERR][%s] Check your parameter. File path is too long.\n", __func__);
+ ret = CERT_SVC_ERR_INVALID_PARAMETER;
+ goto err;
+ }
+
+ strncat(buf, originalName, nameSize);
+ strncpy(outBuf, buf, CERT_SVC_MAX_FILE_NAME_SIZE - 1);
+ outBuf[ CERT_SVC_MAX_FILE_NAME_SIZE - 1] = '\0';
+
+err:
return ret;
}
FILE* fp_out = NULL;
unsigned long int inFileLen = 0;
char* fileContent = NULL;
- /* check certificate or not */
- X509* x = NULL;
/* initialize variable */
fileFullPath = (char*)malloc(sizeof(char) * CERT_SVC_MAX_FILE_NAME_SIZE);
/* file open and write */
if(!(fp_in = fopen(filePath, "rb"))) {
- SLOGE("[ERR][%s] Fail to open file, [%s]\n", __func__, filePath);
+ SECURE_SLOGE("[ERR][%s] Fail to open file, [%s]\n", __func__, filePath);
ret = CERT_SVC_ERR_FILE_IO;
goto err;
}
if(!(fp_out = fopen(fileFullPath, "wb"))) {
- SLOGE("[ERR][%s] Fail to open file, [%s]\n", __func__, fileFullPath);
+ SECURE_SLOGE("[ERR][%s] Fail to open file, [%s]\n", __func__, fileFullPath);
if(errno == EACCES)
ret = CERT_SVC_ERR_PERMISSION_DENIED;
else
}
if((ret = cert_svc_util_get_file_size(filePath, &inFileLen)) != CERT_SVC_ERR_NO_ERROR) {
- SLOGE("[ERR][%s] Fail to get file size, [%s]\n", __func__, filePath);
+ SECURE_SLOGE("[ERR][%s] Fail to get file size, [%s]\n", __func__, filePath);
goto err;
}
memset(fileContent, 0x00, inFileLen);
if(fread(fileContent, sizeof(char), inFileLen, fp_in) != inFileLen) {
- SLOGE("[ERR][%s] Fail to read file, [%s]\n", __func__, filePath);
+ SECURE_SLOGE("[ERR][%s] Fail to read file, [%s]\n", __func__, filePath);
ret = CERT_SVC_ERR_FILE_IO;
goto err;
}
if(fwrite(fileContent, sizeof(char), inFileLen, fp_out) != inFileLen) {
- SLOGE("[ERR][%s] Fail to write file, [%s]\n", __func__, fileFullPath);
+ SECURE_SLOGE("[ERR][%s] Fail to write file, [%s]\n", __func__, fileFullPath);
ret = CERT_SVC_ERR_FILE_IO;
goto err;
}
/* delete designated certificate */
if(unlink(fileFullPath) == -1) {
- SLOGE("[ERR][%s] Fail to delete file, [%s]\n", __func__, fileName);
+ SECURE_SLOGE("[ERR][%s] Fail to delete file, [%s]\n", __func__, fileName);
if(errno == EACCES)
ret = CERT_SVC_ERR_PERMISSION_DENIED;
else
/*
* certification service
*
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
#include <string.h>
#include <stdlib.h>
-#include <openssl/x509.h>
#include <openssl/pkcs12.h>
+#include <openssl/pem.h>
#include "cert-service.h"
#include "cert-service-util.h"
#include "cert-service-debug.h"
+#include "cert-service-process.h"
+
+#include <libxml/parser.h>
+#include <libxml/tree.h>
#ifndef CERT_SVC_API
#define CERT_SVC_API __attribute__((visibility("default")))
#endif
+#define CERT_BODY_PREFIX "-----BEGIN CERTIFICATE-----"
+#define CERT_BODY_SUFIX "-----END CERTIFICATE-----"
+#define ICERT_BODY_PREFIX "-----BEGIN TRUSTED CERTIFICATE-----"
+#define ICERT_BODY_SUFIX "-----END TRUSTED CERTIFICATE-----"
+
/* Tables for base64 operation */
static const char base64Table[] = {
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', // 0 ~ 15
int get_content_into_buf_PEM(unsigned char* content, cert_svc_mem_buff* cert)
{
int ret = CERT_SVC_ERR_NO_ERROR;
- char* startPEM = "-----BEGIN CERTIFICATE-----";
- char* endPEM = "-----END CERTIFICATE-----";
- int size = 0;
+ char *startPEM, *endPEM;
+ long size = 0;
char* original = NULL;
char* decoded = NULL;
int decodedSize = 0;
int i = 0, j = 0;
- startPEM = strstr((const char*)content, startPEM) + strlen(startPEM) + 1;
- endPEM = strstr((const char*)content, endPEM) - 1;
- size = (int)endPEM - (int)startPEM;
+ if(!content) {
+ ret = CERT_SVC_ERR_INVALID_PARAMETER;
+ goto err;
+ }
+ startPEM = strstr((const char *)content, CERT_BODY_PREFIX);
+ startPEM = (startPEM) ? startPEM + strlen(CERT_BODY_PREFIX) : NULL;
+ endPEM = strstr((const char *)content, CERT_BODY_SUFIX);
+ if(!startPEM || !endPEM) {
+ startPEM = strstr((const char *)content, ICERT_BODY_PREFIX);
+ startPEM = (startPEM) ? startPEM + strlen(ICERT_BODY_PREFIX) : NULL;
+ endPEM = strstr((const char *)content, ICERT_BODY_SUFIX);
+ }
+ if(!startPEM || !endPEM) {
+ ret = CERT_SVC_ERR_UNKNOWN_ERROR;
+ goto err;
+ }
+ else {
+ ++startPEM;
+ --endPEM;
+ size = (long)endPEM - (long)startPEM;
+ }
if(!(original = (char*)malloc(sizeof(char) * (size + 1)))) {
SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
goto err;
}
memset(original, 0x00, (size + 1));
-
- for(i = 0; i < size; i++) {
+
+ for(i = 0, j = 0; i < size; i++) {
if(startPEM[i] != '\n')
original[j++] = startPEM[i];
}
memset(decoded, 0x00, decodedSize);
if((ret = cert_svc_util_base64_decode(original, size, decoded, &decodedSize)) != CERT_SVC_ERR_NO_ERROR) {
SLOGE("[ERR][%s] Fail to base64 decode.\n", __func__);
+ free(decoded);
ret = CERT_SVC_ERR_INVALID_OPERATION;
goto err;
}
cert->data = (unsigned char*)decoded;
cert->size = decodedSize;
-
+
err:
- if(original != NULL)
- free(original);
-
+ if(original != NULL)
+ free(original);
return ret;
}
err:
if(fp_in != NULL)
fclose(fp_in);
-
+
return ret;
}
+/* The dark side of cert-svc. */
+int cert_svc_util_get_extension(const char* filePath, cert_svc_mem_buff* certBuf) {
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ FILE *in = NULL;
+ X509 *x = NULL;
+
+ if ((in = fopen(filePath, "r")) == NULL) {
+ SLOGE("[ERR] Error opening file %s\n", filePath);
+ ret = CERT_SVC_ERR_FILE_IO;
+ goto end;
+ }
+
+ if ((x = PEM_read_X509(in, NULL, NULL, NULL)) != NULL) {
+ strncpy(certBuf->type, "PEM", sizeof(certBuf->type));
+ goto end;
+ }
+
+ fseek(in, 0L, SEEK_SET);
+
+ if ((x = PEM_read_X509_AUX(in, NULL, NULL, NULL)) != NULL) {
+ strncpy(certBuf->type, "PEM", sizeof(certBuf->type));
+ goto end;
+ }
+
+ fseek(in, 0L, SEEK_SET);
+
+ if ((x = d2i_X509_fp(in, NULL)) != NULL) {
+ strncpy(certBuf->type, "DER", sizeof(certBuf->type));
+ goto end;
+ }
+
+ SLOGE("[ERR] Unknown file type: %s\n", filePath);
+ ret = CERT_SVC_ERR_FILE_IO;
+
+end:
+ if (in && fclose(in)) {
+ SLOGE("[ERR] Fail in fclose.");
+ ret = CERT_SVC_ERR_FILE_IO;
+ }
+ X509_free(x);
+ return ret;
+}
+
int cert_svc_util_load_file_to_buffer(const char* filePath, cert_svc_mem_buff* certBuf)
{
int ret = CERT_SVC_ERR_NO_ERROR;
FILE* fp_in = NULL;
unsigned char* content = NULL;
unsigned long int fileSize = 0;
- // get extension, type of certificate
- const char* extension = NULL;
/* get file size */
if((ret = cert_svc_util_get_file_size(filePath, &fileSize)) != CERT_SVC_ERR_NO_ERROR) {
goto err;
}
- if(!(content = (unsigned char*)malloc(sizeof(unsigned char) * (unsigned int)fileSize))) {
+ if(!(content = (unsigned char*)malloc(sizeof(unsigned char) * (unsigned int)(fileSize + 1)))) {
SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
goto err;
}
+ memset(content, 0x00, (fileSize + 1)); //ensuring that content[] will be NULL terminated
if(fread(content, sizeof(unsigned char), fileSize, fp_in) != fileSize) {
SLOGE("[ERR][%s] Fail to read file, [%s]\n", __func__, filePath);
ret = CERT_SVC_ERR_FILE_IO;
goto err;
}
-
+ content[fileSize] = 0; // insert null on the end to make null-terminated string
+
/* find out certificate type */
memset(certBuf->type, 0x00, 4);
- extension = filePath + (strlen(filePath) - 3);
- if(!strncmp(extension, "pem", 3) || !strncmp(extension, "PEM", 3) ||
- !strncmp(extension, "cer", 3) || !strncmp(extension, "CER", 3) ||
- !strncmp(extension, "crt", 3) || !strncmp(extension, "CRT", 3))
- strncpy(certBuf->type, "PEM", 3);
- else if(!strncmp(extension, "der", 3) || !strncmp(extension, "DER", 3))
- strncpy(certBuf->type, "DER", 3);
- else {
- SLOGE("[ERR][%s] Cannot get certificate type, [%s]\n", __func__, extension);
- ret = CERT_SVC_ERR_INVALID_CERTIFICATE;
- goto err;
- }
-
+ if (cert_svc_util_get_extension(filePath, certBuf) != CERT_SVC_ERR_NO_ERROR) {
+ SLOGE("[ERR] cert_svc_util_get_extension failed to identify %s\n", filePath);
+ ret = CERT_SVC_ERR_FILE_IO;
+ goto err;
+ }
+
/* load file into buffer */
- if(!strncmp(certBuf->type, "PEM", 3)) { // PEM format
+ if(!strncmp(certBuf->type, "PEM", sizeof(certBuf->type))) { // PEM format
if((ret = get_content_into_buf_PEM(content, certBuf)) != CERT_SVC_ERR_NO_ERROR) {
SLOGE("[ERR][%s] Fail to load file to buffer, [%s]\n", __func__, filePath);
goto err;
}
}
- else if(!strncmp(certBuf->type, "DER", 3)) { // DER format
+ else if(!strncmp(certBuf->type, "DER", sizeof(certBuf->type))) { // DER format
if((ret = get_content_into_buf_DER(content, certBuf)) != CERT_SVC_ERR_NO_ERROR) {
SLOGE("[ERR][%s] Fail to load file to buffer, [%s]\n", __func__, filePath);
goto err;
}
}
-
+
err:
if(fp_in != NULL)
fclose(fp_in);
if(content != NULL)
free(content);
-
+
return ret;
}
-int push_cert_into_linked_list(cert_svc_linked_list* certLink, X509* popedCert)
+int push_cert_into_linked_list(cert_svc_linked_list** certLink, X509* popedCert)
{
int ret = CERT_SVC_ERR_NO_ERROR;
cert_svc_linked_list* cur = NULL;
- cert_svc_linked_list* new = NULL;
+ cert_svc_linked_list* newNode = NULL;
unsigned char* pCert = NULL;
unsigned char* bufCert = NULL;
int certLen = 0;
- if(!(new = (cert_svc_linked_list*)malloc(sizeof(cert_svc_linked_list)))) {
+ if(!(newNode = (cert_svc_linked_list*)malloc(sizeof(cert_svc_linked_list)))) {
SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
goto err;
}
- if(!(new->certificate = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) {
+ if(!(newNode->certificate = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) {
SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
+ free(newNode);
ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
goto err;
}
/* get certificate data and store in certLink */
if((certLen = i2d_X509(popedCert, NULL)) < 0) {
SLOGE("[ERR][%s] Fail to convert certificate.\n", __func__);
+ release_cert_list(newNode);
ret = CERT_SVC_ERR_INVALID_OPERATION;
goto err;
}
if(!(bufCert = (unsigned char*)malloc(sizeof(unsigned char) * certLen))) {
SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ release_cert_list(newNode);
goto err;
}
pCert = bufCert;
i2d_X509(popedCert, &pCert);
- new->certificate->data = bufCert;
- new->certificate->size = certLen;
+ newNode->certificate->data = bufCert;
+ newNode->certificate->size = certLen;
- /* attach to linked list */
- cur = certLink;
- if(cur == NULL) { // first item
- cur = new;
+ if(NULL == *certLink) { // first item
+ *certLink = newNode;
}
else {
- while(1) {
- if(cur->next == NULL)
- break;
+ /* attach to linked list */
+ cur = *certLink;
+ while(cur->next)
cur = cur->next;
- }
- cur->next = new;
+ cur->next = newNode;
}
err:
return ret;
}
-int cert_svc_util_load_PFX_file_to_buffer(const char* filePath, cert_svc_mem_buff* certBuf, cert_svc_linked_list* certLink, unsigned char** privateKey, int* priKeyLen, char* passPhrase)
+int cert_svc_util_load_PFX_file_to_buffer(const char* filePath, cert_svc_mem_buff* certBuf, cert_svc_linked_list** certLink, unsigned char** privateKey, int* priKeyLen, char* passPhrase)
{
int ret = CERT_SVC_ERR_NO_ERROR;
// related pkcs12 and x509
ret = CERT_SVC_ERR_INVALID_CERTIFICATE;
goto err;
}
-
+
/* parse PKCS#12 certificate */
if((ret = PKCS12_parse(p12, passPhrase, &pkey, &cert, &ca)) != 1) {
SLOGE("[ERR][%s] Fail to parse PKCS#12 certificate.\n", __func__);
ret = CERT_SVC_ERR_NO_ERROR;
/* find out certificate type */
memset(certBuf->type, 0x00, 4);
- strncpy(certBuf->type, "PFX", 3);
-
+ strncpy(certBuf->type, "PFX", sizeof(certBuf->type));
+
/* load certificate into buffer */
if((certLen = i2d_X509(cert, NULL)) < 0) {
SLOGE("[ERR][%s] Fail to convert certificate.\n", __func__);
goto err;
}
}
-
+
err:
if(fp_in != NULL)
fclose(fp_in);
if(ca != NULL)
sk_X509_pop_free(ca, X509_free);
EVP_cleanup();
-
+
return ret;
}
int ret = CERT_SVC_ERR_NO_ERROR;
int inputLen = 0, i = 0;
char* cur = NULL;
-
+
if((in == NULL) || (inLen < 1)) {
SLOGE("[ERR][%s] Check your parameter.\n", __func__);
ret = CERT_SVC_ERR_INVALID_PARAMETER;
out[i] = '\0';
(*outLen) = i;
-err:
+err:
return ret;
}
CERT_SVC_API
else
tmpBuf[j] = base64DecodeTable[(int)cur[j]];
}
-
+
out[i++] = ((tmpBuf[0] & 0x3f) << 2) + ((tmpBuf[1] & 0x30) >> 4);
out[i++] = ((tmpBuf[1] & 0x0f) << 4) + ((tmpBuf[2] & 0x3c) >> 2);
out[i++] = ((tmpBuf[2] & 0x03) << 6) + (tmpBuf[3] & 0x3f);
err:
return ret;
}
+
+// fingerprint format - AA:BB:CC:DD:EE...
+// cert - der(binary) format
+int get_certificate_fingerprint(const char *cert, int cert_size, unsigned char** fingerprint)
+{
+ X509* x509Cert = NULL;
+ unsigned char x509_fingerprint[EVP_MAX_MD_SIZE] = {0,};
+ char* uniformedFingerprint[EVP_MAX_MD_SIZE *3] = {0,};
+ int fp_len = 0;
+ int i = 0;
+ char buff[8] = {0,};
+ int x509_length = 0;
+
+ if(d2i_X509(&x509Cert, &cert, cert_size) == NULL)
+ {
+ SLOGE("d2i_x509 failed!");
+ *fingerprint = NULL;
+ return CERT_SVC_ERR_INVALID_CERTIFICATE;
+ }
+
+ if(!X509_digest(x509Cert, EVP_sha1(), x509_fingerprint, &x509_length))
+ {
+ SLOGE("X509_digest failed");
+ X509_free(x509Cert);
+ *fingerprint = NULL;
+ return CERT_SVC_ERR_INVALID_CERTIFICATE;
+ }
+
+ for(i=0; i < x509_length; i++)
+ {
+ snprintf(buff, sizeof(buff), "%02X:", x509_fingerprint[i]);
+ strncat(uniformedFingerprint, buff, 3);
+ }
+ uniformedFingerprint[x509_length*3-1] = 0; // remove last :
+ fp_len = strlen(uniformedFingerprint);
+
+ *fingerprint = (char*)calloc(sizeof(char),fp_len + 1);
+ if(*fingerprint == NULL)
+ {
+ SLOGE("Failed to allocate memory");
+ X509_free(x509Cert);
+ *fingerprint = NULL;
+ return CERT_SVC_ERR_MEMORY_ALLOCATION;
+ }
+
+ memcpy(*fingerprint, uniformedFingerprint, fp_len-1);
+
+ SLOGD("fingerprint : %s", *fingerprint);
+
+ X509_free(x509Cert);
+
+ return CERT_SVC_ERR_NO_ERROR;
+}
+
+int get_visibility_by_fingerprint(const char* fingerprint, int* visibility)
+{
+ SLOGD("fingerprint : %s", fingerprint);
+ int ret = 0;
+ xmlChar *xmlPathCertificateSet = (xmlChar*) "CertificateSet";
+ xmlChar *xmlPathCertificateDomain = (xmlChar*) "CertificateDomain";// name=\"tizen-platform\"";
+ xmlChar *xmlPathDomainPlatform = (xmlChar*) "tizen-platform";
+ xmlChar *xmlPathDomainPublic = (xmlChar*) "tizen-public";
+ xmlChar *xmlPathDomainPartner = (xmlChar*) "tizen-partner";
+ xmlChar *xmlPathDomainDeveloper = (xmlChar*) "tizen-developer";
+ xmlChar *xmlPathDomainTest = (xmlChar*) "tizen-test";
+ xmlChar *xmlPathDomainVerify = (xmlChar*) "tizen-verify";
+ xmlChar *xmlPathFingerPrintSHA1 = (xmlChar*) "FingerprintSHA1";
+
+ /* load file */
+ xmlDocPtr doc = xmlParseFile("/usr/share/wrt-engine/fingerprint_list.xml");
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL))
+ {
+ SLOGE("Failed to prase fingerprint_list.xml");
+ return CERT_SVC_ERR_FILE_IO;
+ }
+
+ xmlNodePtr curPtr = xmlFirstElementChild(xmlDocGetRootElement(doc));
+ if(curPtr == NULL)
+ {
+ SLOGE("Can not find root");
+ xmlFreeDoc(doc);
+ return CERT_SVC_ERR_FILE_IO;
+ }
+
+ while(curPtr != NULL)
+ {
+ xmlAttr* attr = curPtr->properties;
+ if(!attr->children || !attr->children->content)
+ {
+ SLOGE("Failed to get fingerprints from list");
+ ret = CERT_SVC_ERR_NO_ROOT_CERT;
+ goto out;
+ }
+
+ xmlChar* strLevel = attr->children->content;
+ xmlNodePtr FpPtr = xmlFirstElementChild(curPtr);
+ if(FpPtr == NULL)
+ {
+ SLOGE("Could not find fingerprint");
+ ret = CERT_SVC_ERR_NO_ROOT_CERT;
+ goto out;
+ }
+
+ while(FpPtr)
+ {
+ xmlChar *content = xmlNodeGetContent(FpPtr);
+ if(xmlStrcmp(content, (xmlChar*)fingerprint) == 0)
+ {
+ SLOGD("fingerprint : %s are %s", content, strLevel);
+ if(!xmlStrcmp(strLevel, xmlPathDomainPlatform)){
+ *visibility = CERT_SVC_VISIBILITY_PLATFORM;
+ ret = CERT_SVC_ERR_NO_ERROR;
+ goto out;
+ }
+ else if(!xmlStrcmp(strLevel, xmlPathDomainPublic)){
+ *visibility = CERT_SVC_VISIBILITY_PUBLIC;
+ ret = CERT_SVC_ERR_NO_ERROR;
+ goto out;
+ }
+ else if(!xmlStrcmp(strLevel, xmlPathDomainPartner)){
+ *visibility = CERT_SVC_VISIBILITY_PARTNER;
+ ret = CERT_SVC_ERR_NO_ERROR;
+ goto out;
+ }
+ else if(!xmlStrcmp(strLevel, xmlPathDomainDeveloper)){
+ *visibility = CERT_SVC_VISIBILITY_DEVELOPER;
+ ret = CERT_SVC_ERR_NO_ERROR;
+ goto out;
+ }
+ else if(!xmlStrcmp(strLevel, xmlPathDomainTest)){
+ *visibility = CERT_SVC_VISIBILITY_TEST;
+ ret = CERT_SVC_ERR_NO_ERROR;
+ goto out;
+ }
+ else if(!xmlStrcmp(strLevel, xmlPathDomainVerify)){
+ *visibility = CERT_SVC_VISIBILITY_VERIFY;
+ ret = CERT_SVC_ERR_NO_ERROR;
+ goto out;
+ }
+ }
+ FpPtr = xmlNextElementSibling(FpPtr);
+ }
+ curPtr = xmlNextElementSibling(curPtr);
+ }
+
+ xmlFreeDoc(doc);
+ return CERT_SVC_ERR_NO_ROOT_CERT;
+
+out:
+ xmlFreeDoc(doc);
+ return ret;
+}
+
+
+// expect input cert data is base64 encoded format
+int get_visibility_by_certificate(const char* cert_data, int data_len, int* visibility)
+{
+ if(!cert_data || !data_len)
+ {
+ return CERT_SVC_ERR_INVALID_PARAMETER;
+ }
+
+ int decodedSize = ((data_len / 4) * 3) + 1;
+ char* decoded = NULL;
+ char* fingerprint = NULL;
+ int ret = CERT_SVC_ERR_NO_ERROR;
+
+ if(!(decoded = (char*)malloc(sizeof(char) * decodedSize))) {
+ SLOGE("Fail to allocate memory.");
+ return CERT_SVC_ERR_MEMORY_ALLOCATION;
+ }
+ memset(decoded, 0x00, decodedSize);
+
+ if((ret = cert_svc_util_base64_decode(cert_data, data_len, decoded, &decodedSize)) != CERT_SVC_ERR_NO_ERROR)
+ {
+ SLOGE("Failed to decode data %d", ret);
+ free(decoded);
+ return ret;
+ }
+
+ ret = get_certificate_fingerprint(decoded, decodedSize, &fingerprint);
+ if(ret != CERT_SVC_ERR_NO_ERROR)
+ {
+ SLOGE("Can not get fingerprint! %d", ret);
+ return ret;
+ }
+
+ ret = get_visibility_by_fingerprint(fingerprint, visibility);
+ if(ret != CERT_SVC_ERR_NO_ERROR)
+ {
+ SLOGE("Can not find visibility %d", ret);
+ return ret;
+ }
+
+ free(decoded);
+ free(fingerprint);
+ return CERT_SVC_ERR_NO_ERROR;
+}
#define CERT_SVC_API __attribute__((visibility("default")))
#endif
+#define CRT_FILE_PATH "/opt/share/cert-svc/ca-certificate.crt"
+
CERT_SVC_API
int cert_svc_add_certificate_to_store(const char* filePath, const char* location)
{
int ret = CERT_SVC_ERR_NO_ERROR;
char _filePath[CERT_SVC_MAX_FILE_NAME_SIZE];
-
- memset(_filePath, 0x00, CERT_SVC_MAX_FILE_NAME_SIZE);
+ int pathSize = 0;
if(filePath == NULL) {
SLOGE("[ERR][%s] Check your parameter. Maybe file path is NULL.\n", __func__);
goto err;
}
+ pathSize = strlen(filePath);
+
+ if (pathSize <= 0 || pathSize >= CERT_SVC_MAX_FILE_NAME_SIZE) {
+ SLOGE("[ERR][%s] Check your parameter. Maybe file path is NULL.\n", __func__);
+ ret = CERT_SVC_ERR_INVALID_PARAMETER;
+ goto err;
+ }
+
+ memset(_filePath, 0x0, sizeof(_filePath));
+
if(filePath[0] != '/') { // not absolute path, this is regarded relative file path
- getcwd(_filePath, CERT_SVC_MAX_FILE_NAME_SIZE);
- strncat(_filePath, "/", 1);
- strncat(_filePath, filePath, strlen(filePath));
+ if (getcwd(_filePath, sizeof(_filePath))) {
+ int cwdSize = 0;
+ //just in case
+ _filePath[sizeof(_filePath) - 1] = '\0';
+
+ cwdSize = strlen(_filePath);
+
+ if (cwdSize <=0 || (cwdSize + pathSize + 1) >= CERT_SVC_MAX_FILE_NAME_SIZE) {
+ SLOGE("[ERR][%s] Check your parameter. Maybe file path is NULL.\n", __func__);
+ ret = CERT_SVC_ERR_INVALID_OPERATION;
+ goto err;
+ }
+
+ strncat(_filePath, "/", 1);
+ strncat(_filePath, filePath, pathSize);
+
+ } else {
+ SLOGE("[ERR][%s] Check your parameter. Maybe file path is NULL.\n", __func__);
+ ret = CERT_SVC_ERR_INVALID_OPERATION;
+ goto err;
+ }
+ }
+ else {
+ strncpy(_filePath, filePath, pathSize);
}
- else
- strncpy(_filePath, filePath, strlen(filePath));
ret = _add_certificate_to_store(_filePath, location);
return ret;
}
-CERT_SVC_API
-int cert_svc_verify_certificate(CERT_CONTEXT* ctx, int* validity)
+int _cert_svc_verify_certificate_with_caflag(CERT_CONTEXT* ctx, int checkCAFlag, int* validity)
{
int ret = CERT_SVC_ERR_NO_ERROR;
- int i = 0, first = 0;
-
+
if((ctx == NULL) || (ctx->certBuf == NULL)) {
SLOGE("[ERR][%s] Check your parameter. Cannot find certificate.\n", __func__);
ret = CERT_SVC_ERR_INVALID_PARAMETER;
ctx->fileNames->next = NULL;
/* call verify function */
- if((ret = _verify_certificate(ctx->certBuf, &(ctx->certLink), ctx->fileNames, validity)) != CERT_SVC_ERR_NO_ERROR) {
+ if((ret = _verify_certificate_with_caflag(ctx->certBuf, &(ctx->certLink), checkCAFlag, ctx->fileNames, validity)) != CERT_SVC_ERR_NO_ERROR) {
SLOGE("[ERR][%s] Fail to verify certificate.\n", __func__);
goto err;
}
return ret;
}
+CERT_SVC_API
+int cert_svc_verify_certificate(CERT_CONTEXT* ctx, int* validity)
+{
+ int ca_cflag_check_false = 0;
+ return _cert_svc_verify_certificate_with_caflag(ctx, ca_cflag_check_false, validity);
+}
+
+CERT_SVC_API
+int cert_svc_verify_certificate_with_caflag(CERT_CONTEXT* ctx, int* validity)
+{
+ int ca_cflag_check_true = 1;
+ return _cert_svc_verify_certificate_with_caflag(ctx, ca_cflag_check_true, validity);
+}
+
/*
* message : unsigned character string
* signature : base64 encoded string
int cert_svc_verify_signature(CERT_CONTEXT* ctx, unsigned char* message, int msgLen, unsigned char* signature, char* algo, int* validity)
{
int ret = CERT_SVC_ERR_NO_ERROR;
- cert_svc_mem_buff* certBuf = NULL;
if((message == NULL) || (signature == NULL) || (ctx == NULL) || (ctx->certBuf == NULL)) {
SLOGE("[ERR][%s] Invalid parameter, please check your parameter\n", __func__);
int cert_svc_search_certificate(CERT_CONTEXT* ctx, search_field fldName, char* fldData)
{
int ret = CERT_SVC_ERR_NO_ERROR;
- int i = 0;
- /* check parameter */
- if((ctx == NULL) || (fldName < SEARCH_FIELD_START ) || (fldName > SEARCH_FIELD_END) || (fldData == NULL)) {
+ /* check parameter, fldName is unsigned int. It will never be negative */
+ if((ctx == NULL) || (fldName > SEARCH_FIELD_END) || (fldData == NULL)) {
SLOGE("[ERR][%s] Invalid parameter. Check your parameter\n", __func__);
ret = CERT_SVC_ERR_INVALID_PARAMETER;
goto err;
/* search specific field */
if((ret = _search_certificate(&(ctx->fileNames), fldName, fldData)) != CERT_SVC_ERR_NO_ERROR) {
- SLOGE("[ERR][%s] Fail to search sertificate.\n", __func__);
+ SLOGE("[ERR][%s] Fail to search certificate.\n", __func__);
+ SLOGE("[ERR][%s] Fail to search certificate.\n", ctx->fileNames);
goto err;
}
SLOGD("[%s] Success to search certificate(s).\n", __func__);
CERT_SVC_API
CERT_CONTEXT* cert_svc_cert_context_init()
{
- int ret = CERT_SVC_ERR_NO_ERROR;
CERT_CONTEXT* ctx = NULL;
if(!(ctx = (CERT_CONTEXT*)malloc(sizeof(CERT_CONTEXT)))) {
int cert_svc_cert_context_final(CERT_CONTEXT* context)
{
int ret = CERT_SVC_ERR_NO_ERROR;
- cert_svc_linked_list* pLink = NULL;
- cert_svc_filename_list* pFile = NULL;
if(context == NULL) // already be freed
goto err;
goto err;
}
if(!(ctx->certBuf = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) {
- SLOGE("[ERR][%s] Fail to allovate memory.\n", __func__);
+ SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
goto err;
}
memset(ctx->certBuf, 0x00, sizeof(cert_svc_mem_buff));
/* memory allocation for decoded string */
- size = strlen(buf);
+ size = strlen((char*)buf);
decodedSize = ((size / 4) * 3) + 1;
if(!(decodedStr = (char*)malloc(sizeof(char) * decodedSize))) {
}
/* decode */
- if((ret = cert_svc_util_base64_decode(buf, size, decodedStr, &decodedSize)) != CERT_SVC_ERR_NO_ERROR) {
+ if((ret = cert_svc_util_base64_decode((char*)buf, size, decodedStr, &decodedSize)) != CERT_SVC_ERR_NO_ERROR) {
SLOGE("[ERR][%s] Fail to decode string, ret: [%d]\n", __func__, ret);
ret = CERT_SVC_ERR_INVALID_OPERATION;
+ free(decodedStr);
goto err;
}
/* load content to CERT_CONTEXT */
- ctx->certBuf->data = decodedStr;
+ ctx->certBuf->data = (unsigned char*)decodedStr;
ctx->certBuf->size = decodedSize;
SLOGD("[%s] Success to load certificate buffer content to context.\n", __func__);
goto err;
}
if(!(ctx->certBuf = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) {
- SLOGE("[ERR][%s] Fail to allovate memory.\n", __func__);
+ SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
goto err;
}
/* memory alloction new item */
if(!(new = (cert_svc_linked_list*)malloc(sizeof(cert_svc_linked_list)))) {
- SLOGE("[ERR][%s] Fail to allcate memory.\n", __func__);
+ SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
goto err;
}
if(!(new->certificate = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) {
- SLOGE("[ERR][%s] Fail to allcate memory.\n", __func__);
+ SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
+ free(new);
ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
goto err;
}
/* memory allocation for decoded string */
- size = strlen(buf);
+ size = strlen((char*)buf);
decodedSize = ((size / 4) * 3) + 1;
if(!(decodedStr = (char*)malloc(sizeof(char) * decodedSize))) {
SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
+ release_cert_list(new);
ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
goto err;
}
/* decode */
- if((ret = cert_svc_util_base64_decode(buf, size, decodedStr, &decodedSize)) != CERT_SVC_ERR_NO_ERROR) {
+ if((ret = cert_svc_util_base64_decode((char*)buf, size, decodedStr, &decodedSize)) != CERT_SVC_ERR_NO_ERROR) {
SLOGE("[ERR][%s] Fail to decode string, ret: [%d]\n", __func__, ret);
+ release_cert_list(new);
+ free(decodedStr);
ret = CERT_SVC_ERR_INVALID_OPERATION;
goto err;
}
/* load content to CERT_CONTEXT */
- new->certificate->data = decodedStr;
+ new->certificate->data = (unsigned char*)decodedStr;
new->certificate->size = decodedSize;
new->next = NULL;
ctx->certLink = new;
else {
cur = ctx->certLink;
- while(1) {
- if(cur->next == NULL)
- break;
+ while(cur->next)
cur = cur->next;
- }
-
cur->next = new;
}
/* memory alloction new item */
if(!(new = (cert_svc_linked_list*)malloc(sizeof(cert_svc_linked_list)))) {
- SLOGE("[ERR][%s] Fail to allcate memory.\n", __func__);
+ SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
goto err;
}
memset(new, 0x00, sizeof(cert_svc_linked_list));
if(!(new->certificate = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) {
- SLOGE("[ERR][%s] Fail to allcate memory.\n", __func__);
+ SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ free(new);
goto err;
}
memset(new->certificate, 0x00, sizeof(cert_svc_mem_buff));
/* get content to ctx->certBuf */
if((ret = cert_svc_util_load_file_to_buffer(filePath, new->certificate)) != CERT_SVC_ERR_NO_ERROR) {
SLOGE("[ERR][%s] Fail to load file, filepath: [%s], ret: [%d]\n", __func__, filePath, ret);
+ release_cert_list(new);
ret = CERT_SVC_ERR_INVALID_OPERATION;
goto err;
}
goto err;
}
if(!(ctx->certBuf = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) {
- SLOGE("[ERR][%s] Fail to allovate memory.\n", __func__);
+ SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
goto err;
}
memset(ctx->certBuf, 0x00, sizeof(cert_svc_mem_buff));
/* get content to ctx->certBuf */
- if((ret = cert_svc_util_load_PFX_file_to_buffer(filePath, ctx->certBuf, ctx->certLink, privateKey, priKeyLen, passPhrase)) != CERT_SVC_ERR_NO_ERROR) {
+ if((ret = cert_svc_util_load_PFX_file_to_buffer(filePath, ctx->certBuf, &ctx->certLink, privateKey, priKeyLen, passPhrase)) != CERT_SVC_ERR_NO_ERROR) {
SLOGE("[ERR][%s] Fail to load file, filepath: [%s], ret: [%d]\n", __func__, filePath, ret);
ret = CERT_SVC_ERR_INVALID_OPERATION;
goto err;
return ret;
}
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
CERT_SVC_API
int cert_svc_check_ocsp_status(CERT_CONTEXT* ctx, const char* uri)
{
int ret = CERT_SVC_ERR_NO_ERROR;
+ cert_svc_linked_list** certList=NULL;
+ /* check revocation status */
/* check parameter */
if((ctx == NULL) || (ctx->certBuf == NULL)) {
SLOGE("[ERR][%s] certBuf must have value.\n", __func__);
- ret = CERT_SVC_ERR_INVALID_OPERATION;
+ ret = CERT_SVC_ERR_INVALID_PARAMETER;
goto err;
}
/* check revocation status */
- if((ret = _check_ocsp_status(ctx->certBuf, uri)) != CERT_SVC_ERR_NO_ERROR) {
+ if(ctx->certLink != NULL) {
+ certList = &(ctx->certLink);
+ }
+ if((ret = _check_ocsp_status(ctx->certBuf, certList, uri)) != CERT_SVC_ERR_NO_ERROR) {
SLOGE("[ERR][%s] Fail to check revocation status.\n", __func__);
- ret = CERT_SVC_ERR_INVALID_CERTIFICATE;
goto err;
}
err:
return ret;
}
+#endif
+
+CERT_SVC_API
+char* cert_svc_get_certificate_crt_file_path(void)
+{
+ return CRT_FILE_PATH;
+}
+
+CERT_SVC_API
+int cert_svc_get_visibility(CERT_CONTEXT *ctx, int* visibility)
+{
+ CERT_CONTEXT* context = NULL;
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ const char* root_cert_path = NULL;
+
+ if(!ctx || !visibility)
+ {
+ SLOGE("Invalid prameters");
+ return CERT_SVC_ERR_INVALID_PARAMETER;
+ }
+
+ if(!ctx->fileNames || !ctx->fileNames->filename)
+ {
+ SLOGE("Can not find root certificate path");
+ return CERT_SVC_ERR_INVALID_PARAMETER;
+ }
+
+ context = cert_svc_cert_context_init();
+ if(!context)
+ {
+ SLOGE("Out of memory");
+ return CERT_SVC_ERR_MEMORY_ALLOCATION;
+ }
+
+ ret = cert_svc_load_file_to_context(context, ctx->fileNames->filename);
+ if(ret != CERT_SVC_ERR_NO_ERROR)
+ {
+ SLOGE("failed to load root certficiate");
+ cert_svc_cert_context_final(context);
+ return CERT_SVC_ERR_INVALID_CERTIFICATE;
+ }
+
+ ret = get_visibility(context, visibility);
+
+ cert_svc_cert_context_final(context);
+
+ return ret;
+}
+
+CERT_SVC_API
+int cert_svc_get_visibility_by_root_certificate(const char* base64_encoded_data, int data_len, int* visibility)
+{
+ if(!base64_encoded_data|| !data_len)
+ {
+ return CERT_SVC_ERR_INVALID_PARAMETER;
+ }
+
+ int ret = get_visibility_by_certificate(base64_encoded_data, data_len, visibility);
+ if(ret != CERT_SVC_ERR_NO_ERROR)
+ {
+ SLOGE("Failed to get_visibility :%d", ret);
+ return ret;
+ }
+ return CERT_SVC_ERR_NO_ERROR;
+}
+++ /dev/null
-/*
- * certification service
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Kidong Kim <kd0228.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <time.h>
-#include <dirent.h>
-#include <error.h>
-
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-
-#include <openssl/sha.h>
-#include <openssl/rsa.h>
-#include <openssl/bio.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-
-#include "cert-service.h"
-
-#define DPS_OPERATION_SUCCESS 0
-#define DPS_FILE_ERR -1
-#define DPS_MEMORY_ERR -2
-#define DPS_PARAMETER_ERR -3
-#define DPS_INVALID_OPERATION -4
-
-#define SDK_CERT_PATH "./SDK.crt"
-#define SDK_PRIVKEY_PATH "./SDK.key"
-#define CA_PRIVKEY_PATH "./ca.key"
-
-void print_usage(void)
-{
- fprintf(stdout, "\n This program signs or verifies signature on package(.deb).\n\n");
- fprintf(stdout, " [USAGE] dpkg-pki-sig [COMMAND] [ARGUMENT(s)]\n\n");
- fprintf(stdout, " - COMMAND:\n");
- fprintf(stdout, " -- gencert [SDK prikey path] [SDK cert path] [CA prikey path] [CA cert path] [output directory] ([target info])\n");
- fprintf(stdout, " : generates certificate for SDK, and that certificate will be signed by CA.\n");
- fprintf(stdout, " : If you use target which be linked your SDK, you must use target information in specific storage of target.\n");
- fprintf(stdout, " Otherwise, your package does not be executed in target.\n");
- fprintf(stdout, " -- sign [debian package path] [private key path of user] [certificate path of user]\n");
- fprintf(stdout, " : signs your debian package with inputed secret key.\n");
- fprintf(stdout, " -- verify [debian package path]\n");
- fprintf(stdout, " : verifies your debian package with public key in pre-defined certificate.\n\n");
- fprintf(stdout, " - EXAMPLES:\n");
- fprintf(stdout, " -- dpkg-pki-sig gencert ./SDKpri.key ./SDKcert.crt ./CApri.key ./CAcert.crt ./ (target info)\n");
- fprintf(stdout, " -- dpkg-pki-sig sign ./test.deb ./private.key ./mycert.crt\n");
- fprintf(stdout, " -- dpkg-pki-sig verify ./test.deb\n\n");
-}
-
-int delete_directory(const char* path)
-{
- int ret = DPS_OPERATION_SUCCESS;
- DIR* dir = NULL;
- struct dirent* dirent = NULL;
- char filename[128];
-
- if((dir = opendir(path)) == NULL) {
- fprintf(stderr, "[ERR][%s] Fail to open directory, [%s]\n", __func__, path);
- ret = DPS_FILE_ERR;
- goto err;
- }
-
- while((dirent = readdir(dir)) != NULL) {
- memset(filename, 0x00, 128);
- if((strncmp(dirent->d_name, ".", 1) == 0) || (strncmp(dirent->d_name, "..", 2) == 0))
- continue;
- snprintf(filename, 128, "%s/%s", path, dirent->d_name);
- if(unlink(filename) != 0) {
- fprintf(stderr, "[ERR][%s] Fail to remove file, [%s]\n", __func__, filename);
- perror("ERR!!");
- ret = DPS_FILE_ERR;
- goto err;
- }
- }
-
- if(rmdir(path) != 0) {
- fprintf(stderr, "[ERR][%s] Fail to remove directory, [%s]\n", __func__, path);
- ret = DPS_FILE_ERR;
- goto err;
- }
-
-err:
- if(dir != NULL) closedir(dir);
-
- return ret;
-}
-
-int get_files_from_deb(FILE* fp_deb)
-{
- int ret = DPS_OPERATION_SUCCESS;
- int readcount = 0;
- int writecount = 0;
- unsigned long int size = 0;
- FILE* fp_control = NULL;
- FILE* fp_data = NULL;
- FILE* fp_sig = NULL;
- char tempbuf[64];
- char filename[16];
- char filelen[10];
- char* buf = NULL;
-
- memset(tempbuf, 0x00, 64);
- memset(filename, 0x00, 16);
- memset(filelen, 0x00, 10);
-
- if(!(fp_control = fopen("./temp/control.tar.gz", "wb"))) {
- fprintf(stderr, "[ERR][%s] Fail to open file, [control.tar.gz]\n", __func__);
- ret = DPS_FILE_ERR;
- goto err;
- }
- if(!(fp_data = fopen("./temp/data.tar.gz", "wb"))) {
- fprintf(stderr, "[ERR][%s] Fail to open file, [data.tar.gz]\n", __func__);
- ret = DPS_FILE_ERR;
- goto err;
- }
- if(!(fp_sig = fopen("./temp/_sigandcert", "wb"))) {
- fprintf(stderr, "[ERR][%s] Fail to open file, [_sigandcert]\n", __func__);
- ret = DPS_FILE_ERR;
- goto err;
- }
-
- while(fgets(tempbuf, 64, fp_deb)) {
- strncpy(filename, tempbuf, 16);
- if(memcmp(filename, "!<arch>\n", 8) == 0)
- continue;
- if((memcmp(filename, "control.tar.gz", 14) == 0) ||
- (memcmp(filename, "data.tar.gz", 11) == 0) ||
- (memcmp(filename, "_sigandcert", 11) == 0)
- ) {
- strncpy(filelen, tempbuf + 48, 10);
- size = strtoul(filelen, NULL, 10);
-
- if(!(buf = (char*)malloc(sizeof(char) * (int)size))) {
- fprintf(stderr, "[ERR][%s] Fail to allocate memory\n", __func__);
- ret = DPS_MEMORY_ERR;
- goto err;
- }
- memset(buf, 0x00, (int)size);
-
- if((readcount = fread(buf, sizeof(char), (int)size, fp_deb)) != (int)size) { // read error
- fprintf(stderr, "[ERR][%s] Read error, [%s]\n", __func__, filename);
- ret = DPS_FILE_ERR;
- goto err;
- }
-
- if(!strncmp(filename, "control.tar.gz", 14))
- writecount = fwrite(buf, sizeof(char), (int)size, fp_control);
- else if(!strncmp(filename, "data.tar.gz", 11))
- writecount = fwrite(buf, sizeof(char), (int)size, fp_data);
- else if(!strncmp(filename, "_sigandcert", 11))
- writecount = fwrite(buf, sizeof(char), (int)size, fp_sig);
-
- if(writecount != (int)size) { // write error
- fprintf(stderr, "[ERR][%s] Write error, [%s]\n", __func__, filename);
- ret = DPS_FILE_ERR;
- goto err;
- }
-
- free(buf);
- buf = NULL;
- }
- }
-
-err:
- if(fp_control != NULL) fclose(fp_control);
- if(fp_data != NULL) fclose(fp_data);
- if(fp_sig != NULL) fclose(fp_sig);
-
- if(buf != NULL) free(buf);
-
- return ret;
-}
-
-int sha256_hash(char* in, unsigned char* out, int len)
-{
- int ret = DPS_OPERATION_SUCCESS;
- SHA256_CTX sctx;
-
- if(!SHA256_Init(&sctx)) {
- fprintf(stderr, "[ERR][%s] Fail to init hash structure\n", __func__);
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
- if(!SHA256_Update(&sctx, in, len)) {
- fprintf(stderr, "[ERR][%s] Fail to update hash structure\n", __func__);
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
- if(!SHA256_Final(out, &sctx)) {
- fprintf(stderr, "[ERR][%s] Fail to final hash structure\n", __func__);
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
-
-err:
- return ret;
-}
-
-int sha256_hashing_file(FILE* fp_file, char* out)
-{
- int filelen = 0;
- int i = 0;
- char* in = NULL;
- unsigned char* hashout = NULL;
- int ret = DPS_OPERATION_SUCCESS;
-
- fseek(fp_file, 0L, SEEK_END);
- filelen = ftell(fp_file);
- fseek(fp_file, 0L, SEEK_SET);
-
- if(!(in = (char*)malloc(sizeof(char) * (filelen + 1)))) {
- fprintf(stderr, "[ERR][%s] Fail to allocate memory.", __func__);
- ret = DPS_MEMORY_ERR;
- goto err;
- }
- if(!(hashout = (unsigned char*)malloc(sizeof(unsigned char) * SHA256_DIGEST_LENGTH))) {
- fprintf(stderr, "[ERR][%s] Fail to allocate memory.", __func__);
- ret = DPS_MEMORY_ERR;
- goto err;
- }
- memset(in, 0x00, (filelen + 1));
- memset(hashout, 0x00, SHA256_DIGEST_LENGTH);
-
- if(fread(in, sizeof(char), filelen, fp_file) != filelen) {
- fprintf(stderr, "[ERR][%s] Fail to read file.[%d]\n", __func__, filelen);
- ret = DPS_FILE_ERR;
- goto err;
- }
-
- if((ret = sha256_hash(in, hashout, filelen)) != DPS_OPERATION_SUCCESS) {
- fprintf(stderr, "[ERR][%s] Fail to hash message\n", __func__);
- goto err;
- }
-
- for(i = 0; i < SHA256_DIGEST_LENGTH; i++) {
- sprintf(out + (i * 2), "%02x", hashout[i]);
- }
-
-err:
- if(in != NULL) free(in);
- if(hashout != NULL) free(hashout);
-
- return ret;
-}
-
-int get_target_info(char* info)
-{
-#define TARGET_INFO "/opt/share/cert-svc/targetinfo"
- FILE* fp_info = NULL;
- char* token = NULL;
- char seps[] = " \t\n\r";
- char buf[16];
- int ret = DPS_OPERATION_SUCCESS;
-
- memset(buf, 0x00, 16);
-
- if(!(fp_info = fopen(TARGET_INFO, "r"))) { // error
- fprintf(stderr, "[ERR][%s] Fail to open file, [%s]\n", __func__, TARGET_INFO);
- ret = DPS_FILE_ERR;
- goto err;
- }
-
- fgets(buf, 16, fp_info);
- if(buf[0] == '0') { // not used
- // do nothing
- strncpy(info, "NOT USED", 8);
- }
- else if(buf[0] == '1') {
- memset(buf, 0x00, 16);
- fgets(buf, 16, fp_info);
- memcpy(info, buf, 10);
- }
- else {
- fprintf(stderr, "[ERR][%s] Check your targetinfo file.\n", __func__);
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
-
-err:
- return ret;
-}
-
-int generate_sdk_cert(int argc, const char** argv)
-{
- int ret = DPS_OPERATION_SUCCESS;
- const char* targetinfo = NULL;
- char* defaultinfo = "SDK_simulator";
- int pid = -1;
-
- /* this code is for testing */
- if((argc < 4) || (argc > 5)) {
- fprintf(stderr, "[ERR][%s] Check your argument!!\n", __func__);
- print_usage();
- ret = DPS_PARAMETER_ERR;
- goto err;
- }
-
- // delete older SDK cert and SDK key
- if(unlink(argv[0]) != 0) { // error
- if(errno == ENOENT)
- fprintf(stderr, "[LOG][%s] %s is not exist.\n", __func__, argv[0]);
- }
- if(unlink(argv[1]) != 0) { // error
- if(errno == ENOENT)
- fprintf(stderr, "[LOG][%s] %s is not exist.\n", __func__, argv[1]);
- }
-
- // get target information
- if(argc == 4) // target info is not set
- targetinfo = defaultinfo;
- else if(argc == 5) // target info is set
- targetinfo = argv[4];
-
- /* execute script '/usr/bin/make_cert.sh' */
- pid = fork();
- if(pid == 0) { // child
- execl("/usr/bin/make_cert.sh", "/usr/bin/make_cert.sh", argv[0], argv[1], argv[2], argv[3], targetinfo, NULL);
- }
- else if(pid > 0) { // parent
- wait((int*)0);
- ret = DPS_OPERATION_SUCCESS;
- goto err;
- }
- else if(pid < 0) { // fail
- fprintf(stderr, "[ERR][%s] Fail to fork.\n", __func__);
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
-
-err:
-
- return ret;
-}
-
-int package_sign(int argc, const char** argv)
-{
- int ret = DPS_OPERATION_SUCCESS;
- int ch = 0, i = 0;
- int certwrite = 0;
- unsigned long int privlen = 0;
- unsigned long int encodedlen = 0;
- unsigned long int certlen = 0;
- unsigned long int sigfilelen = 0;
- FILE* fp_deb = NULL;
- FILE* fp_control = NULL;
- FILE* fp_data = NULL;
- FILE* fp_sig = NULL;
- FILE* fp_priv = NULL;
- FILE* fp_cert = NULL;
- char tempbuf[128];
- char* out = NULL;
- char signingmsg[128];
- char* prikey = NULL;
- unsigned char* r_signature = NULL;
- unsigned char* siginput = NULL;
- char* encoded = NULL;
- char* certbuf = NULL;
- char* startcert = NULL;
- char* endcert = NULL;
- char sigfileinfo[60];
- char* sigfilebuf = NULL;
- unsigned int slen;
-
- RSA* private_key = NULL;
- BIO* private_bio = NULL;
-
- char* messages = "MESSAGES:\n";
- char* signature = "SIGNATURE:\n";
- char* certificate = "CERTIFICATE:\n";
-
- if(!(out = (char*)malloc(sizeof(char) * (SHA256_DIGEST_LENGTH * 2 + 1)))) {
- fprintf(stderr, "[ERR][%s] Fail to allocate memory.\n", __func__);
- ret = DPS_MEMORY_ERR;
- goto err;
- }
- memset(tempbuf, 0x00, 128);
- memset(signingmsg, 0x00, 128);
- memset(sigfileinfo, 0x00, 60);
-
- if(argc != 3) { // debian package, private key, certificate
- fprintf(stderr, "[ERR][%s] Check your argument!!\n", __func__);
- print_usage();
- ret = DPS_PARAMETER_ERR;
- goto err;
- }
-
- /* make temp dir in current dir */
- if(mkdir("./temp", 0755) != 0) { // fail
- fprintf(stderr, "[ERR][%s] Fail to make temporary directory, [%s]\n", __func__, "./temp");
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
-
- /* make signature file in temp dir */
- if(!(fp_sig = fopen("./temp/_sigandcert", "w+b"))) { // fail
- fprintf(stderr, "[ERR][%s] Fail to open file, [%s]\n", __func__, "./temp/_sigandcert");
- ret = DPS_FILE_ERR;
- goto err;
- }
-
- /* extract .tar.gz file from deb file and store in temp dir */
- if(!(fp_deb = fopen(argv[0], "r+b"))) { // fail
- fprintf(stderr, "[ERR][%s] Fail to open file, [%s]\n", __func__, argv[0]);
- ret = DPS_FILE_ERR;
- goto err;
- }
-
- if((ret = get_files_from_deb(fp_deb)) != DPS_OPERATION_SUCCESS) {
- fprintf(stderr, "[ERR][%s] Fail to extract files from deb.\n", __func__);
- goto err;
- }
-
- if(!(fp_control = fopen("./temp/control.tar.gz", "rb"))) { // fail
- fprintf(stderr, "[ERR][%s] Fail to open file, [%s]\n", __func__, "./temp/control.tar.gz");
- ret = DPS_FILE_ERR;
- goto err;
- }
- if(!(fp_data = fopen("./temp/data.tar.gz", "rb"))) { // fail
- fprintf(stderr, "[ERR][%s] Fail to open file, [%s]\n", __func__, "./temp/data.tar.gz");
- ret = DPS_FILE_ERR;
- goto err;
- }
-
- /* calculate hash value of .tar.gz file and write */
- if(fwrite(messages, sizeof(char), strlen(messages), fp_sig) != strlen(messages)) { // error
- fprintf(stderr, "[ERR][%s] Fail to write to file, [%s]\n", __func__, "_sigandcert");
- ret = DPS_FILE_ERR;
- goto err;
- }
-
- memset(out, 0x00, (SHA256_DIGEST_LENGTH * 2 + 1));
- if((ret = sha256_hashing_file(fp_control, out)) != DPS_OPERATION_SUCCESS) {
- fprintf(stderr, "[ERR][%s] Fail to calculate hash, [%s]\n", __func__, "control.tar.gz");
- goto err;
- }
- snprintf(tempbuf, 128, "%s control.tar.gz\n", out);
- strncpy(signingmsg, tempbuf, strlen(tempbuf));
-
- memset(out, 0x00, (SHA256_DIGEST_LENGTH * 2 + 1));
- if((ret = sha256_hashing_file(fp_data, out)) != DPS_OPERATION_SUCCESS) {
- fprintf(stderr, "[ERR][%s] Fail to calculate hash, [%s]\n", __func__, "control.tar.gz");
- goto err;
- }
- snprintf(tempbuf, 128, "%s data.tar.gz\n", out);
- strncat(signingmsg, tempbuf, strlen(tempbuf));
-
- fprintf(fp_sig, "%d\n", strlen(signingmsg));
- if(fwrite(signingmsg, sizeof(char), strlen(signingmsg), fp_sig) != strlen(signingmsg)) {
- fprintf(stderr, "[ERR][%s] Fail to write to file, [%s]\n", __func__, "_sigandcert");
- ret = DPS_FILE_ERR;
- goto err;
- }
-
- /* create signature and write */
- if(fwrite(signature, sizeof(char), strlen(signature), fp_sig) != strlen(signature)) { // error
- fprintf(stderr, "[ERR][%s] Fail to write to file, [%s]\n", __func__, "_sigandcert");
- ret = DPS_FILE_ERR;
- goto err;
- }
-
- if(!(fp_priv = fopen(argv[1], "r"))) { // error
- fprintf(stderr, "[ERR][%s] Fail to open file, [%s]\n", __func__, argv[1]);
- ret = DPS_FILE_ERR;
- goto err;
- }
- fseek(fp_priv, 0L, SEEK_END);
- privlen = ftell(fp_priv);
- fseek(fp_priv, 0L, SEEK_SET);
-
- if(!(prikey = (char*)malloc(sizeof(char) * (int)privlen))) {
- fprintf(stderr, "[ERR][%s] Fail to allocate memory\n", __func__);
- ret = DPS_FILE_ERR;
- goto err;
- }
- memset(prikey, 0x00, (int)privlen);
-
- i = 0;
- while((ch = fgetc(fp_priv)) != EOF) {
- prikey[i] = ch;
- i++;
- }
- prikey[i] = '\0';
-
- if(!(private_bio = BIO_new_mem_buf(prikey, -1))) {
- fprintf(stderr, "[ERR][%s] Fail to allocate memory, [private_bio]\n", __func__);
- ERR_print_errors_fp(stdout);
- ret = DPS_MEMORY_ERR;
- goto err;
- }
-
- if(!(private_key = PEM_read_bio_RSAPrivateKey(private_bio, NULL, NULL, NULL))) {
- fprintf(stderr, "[ERR][%s] Fail to allocate memory, [private_key]\n", __func__);
- ERR_print_errors_fp(stdout);
- ret = DPS_MEMORY_ERR;
- goto err;
- }
-
- if(!(r_signature = (unsigned char*)malloc(RSA_size(private_key)))) {
- fprintf(stderr, "[ERR][%s] Fail to allocate memory, [r_signature]\n", __func__);
- ret = DPS_MEMORY_ERR;
- goto err;
- }
-
- if(!(siginput = (unsigned char*)malloc(sizeof(unsigned char) * SHA256_DIGEST_LENGTH))) {
- fprintf(stderr, "[ERR][%s] Fail to allocate memory.", __func__);
- ret = DPS_MEMORY_ERR;
- goto err;
- }
- memset(siginput, 0x00, SHA256_DIGEST_LENGTH);
-
- if((ret = sha256_hash(signingmsg, siginput, strlen(signingmsg))) != DPS_OPERATION_SUCCESS) {
- fprintf(stderr, "[ERR][%s] Fail to hash\n", __func__);
- goto err;
- }
-
- if(RSA_sign(NID_sha256, siginput, SHA256_DIGEST_LENGTH, r_signature, &slen, private_key) != 1) { // error
- fprintf(stderr, "[ERR][%s] Fail to make signature.\n", __func__);
- ERR_print_errors_fp(stdout);
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
-
- encodedlen = (((slen + 2) / 3) * 4) + 1;
- if(!(encoded = (char*)malloc(sizeof(char) * encodedlen))) {
- fprintf(stderr, "[ERR][%s] Fail to allocate memory, [encoded]\n", __func__);
- ret = DPS_MEMORY_ERR;
- goto err;
- }
- if((ret = cert_svc_util_base64_encode(r_signature, slen, encoded, &encodedlen)) != 0) { // error
- fprintf(stderr, "[ERR][%s] Fail to encode signature\n", __func__);
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
-
- fprintf(fp_sig, "%d\n", (int)encodedlen);
- if(fwrite(encoded, sizeof(char), (int)encodedlen, fp_sig) != (int)encodedlen) { // error
- fprintf(stderr, "[ERR][%s] Fail to write to file, [%s]\n", __func__, "_sigandcert");
- ret = DPS_FILE_ERR;
- goto err;
- }
- fwrite("\n", sizeof(char), 1, fp_sig);
-
- /* certificate write */
- if(fwrite(certificate, sizeof(char), strlen(certificate), fp_sig) != strlen(certificate)) { // error
- fprintf(stderr, "[ERR][%s] Fail to write to file, [%s]\n", __func__, "_sigandcert");
- ret = DPS_FILE_ERR;
- goto err;
- }
-
- if(!(fp_cert = fopen(argv[2], "r"))) { // error
- fprintf(stderr, "[ERR][%s] Fail to open file, [%s]\n", __func__, argv[2]);
- ret = DPS_FILE_ERR;
- goto err;
- }
- fseek(fp_cert, 0L, SEEK_END);
- certlen = ftell(fp_cert);
- fseek(fp_cert, 0L, SEEK_SET);
-
- if(!(certbuf = (char*)malloc(sizeof(char) * (int)certlen))) {
- fprintf(stderr, "[ERR][%s] Fail to allocate memory\n", __func__);
- ret = DPS_FILE_ERR;
- goto err;
- }
- memset(certbuf, 0x00, (int)certlen);
-
- i = 0;
- while((ch = fgetc(fp_cert)) != EOF) {
- if(ch != '\n') {
- certbuf[i] = ch;
- i++;
- }
- }
- certbuf[i] = '\0';
-
- startcert = strstr(certbuf, "-----BEGIN CERTIFICATE-----") + strlen("-----BEGIN CERTIFICATE-----");
- endcert = strstr(certbuf, "-----END CERTIFICATE-----");
- certwrite = (int)endcert - (int)startcert;
-
- fprintf(fp_sig, "%d\n", certwrite);
- if(fwrite(startcert, sizeof(char), certwrite, fp_sig) != certwrite) { // error
- fprintf(stderr, "[ERR][%s] Fail to write to file, [_sigandcert]\n", __func__);
- ret = DPS_FILE_ERR;
- goto err;
- }
-
- /* insert file into deb archive */
- sigfilelen = ftell(fp_sig);
- fseek(fp_sig, 0L, SEEK_SET);
- fseek(fp_deb, 0L, SEEK_END);
-
- if(!(sigfilebuf = (char*)malloc(sizeof(char) * (sigfilelen + 1)))) {
- fprintf(stderr, "[ERR][%s] Fail to allocate memory, [sigfilebuf]\n", __func__);
- ret = DPS_MEMORY_ERR;
- goto err;
- }
- memset(sigfilebuf, 0x00, (sigfilelen + 1));
-
- snprintf(sigfileinfo, 60, "%-16s%-12ld%-6d%-6d%-8s%-10ld`", "_sigandcert", time(NULL), 0, 0, "100644", sigfilelen);
- fprintf(fp_deb, "%s\n", sigfileinfo);
-
- if(fread(sigfilebuf, sizeof(char), sigfilelen, fp_sig) != sigfilelen) {
- fprintf(stderr, "[ERR][%s] Fail to read file, [fp_sig]\n", __func__);
- ret = DPS_FILE_ERR;
- goto err;
- }
- if(fwrite(sigfilebuf, sizeof(char), sigfilelen, fp_deb) != sigfilelen) {
- fprintf(stderr, "[ERR][%s] Fail to read file, [fp_sig]\n", __func__);
- ret = DPS_FILE_ERR;
- goto err;
- }
-
- /* delete temp dir */
- if(delete_directory("./temp") != DPS_OPERATION_SUCCESS) {
- fprintf(stderr, "[ERR][%s] Fail to delete directory\n", __func__);
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
-
-err:
- if(private_bio != NULL) BIO_free(private_bio);
-
- if(out != NULL) free(out);
- if(prikey != NULL) free(prikey);
- if(r_signature != NULL) free(r_signature);
- if(encoded != NULL) free(encoded);
- if(certbuf != NULL) free(certbuf);
- if(sigfilebuf != NULL) free(sigfilebuf);
- if(siginput != NULL) free(siginput);
-
- if(fp_deb != NULL) fclose(fp_deb);
- if(fp_control != NULL) fclose(fp_control);
- if(fp_data != NULL) fclose(fp_data);
- if(fp_sig != NULL) fclose(fp_sig);
- if(fp_priv != NULL) fclose(fp_priv);
- if(fp_cert != NULL) fclose(fp_cert);
-
- return ret;
-}
-
-int package_verify(int argc, const char** argv)
-{
- int ret = DPS_OPERATION_SUCCESS;
- /* file pointers */
- FILE* fp_deb = NULL; // .deb
- FILE* fp_sig = NULL; // _sigandcert
- /* memory buffer for _sigandcert */
- char* msg = NULL; // message buffer
- int msglen = 0; // message length
- char* sig = NULL; // signature buffer
- int siglen = 0; // signature length
- char* cert = NULL; // certificate buffer
- int certlen = 0; // certificate length
- /* temporary buffer */
- char filebuf[64]; // temp buf for deb
- /* used for cert verification */
- char* target_info = NULL;
- CERT_CONTEXT* ctx = NULL;
- int val_cert = 0;
- int val_sig = 0;
-
- if(argc != 1) {
- fprintf(stderr, "[ERR] Check your argument!!\n");
- print_usage();
- ret = DPS_PARAMETER_ERR;
- goto err;
- }
-
- ctx = cert_svc_cert_context_init();
-
- /* make temp dir in current dir */
- if(mkdir("./temp", 0755) != 0) { // fail
- fprintf(stderr, "[ERR][%s] Fail to make temporary directory, [%s]\n", __func__, "./temp");
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
-
- /* extract files from .deb */
- if((fp_deb = fopen(argv[0], "rb")) == NULL) {
- fprintf(stderr, "[ERR][%s] Fail to open file. [%s]\n", __func__, argv[0]);
- ret = DPS_FILE_ERR;
- goto err;
- }
-
- if((ret = get_files_from_deb(fp_deb)) != DPS_OPERATION_SUCCESS) {
- fprintf(stderr, "[ERR][%s] Fail to extract files.\n", __func__);
- goto err;
- }
-
- /* get msg, sig, cert from_sigandcert */
- if((fp_sig = fopen("./temp/_sigandcert", "r")) == NULL) {
- fprintf(stderr, "[ERR][%s] Fail to open file. [_sigandcert]\n", __func__);
- ret = DPS_FILE_ERR;
- goto err;
- }
-
- memset(filebuf, 0x00, 64);
- while(fgets(filebuf, 64, fp_sig) != NULL) {
- if(!strncmp(filebuf, "MESSAGES:", 9)) {
- fgets(filebuf, 64, fp_sig);
- msglen = (int)strtoul(filebuf, NULL, 10);
- msg = (char*)malloc(sizeof(char) * (msglen + 1));
- memset(msg, 0x00, (msglen + 1));
- if(fread(msg, sizeof(char), msglen, fp_sig) != msglen) {
- fprintf(stderr, "[ERR][%s] Fail to get contents from file, [messages]\n", __func__);
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
- }
- else if(!strncmp(filebuf, "SIGNATURE:", 10)) {
- fgets(filebuf, 64, fp_sig);
- siglen = (int)strtoul(filebuf, NULL, 10);
- sig = (char*)malloc(sizeof(char) * (siglen + 1));
- memset(sig, 0x00, (siglen + 1));
- if(fread(sig, sizeof(char), siglen, fp_sig) != siglen) {
- fprintf(stderr, "[ERR][%s] Fail to get contents from file, [signature]\n", __func__);
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
- }
- else if(!strncmp(filebuf, "CERTIFICATE:", 12)) {
- fgets(filebuf, 64, fp_sig);
- certlen = (int)strtoul(filebuf, NULL, 10);
- cert = (char*)malloc(sizeof(char) * (certlen + 1));
- memset(cert, 0x00, (certlen + 1));
- if(fread(cert, sizeof(char), certlen, fp_sig) != certlen) {
- fprintf(stderr, "[ERR][%s] Fail to get contents from file, [certificate]\n", __func__);
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
- }
- }
-
- /* get certificate data */
- if((ret = cert_svc_load_buf_to_context(ctx, cert)) != CERT_SVC_ERR_NO_ERROR) {
- fprintf(stderr, "[ERR][%s] Fail to load certificate into context, [%d]\n", __func__, ret);
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
- if((ret = cert_svc_extract_certificate_data(ctx)) != CERT_SVC_ERR_NO_ERROR) {
- fprintf(stderr, "[ERR][%s] Fail to extract certificate data, [%d]\n", __func__, ret);
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
-
- /* get target info */
- if(!(target_info = (char*)malloc(sizeof(char) * 10))) {
- fprintf(stderr, "[ERR][%s] Fail to allocate memory.\n", __func__);
- ret = DPS_MEMORY_ERR;
- goto err;
- }
- if((ret = get_target_info(target_info)) != DPS_OPERATION_SUCCESS) {
- fprintf(stderr, "[ERR][%s] Fail to get target info.\n", __func__);
- goto err;
- }
-
- /* check this package is installed by SDK? or app store?
- * check OU field of certificate
- * - if SLP_SDK, be installed by SDK
- * - if some other, be installed by app store
- */
- if(!strncmp(ctx->certDesc->info.subject.organizationUnitName, "SLP SDK", 7)) { // this is SDK
- if(strncmp(target_info, "NOT USED", 8)){ // and use target info(one-to-one matching with target and SDK)
- if(strncmp(ctx->certDesc->info.subject.commonName, target_info, 8)) { // but target_info is not same, error
- fprintf(stderr, "[ERR][%s] target MUST be uniquely matched to SDK.\n", __func__);
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
- }
- }
-
- /* verify certificate */
- if((ret = cert_svc_verify_certificate(ctx, &val_cert)) != CERT_SVC_ERR_NO_ERROR) {
- fprintf(stderr, "[ERR][%s] Fail to verify certificate, [%d]\n", __func__, ret);
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
- if(val_cert != 1) { // fail
- fprintf(stdout, "[LOG][%s] certificate is not valid.\n", __func__);
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
- else { // success
- fprintf(stdout, "[LOG][%s] certificate is valid.\n", __func__);
- ret = DPS_OPERATION_SUCCESS;
- }
-
- /* verify signature */
- if((ret = cert_svc_verify_signature(ctx, msg, msglen, sig, "SHA256", &val_sig)) != CERT_SVC_ERR_NO_ERROR) {
- fprintf(stderr, "[ERR][%s] Fail to verify signature, [%d]\n", __func__, ret);
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
- if(val_sig != 1) { // fail
- fprintf(stdout, "[LOG][%s] signature is not valid.\n", __func__);
- ret = DPS_INVALID_OPERATION;
- goto err;
- }
- else { // success
- fprintf(stdout, "[LOG][%s] signature is valid.\n", __func__);
- ret = DPS_OPERATION_SUCCESS;
- }
-
-err:
- if(fp_deb != NULL) fclose(fp_deb);
- if(fp_sig != NULL) fclose(fp_sig);
-
- if(msg != NULL) free(msg);
- if(sig != NULL) free(sig);
- if(cert != NULL) free(cert);
- if(target_info != NULL) free(target_info);
-
- cert_svc_cert_context_final(ctx);
-
- return ret;
-}
-
-int main(int argc, char* argv[])
-{
- int ret = DPS_OPERATION_SUCCESS;
-
- if(argc < 2) {
- fprintf(stderr, "[ERR] Check your argument!!\n");
- print_usage();
- return 0;
- }
-
- if(!strncmp(argv[1], "gencert", 7))
- ret = generate_sdk_cert(argc - 2, (const char **)argv + 2);
- else if(!strncmp(argv[1], "sign", 4))
- ret = package_sign(argc - 2, (const char **)argv + 2);
- else if(!strncmp(argv[1], "verify", 6))
- ret = package_verify(argc - 2, (const char **)argv + 2);
- else if(!strncmp(argv[1], "help", 4))
- print_usage();
- else {
- fprintf(stderr, "[ERR] Check your argument!!\n");
- print_usage();
- }
-
- fprintf(stderr, "return: [%d]\n", ret);
-
- return 1;
-}
# limitations under the License.
#
+IF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+PKG_CHECK_MODULES(VCORE_TEST_DEP
+ REQUIRED
+ libpcrecpp
+ icu-uc
+ secure-storage
+ dlog
+ glib-2.0
+ libsoup-2.4
+
+ sqlite3
+ )
+ELSE(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+PKG_CHECK_MODULES(VCORE_TEST_DEP
+ REQUIRED
+ libpcrecpp
+ icu-uc
+ secure-storage
+ dlog
+ glib-2.0
+ libsoup-2.4
+ )
+ENDIF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+
+SET(VCORE_DPL_DIR
+ ${PROJECT_SOURCE_DIR}/vcore/src/dpl
+ )
+
+SET(VCORE_DPL_CORE_SRC_DIR
+ ${VCORE_DPL_DIR}/core/src
+ )
+SET(VCORE_DPL_CORE_SOURCES
+ ${VCORE_DPL_CORE_SRC_DIR}/assert.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/binary_queue.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/char_traits.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/colors.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/errno_string.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/exception.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/file_input.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/mutex.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/noncopyable.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/singleton.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/string.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/type_list.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/thread.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/waitable_event.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/waitable_handle.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/waitable_handle_watch_support.cpp
+ )
+
+SET(VCORE_DPL_DB_SRC_DIR
+ ${VCORE_DPL_DIR}/db/src
+ )
+SET(VCORE_DPL_DB_SOURCES
+ ${VCORE_DPL_DB_SRC_DIR}/naive_synchronization_object.cpp
+ ${VCORE_DPL_DB_SRC_DIR}/orm.cpp
+ ${VCORE_DPL_DB_SRC_DIR}/sql_connection.cpp
+ ${VCORE_DPL_DB_SRC_DIR}/thread_database_support.cpp
+ )
+
+SET(VCORE_DPL_LOG_SRC_DIR
+ ${VCORE_DPL_DIR}/log/src
+ )
+SET(VCORE_DPL_LOG_SOURCES
+ ${VCORE_DPL_LOG_SRC_DIR}/abstract_log_provider.cpp
+ ${VCORE_DPL_LOG_SRC_DIR}/dlog_log_provider.cpp
+ ${VCORE_DPL_LOG_SRC_DIR}/log.cpp
+ ${VCORE_DPL_LOG_SRC_DIR}/old_style_log_provider.cpp
+ )
+
+SET(VCORE_DPL_TEST_SRC_DIR
+ ${VCORE_DPL_DIR}/test/src
+ )
+SET(VCORE_DPL_TEST_SOURCES
+ ${VCORE_DPL_TEST_SRC_DIR}/process_pipe.cpp
+ ${VCORE_DPL_TEST_SRC_DIR}/test_results_collector.cpp
+ ${VCORE_DPL_TEST_SRC_DIR}/test_runner_child.cpp
+ ${VCORE_DPL_TEST_SRC_DIR}/test_runner.cpp
+ ${VCORE_DPL_TEST_SRC_DIR}/test_runner_multiprocess.cpp
+ ${VCORE_DPL_TEST_SRC_DIR}/value_separated_policies.cpp
+ ${VCORE_DPL_TEST_SRC_DIR}/value_separated_tokens.cpp
+ )
+
+
+IF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+SET(VCORE_DPL_SOURCES
+ ${VCORE_DPL_CORE_SOURCES}
+ ${VCORE_DPL_DB_SOURCES}
+ ${VCORE_DPL_LOG_SOURCES}
+ ${VCORE_DPL_TEST_SOURCES}
+ )
+SET(VCORE_DPL_INCLUDE
+ ${VCORE_DPL_DIR}/core/include
+ ${VCORE_DPL_DIR}/db/include
+ ${VCORE_DPL_DIR}/log/include
+ ${VCORE_DPL_DIR}/test/include
+ )
+ELSE(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+SET(VCORE_DPL_SOURCES
+ ${VCORE_DPL_CORE_SOURCES}
+ ${VCORE_DPL_LOG_SOURCES}
+ ${VCORE_DPL_TEST_SOURCES}
+ )
+SET(VCORE_DPL_INCLUDE
+ ${VCORE_DPL_DIR}/core/include
+ ${VCORE_DPL_DIR}/log/include
+ ${VCORE_DPL_DIR}/test/include
+ )
+ENDIF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+
ADD_SUBDIRECTORY(capi)
ADD_SUBDIRECTORY(pkcs12)
ADD_SUBDIRECTORY(vcore)
+ADD_SUBDIRECTORY(cert-svc)
INCLUDE(FindPkgConfig)
SET(TARGET_VCOREC_TEST "cert-svc-tests-capi")
-PKG_CHECK_MODULES(VCOREC_TEST_DEP
- libsoup-2.4
- dpl-test-efl
- dpl-db-efl
- libpcrecpp
- REQUIRED
- )
-
SET(VCOREC_TESTS_SOURCES
${PROJECT_SOURCE_DIR}/tests/capi/api_tests.cpp
- ${PROJECT_SOURCE_DIR}/tests/capi/test_cases.cpp
+ ${PROJECT_SOURCE_DIR}/tests/capi/test_suite_01.cpp
+ ${PROJECT_SOURCE_DIR}/tests/capi/test_suite_02.cpp
+ ${VCORE_DPL_SOURCES}
)
INCLUDE_DIRECTORIES(
${PROJECT_SOURCE_DIR}/vcore/src
${PROJECT_SOURCE_DIR}/tests/capi
+ ${PROJECT_SOURCE_DIR}/include
${VCOREC_TEST_DEP_INCLUDE_DIRS}
+ ${VCORE_DPL_INCLUDE}
)
ADD_EXECUTABLE(${TARGET_VCOREC_TEST} ${VCOREC_TESTS_SOURCES})
-ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
-
TARGET_LINK_LIBRARIES(${TARGET_VCOREC_TEST}
${TARGET_VCORE_LIB}
- ${VCOREC_TEST_DEP_LIBRARIES}
+ ${TARGET_CERT_SVC_LIB}
+ ${VCORE_TEST_DEP_LIBRARIES}
)
INSTALL(TARGETS ${TARGET_VCOREC_TEST}
WORLD_READ
)
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/capi/data/cert0.pem
+ ${PROJECT_SOURCE_DIR}/tests/capi/data/cert1.der
+ ${PROJECT_SOURCE_DIR}/tests/capi/data/cert2fake.pem
+ ${PROJECT_SOURCE_DIR}/tests/capi/data/cert3fake.der
+ DESTINATION /opt/share/cert-svc/cert-type/
+ PERMISSIONS OWNER_READ
+ GROUP_READ
+ WORLD_READ
+ )
+
// g_type_init();
// g_thread_init(NULL);
certsvc_instance_new(&vinstance);
- int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+ int status = VcoreDPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
certsvc_instance_free(vinstance);
return status;
}
#include <cert-svc/cinstance.h>
#include <cert-svc/ccert.h>
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
#include <cert-svc/ccrl.h>
#include <cert-svc/cocsp.h>
+#endif
#include <cert-svc/cpkcs12.h>
#include <cert-svc/cprimitives.h>
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 85:7d:e1:c5:d9:de:7a:20
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=PL, ST=Mazowieckie, O=Samsung, OU=SPRC, CN=Operator Test Root Certificate/emailAddress=operator@samsung.com
+ Validity
+ Not Before: Jan 4 17:34:31 2011 GMT
+ Not After : Jan 4 17:34:31 2012 GMT
+ Subject: C=PL, ST=Malopolskie, L=Krakow, O=Samsung, OU=N/A, CN=Operator Test Second Level Certificate/emailAddress=second.operator@samsung.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ba:3c:58:ca:87:1e:59:68:54:8a:54:34:43:61:
+ f1:81:e6:35:c1:46:74:16:c7:ff:f9:15:9e:0c:5a:
+ 6a:89:c1:13:0c:61:2e:ba:00:e0:71:ea:7e:31:ae:
+ 4e:ef:93:58:51:98:97:f3:bf:8a:9b:b2:c1:b7:0c:
+ 5f:3f:56:b3:13:3b:d0:80:be:04:66:89:84:50:ca:
+ fe:f6:f7:6b:05:3b:30:4e:96:9c:5b:c5:80:bc:d6:
+ be:6e:69:f4:b9:9b:4c:06:7a:ed:37:67:b2:fe:45:
+ 69:57:62:54:cb:69:69:48:b9:7d:a0:42:f1:b6:dc:
+ f2:7f:eb:75:2a:d4:83:69:b9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ D9:F3:11:BF:98:5A:60:12:7A:85:B5:E7:A7:38:4F:CF:51:1D:C6:B2
+ X509v3 Authority Key Identifier:
+ keyid:25:A5:90:9F:4D:3A:A4:19:0A:80:46:5E:F3:FB:20:CE:56:30:33:DA
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 69:6c:26:81:51:91:a6:e6:11:dc:81:35:03:73:85:4f:2f:29:
+ 1f:20:f2:23:54:82:ca:8f:b8:a6:e3:3f:cd:72:5e:d7:e7:f5:
+ 84:8a:33:e2:51:9f:36:4b:30:85:f4:4f:87:c7:9a:69:0b:15:
+ 6e:92:c7:1f:2f:58:a4:57:f8:c2:cd:59:6c:d2:11:63:ae:bb:
+ b0:32:3f:09:e7:2e:ad:db:1b:fe:e7:a4:21:43:47:76:e1:de:
+ 36:bb:26:3f:16:76:20:ed:a4:68:c1:48:ae:2b:95:fb:f6:d2:
+ f2:7f:74:f6:83:e2:89:06:b5:89:54:6e:7f:cf:88:94:66:e8:
+ da:32
+-----BEGIN CERTIFICATE-----
+MIIDPjCCAqegAwIBAgIJAIV94cXZ3nogMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
+VQQGEwJQTDEUMBIGA1UECBMLTWF6b3dpZWNraWUxEDAOBgNVBAoTB1NhbXN1bmcx
+DTALBgNVBAsTBFNQUkMxJzAlBgNVBAMTHk9wZXJhdG9yIFRlc3QgUm9vdCBDZXJ0
+aWZpY2F0ZTEjMCEGCSqGSIb3DQEJARYUb3BlcmF0b3JAc2Ftc3VuZy5jb20wHhcN
+MTEwMTA0MTczNDMxWhcNMTIwMTA0MTczNDMxWjCBsTELMAkGA1UEBhMCUEwxFDAS
+BgNVBAgTC01hbG9wb2xza2llMQ8wDQYDVQQHEwZLcmFrb3cxEDAOBgNVBAoTB1Nh
+bXN1bmcxDDAKBgNVBAsTA04vQTEvMC0GA1UEAxMmT3BlcmF0b3IgVGVzdCBTZWNv
+bmQgTGV2ZWwgQ2VydGlmaWNhdGUxKjAoBgkqhkiG9w0BCQEWG3NlY29uZC5vcGVy
+YXRvckBzYW1zdW5nLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAujxY
+yoceWWhUilQ0Q2HxgeY1wUZ0Fsf/+RWeDFpqicETDGEuugDgcep+Ma5O75NYUZiX
+87+Km7LBtwxfP1azEzvQgL4EZomEUMr+9vdrBTswTpacW8WAvNa+bmn0uZtMBnrt
+N2ey/kVpV2JUy2lpSLl9oELxttzyf+t1KtSDabkCAwEAAaN7MHkwCQYDVR0TBAIw
+ADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
+HQYDVR0OBBYEFNnzEb+YWmASeoW156c4T89RHcayMB8GA1UdIwQYMBaAFCWlkJ9N
+OqQZCoBGXvP7IM5WMDPaMA0GCSqGSIb3DQEBBQUAA4GBAGlsJoFRkabmEdyBNQNz
+hU8vKR8g8iNUgsqPuKbjP81yXtfn9YSKM+JRnzZLMIX0T4fHmmkLFW6Sxx8vWKRX
++MLNWWzSEWOuu7AyPwnnLq3bG/7npCFDR3bh3ja7Jj8WdiDtpGjBSK4rlfv20vJ/
+dPaD4okGtYlUbn/PiJRm6Noy
+-----END CERTIFICATE-----
--- /dev/null
+----BEGIN CERTIFICATE----
+MIIDPjCCAqegAwIBAgIJAIV94cXZ3nogMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
+VQQGEwJQTDEUMBIGA1UECBMLTWF6b3dpZWNraWUxEDAOBgNVBAoTB1NhbXN1bmcx
+DTALBgNVBAsTBFNQUkMxJzAlBgNVBAMTHk9wZXJhdG9yIFRlc3QgUm9vdCBDZXJ0
+aWZpY2F0ZTEjMCEGCSqGSIb3DQEJARYUb3BlcmF0b3JAc2Ftc3VuZy5jb20wHhcN
+MTEwMTA0MTczNDMxWhcNMTIwMTA0MTczNDMxWjCBsTELMAkGA1UEBhMCUEwxFDAS
+BgNVBAgTC01hbG9wb2xza2llMQ8wDQYDVQQHEwZLcmFrb3cxEDAOBgNVBAoTB1Nh
+bXN1bmcxDDAKBgNVBAsTA04vQTEvMC0GA1UEAxMmT3BlcmF0b3IgVGVzdCBTZWNv
+bmQgTGV2ZWwgQ2VydGlmaWNhdGUxKjAoBgkqhkiG9w0BCQEWG3NlY29uZC5vcGVy
+YXRvckBzYW1zdW5nLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAujxY
+yoceWWhUilQ0Q2HxgeY1wUZ0Fsf/+RWeDFpqicETDGEuugDgcep+Ma5O75NYUZiX
+87+Km7LBtwxfP1azEzvQgL4EZomEUMr+9vdrBTswTpacW8WAvNa+bmn0uZtMBnrt
+N2ey/kVpV2JUy2lpSLl9oELxttzyf+t1KtSDabkCAwEAAaN7MHkwCQYDVR0TBAIw
+ADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
+HQYDVR0OBBYEFNnzEb+YWmASeoW156c4T89RHcayMB8GA1UdIwQYMBaAFCWlkJ9N
+OqQZCoBGXvP7IM5WMDPaMA0GCSqGSIb3DQEBBQUAA4GBAGlsJoFRkabmEdyBNQNz
+hU8vKR8g8iNUgsqPuKbjP81yXtfn9YSKM+JRnzZLMIX0T4fHmmkLFW6Sxx8vWKRX
++MLNWWzSEWOuu7AyPwnnLq3bG/7npCFDR3bh3ja7Jj8WdiDtpGjBSK4rlfv20vJ/
+dPaD4okGtYlUbn/PiJRm6Noy
+-----END CERTIFICATE-----
#include <api_tests.h>
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
#include "crl_cache.h"
+#include <vcore/VCore.h>
+#endif
+RUNNER_TEST_GROUP_INIT(CAPI)
+
+/*
+ * author: ---
+ * test: New certificate from file.
+ * description: Creating new certificate using *.pem file.
+ * expect: Certificate should be created and has correct string inside..
+ */
RUNNER_TEST(test01_certificate_new_from_file)
{
CertSvcCertificate cert;
int result = certsvc_certificate_new_from_file(
vinstance,
- "/opt/share/cert-svc/certs/code-signing/wac/wac.root.production.pem",
+ "/usr/share/cert-svc/certs/code-signing/wac/root_cacert0.pem",
&cert);
RUNNER_ASSERT_MSG(CERTSVC_TRUE == result, "Error reading certificate");
CERTSVC_SUBJECT_COMMON_NAME,
&string);
- const char *ptr = "WAC Application Services Ltd";
+ const char *ptr = "Samsung";
const char *buffer;
int len;
certsvc_certificate_free(cert);
}
+/*
+ * author: ---
+ * test: Searching certificate.
+ * description: Searching for certificate with specified value.
+ * expect: Found certificate should had correct string inside.
+ */
RUNNER_TEST(test02_certificate_search)
{
CertSvcCertificateList handler;
RUNNER_ASSERT_MSG(0 == result, "Country does not match");
}
+/*
+ * author: ---
+ * test: Testing certificate sign.
+ * description: Testing if certificate is signed by proper CA.
+ * expect: Chain verification should return success.
+ */
RUNNER_TEST(test03_is_signed_by)
{
int result;
RUNNER_ASSERT_MSG(CERTSVC_TRUE == status, "Chain verification failed");
}
+/*
+ * author: ---
+ * test: Certificate expiring test.
+ * description: Testing if certificate is valid before / after specified date.
+ * expect: Certificate should be valid before / after specified date.
+ */
RUNNER_TEST(test04_not_before_not_after)
{
std::string google2nd =
RUNNER_ASSERT_MSG(after == 1399939199, "TODO");
}
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+/*
+ * author: ---
+ * test: Testing internal certificate extency.
+ * description: Getting Certificate Revocation List (CRL)
+ * expect: It should be possible to get CRL from certificate.
+ */
RUNNER_TEST(test05_get_clr_dist_points)
{
std::string google2nd =
RUNNER_ASSERT_MSG(0 == strncmp(ptr,"http://crl.verisign.com/pca3.crl", len), "Check distribution points failed!");
}
+#endif
+/*
+ * author: ---
+ * test: Import fields from certificate.
+ * description: Getting common name from certificate.
+ * expect: It should be possible to get common name from certificate.
+ */
RUNNER_TEST(test06_cert_get_field)
{
std::string google2nd =
RUNNER_ASSERT_MSG(0 == strncmp(ptr, "/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority", size), "Issuer does not match.");
}
+/*
+ * author: ---
+ * test: Sorting certificates chain.
+ * description: Certificate chain is being sorted.
+ * expect: It is possible to sor certificates chain.
+ */
RUNNER_TEST(test07_chain_sort)
{
std::string certEE =
RUNNER_ASSERT_MSG(CERTSVC_FAIL == certsvc_certificate_chain_sort(collection, 2), "certsvc_certificate_chain_sort failed");
}
+/*
+ * author: ---
+ * test: Verification of DSA SHA1.
+ * description: Testing certificate DSA SH1.
+ * expect: Certificate DSA SH1 should be correct.
+ */
RUNNER_TEST(test08_message_verify_dsa_sha1)
{
std::string magda =
RUNNER_ASSERT_MSG(status == CERTSVC_TRUE, "Error in verify message.");
}
+/*
+ * author: ---
+ * test: Verification of RSA SHA1.
+ * description: Testing certificate RSA SH1.
+ * expect: Certificate RSA SH1 should be correct.
+ */
RUNNER_TEST(test09_message_verify_rsa_sha1)
{
std::string filip =
RUNNER_ASSERT_MSG(status == CERTSVC_INVALID_SIGNATURE, "Error in verify message.");
}
+/*
+ * author: ---
+ * test: Verification of RSA SHA1.
+ * description: Testing certificate RSA SHA256.
+ * expect: Certificate RSA SH256 should be correct.
+ */
RUNNER_TEST(test10_message_verify_rsa_sha256)
{
std::string filip =
RUNNER_ASSERT_MSG(status == CERTSVC_INVALID_SIGNATURE, "Error in verify message.");
}
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+/*
+ * author: ---
+ * test: OCSP test.
+ * description: Testing OCSP for certificate list.
+ * expect: OCSP should return success.
+ */
RUNNER_TEST(test11_ocsp)
{
+ ValidationCore::VCoreInit(
+ "/usr/share/wrt-engine/fingerprint_list.xml",
+ "/usr/share/wrt-engine/fingerprint_list.xsd",
+ "/opt/dbspace/.cert_svc_vcore.db");
+
std::string certEE =
"MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh"
"bGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu"
RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in ocsp check.");
RUNNER_ASSERT_MSG(status & CERTSVC_OCSP_GOOD, "Error in ocsp.");
+ ValidationCore::VCoreDeinit();
}
+/*
+ * author: ---
+ * test: OCSP test.
+ * description: Testing OCSP for certificate list.
+ * expect: OCSP should return success.
+ */
RUNNER_TEST(test12_ocsp)
{
+ ValidationCore::VCoreInit(
+ "/usr/share/wrt-engine/fingerprint_list.xml",
+ "/usr/share/wrt-engine/fingerprint_list.xsd",
+ "/opt/dbspace/.cert_svc_vcore.db");
std::string googleCA =
"MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG"
"A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz"
RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in ocsp check.");
RUNNER_ASSERT_MSG(status & CERTSVC_OCSP_GOOD, "Error in ocsp.");
+
+ // Invalid URL Test
+ result = certsvc_ocsp_check(collection, 3, collection, 3, "http://127.0.0.1:9999", &status);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in ocsp check.");
+
+ RUNNER_ASSERT_MSG(status & CERTSVC_OCSP_CONNECTION_FAILED, "Error in ocsp.");
+ ValidationCore::VCoreDeinit();
}
+/*
+ * author: ---
+ * test: Testing CRL.
+ * description: Testing CRL of certificates.
+ * expect: CRL test should return sucess.
+ */
RUNNER_TEST(test13_crl)
{
const int MAXC = 3;
LogDebug("Status: " << status);
}
}
+#endif
+/*
+ * author: ---
+ * test: Certificate verification.
+ * description: Verification of certificates.
+ * expect: Verification should return expected results.
+ */
RUNNER_TEST(test14_certificate_verify)
{
const int MAXC = 3;
std::string cert[MAXC];
- cert[0] =
- "MIIDIjCCAougAwIBAgIQK59+5colpiUUIEeCdTqbuTANBgkqhkiG9w0BAQUFADBM"
- "MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg"
- "THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x"
- "MzA5MzAyMzU5NTlaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh"
- "MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRgw"
- "FgYDVQQDFA9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ"
- "AoGBAK85FZho5JL+T0/xu/8NLrD+Jaq9aARnJ+psQ0ynbcvIj36B7ocmJRASVDOe"
- "qj2bj46Ss0sB4/lKKcMP/ay300yXKT9pVc9wgwSvLgRudNYPFwn+niAkJOPHaJys"
- "Eb2S5LIbCfICMrtVGy0WXzASI+JMSo3C2j/huL/3OrGGvvDFAgMBAAGjgecwgeQw"
- "DAYDVR0TAQH/BAIwADA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0"
- "ZS5jb20vVGhhd3RlU0dDQ0EuY3JsMCgGA1UdJQQhMB8GCCsGAQUFBwMBBggrBgEF"
- "BQcDAgYJYIZIAYb4QgQBMHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0"
- "cDovL29jc3AudGhhd3RlLmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3"
- "dGUuY29tL3JlcG9zaXRvcnkvVGhhd3RlX1NHQ19DQS5jcnQwDQYJKoZIhvcNAQEF"
- "BQADgYEANYARzVI+hCn7wSjhIOUCj19xZVgdYnJXPOZeJWHTy60i+NiBpOf0rnzZ"
- "wW2qkw1iB5/yZ0eZNDNPPQJ09IHWOAgh6OKh+gVBnJzJ+fPIo+4NpddQVF4vfXm3"
- "fgp8tuIsqK7+lNfNFjBxBKqeecPStiSnJavwSI4vw6e7UN0Pz7A=";
-
- cert[1] =
- "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV"
- "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi"
- "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw"
- "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh"
- "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD"
- "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx"
- "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g"
- "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo"
- "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG"
- "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX"
- "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov"
- "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG"
- "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF"
- "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB"
- "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc"
- "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR"
- "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv";
-
- cert[2] =
- "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG"
- "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz"
- "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2"
- "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV"
- "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt"
- "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN"
- "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE"
- "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is"
- "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G"
- "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do"
- "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc"
- "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k";
-
+ cert[0] = // aia_signer
+ "MIIDXTCCAsagAwIBAgIBAjANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO"
+ "MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu"
+ "IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0"
+ "dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTA0WhcNMTUwNjE4MDgxMTA0WjB7MQsw"
+ "CQYDVQQGEwJLUjEOMAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxFzAV"
+ "BgNVBAsMDlRpemVuIFRlc3QgQUlBMRQwEgYDVQQDDAtUZXN0IFNpZ25lcjEbMBkG"
+ "CSqGSIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB"
+ "iQKBgQCwgKw+/71jWXnx4bLLZrTPmE+NrDfHSfZx8yTGYeewMzP6ZlXM8WduxNiq"
+ "pqm7G2XN182GEXsdoxwa09HtMVGqSGA/BCamD1Z6liHOEb4UTB3ROJ1lZDDkyJ9a"
+ "gZOfoZst/Aj8+bwV3x3ie+p4a2w/8eSsalrfef2gX6khaSsJOwIDAQABo4HxMIHu"
+ "MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl"
+ "cnRpZmljYXRlMB0GA1UdDgQWBBRL0nKiNUjzh1/LPvZoqLvnVfOZqjAfBgNVHSME"
+ "GDAWgBSpSfNbE0V2NHn/V5f660v2cWwYgDBzBggrBgEFBQcBAQRnMGUwIQYIKwYB"
+ "BQUHMAGGFWh0dHA6Ly8xMjcuMC4wLjE6ODg4ODBABggrBgEFBQcwAoY0aHR0cDov"
+ "L1NWUlNlY3VyZS1HMy1haWEudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjAN"
+ "BgkqhkiG9w0BAQUFAAOBgQABP+yru9/2auZ4ekjV03WRg5Vq/rqmOHDruMNVbZ4H"
+ "4PBLRLSpC//OGahgEgUKe89BcB10lUi55D5YME3Do89I+hFugv0BPGaA201iLOhL"
+ "/0u0aVm1yJxNt1YjW2fMKqnCHgjoHzh0wQC1pIb5vxJrYCn3Pbhml7W6JPDDJHfm"
+ "XQ==";
+
+ cert[1] = // second_ca
+ "MIIDLzCCApigAwIBAgIBATANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJLUjEO"
+ "MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu"
+ "IFRlc3QxFTATBgNVBAMMDFRlc3QgUm9vdCBDQTEbMBkGCSqGSIb3DQEJARYMdHRA"
+ "Z21haWwuY29tMB4XDTE0MDYxODA4MTA1OVoXDTE1MDYxODA4MTA1OVowejELMAkG"
+ "A1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMRMwEQYD"
+ "VQQLDApUaXplbiBUZXN0MRcwFQYDVQQDDA5UZXN0IFNlY29uZCBDQTEbMBkGCSqG"
+ "SIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB"
+ "gQDLJrMAF/JzxIIrQzQ/3FGt7cGAUEYaEFSo+hcDKYRXaZC33/kkVANYFh+log9e"
+ "MJUUlt0TBOg79tOnS/5MBwWaVLEOLalv0Uj2FfjEMpGd/xEF6Vv34mSTcWadMHyD"
+ "wYwDZVwdFkrvOkA6WwgwS8XSrpbH/nkKUkKpk+YYljKEzQIDAQABo4HGMIHDMB0G"
+ "A1UdDgQWBBSpSfNbE0V2NHn/V5f660v2cWwYgDAfBgNVHSMEGDAWgBRkHk9Lnhgv"
+ "vOIwxHOma54FGt8SCDAMBgNVHRMEBTADAQH/MHMGCCsGAQUFBwEBBGcwZTAhBggr"
+ "BgEFBQcwAYYVaHR0cDovLzEyNy4wLjAuMTo4ODg4MEAGCCsGAQUFBzAChjRodHRw"
+ "Oi8vU1ZSU2VjdXJlLUczLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzMuY2Vy"
+ "MA0GCSqGSIb3DQEBBQUAA4GBAFonDQzs/Ts1sEDW3f5EmuKVZlpH9sLstSLJxZK8"
+ "+v88Jbz451/Lf8hxvnMv3MwExXr9qPKPlvKRfj+bbLB5KTEcZ5zhDpJ7SDYesdUd"
+ "RKOMSN0JIRL3JOCdYHOnJk6o+45vZ/TNv0lsiK90vxH2jo2EXnNG+jeyBGwp+3H6"
+ "RWHw";
+
+ cert[2] = // root_ca
+ "MIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJLUjEO"
+ "MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu"
+ "IFRlc3QxFTATBgNVBAMMDFRlc3QgUm9vdCBDQTEbMBkGCSqGSIb3DQEJARYMdHRA"
+ "Z21haWwuY29tMB4XDTE0MDYxODA4MTA1MVoXDTE1MDYxODA4MTA1MVoweDELMAkG"
+ "A1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMRMwEQYD"
+ "VQQLDApUaXplbiBUZXN0MRUwEwYDVQQDDAxUZXN0IFJvb3QgQ0ExGzAZBgkqhkiG"
+ "9w0BCQEWDHR0QGdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA"
+ "o6ZegsQ9hScM1yD7ejv44xUTJDjTlcGweHh76Im22x6yAljM2+dKdj3EIVGt0BA3"
+ "6qdZFl8WOxzQGcAzQY7GFOXQVog4UjqHMxmWwAx5jQyBzIieAj4HZ2lquPBiyiIe"
+ "HAo6sCSWsxnh7PqvWaAypPZVEqOJ3ga5rXyDCcjzQ8ECAwEAAaOBxjCBwzAdBgNV"
+ "HQ4EFgQUZB5PS54YL7ziMMRzpmueBRrfEggwHwYDVR0jBBgwFoAUZB5PS54YL7zi"
+ "MMRzpmueBRrfEggwDAYDVR0TBAUwAwEB/zBzBggrBgEFBQcBAQRnMGUwIQYIKwYB"
+ "BQUHMAGGFWh0dHA6Ly8xMjcuMC4wLjE6ODg4ODBABggrBgEFBQcwAoY0aHR0cDov"
+ "L1NWUlNlY3VyZS1HMy1haWEudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjAN"
+ "BgkqhkiG9w0BAQUFAAOBgQAyRJXTZcwRCkRNGZQCO8txHvrmgv8vQwnZZF6SwyY/"
+ "Bry0fmlehtN52NLjjPEG6u9YFYfzSkjQlVR0qfQ2mNs3d6AKFlOdZOT6cuEIZuKe"
+ "pDb2Tx5JJbIN6N3fE/lVSW88K9aSCF2n15gYTSVmD0juHuLAoWnIicaa+Sbe2Tsj"
+ "AQ==";
CertSvcCertificate certificate[MAXC];
RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error reading certificate");
}
- result = certsvc_certificate_verify(certificate[0], certificate, MAXC, NULL, 0, &status);
+ result = certsvc_certificate_verify(certificate[0], &certificate[1], MAXC-1, NULL, 0, &status);
RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function.");
RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == status, "Error in certificate verification process.");
result = certsvc_certificate_verify(certificate[0], &certificate[2], 1, certificate, MAXC, &status);
RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function.");
RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == status, "Error in certificate verification process.");
-}
-
-RUNNER_TEST(test15_pkcs12_get_id_list)
-{
- int result, size;
- CertSvcStringList stringList;
-
- result =certsvc_pkcs12_get_id_list(vinstance, &stringList);
- RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certsvc_pkcs12_get_id_list");
- result = certsvc_string_list_get_length(stringList, &size);
-
- RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certsvc_string_list_get_length");
- RUNNER_ASSERT_MSG(1 <= size, "List size error");
-}
-
-RUNNER_TEST(test16_pkcs12_load_certificate_list)
-{
- int result, size;
- CertSvcString csstring;
- CertSvcCertificateList certificateList;
-
- result = certsvc_string_new(vinstance, "test1st", 7, &csstring);
-
- RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certsvc_string_new");
-
- result = certsvc_pkcs12_load_certificate_list(vinstance, csstring, &certificateList);
-
- RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certsvc_pkcs12_load_certificate_list.");
-
- result = certsvc_certificate_list_get_length(certificateList, &size);
-
- RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certsvc_certificate_list_get_length.");
- RUNNER_ASSERT_MSG(2 == size, "Error in certsvc_certificate_list_get_length.");
-}
-
-RUNNER_TEST(test17_pkcs12_private_key_dup)
-{
- int result, size;
- CertSvcString csstring;
- char *buffer;
-
- result = certsvc_string_new(vinstance, "test1st", 7, &csstring);
-
- RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certsvc_string_new");
+ // certsvc_certificate_verify_with_caflag
+ result = certsvc_certificate_verify_with_caflag(certificate[0], certificate, MAXC, NULL, 0, &status);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function.");
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == status, "Error in certificate verification process.");
- result = certsvc_pkcs12_private_key_dup(vinstance, csstring, &buffer, &size);
+ result = certsvc_certificate_verify_with_caflag(certificate[0], certificate, MAXC-1, NULL, 0, &status);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function.");
+ RUNNER_ASSERT_MSG(CERTSVC_FAIL == status, "Error in certificate verification process.");
- RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certsvc_pkcs12_private_key_dup.");
+ result = certsvc_certificate_verify_with_caflag(certificate[0], certificate, 1, certificate, MAXC, &status);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function.");
+ RUNNER_ASSERT_MSG(CERTSVC_FAIL == status, "Error in certificate verification process.");
- const char * beginCert = "-----BEGIN RSA PRIVATE KEY-----";
- RUNNER_ASSERT(0 == strncmp(buffer, beginCert, strlen(beginCert)));
- RUNNER_ASSERT(963 == size);
- LogDebug("File size: " << size);
+ result = certsvc_certificate_verify_with_caflag(certificate[0], &certificate[2], 1, certificate, MAXC, &status);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function.");
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == status, "Error in certificate verification process.");
}
-RUNNER_TEST(test18_cprimitives)
+/*
+ * author: ---
+ * test: Testing certificate primitives.
+ * description: Certificate structure is tested.
+ * expect: Certificate should contain cexpected informations.
+ */
+RUNNER_TEST(test15_cprimitives)
{
const int MAXB = 1024;
const std::string cert =
certsvc_certificate_free_x509(x509);
}
+
+/*
+ * author: ---
+ * test: Certificate verification.
+ * description: Verification of certificates.
+ * expect: Verification should return expected results.
+ */
+RUNNER_TEST(test16_certificate_verify_with_caflag_selfsign_root)
+{
+ const int MAXC = 2;
+ std::string cert[MAXC];
+ cert[0] = // v1_signer
+ "MIICdzCCAeACAQcwDQYJKoZIhvcNAQEFBQAwgYIxCzAJBgNVBAYTAktSMQ4wDAYD"
+ "VQQIDAVTZW91bDEQMA4GA1UECgwHU2Ftc3VuZzETMBEGA1UECwwKVGl6ZW4gVGVz"
+ "dDEfMB0GA1UEAwwWVGVzdCBSb290IENBIFZlcnNpb24gMTEbMBkGCSqGSIb3DQEJ"
+ "ARYMdHRAZ21haWwuY29tMB4XDTE0MDYxNDA4MTI1MFoXDTE1MDYxNDA4MTI1MFow"
+ "gYQxCzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTZW91bDEQMA4GA1UECgwHU2Ftc3Vu"
+ "ZzETMBEGA1UECwwKVGl6ZW4gVGVzdDEhMB8GA1UEAwwYVGVzdCBTZWNvbmQgQ0Eg"
+ "VmVyc2lvbiAxMRswGQYJKoZIhvcNAQkBFgx0dEBnbWFpbC5jb20wgZ8wDQYJKoZI"
+ "hvcNAQEBBQADgY0AMIGJAoGBAKOqFNxvO2jYcq5kqVehHH5k1D1dYwhBnH/SReWE"
+ "OTSbH+3lbaKhJQHPHjsndENUxPInF6r0prO3TqoMB6774Pmc+znoVfLsHvWorhyr"
+ "8iQNyaSgVWt0+8L0FU8iReqr5BR6YcZpnVRCV9dAIcf6FIVGUGZhTs/NvZDzIc4T"
+ "9RrLAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAGDDvWhdMFg4GtDdytrK/GJ9TxX5F"
+ "9iA/8qCl0+JU1U7jUVIcX77AxeZGBtq02X+DtjEWqnepS1iYO2TUHZBKRRCB2+wF"
+ "ZsQ5XWngLSco+UvqUzMpWIQqslDXixWSR+Bef2S7iND3u8HJLjTncMcuJNpoXsFK"
+ "bUiLqMVGQCkGZMo=";
+
+ cert[1] = // v1_root
+ "MIICdTCCAd4CAQYwDQYJKoZIhvcNAQEFBQAwgYIxCzAJBgNVBAYTAktSMQ4wDAYD"
+ "VQQIDAVTZW91bDEQMA4GA1UECgwHU2Ftc3VuZzETMBEGA1UECwwKVGl6ZW4gVGVz"
+ "dDEfMB0GA1UEAwwWVGVzdCBSb290IENBIFZlcnNpb24gMTEbMBkGCSqGSIb3DQEJ"
+ "ARYMdHRAZ21haWwuY29tMB4XDTE0MDYxNDA4MTIzNVoXDTE1MDYxNDA4MTIzNVow"
+ "gYIxCzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTZW91bDEQMA4GA1UECgwHU2Ftc3Vu"
+ "ZzETMBEGA1UECwwKVGl6ZW4gVGVzdDEfMB0GA1UEAwwWVGVzdCBSb290IENBIFZl"
+ "cnNpb24gMTEbMBkGCSqGSIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3"
+ "DQEBAQUAA4GNADCBiQKBgQDtxGjhpaUK6xa4+sjMQfkKRAtjFkjZasVIt7uKUy/g"
+ "GcC5i5aoorfyX/NBQLAVoIHMogHLgitehKL5l13tLR7DSETrG9V3Yx9bkWRcjyqH"
+ "1TkD+NDOmhTtVuqIh4hrGKITlZK35hOh0IUEfYNNL8uq/11fVPpR3Yx97PT/j4w1"
+ "uwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAOHjfa7nbPKhqR0mGfsscPQZZAZzKq9y"
+ "ttdjTaNbnybzcJzcN3uwOdYKMf26Dn968nAPkukWe8j6GyMJ1C9LMAWqMn5hl0rI"
+ "x6mUBfKZrl33BKH4KTYOrt0vnHdrCM2TwMkwMZ5ja5bBnbNrfF4e0HIAMor4rnVP"
+ "WDSlESMMmtTm";
+
+ CertSvcCertificate certificate[MAXC];
+
+ int result, status;
+
+ for (int i=0; i<MAXC; ++i) {
+ LogDebug("Reading certificate: " << i);
+ int result = certsvc_certificate_new_from_memory(
+ vinstance,
+ (const unsigned char*)cert[i].c_str(),
+ cert[i].size(),
+ CERTSVC_FORM_DER_BASE64,
+ &certificate[i]);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error reading certificate");
+ }
+
+ result = certsvc_certificate_verify(certificate[0], certificate, MAXC, NULL, 0, &status);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function.");
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == status, "Error in certificate verification process.");
+
+ result = certsvc_certificate_verify_with_caflag(certificate[0], certificate, MAXC, NULL, 0, &status);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function.");
+ RUNNER_ASSERT_MSG(CERTSVC_FAIL == status, "Error in certificate verification process.");
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <string>
+
+#include <openssl/x509.h>
+
+#include <dpl/test/test_runner.h>
+#include <dpl/log/log.h>
+#include <memory>
+
+#include <api_tests.h>
+
+#include <cert-service.h>
+
+RUNNER_TEST_GROUP_INIT(DEPRECATED_API)
+
+typedef std::unique_ptr<CERT_CONTEXT, std::function<int(CERT_CONTEXT*)>> ScopedCertCtx;
+
+/*
+ * author: ---
+ * test: PEM positive.
+ * description: Loading *.pem file.
+ * expect: *.pem should load with no error.
+ */
+RUNNER_TEST(deprecated_api_test01_pem_positive)
+{
+ ScopedCertCtx ctx(cert_svc_cert_context_init(), cert_svc_cert_context_final);
+ RUNNER_ASSERT(CERT_SVC_ERR_NO_ERROR ==
+ cert_svc_load_file_to_context(ctx.get(), "/opt/share/cert-svc/cert-type/cert0.pem"));
+}
+
+/*
+ * author: ---
+ * test: DER positive.
+ * description: Loading *.der file.
+ * expect: *.der file should load with no error.
+ */
+RUNNER_TEST(deprecated_api_test02_der_positive)
+{
+ ScopedCertCtx ctx(cert_svc_cert_context_init(), cert_svc_cert_context_final);
+ RUNNER_ASSERT(CERT_SVC_ERR_NO_ERROR ==
+ cert_svc_load_file_to_context(ctx.get(), "/opt/share/cert-svc/cert-type/cert1.der"));
+}
+
+/*
+ * author: ---
+ * test: PEM negative.
+ * description: Loading *.pem file.
+ * expect: *.pom file should not load and return error.
+ */
+RUNNER_TEST(deprecated_api_test03_pem_negative)
+{
+ ScopedCertCtx ctx(cert_svc_cert_context_init(), cert_svc_cert_context_final);
+ RUNNER_ASSERT(CERT_SVC_ERR_NO_ERROR !=
+ cert_svc_load_file_to_context(ctx.get(), "/opt/share/cert-svc/cert-type/cert2fake.pem"));
+}
+
+/*
+ * author: ---
+ * test: DER negative.
+ * description: Loading *.der file.
+ * expect: *.der file should not load and return error.
+ */
+RUNNER_TEST(deprecated_api_test03_der_negative)
+{
+ ScopedCertCtx ctx(cert_svc_cert_context_init(), cert_svc_cert_context_final);
+ RUNNER_ASSERT(CERT_SVC_ERR_NO_ERROR !=
+ cert_svc_load_file_to_context(ctx.get(), "/opt/share/cert-svc/cert-type/cert3fake.der"));
+}
+
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+# @version 1.0
+# @brief
+#
+INCLUDE(FindPkgConfig)
+SET(TARGET_TEST_CERT_SVC_OGIG "cert-svc-tests-orig")
+
+
+SET(CERT_SVC_OGIG_TESTS_SOURCES
+ ${PROJECT_SOURCE_DIR}/tests/cert-svc/test_caflag.c
+ ${PROJECT_SOURCE_DIR}/tests/cert-svc/test_ocsp.c
+ ${PROJECT_SOURCE_DIR}/tests/cert-svc/test_suite_main.c
+ ${VCORE_DPL_SOURCES}
+ )
+
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/tests/cert-svc
+ ${PROJECT_SOURCE_DIR}/include
+ ${VCORE_DPL_INCLUDE}
+ )
+
+ADD_EXECUTABLE(${TARGET_TEST_CERT_SVC_OGIG} ${CERT_SVC_OGIG_TESTS_SOURCES})
+
+TARGET_LINK_LIBRARIES(
+ ${TARGET_TEST_CERT_SVC_OGIG}
+ ${TARGET_CERT_SVC_LIB}
+ ${VCORE_TEST_DEP_LIBRARIES}
+ )
+
+INSTALL(TARGETS ${TARGET_TEST_CERT_SVC_OGIG}
+ DESTINATION /usr/bin
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/caflag/second_ca.der
+ ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/caflag/aia_signer.der
+ ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/caflag/rev_signer.der
+ ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/caflag/noaia_signer.der
+ ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/caflag/v1_signer.der
+ DESTINATION /opt/share/cert-svc/tests/orig_c/data/caflag
+ PERMISSIONS OWNER_READ
+ GROUP_READ
+ WORLD_READ
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/caflag/root_ca.der
+ ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/caflag/root_ca_v1.der
+ ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/ocsp/second_ca.der
+ DESTINATION /opt/share/cert-svc/certs
+ PERMISSIONS OWNER_READ
+ GROUP_READ
+ WORLD_READ
+ )
+
+IF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+INSTALL(DIRECTORY
+ ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/ocsp/
+ DESTINATION /opt/share/cert-svc/tests/orig_c/data/ocsp
+ FILES_MATCHING
+ PATTERN "*"
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/ocsp/cert-svc-tests-start-ocsp-server.sh
+ ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/ocsp/cert-svc-tests-kill-ocsp-server.sh
+ DESTINATION /usr/bin
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE
+ )
+ENDIF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 5 (0x5)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com
+ Validity
+ Not Before: Jun 18 08:11:46 2014 GMT
+ Not After : Jun 18 08:11:46 2015 GMT
+ Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test OCSP Response Signer, CN=OCSP Response Signer/emailAddress=tt@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:cb:b2:52:c6:6d:75:32:a3:41:e5:7a:3c:21:a0:
+ fd:e5:9d:d5:42:fe:3b:7d:e7:7d:8f:6d:b6:75:22:
+ 39:51:9f:ba:2b:f2:ff:aa:9b:bc:4e:11:cc:42:1f:
+ 84:04:4d:8f:fa:a1:86:e0:80:54:8b:84:6e:58:b9:
+ 5c:f2:e2:99:3f:d4:e5:cd:d0:27:a3:f9:23:52:d1:
+ d3:9d:59:ce:a3:db:2e:ce:6d:1d:6d:1b:a2:28:8c:
+ 52:c2:c1:57:30:41:0c:c1:b9:3a:66:75:e5:da:2a:
+ 41:cc:27:98:8b:03:f3:e6:a1:3e:ec:24:83:45:84:
+ 47:21:54:25:53:33:3b:6d:01
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Extended Key Usage:
+ OCSP Signing
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ BD:88:26:A9:60:B7:BB:51:73:06:06:4B:72:52:F6:44:50:3B:EE:90
+ X509v3 Authority Key Identifier:
+ keyid:A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 33:1f:11:ca:e8:01:2a:92:df:5c:07:98:f3:0c:5e:61:a8:6c:
+ 58:47:6e:24:d1:01:da:ea:7c:40:2d:e8:89:38:e4:5a:12:cd:
+ 3f:e0:24:bd:bb:79:f0:0f:8f:6f:72:21:d5:a2:18:89:24:f8:
+ 61:98:ed:66:59:64:4d:da:9b:6f:20:0b:6e:a4:7f:b0:0b:f1:
+ ae:70:3a:54:0b:06:53:58:a0:28:22:67:78:4b:88:97:43:8d:
+ 1c:58:d3:9b:77:49:6c:66:ed:46:01:e5:4f:6f:96:5a:e0:f8:
+ 90:8c:6b:7d:cc:c6:45:6c:60:cf:2e:b0:c7:85:fe:21:41:67:
+ e5:48
+-----BEGIN CERTIFICATE-----
+MIIDJTCCAo6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu
+IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0
+dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTQ2WhcNMTUwNjE4MDgxMTQ2WjCBlTEL
+MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMSgw
+JgYDVQQLDB9UaXplbiBUZXN0IE9DU1AgUmVzcG9uc2UgU2lnbmVyMR0wGwYDVQQD
+DBRPQ1NQIFJlc3BvbnNlIFNpZ25lcjEbMBkGCSqGSIb3DQEJARYMdHRAZ21haWwu
+Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLslLGbXUyo0HlejwhoP3l
+ndVC/jt9532PbbZ1IjlRn7or8v+qm7xOEcxCH4QETY/6oYbggFSLhG5YuVzy4pk/
+1OXN0Cej+SNS0dOdWc6j2y7ObR1tG6IojFLCwVcwQQzBuTpmdeXaKkHMJ5iLA/Pm
+oT7sJINFhEchVCVTMzttAQIDAQABo4GeMIGbMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgXgMBMGA1UdJQQMMAoGCCsGAQUFBwMJMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUvYgmqWC3u1FzBgZLclL2
+RFA77pAwHwYDVR0jBBgwFoAUqUnzWxNFdjR5/1eX+utL9nFsGIAwDQYJKoZIhvcN
+AQEFBQADgYEAMx8RyugBKpLfXAeY8wxeYahsWEduJNEB2up8QC3oiTjkWhLNP+Ak
+vbt58A+Pb3Ih1aIYiST4YZjtZllkTdqbbyALbqR/sAvxrnA6VAsGU1igKCJneEuI
+l0ONHFjTm3dJbGbtRgHlT2+WWuD4kIxrfczGRWxgzy6wx4X+IUFn5Ug=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAsagAwIBAgIBAjANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu
+IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0
+dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTA0WhcNMTUwNjE4MDgxMTA0WjB7MQsw
+CQYDVQQGEwJLUjEOMAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxFzAV
+BgNVBAsMDlRpemVuIFRlc3QgQUlBMRQwEgYDVQQDDAtUZXN0IFNpZ25lcjEbMBkG
+CSqGSIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCwgKw+/71jWXnx4bLLZrTPmE+NrDfHSfZx8yTGYeewMzP6ZlXM8WduxNiq
+pqm7G2XN182GEXsdoxwa09HtMVGqSGA/BCamD1Z6liHOEb4UTB3ROJ1lZDDkyJ9a
+gZOfoZst/Aj8+bwV3x3ie+p4a2w/8eSsalrfef2gX6khaSsJOwIDAQABo4HxMIHu
+MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl
+cnRpZmljYXRlMB0GA1UdDgQWBBRL0nKiNUjzh1/LPvZoqLvnVfOZqjAfBgNVHSME
+GDAWgBSpSfNbE0V2NHn/V5f660v2cWwYgDBzBggrBgEFBQcBAQRnMGUwIQYIKwYB
+BQUHMAGGFWh0dHA6Ly8xMjcuMC4wLjE6ODg4ODBABggrBgEFBQcwAoY0aHR0cDov
+L1NWUlNlY3VyZS1HMy1haWEudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjAN
+BgkqhkiG9w0BAQUFAAOBgQABP+yru9/2auZ4ekjV03WRg5Vq/rqmOHDruMNVbZ4H
+4PBLRLSpC//OGahgEgUKe89BcB10lUi55D5YME3Do89I+hFugv0BPGaA201iLOhL
+/0u0aVm1yJxNt1YjW2fMKqnCHgjoHzh0wQC1pIb5vxJrYCn3Pbhml7W6JPDDJHfm
+XQ==
+-----END CERTIFICATE-----
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#!/bin/sh
+# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
#
-# @file CMakeLists.txt
-# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
-# @author Yunchan Cho (yunchan.cho@samsung.com)
-# @version 1.0
-# @brief
-#
-SET(CERT_DIR ${PROJECT_SOURCE_DIR}/etc/certificates)
+echo "--- Kill OCSP server..."
+pkill -9 openssl # if previously it was launched and openssl didn't close sockets
-INSTALL(FILES
- ${CERT_DIR}/wac0.root.preproduction.pem
- ${CERT_DIR}/wac0.root.production.pem
- ${CERT_DIR}/wac0.publisherid.pem
- ${CERT_DIR}/tizen0.root.preproduction.cert.pem
- DESTINATION /opt/share/cert-svc/certs/code-signing/wac/
- )
--- /dev/null
+#!/bin/sh
+# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+pkill -9 openssl # if previously it was launched and openssl didn't close sockets
+
+echo "starting OCSP server"
+OPENSSL_CONF=/opt/share/cert-svc/tests/orig_c/data/ocsp/demoCA/openssl.cnf openssl ocsp -index /opt/share/cert-svc/tests/orig_c/data/ocsp/demoCA/index.txt -port 8888 -rsigner /opt/share/cert-svc/tests/orig_c/data/ocsp/ocsp_signer.crt -rkey /opt/share/cert-svc/tests/orig_c/data/ocsp/ocsp_signer.key -CA /opt/share/cert-svc/tests/orig_c/data/ocsp/demoCA/cacert.pem -text -out /opt/share/cert-svc/tests/orig_c/data/ocsp/log.txt &
+
+echo "--- OCSP server shutdown..."
+
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Root CA/emailAddress=tt@gmail.com
+ Validity
+ Not Before: Jun 18 08:10:59 2014 GMT
+ Not After : Jun 18 08:10:59 2015 GMT
+ Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:cb:26:b3:00:17:f2:73:c4:82:2b:43:34:3f:dc:
+ 51:ad:ed:c1:80:50:46:1a:10:54:a8:fa:17:03:29:
+ 84:57:69:90:b7:df:f9:24:54:03:58:16:1f:a5:a2:
+ 0f:5e:30:95:14:96:dd:13:04:e8:3b:f6:d3:a7:4b:
+ fe:4c:07:05:9a:54:b1:0e:2d:a9:6f:d1:48:f6:15:
+ f8:c4:32:91:9d:ff:11:05:e9:5b:f7:e2:64:93:71:
+ 66:9d:30:7c:83:c1:8c:03:65:5c:1d:16:4a:ef:3a:
+ 40:3a:5b:08:30:4b:c5:d2:ae:96:c7:fe:79:0a:52:
+ 42:a9:93:e6:18:96:32:84:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80
+ X509v3 Authority Key Identifier:
+ keyid:64:1E:4F:4B:9E:18:2F:BC:E2:30:C4:73:A6:6B:9E:05:1A:DF:12:08
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:8888
+ CA Issuers - URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 5a:27:0d:0c:ec:fd:3b:35:b0:40:d6:dd:fe:44:9a:e2:95:66:
+ 5a:47:f6:c2:ec:b5:22:c9:c5:92:bc:fa:ff:3c:25:bc:f8:e7:
+ 5f:cb:7f:c8:71:be:73:2f:dc:cc:04:c5:7a:fd:a8:f2:8f:96:
+ f2:91:7e:3f:9b:6c:b0:79:29:31:1c:67:9c:e1:0e:92:7b:48:
+ 36:1e:b1:d5:1d:44:a3:8c:48:dd:09:21:12:f7:24:e0:9d:60:
+ 73:a7:26:4e:a8:fb:8e:6f:67:f4:cd:bf:49:6c:88:af:74:bf:
+ 11:f6:8e:8d:84:5e:73:46:fa:37:b2:04:6c:29:fb:71:fa:45:
+ 61:f0
+-----BEGIN CERTIFICATE-----
+MIIDLzCCApigAwIBAgIBATANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu
+IFRlc3QxFTATBgNVBAMMDFRlc3QgUm9vdCBDQTEbMBkGCSqGSIb3DQEJARYMdHRA
+Z21haWwuY29tMB4XDTE0MDYxODA4MTA1OVoXDTE1MDYxODA4MTA1OVowejELMAkG
+A1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMRMwEQYD
+VQQLDApUaXplbiBUZXN0MRcwFQYDVQQDDA5UZXN0IFNlY29uZCBDQTEbMBkGCSqG
+SIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDLJrMAF/JzxIIrQzQ/3FGt7cGAUEYaEFSo+hcDKYRXaZC33/kkVANYFh+log9e
+MJUUlt0TBOg79tOnS/5MBwWaVLEOLalv0Uj2FfjEMpGd/xEF6Vv34mSTcWadMHyD
+wYwDZVwdFkrvOkA6WwgwS8XSrpbH/nkKUkKpk+YYljKEzQIDAQABo4HGMIHDMB0G
+A1UdDgQWBBSpSfNbE0V2NHn/V5f660v2cWwYgDAfBgNVHSMEGDAWgBRkHk9Lnhgv
+vOIwxHOma54FGt8SCDAMBgNVHRMEBTADAQH/MHMGCCsGAQUFBwEBBGcwZTAhBggr
+BgEFBQcwAYYVaHR0cDovLzEyNy4wLjAuMTo4ODg4MEAGCCsGAQUFBzAChjRodHRw
+Oi8vU1ZSU2VjdXJlLUczLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzMuY2Vy
+MA0GCSqGSIb3DQEBBQUAA4GBAFonDQzs/Ts1sEDW3f5EmuKVZlpH9sLstSLJxZK8
++v88Jbz451/Lf8hxvnMv3MwExXr9qPKPlvKRfj+bbLB5KTEcZ5zhDpJ7SDYesdUd
+RKOMSN0JIRL3JOCdYHOnJk6o+45vZ/TNv0lsiK90vxH2jo2EXnNG+jeyBGwp+3H6
+RWHw
+-----END CERTIFICATE-----
--- /dev/null
+V 150618081051Z 00 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test/CN=Test Root CA/emailAddress=tt@gmail.com
+V 150618081059Z 01 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test/CN=Test Second CA/emailAddress=tt@gmail.com
+V 150618081104Z 02 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test AIA/CN=Test Signer/emailAddress=tt@gmail.com
+R 150618081114Z 140618081114Z 03 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test REVOKED/CN=Test Signer/emailAddress=tt@gmail.com
+V 150618081129Z 04 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test NO AIA/CN=Test Signer/emailAddress=tt@gmail.com
+V 150618081146Z 05 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test OCSP Response Signer/CN=OCSP Response Signer/emailAddress=tt@gmail.com
--- /dev/null
+V 150618081051Z 00 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test/CN=Test Root CA/emailAddress=tt@gmail.com
+V 150618081059Z 01 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test/CN=Test Second CA/emailAddress=tt@gmail.com
+V 150618081104Z 02 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test AIA/CN=Test Signer/emailAddress=tt@gmail.com
+R 150618081114Z 140618081114Z 03 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test REVOKED/CN=Test Signer/emailAddress=tt@gmail.com
+V 150618081129Z 04 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test NO AIA/CN=Test Signer/emailAddress=tt@gmail.com
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Root CA/emailAddress=tt@gmail.com
+ Validity
+ Not Before: Jun 18 08:10:51 2014 GMT
+ Not After : Jun 18 08:10:51 2015 GMT
+ Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Root CA/emailAddress=tt@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:a3:a6:5e:82:c4:3d:85:27:0c:d7:20:fb:7a:3b:
+ f8:e3:15:13:24:38:d3:95:c1:b0:78:78:7b:e8:89:
+ b6:db:1e:b2:02:58:cc:db:e7:4a:76:3d:c4:21:51:
+ ad:d0:10:37:ea:a7:59:16:5f:16:3b:1c:d0:19:c0:
+ 33:41:8e:c6:14:e5:d0:56:88:38:52:3a:87:33:19:
+ 96:c0:0c:79:8d:0c:81:cc:88:9e:02:3e:07:67:69:
+ 6a:b8:f0:62:ca:22:1e:1c:0a:3a:b0:24:96:b3:19:
+ e1:ec:fa:af:59:a0:32:a4:f6:55:12:a3:89:de:06:
+ b9:ad:7c:83:09:c8:f3:43:c1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 64:1E:4F:4B:9E:18:2F:BC:E2:30:C4:73:A6:6B:9E:05:1A:DF:12:08
+ X509v3 Authority Key Identifier:
+ keyid:64:1E:4F:4B:9E:18:2F:BC:E2:30:C4:73:A6:6B:9E:05:1A:DF:12:08
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:8888
+ CA Issuers - URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 32:44:95:d3:65:cc:11:0a:44:4d:19:94:02:3b:cb:71:1e:fa:
+ e6:82:ff:2f:43:09:d9:64:5e:92:c3:26:3f:06:bc:b4:7e:69:
+ 5e:86:d3:79:d8:d2:e3:8c:f1:06:ea:ef:58:15:87:f3:4a:48:
+ d0:95:54:74:a9:f4:36:98:db:37:77:a0:0a:16:53:9d:64:e4:
+ fa:72:e1:08:66:e2:9e:a4:36:f6:4f:1e:49:25:b2:0d:e8:dd:
+ df:13:f9:55:49:6f:3c:2b:d6:92:08:5d:a7:d7:98:18:4d:25:
+ 66:0f:48:ee:1e:e2:c0:a1:69:c8:89:c6:9a:f9:26:de:d9:3b:
+ 23:01
+-----BEGIN CERTIFICATE-----
+MIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu
+IFRlc3QxFTATBgNVBAMMDFRlc3QgUm9vdCBDQTEbMBkGCSqGSIb3DQEJARYMdHRA
+Z21haWwuY29tMB4XDTE0MDYxODA4MTA1MVoXDTE1MDYxODA4MTA1MVoweDELMAkG
+A1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMRMwEQYD
+VQQLDApUaXplbiBUZXN0MRUwEwYDVQQDDAxUZXN0IFJvb3QgQ0ExGzAZBgkqhkiG
+9w0BCQEWDHR0QGdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+o6ZegsQ9hScM1yD7ejv44xUTJDjTlcGweHh76Im22x6yAljM2+dKdj3EIVGt0BA3
+6qdZFl8WOxzQGcAzQY7GFOXQVog4UjqHMxmWwAx5jQyBzIieAj4HZ2lquPBiyiIe
+HAo6sCSWsxnh7PqvWaAypPZVEqOJ3ga5rXyDCcjzQ8ECAwEAAaOBxjCBwzAdBgNV
+HQ4EFgQUZB5PS54YL7ziMMRzpmueBRrfEggwHwYDVR0jBBgwFoAUZB5PS54YL7zi
+MMRzpmueBRrfEggwDAYDVR0TBAUwAwEB/zBzBggrBgEFBQcBAQRnMGUwIQYIKwYB
+BQUHMAGGFWh0dHA6Ly8xMjcuMC4wLjE6ODg4ODBABggrBgEFBQcwAoY0aHR0cDov
+L1NWUlNlY3VyZS1HMy1haWEudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjAN
+BgkqhkiG9w0BAQUFAAOBgQAyRJXTZcwRCkRNGZQCO8txHvrmgv8vQwnZZF6SwyY/
+Bry0fmlehtN52NLjjPEG6u9YFYfzSkjQlVR0qfQ2mNs3d6AKFlOdZOT6cuEIZuKe
+pDb2Tx5JJbIN6N3fE/lVSW88K9aSCF2n15gYTSVmD0juHuLAoWnIicaa+Sbe2Tsj
+AQ==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Root CA/emailAddress=tt@gmail.com
+ Validity
+ Not Before: Jun 18 08:10:59 2014 GMT
+ Not After : Jun 18 08:10:59 2015 GMT
+ Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:cb:26:b3:00:17:f2:73:c4:82:2b:43:34:3f:dc:
+ 51:ad:ed:c1:80:50:46:1a:10:54:a8:fa:17:03:29:
+ 84:57:69:90:b7:df:f9:24:54:03:58:16:1f:a5:a2:
+ 0f:5e:30:95:14:96:dd:13:04:e8:3b:f6:d3:a7:4b:
+ fe:4c:07:05:9a:54:b1:0e:2d:a9:6f:d1:48:f6:15:
+ f8:c4:32:91:9d:ff:11:05:e9:5b:f7:e2:64:93:71:
+ 66:9d:30:7c:83:c1:8c:03:65:5c:1d:16:4a:ef:3a:
+ 40:3a:5b:08:30:4b:c5:d2:ae:96:c7:fe:79:0a:52:
+ 42:a9:93:e6:18:96:32:84:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80
+ X509v3 Authority Key Identifier:
+ keyid:64:1E:4F:4B:9E:18:2F:BC:E2:30:C4:73:A6:6B:9E:05:1A:DF:12:08
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:8888
+ CA Issuers - URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 5a:27:0d:0c:ec:fd:3b:35:b0:40:d6:dd:fe:44:9a:e2:95:66:
+ 5a:47:f6:c2:ec:b5:22:c9:c5:92:bc:fa:ff:3c:25:bc:f8:e7:
+ 5f:cb:7f:c8:71:be:73:2f:dc:cc:04:c5:7a:fd:a8:f2:8f:96:
+ f2:91:7e:3f:9b:6c:b0:79:29:31:1c:67:9c:e1:0e:92:7b:48:
+ 36:1e:b1:d5:1d:44:a3:8c:48:dd:09:21:12:f7:24:e0:9d:60:
+ 73:a7:26:4e:a8:fb:8e:6f:67:f4:cd:bf:49:6c:88:af:74:bf:
+ 11:f6:8e:8d:84:5e:73:46:fa:37:b2:04:6c:29:fb:71:fa:45:
+ 61:f0
+-----BEGIN CERTIFICATE-----
+MIIDLzCCApigAwIBAgIBATANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu
+IFRlc3QxFTATBgNVBAMMDFRlc3QgUm9vdCBDQTEbMBkGCSqGSIb3DQEJARYMdHRA
+Z21haWwuY29tMB4XDTE0MDYxODA4MTA1OVoXDTE1MDYxODA4MTA1OVowejELMAkG
+A1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMRMwEQYD
+VQQLDApUaXplbiBUZXN0MRcwFQYDVQQDDA5UZXN0IFNlY29uZCBDQTEbMBkGCSqG
+SIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDLJrMAF/JzxIIrQzQ/3FGt7cGAUEYaEFSo+hcDKYRXaZC33/kkVANYFh+log9e
+MJUUlt0TBOg79tOnS/5MBwWaVLEOLalv0Uj2FfjEMpGd/xEF6Vv34mSTcWadMHyD
+wYwDZVwdFkrvOkA6WwgwS8XSrpbH/nkKUkKpk+YYljKEzQIDAQABo4HGMIHDMB0G
+A1UdDgQWBBSpSfNbE0V2NHn/V5f660v2cWwYgDAfBgNVHSMEGDAWgBRkHk9Lnhgv
+vOIwxHOma54FGt8SCDAMBgNVHRMEBTADAQH/MHMGCCsGAQUFBwEBBGcwZTAhBggr
+BgEFBQcwAYYVaHR0cDovLzEyNy4wLjAuMTo4ODg4MEAGCCsGAQUFBzAChjRodHRw
+Oi8vU1ZSU2VjdXJlLUczLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzMuY2Vy
+MA0GCSqGSIb3DQEBBQUAA4GBAFonDQzs/Ts1sEDW3f5EmuKVZlpH9sLstSLJxZK8
++v88Jbz451/Lf8hxvnMv3MwExXr9qPKPlvKRfj+bbLB5KTEcZ5zhDpJ7SDYesdUd
+RKOMSN0JIRL3JOCdYHOnJk6o+45vZ/TNv0lsiK90vxH2jo2EXnNG+jeyBGwp+3H6
+RWHw
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 2 (0x2)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com
+ Validity
+ Not Before: Jun 18 08:11:04 2014 GMT
+ Not After : Jun 18 08:11:04 2015 GMT
+ Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test AIA, CN=Test Signer/emailAddress=tt@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:b0:80:ac:3e:ff:bd:63:59:79:f1:e1:b2:cb:66:
+ b4:cf:98:4f:8d:ac:37:c7:49:f6:71:f3:24:c6:61:
+ e7:b0:33:33:fa:66:55:cc:f1:67:6e:c4:d8:aa:a6:
+ a9:bb:1b:65:cd:d7:cd:86:11:7b:1d:a3:1c:1a:d3:
+ d1:ed:31:51:aa:48:60:3f:04:26:a6:0f:56:7a:96:
+ 21:ce:11:be:14:4c:1d:d1:38:9d:65:64:30:e4:c8:
+ 9f:5a:81:93:9f:a1:9b:2d:fc:08:fc:f9:bc:15:df:
+ 1d:e2:7b:ea:78:6b:6c:3f:f1:e4:ac:6a:5a:df:79:
+ fd:a0:5f:a9:21:69:2b:09:3b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 4B:D2:72:A2:35:48:F3:87:5F:CB:3E:F6:68:A8:BB:E7:55:F3:99:AA
+ X509v3 Authority Key Identifier:
+ keyid:A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80
+
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:8888
+ CA Issuers - URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 01:3f:ec:ab:bb:df:f6:6a:e6:78:7a:48:d5:d3:75:91:83:95:
+ 6a:fe:ba:a6:38:70:eb:b8:c3:55:6d:9e:07:e0:f0:4b:44:b4:
+ a9:0b:ff:ce:19:a8:60:12:05:0a:7b:cf:41:70:1d:74:95:48:
+ b9:e4:3e:58:30:4d:c3:a3:cf:48:fa:11:6e:82:fd:01:3c:66:
+ 80:db:4d:62:2c:e8:4b:ff:4b:b4:69:59:b5:c8:9c:4d:b7:56:
+ 23:5b:67:cc:2a:a9:c2:1e:08:e8:1f:38:74:c1:00:b5:a4:86:
+ f9:bf:12:6b:60:29:f7:3d:b8:66:97:b5:ba:24:f0:c3:24:77:
+ e6:5d
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAsagAwIBAgIBAjANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu
+IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0
+dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTA0WhcNMTUwNjE4MDgxMTA0WjB7MQsw
+CQYDVQQGEwJLUjEOMAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxFzAV
+BgNVBAsMDlRpemVuIFRlc3QgQUlBMRQwEgYDVQQDDAtUZXN0IFNpZ25lcjEbMBkG
+CSqGSIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCwgKw+/71jWXnx4bLLZrTPmE+NrDfHSfZx8yTGYeewMzP6ZlXM8WduxNiq
+pqm7G2XN182GEXsdoxwa09HtMVGqSGA/BCamD1Z6liHOEb4UTB3ROJ1lZDDkyJ9a
+gZOfoZst/Aj8+bwV3x3ie+p4a2w/8eSsalrfef2gX6khaSsJOwIDAQABo4HxMIHu
+MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl
+cnRpZmljYXRlMB0GA1UdDgQWBBRL0nKiNUjzh1/LPvZoqLvnVfOZqjAfBgNVHSME
+GDAWgBSpSfNbE0V2NHn/V5f660v2cWwYgDBzBggrBgEFBQcBAQRnMGUwIQYIKwYB
+BQUHMAGGFWh0dHA6Ly8xMjcuMC4wLjE6ODg4ODBABggrBgEFBQcwAoY0aHR0cDov
+L1NWUlNlY3VyZS1HMy1haWEudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjAN
+BgkqhkiG9w0BAQUFAAOBgQABP+yru9/2auZ4ekjV03WRg5Vq/rqmOHDruMNVbZ4H
+4PBLRLSpC//OGahgEgUKe89BcB10lUi55D5YME3Do89I+hFugv0BPGaA201iLOhL
+/0u0aVm1yJxNt1YjW2fMKqnCHgjoHzh0wQC1pIb5vxJrYCn3Pbhml7W6JPDDJHfm
+XQ==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 3 (0x3)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com
+ Validity
+ Not Before: Jun 18 08:11:14 2014 GMT
+ Not After : Jun 18 08:11:14 2015 GMT
+ Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test REVOKED, CN=Test Signer/emailAddress=tt@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:dc:f4:b7:27:44:70:33:76:f5:d7:cf:43:4a:c2:
+ a8:0a:f0:f3:d0:df:02:dc:1c:1e:44:d4:be:d4:e3:
+ 08:46:41:a3:b5:4f:3c:23:89:34:90:64:7b:cc:52:
+ 15:93:07:4f:98:53:9d:db:cf:fd:8f:0a:70:ce:22:
+ c3:ff:02:4b:df:94:41:49:02:e8:a7:d7:4b:c8:1e:
+ 53:8b:82:9e:75:e2:db:ce:1e:33:34:4d:00:ac:3d:
+ 3c:06:86:c1:dd:27:39:e1:4b:01:56:04:2e:bb:ff:
+ 0f:ec:ed:57:bc:50:b6:ed:25:fe:0c:84:8c:22:59:
+ 38:f9:84:54:83:94:af:aa:97
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ FE:35:D9:5C:69:D8:F6:D2:BA:37:31:35:93:33:91:81:B4:21:EB:E9
+ X509v3 Authority Key Identifier:
+ keyid:A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80
+
+ Authority Information Access:
+ OCSP - URI:http://127.0.0.1:8888
+ CA Issuers - URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
+
+ Signature Algorithm: sha1WithRSAEncryption
+ a8:6a:83:c1:9b:b2:6b:0f:b0:0e:09:a3:02:bf:e1:ab:19:bb:
+ 34:a9:24:ce:c9:f5:e1:a9:ba:20:ad:05:31:ec:f6:cc:47:f9:
+ f0:5e:3c:70:f1:01:6e:ac:6a:a5:05:2b:40:c5:20:34:e4:b6:
+ 3b:40:f9:c3:5f:0e:b7:0b:04:96:b1:be:25:e0:33:c3:64:63:
+ 59:83:73:4b:df:0c:ab:83:d1:00:9b:44:c3:93:55:f4:0d:8b:
+ fd:f9:55:59:b2:c0:13:7a:ed:b7:f1:4e:57:9f:1b:c5:3f:bd:
+ bf:4d:f9:5b:50:55:98:19:c0:06:24:65:10:48:4d:ad:75:bb:
+ 57:a6
+-----BEGIN CERTIFICATE-----
+MIIDYTCCAsqgAwIBAgIBAzANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu
+IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0
+dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTE0WhcNMTUwNjE4MDgxMTE0WjB/MQsw
+CQYDVQQGEwJLUjEOMAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxGzAZ
+BgNVBAsMElRpemVuIFRlc3QgUkVWT0tFRDEUMBIGA1UEAwwLVGVzdCBTaWduZXIx
+GzAZBgkqhkiG9w0BCQEWDHR0QGdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEA3PS3J0RwM3b1189DSsKoCvDz0N8C3BweRNS+1OMIRkGjtU88I4k0
+kGR7zFIVkwdPmFOd28/9jwpwziLD/wJL35RBSQLop9dLyB5Ti4KedeLbzh4zNE0A
+rD08BobB3Sc54UsBVgQuu/8P7O1XvFC27SX+DISMIlk4+YRUg5SvqpcCAwEAAaOB
+8TCB7jAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl
+ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU/jXZXGnY9tK6NzE1kzORgbQh6+kwHwYD
+VR0jBBgwFoAUqUnzWxNFdjR5/1eX+utL9nFsGIAwcwYIKwYBBQUHAQEEZzBlMCEG
+CCsGAQUFBzABhhVodHRwOi8vMTI3LjAuMC4xOjg4ODgwQAYIKwYBBQUHMAKGNGh0
+dHA6Ly9TVlJTZWN1cmUtRzMtYWlhLnZlcmlzaWduLmNvbS9TVlJTZWN1cmVHMy5j
+ZXIwDQYJKoZIhvcNAQEFBQADgYEAqGqDwZuyaw+wDgmjAr/hqxm7NKkkzsn14am6
+IK0FMez2zEf58F48cPEBbqxqpQUrQMUgNOS2O0D5w18OtwsElrG+JeAzw2RjWYNz
+S98Mq4PRAJtEw5NV9A2L/flVWbLAE3rtt/FOV58bxT+9v035W1BVmBnABiRlEEhN
+rXW7V6Y=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4 (0x4)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com
+ Validity
+ Not Before: Jun 18 08:11:29 2014 GMT
+ Not After : Jun 18 08:11:29 2015 GMT
+ Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test NO AIA, CN=Test Signer/emailAddress=tt@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:c9:92:88:32:45:4e:93:f6:be:6d:39:97:e7:a0:
+ d1:93:1a:13:df:48:14:1b:e6:a8:85:ca:52:40:7f:
+ 37:86:ba:05:37:4e:ed:c1:b1:c9:1f:0f:d1:c9:d4:
+ 65:ee:db:2f:85:31:5a:04:7c:2d:d2:be:32:6d:a0:
+ d9:3e:17:49:29:f8:ec:be:a4:a6:2b:e6:ee:02:0c:
+ 20:39:0b:12:1c:7f:ac:bc:f8:a7:46:96:9c:0a:71:
+ 5e:dd:6d:88:cd:af:a1:41:52:86:c2:60:da:af:5f:
+ dc:44:a3:db:18:f9:fb:fd:9a:af:d1:1d:14:22:d0:
+ cd:03:af:d5:aa:db:c1:ed:0d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ EC:0E:07:A6:63:F0:9C:4C:80:6E:25:56:70:93:B5:54:68:77:97:FC
+ X509v3 Authority Key Identifier:
+ keyid:A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80
+
+ Signature Algorithm: sha1WithRSAEncryption
+ c3:6a:ad:09:16:63:c5:4a:f5:84:75:25:79:c0:1d:4e:1d:cc:
+ 15:df:e6:d9:46:6e:3b:0d:93:07:49:7d:ee:fa:4d:c6:39:03:
+ 05:62:cf:3e:4f:a7:2b:03:9c:6c:dd:76:f4:92:ea:03:c4:e6:
+ b3:b6:1d:4b:15:ea:ad:b6:11:a9:29:79:03:7d:a9:eb:6c:97:
+ 4b:f8:cf:9f:0e:e3:29:50:c2:c5:5b:ec:f8:d0:dd:7d:0c:6b:
+ 75:10:dc:08:0f:f2:38:6d:a6:e1:83:81:46:e6:8c:fe:3d:17:
+ e6:84:d3:a9:bd:d9:ad:d5:ba:b4:e4:86:57:46:6f:81:89:5e:
+ fe:bd
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAlKgAwIBAgIBBDANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu
+IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0
+dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTI5WhcNMTUwNjE4MDgxMTI5WjB+MQsw
+CQYDVQQGEwJLUjEOMAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxGjAY
+BgNVBAsMEVRpemVuIFRlc3QgTk8gQUlBMRQwEgYDVQQDDAtUZXN0IFNpZ25lcjEb
+MBkGCSqGSIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJkogyRU6T9r5tOZfnoNGTGhPfSBQb5qiFylJAfzeGugU3Tu3Bsckf
+D9HJ1GXu2y+FMVoEfC3SvjJtoNk+F0kp+Oy+pKYr5u4CDCA5CxIcf6y8+KdGlpwK
+cV7dbYjNr6FBUobCYNqvX9xEo9sY+fv9mq/RHRQi0M0Dr9Wq28HtDQIDAQABo3sw
+eTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD
+ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU7A4HpmPwnEyAbiVWcJO1VGh3l/wwHwYDVR0j
+BBgwFoAUqUnzWxNFdjR5/1eX+utL9nFsGIAwDQYJKoZIhvcNAQEFBQADgYEAw2qt
+CRZjxUr1hHUlecAdTh3MFd/m2UZuOw2TB0l97vpNxjkDBWLPPk+nKwOcbN129JLq
+A8Tms7YdSxXqrbYRqSl5A32p62yXS/jPnw7jKVDCxVvs+NDdfQxrdRDcCA/yOG2m
+4YOBRuaM/j0X5oTTqb3ZrdW6tOSGV0ZvgYle/r0=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 5 (0x5)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com
+ Validity
+ Not Before: Jun 18 08:11:46 2014 GMT
+ Not After : Jun 18 08:11:46 2015 GMT
+ Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test OCSP Response Signer, CN=OCSP Response Signer/emailAddress=tt@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:cb:b2:52:c6:6d:75:32:a3:41:e5:7a:3c:21:a0:
+ fd:e5:9d:d5:42:fe:3b:7d:e7:7d:8f:6d:b6:75:22:
+ 39:51:9f:ba:2b:f2:ff:aa:9b:bc:4e:11:cc:42:1f:
+ 84:04:4d:8f:fa:a1:86:e0:80:54:8b:84:6e:58:b9:
+ 5c:f2:e2:99:3f:d4:e5:cd:d0:27:a3:f9:23:52:d1:
+ d3:9d:59:ce:a3:db:2e:ce:6d:1d:6d:1b:a2:28:8c:
+ 52:c2:c1:57:30:41:0c:c1:b9:3a:66:75:e5:da:2a:
+ 41:cc:27:98:8b:03:f3:e6:a1:3e:ec:24:83:45:84:
+ 47:21:54:25:53:33:3b:6d:01
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Extended Key Usage:
+ OCSP Signing
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ BD:88:26:A9:60:B7:BB:51:73:06:06:4B:72:52:F6:44:50:3B:EE:90
+ X509v3 Authority Key Identifier:
+ keyid:A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 33:1f:11:ca:e8:01:2a:92:df:5c:07:98:f3:0c:5e:61:a8:6c:
+ 58:47:6e:24:d1:01:da:ea:7c:40:2d:e8:89:38:e4:5a:12:cd:
+ 3f:e0:24:bd:bb:79:f0:0f:8f:6f:72:21:d5:a2:18:89:24:f8:
+ 61:98:ed:66:59:64:4d:da:9b:6f:20:0b:6e:a4:7f:b0:0b:f1:
+ ae:70:3a:54:0b:06:53:58:a0:28:22:67:78:4b:88:97:43:8d:
+ 1c:58:d3:9b:77:49:6c:66:ed:46:01:e5:4f:6f:96:5a:e0:f8:
+ 90:8c:6b:7d:cc:c6:45:6c:60:cf:2e:b0:c7:85:fe:21:41:67:
+ e5:48
+-----BEGIN CERTIFICATE-----
+MIIDJTCCAo6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu
+IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0
+dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTQ2WhcNMTUwNjE4MDgxMTQ2WjCBlTEL
+MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMSgw
+JgYDVQQLDB9UaXplbiBUZXN0IE9DU1AgUmVzcG9uc2UgU2lnbmVyMR0wGwYDVQQD
+DBRPQ1NQIFJlc3BvbnNlIFNpZ25lcjEbMBkGCSqGSIb3DQEJARYMdHRAZ21haWwu
+Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLslLGbXUyo0HlejwhoP3l
+ndVC/jt9532PbbZ1IjlRn7or8v+qm7xOEcxCH4QETY/6oYbggFSLhG5YuVzy4pk/
+1OXN0Cej+SNS0dOdWc6j2y7ObR1tG6IojFLCwVcwQQzBuTpmdeXaKkHMJ5iLA/Pm
+oT7sJINFhEchVCVTMzttAQIDAQABo4GeMIGbMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgXgMBMGA1UdJQQMMAoGCCsGAQUFBwMJMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUvYgmqWC3u1FzBgZLclL2
+RFA77pAwHwYDVR0jBBgwFoAUqUnzWxNFdjR5/1eX+utL9nFsGIAwDQYJKoZIhvcN
+AQEFBQADgYEAMx8RyugBKpLfXAeY8wxeYahsWEduJNEB2up8QC3oiTjkWhLNP+Ak
+vbt58A+Pb3Ih1aIYiST4YZjtZllkTdqbbyALbqR/sAvxrnA6VAsGU1igKCJneEuI
+l0ONHFjTm3dJbGbtRgHlT2+WWuD4kIxrfczGRWxgzy6wx4X+IUFn5Ug=
+-----END CERTIFICATE-----
[ new_oids ]
-# We can add new OIDs in here for use by 'ca' and 'req'.
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
+default_md = default # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
+# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
+[ no_ext ]
+# no contents hear
+
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
-commonName = Common Name (eg, YOUR name)
+commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
emailAddress = Email Address
#nsCaPolicyUrl
#nsSslServerName
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+# AIA
+authorityInfoAccess = OCSP;URI:http://127.0.0.1:8888,caIssuers;URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
+
+[ usr_cert_noaia ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+
[ v3_req ]
# Extensions to add to a certificate request
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
+# Extensions for a typical CA
+# PKIX recommendation.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer
-# Extensions for a typical CA
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
-# PKIX recommendation.
+# Some might want this also
+# nsCertType = sslCA, emailCA
-subjectKeyIdentifier=hash
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+# AIA(Authority Information Access)
+#authorityInfoAccess = OCSP;URI:http://ocsp.verisign.com
+#authorityInfoAccess = caIssuers;URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
+authorityInfoAccess = OCSP;URI:http://127.0.0.1:8888,caIssuers;URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
-authorityKeyIdentifier=keyid:always,issuer:always
+
+[ v3_ca_noaia ]
+# Extensions for a typical CA
+
+# PKIX recommendation.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
+# AIA(Authority Information Access)
+#authorityInfoAccess = OCSP;URI:http://ocsp.verisign.com
+#authorityInfoAccess = caIssuers;URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
+
+
+# CRL extensions.
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
+authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# This really needs to be in place for it to be a proxy certificate.
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1 # the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir = ./demoCA # TSA root directory
+serial = $dir/tsaserial # The current serial number (mandatory)
+crypto_device = builtin # OpenSSL engine to use for signing
+signer_cert = $dir/tsacert.pem # The TSA signing certificate
+ # (optional)
+certs = $dir/cacert.pem # Certificate chain to include in reply
+ # (optional)
+signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
+
+default_policy = tsa_policy1 # Policy if request did not specify it
+ # (optional)
+other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
+digests = md5, sha1 # Acceptable message digests (mandatory)
+accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
+clock_precision_digits = 0 # number of digits after dot. (optional)
+ordering = yes # Is ordering defined for timestamps?
+ # (optional, default: no)
+tsa_name = yes # Must the TSA name be included in the reply?
+ # (optional, default: no)
+ess_cert_id_chain = no # Must the ESS cert id chain be included?
+ # (optional, default: no)
+
+###########################################################################33
+[ v3_ocsp ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = OCSPSigning
+
+nsComment = "OpenSSL Generated Certificate"
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDLJrMAF/JzxIIrQzQ/3FGt7cGAUEYaEFSo+hcDKYRXaZC33/kk
+VANYFh+log9eMJUUlt0TBOg79tOnS/5MBwWaVLEOLalv0Uj2FfjEMpGd/xEF6Vv3
+4mSTcWadMHyDwYwDZVwdFkrvOkA6WwgwS8XSrpbH/nkKUkKpk+YYljKEzQIDAQAB
+AoGBAKzIUV42/+Mus3eQRRQ7kszXdshnffgVA6xkaMYrvX+LLab2O7SGMAHvbyM0
+3tVBhMpqNcVDWzIFEKctny+SmVPRr1SWmweLCs32Q3qgH/MPIHJ4rCFRBQACQLET
+aXiv1pF5HchwfA94S5qmwEDYBSBoGfm/0gP4FSEAWf8UgccRAkEA60uR5Mqokm/w
+8ev+XN+7nKiLkl2G98BCX+LxCDVvGfatLY9wEUs7MyPE4SUj3nkpSJ0IvMT+QVzn
+aqM9aIGgWwJBAN0HB5n64EaSNq653D/LQigegkVdOfH6yMb/kdTJwNJavuEJYoh1
+oH9tWe1ajcaloWtwbwWvsbUvM2StdzqL9/cCQHY6OIp/kghSmvzUGbFM8hYbUlYv
+DHw8bJ2FiJsZTkP7gLTd1++4n3xowqpmYQmOU8IataM0UJVDOzyH3Xk/ePUCQGV6
+9siB4TtFoomymCdKIYPeDh3e4d3yMQD9Em3KfBeYxo74Ch9xMlGPWXya2QFdxrFX
+nAHWWxc/Jq+Q3W8qGJ0CQQCOsjHigGpEKvhH0D4UFRyZ7MtqEsQqG6g2QuWxUcwH
+MbC8QKgM7psAQxR55aXOeIdOKA3sxURBNuLI0HP4wQap
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx
+ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g
+RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw
+MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH
+QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j
+b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j
+b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H
+KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm
+VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR
+SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT
+cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ
+6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu
+MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS
+kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB
+BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f
+BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv
+c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH
+AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO
+BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG
+OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU
+A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o
+0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX
+RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH
+qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV
+U+4=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh
+bGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu
+Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24g
+QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAe
+BgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTA0MDYyOTE3MDYyMFoX
+DTI0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBE
+YWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgC
+ggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv
+2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+q
+N1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiO
+r18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lN
+f4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEH
+U1jPEX44dMX4/7VpkI+EdOqXG68CAQOjggHhMIIB3TAdBgNVHQ4EFgQU0sSw0pHU
+TBFxs2HLPaH+3ahq1OMwgdIGA1UdIwSByjCBx6GBwaSBvjCBuzEkMCIGA1UEBxMb
+VmFsaUNlcnQgVmFsaWRhdGlvbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwg
+SW5jLjE1MDMGA1UECxMsVmFsaUNlcnQgQ2xhc3MgMiBQb2xpY3kgVmFsaWRhdGlv
+biBBdXRob3JpdHkxITAfBgNVBAMTGGh0dHA6Ly93d3cudmFsaWNlcnQuY29tLzEg
+MB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5jb22CAQEwDwYDVR0TAQH/BAUw
+AwEB/zAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmdv
+ZGFkZHkuY29tMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jZXJ0aWZpY2F0ZXMu
+Z29kYWRkeS5jb20vcmVwb3NpdG9yeS9yb290LmNybDBLBgNVHSAERDBCMEAGBFUd
+IAAwODA2BggrBgEFBQcCARYqaHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv
+bS9yZXBvc2l0b3J5MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQC1
+QPmnHfbq/qQaQlpE9xXUhUaJwL6e4+PrxeNYiY+Sn1eocSxI0YGyeR+sBjUZsE4O
+WBsUs5iB0QQeyAfJg594RAoYC5jcdnplDQ1tgMQLARzLrUc+cb53S8wGd9D0Vmsf
+SxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----\r
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0\r
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz\r
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y\r
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG\r
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy\r
+NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y\r
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs\r
+YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw\r
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl\r
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY\r
+dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9\r
+WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS\r
+v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v\r
+UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu\r
+IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC\r
+W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd\r
+-----END CERTIFICATE-----\r
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 5 (0x5)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com
+ Validity
+ Not Before: Jun 18 08:11:46 2014 GMT
+ Not After : Jun 18 08:11:46 2015 GMT
+ Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test OCSP Response Signer, CN=OCSP Response Signer/emailAddress=tt@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:cb:b2:52:c6:6d:75:32:a3:41:e5:7a:3c:21:a0:
+ fd:e5:9d:d5:42:fe:3b:7d:e7:7d:8f:6d:b6:75:22:
+ 39:51:9f:ba:2b:f2:ff:aa:9b:bc:4e:11:cc:42:1f:
+ 84:04:4d:8f:fa:a1:86:e0:80:54:8b:84:6e:58:b9:
+ 5c:f2:e2:99:3f:d4:e5:cd:d0:27:a3:f9:23:52:d1:
+ d3:9d:59:ce:a3:db:2e:ce:6d:1d:6d:1b:a2:28:8c:
+ 52:c2:c1:57:30:41:0c:c1:b9:3a:66:75:e5:da:2a:
+ 41:cc:27:98:8b:03:f3:e6:a1:3e:ec:24:83:45:84:
+ 47:21:54:25:53:33:3b:6d:01
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Extended Key Usage:
+ OCSP Signing
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ BD:88:26:A9:60:B7:BB:51:73:06:06:4B:72:52:F6:44:50:3B:EE:90
+ X509v3 Authority Key Identifier:
+ keyid:A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 33:1f:11:ca:e8:01:2a:92:df:5c:07:98:f3:0c:5e:61:a8:6c:
+ 58:47:6e:24:d1:01:da:ea:7c:40:2d:e8:89:38:e4:5a:12:cd:
+ 3f:e0:24:bd:bb:79:f0:0f:8f:6f:72:21:d5:a2:18:89:24:f8:
+ 61:98:ed:66:59:64:4d:da:9b:6f:20:0b:6e:a4:7f:b0:0b:f1:
+ ae:70:3a:54:0b:06:53:58:a0:28:22:67:78:4b:88:97:43:8d:
+ 1c:58:d3:9b:77:49:6c:66:ed:46:01:e5:4f:6f:96:5a:e0:f8:
+ 90:8c:6b:7d:cc:c6:45:6c:60:cf:2e:b0:c7:85:fe:21:41:67:
+ e5:48
+-----BEGIN CERTIFICATE-----
+MIIDJTCCAo6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu
+IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0
+dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTQ2WhcNMTUwNjE4MDgxMTQ2WjCBlTEL
+MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMSgw
+JgYDVQQLDB9UaXplbiBUZXN0IE9DU1AgUmVzcG9uc2UgU2lnbmVyMR0wGwYDVQQD
+DBRPQ1NQIFJlc3BvbnNlIFNpZ25lcjEbMBkGCSqGSIb3DQEJARYMdHRAZ21haWwu
+Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLslLGbXUyo0HlejwhoP3l
+ndVC/jt9532PbbZ1IjlRn7or8v+qm7xOEcxCH4QETY/6oYbggFSLhG5YuVzy4pk/
+1OXN0Cej+SNS0dOdWc6j2y7ObR1tG6IojFLCwVcwQQzBuTpmdeXaKkHMJ5iLA/Pm
+oT7sJINFhEchVCVTMzttAQIDAQABo4GeMIGbMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgXgMBMGA1UdJQQMMAoGCCsGAQUFBwMJMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUvYgmqWC3u1FzBgZLclL2
+RFA77pAwHwYDVR0jBBgwFoAUqUnzWxNFdjR5/1eX+utL9nFsGIAwDQYJKoZIhvcN
+AQEFBQADgYEAMx8RyugBKpLfXAeY8wxeYahsWEduJNEB2up8QC3oiTjkWhLNP+Ak
+vbt58A+Pb3Ih1aIYiST4YZjtZllkTdqbbyALbqR/sAvxrnA6VAsGU1igKCJneEuI
+l0ONHFjTm3dJbGbtRgHlT2+WWuD4kIxrfczGRWxgzy6wx4X+IUFn5Ug=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDLslLGbXUyo0HlejwhoP3lndVC/jt9532PbbZ1IjlRn7or8v+q
+m7xOEcxCH4QETY/6oYbggFSLhG5YuVzy4pk/1OXN0Cej+SNS0dOdWc6j2y7ObR1t
+G6IojFLCwVcwQQzBuTpmdeXaKkHMJ5iLA/PmoT7sJINFhEchVCVTMzttAQIDAQAB
+AoGAR6q7+Nh2DZTnEGgLVAGikvEPIXz1TXzu7lG5iki6Rf+eruvWDB6zB/y3EuSn
+vCPV7mZ6X+6G0HeNo2XEUChtpij9kFPvvzDtFh5QEH9Opj/CFX4j1FcxMH7RyZv7
+VjBnfa1c9futYYJGLMynX7J+paSYC02FMMqXdwWeBfCeQ2ECQQDmj2GtiCkzQJS6
+D0G10l5Ion4UUXHbzaEXLyqkuBYka8m5WPPhmHKI+QLb6zL6mQHw+bHVwlJHCThk
+oePKJbUlAkEA4iwhMwgTAIxD4kYA1GEb6V2PB1taXRn3nUKWYePkC7wDbPGkZmPG
+LqThVZQdgYYlmhGrUCWrAloGi322FNwHrQJAQ0rl/3gWTlczEXsSercDvb9vfQ6o
+ZLcHpXSmxZzVGZw8LFTCGb4c781+ACINpwaxglveg71LtmACjZySl5WZ4QJAcpJm
+UwKhFaL4dHR/0RZMXGBPpyto0EbqP5jOs1INYMBif9q9LD0Y1OIjYAXDGK0K+UxA
+Gz6prWxLanhJN7HqlQJBAL2WPV7Et9Uy1iNULd34n2FGHShvhNL99maT/pUGxpna
+ltX8KGsHS3cCvSG3zmiReDYG1xJw69c59OfMPRufJRk=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+/*
+ * certification service
+ *
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Dongsun Lee <ds73.lee@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <test_suite.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <cert-service.h>
+#include <cert-service-util.h>
+
+#define CERT_FILE_ROOT_CA "/opt/share/cert-svc/tests/orig_c/data/caflag/root_ca.der"
+#define CERT_FILE_SECOND_CA "/opt/share/cert-svc/tests/orig_c/data/caflag/second_ca.der"
+#define CERT_FILE_SIGNER_AIA "/opt/share/cert-svc/tests/orig_c/data/caflag/aia_signer.der"
+#define CERT_FILE_SIGNER_REVOKED "/opt/share/cert-svc/tests/orig_c/data/caflag/rev_signer.der"
+#define CERT_FILE_SIGNER_NOAIA "/opt/share/cert-svc/tests/orig_c/data/caflag/noaia_signer.der"
+#define CERT_FILE_ROOT_CA_V1 "/opt/share/cert-svc/tests/orig_c/data/caflag/root_ca_v1.der"
+#define CERT_FILE_SIGNER_V1 "/opt/share/cert-svc/tests/orig_c/data/caflag/v1_signer.der"
+
+
+int test_verify_certificate_succ_caflag_cert() {
+ int validity;
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ CERT_CONTEXT* ctx = cert_svc_cert_context_init();
+
+ // load certificate to context
+ ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_AIA);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_load_file_to_context. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+ ret = cert_svc_push_file_into_context(ctx, CERT_FILE_SECOND_CA);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+ ret = cert_svc_verify_certificate(ctx, &validity);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_verify_certificate. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+ if(validity != 1) {
+ printf("....fail..cert_svc_verify_certificate. validity=%d\n", validity); fflush(stderr);
+ ret = -1;
+ goto err;
+ }
+
+err:
+ cert_svc_cert_context_final(ctx);
+ return ret;
+}
+
+int test_verify_certificate_succ_nocaflag_cert() {
+ int validity;
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ CERT_CONTEXT* ctx = cert_svc_cert_context_init();
+
+ // load certificate to context
+ ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_V1);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_load_file_to_context. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+ ret = cert_svc_verify_certificate(ctx, &validity);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_verify_certificate. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+ if(validity != 1) {
+ printf("....fail..cert_svc_verify_certificate. validity=%d\n", validity); fflush(stderr);
+ ret = -1;
+ goto err;
+ }
+
+err:
+ cert_svc_cert_context_final(ctx);
+ return ret;
+}
+
+int test_verify_certificate_with_caflag_succ() {
+ int validity;
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ CERT_CONTEXT* ctx = cert_svc_cert_context_init();
+
+ // load certificate to context
+ ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_AIA);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_load_file_to_context. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+ ret = cert_svc_push_file_into_context(ctx, CERT_FILE_SECOND_CA);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+ ret = cert_svc_verify_certificate_with_caflag(ctx, &validity);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_verify_certificate. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+ if(validity != 1) {
+ printf("....fail..cert_svc_verify_certificate. validity=%d\n", validity); fflush(stderr);
+ ret = -1;
+ goto err;
+ }
+
+err:
+ cert_svc_cert_context_final(ctx);
+ return ret;
+}
+
+
+int test_verify_certificate_with_caflag_fail() {
+ int validity;
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ CERT_CONTEXT* ctx = cert_svc_cert_context_init();
+
+ // load certificate to context
+ ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_V1);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_load_file_to_context. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+ ret = cert_svc_verify_certificate_with_caflag(ctx, &validity);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_verify_certificate. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+ if(validity == 1) {
+ printf("....fail..cert_svc_verify_certificate. validity=%d\n", validity); fflush(stderr);
+ ret = -1;
+ goto err;
+ }
+
+err:
+ cert_svc_cert_context_final(ctx);
+ return ret;
+}
+
+
+int test_caflag(){
+ int ret;
+ printf("\n[test_caflag started]\n");
+
+ printf("\n-- test_verify_certificate_succ_caflag_cert start\n");
+ ret = test_verify_certificate_succ_caflag_cert();
+ printf("---- result : ");
+ if(ret == 0) {
+ printf("success\n");
+ }else {
+ printf("fail\n");
+ }
+
+ printf("\n-- test_verify_certificate_succ_nocaflag_cert start\n");
+ ret = test_verify_certificate_succ_nocaflag_cert();
+ printf("---- result : ");
+ if(ret == 0) {
+ printf("success\n");
+ }else {
+ printf("fail\n");
+ }
+
+ printf("\n-- test_verify_certificate_with_caflag_succ start\n");
+ ret = test_verify_certificate_with_caflag_succ();
+ printf("---- result : ");
+ if(ret == 0) {
+ printf("success\n");
+ }else {
+ printf("fail\n");
+ }
+
+ printf("\n-- test_verify_certificate_with_caflag_fail start\n");
+ ret = test_verify_certificate_with_caflag_fail();
+ printf("---- result : ");
+ if(ret == 0) {
+ printf("success\n");
+ }else {
+ printf("fail\n");
+ }
+
+ return ret;
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+
+
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+#include <cert-service.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <cert-service-util.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+
+#define CERT_FILE_ROOT_CA "/opt/share/cert-svc/tests/orig_c/data/ocsp/root_ca.der"
+#define CERT_FILE_SECOND_CA "/opt/share/cert-svc/tests/orig_c/data/ocsp/second_ca.der"
+#define CERT_FILE_SIGNER_AIA "/opt/share/cert-svc/tests/orig_c/data/ocsp/aia_signer.der"
+#define CERT_FILE_SIGNER_REVOKED "/opt/share/cert-svc/tests/orig_c/data/ocsp/rev_signer.der"
+#define CERT_FILE_SIGNER_NOAIA "/opt/share/cert-svc/tests/orig_c/data/ocsp/noaia_signer.der"
+
+#define CERT_FILE_NO_ROOT_CERT "/opt/share/cert-svc/tests/orig_c/data/ocsp/noroot_cert.pem"
+
+#define CERT_FILE_REAL_LEVEL1_CERT "/opt/share/cert-svc/tests/orig_c/data/ocsp/ocsp_level1.crt"
+#define CERT_FILE_REAL_LEVEL2_CA "/opt/share/cert-svc/tests/orig_c/data/ocsp/ocsp_level2.crt"
+#define CERT_FILE_REAL_ROOT_CA "/opt/share/cert-svc/tests/orig_c/data/ocsp/ocsp_rootca.crt"
+
+/*
+ * author: ---
+ * test: ocsp success:AIA information
+ * description: Test for the ocsp success case using certificate's AIA information
+ * expect: *.pem should load with no error.
+ */
+int ocsp_success_with_aia() {
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ CERT_CONTEXT* ctx = cert_svc_cert_context_init();
+
+ // load certificate to context
+ ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_AIA);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+ // check ocsp
+ ret = cert_svc_check_ocsp_status(ctx, NULL);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_check_ocsp_status. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+err:
+ cert_svc_cert_context_final(ctx);
+ return ret;
+}
+
+
+/*
+ * author: ---
+ * test: ocsp success:no AIA information
+ * description: Test for the ocsp success case using privided OCSP url
+ * expect: *.der file should load with no error.
+ */
+int ocsp_success_with_no_aia()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ char *uri = "http://127.0.0.1:8888";
+ CERT_CONTEXT* ctx = cert_svc_cert_context_init();
+
+ // load certificate to context
+ ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_NOAIA);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+ // check ocsp
+ ret = cert_svc_check_ocsp_status(ctx, uri);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_check_ocsp_status. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+err:
+ cert_svc_cert_context_final(ctx);
+ return ret;
+}
+
+/*
+ * author: ---
+ * test: ocsp fail: revokation.
+ * description: Test for the ocsp fail case due to the revokation
+ * expect: *.pom file should not load and return error.
+ */
+int ocsp_fail_revokation()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ char *uri = "http://127.0.0.1:8888";
+ CERT_CONTEXT* ctx = cert_svc_cert_context_init();
+
+ // load certificate to context
+ ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_REVOKED);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+ // check ocsp
+ ret = cert_svc_check_ocsp_status(ctx, uri);
+ if(ret != CERT_SVC_ERR_OCSP_REVOKED) {
+ printf("....fail..CERT_SVC_ERR_OCSP_REVOKED Error expected. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+ ret = 0;
+err:
+ cert_svc_cert_context_final(ctx);
+ return ret;
+}
+
+
+/*
+ * author: ---
+ * test: No URI
+ * description: Test for the ocsp fail case due to no OCSP URL and AIA Information
+ * expect: .
+ */
+int ocsp_fail_no_uri()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ CERT_CONTEXT* ctx = cert_svc_cert_context_init();
+
+ // load certificate to context
+ ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_NOAIA);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+ // check ocsp
+ ret = cert_svc_check_ocsp_status(ctx, NULL);
+ if(ret != CERT_SVC_ERR_OCSP_NO_SUPPORT) {
+ printf("....fail..CERT_SVC_ERR_OCSP_NO_SUPPORT Error expected. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+ ret = 0;
+err:
+ cert_svc_cert_context_final(ctx);
+ return ret;
+}
+
+/*
+ * author: ---
+ * test: Invalid URI
+ * description: Test for the ocsp fail case due to Invalid OCSP URL
+ * expect: .
+ */
+int ocsp_fail_no_network()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ char *uri = "http://127.0.0.1:7171";
+ CERT_CONTEXT* ctx = cert_svc_cert_context_init();
+
+ // load certificate to context
+ ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_NOAIA);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+ // check ocsp
+ ret = cert_svc_check_ocsp_status(ctx, uri);
+ if(ret != CERT_SVC_ERR_OCSP_NETWORK_FAILED) {
+ printf("....fail..CERT_SVC_ERR_OCSP_NETWORK_FAILED Error expected. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+ ret = 0;
+err:
+ cert_svc_cert_context_final(ctx);
+ return ret;
+}
+
+/*
+ * author: ---
+ * test: Invalid Cert Chain
+ * description: Test for the ocsp fail case due to Invalid Cert Chain
+ * expect: .
+ */
+int ocsp_fail_invalid_cert_chain()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ char *url = NULL;
+ CERT_CONTEXT* ctx = cert_svc_cert_context_init();
+
+ // load certificate to context
+ ret = cert_svc_load_file_to_context(ctx, CERT_FILE_NO_ROOT_CERT);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+ // check ocsp
+ ret = cert_svc_check_ocsp_status(ctx, NULL);
+ if(ret != CERT_SVC_ERR_NO_ROOT_CERT) {
+ printf("....fail..CERT_SVC_ERR_NO_ROOT_CERT Error expected. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+ ret = 0;
+err:
+ cert_svc_cert_context_final(ctx);
+ return ret;
+}
+
+/*
+ * author: ---
+ * test: Null Certificate
+ * description: Test for the ocsp fail case due to Null Certificate
+ * expect: .
+ */
+int ocsp_fail_null_cert()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ char *uri = "http://127.0.0.1:8888";
+ CERT_CONTEXT* ctx = cert_svc_cert_context_init();
+
+ // don't load certificate to context
+
+ // check ocsp
+ ret = cert_svc_check_ocsp_status(ctx, uri);
+ if(ret != CERT_SVC_ERR_INVALID_PARAMETER) {
+ printf("....fail..CERT_SVC_ERR_INVALID_PARAMETER Error expected. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+ ret = 0;
+err:
+ cert_svc_cert_context_final(ctx);
+ return ret;
+}
+
+/*
+ * author: ---
+ * test: OCSP test.
+ * description: Testing OCSP for certificate list.
+ * expect: OCSP should return success.
+ */
+int ocsp_success_real_cert()
+{
+
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ char *url = NULL;
+ CERT_CONTEXT* ctx = cert_svc_cert_context_init();
+
+ // load certificate to context
+ ret = cert_svc_load_file_to_context(ctx, CERT_FILE_REAL_LEVEL1_CERT);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_push_file_to_context. file=%s, ret=%d\n", CERT_FILE_REAL_LEVEL1_CERT, ret); fflush(stderr);
+ goto err;
+ }
+
+ ret = cert_svc_push_file_into_context(ctx, CERT_FILE_REAL_LEVEL2_CA);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_push_file_to_context. file=%s, ret=%d\n", CERT_FILE_REAL_LEVEL2_CA, ret); fflush(stderr);
+ goto err;
+ }
+
+// ret = cert_svc_push_file_into_context(ctx, CERT_FILE_REAL_ROOT_CA);
+// if(ret != CERT_SVC_ERR_NO_ERROR) {
+// printf("....fail..cert_svc_push_file_to_context. file=%s, ret=%d\n", CERT_FILE_REAL_ROOT_CA, ret); fflush(stderr);
+// goto err;
+// }
+
+ // check ocsp
+ ret = cert_svc_check_ocsp_status(ctx, NULL);
+ if(ret != CERT_SVC_ERR_NO_ERROR) {
+ printf("....fail..cert_svc_check_ocsp_status. ret=%d\n", ret); fflush(stderr);
+ goto err;
+ }
+
+err:
+ cert_svc_cert_context_final(ctx);
+ return ret;
+}
+
+
+typedef struct {
+ unsigned long size,resident,share,text,lib,data,dt;
+} statm_t;
+
+void read_off_memory_status(statm_t *result)
+{
+ unsigned long dummy;
+ const char* statm_path = "/proc/self/statm";
+
+// /proc/[pid]/statm
+// Provides information about memory usage, measured in pages.
+// The columns are:
+// size total program size(same as VmSize in /proc/[pid]/status)
+// resident resident set size(same as VmRSS in /proc/[pid]/status)
+// share shared pages (from shared mappings)
+// text text (code)
+// lib library (unused in Linux 2.6)
+// data data + stack
+// dt dirty pages (unused in Linux 2.6)
+
+
+ FILE *f = fopen(statm_path,"r");
+ if(!f){
+ perror(statm_path);
+ abort();
+ }
+ if(7 != fscanf(f,"%ld %ld %ld %ld %ld %ld %ld",
+ &result->size,&result->resident,&result->share,&result->text,&result->lib,&result->data,&result->dt))
+ {
+ perror(statm_path);
+ abort();
+ }
+ fclose(f);
+}
+
+/*
+ * author: ---
+ * test: Memory Leak Test
+ * description: Test for Memory Leak
+ * expect: .
+ */
+int ocsp_success_memory_leak()
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ statm_t memStatus;
+ cert_svc_linked_list* sorted = NULL;
+ int i;
+
+ for(i=0; i<100; i++ ){
+ ocsp_success_with_aia();
+ ocsp_success_with_no_aia();
+ ocsp_fail_revokation();
+ ocsp_fail_no_uri();
+ ocsp_fail_no_network();
+ ocsp_fail_invalid_cert_chain();
+ ocsp_fail_null_cert();
+ read_off_memory_status(&memStatus);
+ printf("loop %d th : size=%d, resident=%d, share=%d, text=%d, lib=%d, data=%d, dt=%d\n", i,
+ memStatus.size, memStatus.resident, memStatus.share, memStatus.text,
+ memStatus.lib, memStatus.data, memStatus.dt);
+ }
+}
+
+void run_test(int (*function)(), const char *function_name) {
+ int ret = 0;
+
+ printf("\n-- %s start\n", function_name);
+ ret = (*function)();
+ printf("---- result : ");
+ if(ret == 0) {
+ printf("success\n");
+ }else {
+ printf("fail\n");
+ }
+}
+
+int test_ocsp(){
+ int ret;
+ printf("\n[test_ocsp started]\n");
+
+ system("cert-svc-tests-start-ocsp-server.sh");
+ sleep(1);
+
+ run_test(&ocsp_success_with_aia, "ocsp_success_with_aia");
+ run_test(&ocsp_success_with_no_aia, "ocsp_success_with_no_aia");
+ run_test(&ocsp_fail_revokation, "ocsp_fail_revokation");
+ run_test(&ocsp_fail_no_uri, "ocsp_fail_no_uri");
+ run_test(&ocsp_fail_no_network, "ocsp_fail_no_network");
+ run_test(&ocsp_fail_invalid_cert_chain, "ocsp_fail_invalid_cert_chain");
+ run_test(&ocsp_fail_null_cert, "ocsp_fail_null_cert");
+ run_test(&ocsp_success_real_cert, "ocsp_success_real_cert");
+// run_test(&ocsp_success_memory_leak, "ocsp_success_memory_leak");
+
+ printf("\n");
+ system("cert-svc-tests-kill-ocsp-server.sh");
+
+ printf("\n[test_ocsp finished]\n");
+ return ret;
+}
+
+#endif
--- /dev/null
+/*
+ * certification service
+ *
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Dongsun Lee <ds73.lee@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#ifndef TEST_SUITE_H_
+#define TEST_SUITE_H_
+
+int test_caflag();
+
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+int test_ocsp();
+#endif
+
+#endif /* TEST_CAFLAG_H_ */
--- /dev/null
+/*
+ * certification service
+ *
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Dongsun Lee <ds73.lee@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <test_suite.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+int main() {
+ int ret;
+ ret = test_caflag();
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ ret = test_ocsp();
+#endif
+ return ret;
+}
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Root CA for PKCS12 Test/emailAddress=tt@gmail.com
+ Validity
+ Not Before: May 7 08:25:27 2015 GMT
+ Not After : May 4 08:25:27 2025 GMT
+ Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Root CA for PKCS12 Test/emailAddress=tt@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:be:32:b4:73:08:76:e2:4a:1e:39:ac:43:31:20:
+ a6:5b:a2:a2:7c:95:c7:9a:1c:60:10:47:0e:d3:f0:
+ 50:52:6d:a2:a6:b2:b1:22:25:59:a3:7d:26:ab:3b:
+ b6:e5:4d:98:9e:47:f3:4f:b3:31:65:a1:16:72:71:
+ f9:56:64:7b:79:57:9e:f5:5f:d2:af:fa:14:fb:2d:
+ 3d:1f:40:e8:f7:1e:19:8c:d8:d5:9c:90:c7:f8:00:
+ 90:d2:a0:47:93:7b:2f:3a:38:7e:e3:f8:59:73:b7:
+ a4:06:f4:41:4a:0b:68:1e:2a:37:d5:de:91:55:6e:
+ d7:5c:7d:08:ee:be:1e:ba:1b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 2C:2D:C8:DC:D0:F1:12:04:33:70:4A:4B:4F:DA:92:E0:4D:02:B2:F8
+ X509v3 Authority Key Identifier:
+ keyid:2C:2D:C8:DC:D0:F1:12:04:33:70:4A:4B:4F:DA:92:E0:4D:02:B2:F8
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha256WithRSAEncryption
+ 91:7f:c8:cb:43:a6:e8:ee:47:9b:4b:31:c3:6f:c0:e5:3e:32:
+ 88:c8:4e:5d:96:85:20:8f:86:47:96:b7:c0:53:8d:4b:26:4b:
+ 01:2f:5a:4e:87:18:60:2c:25:d6:eb:d7:a9:74:44:bc:3f:60:
+ 7a:3b:14:7a:05:ca:f3:99:cb:d5:73:29:52:c5:b2:11:c0:ad:
+ e9:7a:c2:fd:c2:30:ac:f6:76:54:13:51:d6:d7:76:1d:56:58:
+ f0:c9:64:e1:cb:84:b8:af:65:f2:4a:dd:19:b5:05:03:ce:12:
+ 8a:9e:25:59:00:8b:d1:4f:25:87:66:bc:54:cc:d5:c8:43:5e:
+ 46:7c
+-----BEGIN CERTIFICATE-----
+MIIC2DCCAkGgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCS1Ix
+DjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMRMwEQYDVQQLDApUaXpl
+biBUZXN0MSUwIwYDVQQDDBxUZXN0IFJvb3QgQ0EgZm9yIFBLQ1MxMiBUZXN0MRsw
+GQYJKoZIhvcNAQkBFgx0dEBnbWFpbC5jb20wHhcNMTUwNTA3MDgyNTI3WhcNMjUw
+NTA0MDgyNTI3WjCBiDELMAkGA1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYD
+VQQKDAdTYW1zdW5nMRMwEQYDVQQLDApUaXplbiBUZXN0MSUwIwYDVQQDDBxUZXN0
+IFJvb3QgQ0EgZm9yIFBLQ1MxMiBUZXN0MRswGQYJKoZIhvcNAQkBFgx0dEBnbWFp
+bC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL4ytHMIduJKHjmsQzEg
+pluionyVx5ocYBBHDtPwUFJtoqaysSIlWaN9Jqs7tuVNmJ5H80+zMWWhFnJx+VZk
+e3lXnvVf0q/6FPstPR9A6PceGYzY1ZyQx/gAkNKgR5N7Lzo4fuP4WXO3pAb0QUoL
+aB4qN9XekVVu11x9CO6+HrobAgMBAAGjUDBOMB0GA1UdDgQWBBQsLcjc0PESBDNw
+SktP2pLgTQKy+DAfBgNVHSMEGDAWgBQsLcjc0PESBDNwSktP2pLgTQKy+DAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAJF/yMtDpujuR5tLMcNvwOU+MojI
+Tl2WhSCPhkeWt8BTjUsmSwEvWk6HGGAsJdbr16l0RLw/YHo7FHoFyvOZy9VzKVLF
+shHArel6wv3CMKz2dlQTUdbXdh1WWPDJZOHLhLivZfJK3Rm1BQPOEoqeJVkAi9FP
+JYdmvFTM1chDXkZ8
+-----END CERTIFICATE-----
#
INCLUDE(FindPkgConfig)
SET(TARGET_PKCS12_TEST "cert-svc-tests-pkcs12")
+SET(TARGET_PKCS12_TEST_AUX "cert-svc-tests-pkcs12-aux")
-PKG_CHECK_MODULES(PKCS12_TEST_DEP
- libsoup-2.4
- dpl-test-efl
- dpl-db-efl
- libpcrecpp
- secure-storage
- REQUIRED
- )
SET(PKCS12_TEST_SOURCES
${PROJECT_SOURCE_DIR}/tests/pkcs12/pkcs12_test.cpp
${PROJECT_SOURCE_DIR}/tests/pkcs12/test_cases.cpp
+ ${VCORE_DPL_SOURCES}
)
INCLUDE_DIRECTORIES(
${PROJECT_SOURCE_DIR}/tests/pkcs12
${PKCS12_TEST_DEP_INCLUDE_DIRS}
${VCOREC_TEST_DEP_INCLUDE_DIRS}
+ ${VCORE_DPL_INCLUDE}
)
ADD_EXECUTABLE(${TARGET_PKCS12_TEST} ${PKCS12_TEST_SOURCES})
-ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
-
TARGET_LINK_LIBRARIES(${TARGET_PKCS12_TEST}
${TARGET_PKCS12_TEST_LIB}
${PKCS12_TEST_DEP_LIBRARIES}
${TARGET_VCORE_LIB}
- ${VCOREC_TEST_DEP_LIBRARIES}
+ ${VCORE_TEST_DEP_LIBRARIES}
)
INSTALL(TARGETS ${TARGET_PKCS12_TEST}
WORLD_EXECUTE
)
+
+SET(PKCS12_TEST_SOURCES_AUX
+ ${PROJECT_SOURCE_DIR}/tests/pkcs12/pkcs12_test.cpp
+ ${PROJECT_SOURCE_DIR}/tests/pkcs12/aux_test.cpp
+ ${VCORE_DPL_SOURCES}
+ )
+
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/vcore/src
+ ${PROJECT_SOURCE_DIR}/tests/pkcs12
+ ${PKCS12_TEST_DEP_INCLUDE_DIRS}
+ ${VCOREC_TEST_DEP_INCLUDE_DIRS}
+ ${VCORE_DPL_INCLUDE}
+)
+
+ADD_EXECUTABLE(${TARGET_PKCS12_TEST_AUX} ${PKCS12_TEST_SOURCES_AUX})
+
+TARGET_LINK_LIBRARIES(
+ ${TARGET_PKCS12_TEST_AUX}
+ ${TARGET_PKCS12_TEST_LIB}
+ ${PKCS12_TEST_DEP_LIBRARIES}
+ ${TARGET_VCORE_LIB}
+ ${VCOREC_TEST_DEP_LIBRARIES}
+)
+
+INSTALL(TARGETS ${TARGET_PKCS12_TEST_AUX}
+ DESTINATION /usr/bin
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE
+ )
+
INSTALL(FILES
${PROJECT_SOURCE_DIR}/tests/pkcs12/test.p12
${PROJECT_SOURCE_DIR}/tests/pkcs12/with_pass.p12
${PROJECT_SOURCE_DIR}/tests/pkcs12/without_pass.p12
+ ${PROJECT_SOURCE_DIR}/tests/pkcs12/eastest036.pfx
+ ${PROJECT_SOURCE_DIR}/tests/pkcs12/Maha.pfx
+ ${PROJECT_SOURCE_DIR}/tests/pkcs12/filip.pkcs12
+ ${PROJECT_SOURCE_DIR}/tests/pkcs12/tizen_test_certs.p12
DESTINATION /opt/apps/widget/tests/pkcs12/
)
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/pkcs12/8956b9bc.0
+ DESTINATION /opt/etc/ssl/certs/
+)
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file aux_test.cpp
+ * @author Jacek Migacz (j.migacz@samsung.com)
+ * @version 1.0
+ * @brief Auxiliary PKCS#12 test case.
+ */
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <dpl/test/test_runner.h>
+#include <dpl/log/log.h>
+#include <cert-svc/cinstance.h>
+#include <cert-svc/ccert.h>
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+#include <cert-svc/ccrl.h>
+#include <cert-svc/cocsp.h>
+#endif
+#include <cert-svc/cpkcs12.h>
+#include <cert-svc/cerror.h>
+#include <cert-service.h>
+
+#define ACCUM "/tmp/.test99_aux_test"
+
+RUNNER_TEST(test99_aux_test) {
+ const char alias[] = "__AUX__";
+ int result;
+ CertSvcInstance instance;
+ CertSvcString Alias;
+ char *buf;
+ size_t size;
+ FILE *stream;
+
+ certsvc_instance_new(&instance);
+ result = certsvc_string_new(instance, alias, strlen(alias), &Alias);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "Failed to create new CertSvcString");
+
+ result = certsvc_pkcs12_private_key_dup(instance, Alias, &buf, &size);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_private_key_dup failed.");
+ RUNNER_ASSERT_MSG(size != 0, "empty pkey buffer");
+
+ certsvc_pkcs12_private_key_free(buf);
+ stream = fopen(ACCUM, "w");
+ RUNNER_ASSERT_MSG(stream != NULL, "fopen failed.");
+
+ fwrite("1", 1, 1, stream);
+ fclose(stream);
+ certsvc_instance_free(instance);
+}
int main (int argc, char *argv[]) {
certsvc_instance_new(&vinstance);
- int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+ int status = VcoreDPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
certsvc_instance_free(vinstance);
return status;
}
* @brief PKCS#12 test cases.
*/
#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/wait.h>
#include <dpl/test/test_runner.h>
#include <dpl/log/log.h>
#include <cert-svc/cinstance.h>
#include <cert-svc/ccert.h>
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
#include <cert-svc/ccrl.h>
#include <cert-svc/cocsp.h>
+#endif
#include <cert-svc/cpkcs12.h>
#include <cert-svc/cerror.h>
+#include <cert-svc/cprimitives.h>
#include <cert-service.h>
static CertSvcInstance instance;
#define FREE_INSTANCE \
certsvc_instance_free(instance);
+#define ACCUM "/tmp/.test99_aux_test"
+
+/*
+ * author: Jacek Migacz
+ * test: Import and remove pkcs container.
+ * description: Importing and deleting pkcs container.
+ * expect: Import and removing container should return success.
+ */
RUNNER_TEST(test01_import_and_remove_pkcs12_container) {
const char path[] = "/opt/apps/widget/tests/pkcs12/test.p12";
const char pass[] = "zaq12WSX";
CertSvcString Alias, Path, Pass;
RUNNER_ASSERT_MSG((tmpnam(tmpn)), "tmpnam(3) failed..");
alias = strrchr(tmpn, '/');
+ RUNNER_ASSERT_MSG(alias != NULL, "return null value from strrchr function.");
++alias;
RUNNER_ASSERT_MSG(alias && *alias, "Invalid alias.");
Alias.privateHandler = (char *)alias;
RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS && !is_unique, "certsvc_pkcs12_alias_exists failed.");
char *buf;
- int size;
+ size_t size;
result = certsvc_pkcs12_private_key_dup(instance, Alias, &buf, &size);
RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_private_key_dup failed.");
certsvc_pkcs12_private_key_free(buf);
FREE_INSTANCE
}
+/*
+ * author: Jacek Migacz
+ * test: Testing container password.
+ * description: Checking if container has password.
+ * expect: Container should has password
+ */
RUNNER_TEST(test02_pkcs12_has_password) {
const char with[] = "/opt/apps/widget/tests/pkcs12/with_pass.p12";
int has_pwd = 0;
RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS && has_pwd == CERTSVC_TRUE, "Error quering pkcs12/pfx container password.");
}
+/*
+ * author: Jacek Migacz
+ * test: Testing container password.
+ * description: Checking if container has password.
+ * expect: Container should has not password.
+ */
RUNNER_TEST(test03_pkcs12_has_password) {
const char without[] = "/opt/apps/widget/tests/pkcs12/without_pass.p12";
int has_pwd = 0;
RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS && has_pwd == CERTSVC_FALSE, "Error quering pkcs12/pfx container password.");
}
+
+/*
+ * author: Jacek Migacz
+ * test: Testing pkcs extensions.
+ * description: Loading certificates list from container.
+ * expect: Certyficates list from container should load correc.
+ */
+RUNNER_TEST(test04_PFX_extension) {
+ const char path[] = "/opt/apps/widget/tests/pkcs12/eastest036.pfx";
+ const char pass[] = "123456";
+ char tmpn[L_tmpnam], *alias;
+ int result;
+
+ CREATE_INSTANCE
+ CertSvcString Alias, Path, Pass;
+ RUNNER_ASSERT_MSG((tmpnam(tmpn)), "tmpnam(3) failed..");
+ alias = strrchr(tmpn, '/');
+ RUNNER_ASSERT_MSG(alias != NULL, "strrcher operation error.");
+
+ ++alias;
+
+ RUNNER_ASSERT_MSG(alias && *alias, "Invalid alias.");
+ Alias.privateHandler = (char *)alias;
+ Alias.privateLength = strlen(alias);
+ Pass.privateHandler = (char *)pass;
+ Pass.privateLength = strlen(pass);
+ Path.privateHandler = (char *)path;
+ Path.privateLength = strlen(path);
+ result = certsvc_pkcs12_import_from_file(instance, Path, Pass, Alias);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_import_from_file failed.");
+
+ char *buf;
+ size_t size;
+ result = certsvc_pkcs12_private_key_dup(instance, Alias, &buf, &size);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_private_key_dup failed.");
+ certsvc_pkcs12_private_key_free(buf);
+
+ CertSvcCertificateList list;
+ result = certsvc_pkcs12_load_certificate_list(instance, Alias, &list);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_load_certificate_list failed.");
+
+ result = certsvc_pkcs12_delete(instance, Alias);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_delete failed.");
+ FREE_INSTANCE
+}
+
+/*
+ * author: Jacek Migacz
+ * test: Intermediate certificate.
+ * description: Getting details of certificates list from container.
+ * expect: Certificates list is not empty and it is possible to get one certificate from list.
+ */
+RUNNER_TEST(test04_intermediate_certificate) {
+ const char path[] = "/opt/apps/widget/tests/pkcs12/Maha.pfx";
+ const char pass[] = "siso@123";
+ const char alias[] = "maha";
+
+ int cert_ret = CERTSVC_SUCCESS;
+ CertSvcCertificateList cert_list;
+ CertSvcString cert_path_str, cert_pass_str, cert_alias_str;
+ CertSvcCertificate cert_output;
+ certsvc_instance_new(&instance);
+
+ cert_ret = certsvc_string_new(instance, path, strlen(path), &cert_path_str);
+ RUNNER_ASSERT_MSG(cert_ret == CERTSVC_SUCCESS, "Failed to create new CertSvcString");
+
+ cert_ret = certsvc_string_new(instance, pass, strlen(pass), &cert_pass_str);
+ RUNNER_ASSERT_MSG(cert_ret == CERTSVC_SUCCESS, "Failed to create new CertSvcString");
+
+ cert_ret = certsvc_string_new(instance, alias, strlen(alias), &cert_alias_str);
+ RUNNER_ASSERT_MSG(cert_ret == CERTSVC_SUCCESS, "Failed to create new CertSvcString");
+
+ int is_unique;
+ cert_ret = certsvc_pkcs12_alias_exists(instance, cert_alias_str, &is_unique);
+ RUNNER_ASSERT_MSG(cert_ret == CERTSVC_SUCCESS, "Failed certsvc_pkcs12_alias_exists");
+ if(is_unique == CERTSVC_FALSE) {
+ cert_ret = certsvc_pkcs12_delete(instance, cert_alias_str);
+ RUNNER_ASSERT_MSG(cert_ret == CERTSVC_SUCCESS, "certsvc_pkcs12_delete failed.");
+ }
+
+ cert_ret = certsvc_pkcs12_import_from_file(instance, cert_path_str, cert_pass_str, cert_alias_str);
+ RUNNER_ASSERT_MSG(cert_ret == CERTSVC_SUCCESS, "certsvc_pkcs12_import_from_file failed.");
+
+ char *buf;
+ size_t size;
+ cert_ret = certsvc_pkcs12_private_key_dup(instance, cert_alias_str, &buf, &size);
+ RUNNER_ASSERT_MSG(cert_ret == CERTSVC_SUCCESS, "certsvc_pkcs12_private_key_dup failed.");
+ RUNNER_ASSERT_MSG(size != 0, "empty pkey buffer");
+ certsvc_pkcs12_private_key_free(buf);
+
+ int result;
+ CertSvcStringList stringList;
+ result = certsvc_pkcs12_get_id_list(instance, &stringList);
+ RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certsvc_pkcs12_get_id_list");
+
+ cert_ret = certsvc_pkcs12_load_certificate_list(instance, cert_alias_str, &cert_list);
+ RUNNER_ASSERT_MSG(cert_ret == CERTSVC_SUCCESS, "Failed certsvc_pkcs12_load_certificate_list");
+
+ int len;
+ cert_ret = certsvc_certificate_list_get_length(cert_list, &len);
+ RUNNER_ASSERT_MSG(cert_ret == CERTSVC_SUCCESS, "Failed certsvc_certificate_list_get_length");
+ RUNNER_ASSERT_MSG(len != 0, "invalid list lenght");
+
+ cert_ret = certsvc_certificate_list_get_one(cert_list, 0, &cert_output);
+ RUNNER_ASSERT_MSG(cert_ret == CERTSVC_SUCCESS, "Failed certsvc_certificate_list_get_one");
+
+ result = certsvc_pkcs12_delete(instance, cert_alias_str);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_delete failed.");
+ FREE_INSTANCE
+}
+
+/*
+ * author: Jacek Migacz
+ * test: Testing in case of different gid
+ * description: Another process is created and tries to acces key from container.
+ * expect: Another process should have access to the container.
+ */
+RUNNER_TEST(test04_different_gid) {
+ const char path[] = "/opt/apps/widget/tests/pkcs12/eastest036.pfx";
+ const char pass[] = "123456";
+ const char alias[] = "__AUX__";
+ FILE *stream;
+ int result, status;
+ CertSvcString Path, Pass, Alias;
+ char buf;
+
+ CREATE_INSTANCE
+
+ result = certsvc_string_new(instance, path, strlen(path), &Path);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "Failed to create new CertSvcString");
+ result = certsvc_string_new(instance, pass, strlen(pass), &Pass);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "Failed to create new CertSvcString");
+ result = certsvc_string_new(instance, alias, strlen(alias), &Alias);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "Failed to create new CertSvcString");
+ result = certsvc_pkcs12_delete(instance, Alias);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_delete failed.");
+
+ result = certsvc_pkcs12_import_from_file(instance, Path, Pass, Alias);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_import_from_file failed.");
+
+ const char BINARY[] = "/usr/bin/cert-svc-tests-pkcs12-aux";
+ switch(fork()) {
+ case 0:
+ execl(BINARY, BINARY, "--output=text", NULL);
+ break;
+ case -1:
+ RUNNER_ASSERT_MSG(true != false, "fork failed.");
+ break;
+ default:
+ sleep(1);
+ result = certsvc_pkcs12_delete(instance, Alias);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_delete failed.");
+ stream = fopen(ACCUM, "r");
+ RUNNER_ASSERT_MSG(stream != NULL, "fopen failed.");
+ RUNNER_ASSERT_MSG(1 == fread(&buf, 1, 1, stream), "error in fread");
+ fclose(stream);
+ RUNNER_ASSERT_MSG(buf == '1', "aux test faield.");
+ wait(&status);
+ unlink(ACCUM);
+ }
+
+ FREE_INSTANCE
+}
+
+/*
+ * author: Jacek Migacz
+ * test: Reading key from container.
+ * description: Checking container key size.
+ * expect: Key size should be 256.
+ */
+RUNNER_TEST(test05_dup_EVP_PKEY) {
+ const char path[] = "/opt/apps/widget/tests/pkcs12/eastest036.pfx";
+ const char pass[] = "123456";
+ char tmpn[L_tmpnam], *alias;
+ int result;
+
+ CREATE_INSTANCE
+ CertSvcString Alias, Path, Pass;
+ RUNNER_ASSERT_MSG((tmpnam(tmpn)), "tmpnam(3) failed..");
+ alias = strrchr(tmpn, '/');
+ RUNNER_ASSERT_MSG(alias != NULL, "return null value from strrchr function");
+ ++alias;
+ RUNNER_ASSERT_MSG(alias && *alias, "Invalid alias.");
+
+ certsvc_string_new(instance, alias, strlen(alias), &Alias);
+ certsvc_string_new(instance, pass, strlen(pass), &Pass);
+ certsvc_string_new(instance, path, strlen(path), &Path);
+
+ result = certsvc_pkcs12_import_from_file(instance, Path, Pass, Alias);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_import_from_file failed.");
+
+ EVP_PKEY *pkey;
+ result = certsvc_pkcs12_dup_evp_pkey(instance, Alias, &pkey);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_evp_pkey_dup failed");
+
+ RUNNER_ASSERT_MSG(256 == EVP_PKEY_size(pkey), "wrong key size");
+ certsvc_pkcs12_free_evp_pkey(pkey);
+
+ FREE_INSTANCE
+}
+
+/*
+ * author: Jacek Migacz
+ * test: Reading key from container.
+ * description: Checking container key size.
+ * expect: Key size should be 128.
+ */
+RUNNER_TEST(test06_dup_EVP_PKEY) {
+ const char cpath[] = "/opt/apps/widget/tests/pkcs12/filip.pkcs12";
+ const char cpass_import[] = "123456";
+ const char calias[] = "alamakota";
+ int result;
+
+ CREATE_INSTANCE
+
+ CertSvcString alias, path, passi;
+
+ certsvc_string_new(instance, cpath, strlen(cpath), &path);
+ certsvc_string_new(instance, cpass_import, strlen(cpass_import), &passi);
+ certsvc_string_new(instance, calias, strlen(calias), &alias);
+
+ result = certsvc_pkcs12_import_from_file(instance, path, passi, alias);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_import_from_file failed");
+
+ EVP_PKEY *pkey;
+ result = certsvc_pkcs12_dup_evp_pkey(instance, alias, &pkey);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_evp_pkey_dup failed");
+
+ RUNNER_ASSERT_MSG(128 == EVP_PKEY_size(pkey), "wrong key size");
+ certsvc_pkcs12_free_evp_pkey(pkey);
+
+ result = certsvc_pkcs12_delete(instance, alias);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_delete failed.");
+
+ FREE_INSTANCE
+}
+
+/*
+ * author: Janusz Kozerski <j.kozerski@samsung.com>
+ * test: Installation pkcs12 with more than 2 certificates.
+ * description: Test certsvc_pkcs12_import_from_file function for specify pkcs12 file.
+ * expect: Successful install and successful uninstall.
+ */
+RUNNER_TEST(test07_pkcs_with_3_certs) {
+ const char cpath[] = "/opt/apps/widget/tests/pkcs12/tizen_test_certs.p12";
+ const char cpass_import[] = "password";
+ const char calias[] = "Tizen test cert";
+ int result;
+
+ CREATE_INSTANCE
+
+ CertSvcString alias, path, pass;
+
+ certsvc_string_new(instance, cpath, strlen(cpath), &path);
+ certsvc_string_new(instance, cpass_import, strlen(cpass_import), &pass);
+ certsvc_string_new(instance, calias, strlen(calias), &alias);
+
+ result = certsvc_pkcs12_import_from_file(instance, path, pass, alias);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_import_from_file failed.");
+
+ result = certsvc_pkcs12_delete(instance, alias);
+ RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_delete failed.");
+
+ FREE_INSTANCE
+}
+
INCLUDE(FindPkgConfig)
SET(TARGET_VCORE_TEST "cert-svc-tests-vcore")
-PKG_CHECK_MODULES(VCORE_TEST_DEP
- libsoup-2.4
- dpl-test-efl
- dpl-db-efl
- libpcrecpp
- REQUIRED
- )
-
SET(VCORE_TESTS_SOURCES
${PROJECT_SOURCE_DIR}/tests/vcore/vcore_tests.cpp
${PROJECT_SOURCE_DIR}/tests/vcore/TestCases.cpp
${PROJECT_SOURCE_DIR}/tests/vcore/TestEnv.cpp
- ${PROJECT_SOURCE_DIR}/tests/vcore/TestCRL.cpp
${PROJECT_SOURCE_DIR}/tests/vcore/file_input_mapping.cpp
+ ${VCORE_DPL_SOURCES}
)
+IF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+SET(VCORE_TESTS_SOURCES
+ ${PROJECT_SOURCE_DIR}/tests/vcore/vcore_tests.cpp
+ ${PROJECT_SOURCE_DIR}/tests/vcore/TestCases.cpp
+ ${PROJECT_SOURCE_DIR}/tests/vcore/TestEnv.cpp
+ ${PROJECT_SOURCE_DIR}/tests/vcore/file_input_mapping.cpp
+ ${PROJECT_SOURCE_DIR}/tests/vcore/TestCRL.cpp
+ ${VCORE_DPL_SOURCES}
+ )
+ENDIF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+
INCLUDE_DIRECTORIES(
${PROJECT_SOURCE_DIR}/vcore/src
${PROJECT_SOURCE_DIR}/tests/vcore
${VCORE_TEST_DEP_INCLUDE_DIRS}
+ ${VCORE_DPL_INCLUDE}
)
-ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
-
ADD_EXECUTABLE(${TARGET_VCORE_TEST} ${VCORE_TESTS_SOURCES})
-
TARGET_LINK_LIBRARIES(${TARGET_VCORE_TEST}
${SYS_EFL_LIBRARIES}
${TARGET_VCORE_LIB}
WORLD_EXECUTE
)
+IF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
INSTALL(FILES ${PROJECT_SOURCE_DIR}/tests/vcore/cert-svc-tests-vcore-ocsp-server.sh
DESTINATION /usr/bin
PERMISSIONS OWNER_READ
WORLD_READ
WORLD_EXECUTE
)
+ENDIF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
ADD_CUSTOM_COMMAND(TARGET ${TARGET_VCORE_TEST} POST_BUILD
COMMAND ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/create_certs.sh
)
INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_level0deprecated.crt
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_level1.crt
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_level2.crt
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_rootca.crt
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/author-signature.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/signature1.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/signature22.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/config.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/index.html
+ DESTINATION
+ /opt/apps/widget/tests/vcore_widget_uncompressed_negative_hash
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/author-signature.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/signature1.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/signature22.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/config.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/index.html
+ DESTINATION
+ /opt/apps/widget/tests/vcore_widget_uncompressed_negative_signature
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_certificate/author-signature.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_certificate/signature1.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_certificate/config.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_certificate/index.html
+ DESTINATION
+ /opt/apps/widget/tests/vcore_widget_uncompressed_negative_certificate
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner/author-signature.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner/signature1.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner/config.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner/index.html
+ DESTINATION
+ /opt/apps/widget/tests/vcore_widget_uncompressed_partner
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner_operator/author-signature.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner_operator/signature1.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner_operator/config.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner_operator/index.html
+ DESTINATION
+ /opt/apps/widget/tests/vcore_widget_uncompressed_partner_operator
+ )
+
+INSTALL(FILES
+ "${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/reference/encoding test.empty"
+ DESTINATION
+ /opt/apps/widget/tests/reference
+ )
+
+INSTALL(FILES
${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/operator.root.cert.pem
${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/root_cacert0.pem
${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/CAbundle.crt
/opt/apps/widget/tests/vcore_keys
)
+IF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_level0deprecated.crt
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_level1.crt
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_level2.crt
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_rootca.crt
+ DESTINATION
+ /opt/apps/widget/tests/vcore_keys
+ )
+ENDIF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/config/fin_list.xml
+ ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/config/fin_list.xsd
+ DESTINATION
+ /opt/apps/widget/tests/vcore_config/
+)
+
INSTALL(FILES
${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/root_cacert0.pem
DESTINATION
- /opt/share/cert-svc/certs/code-signing/wac/root_cacert0.pem
+ /usr/share/cert-svc/certs/code-signing/wac
)
INSTALL(FILES
${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/2third_level.pem
${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/3second_level.pem
${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/3third_level.pem
- ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/cacrl1.pem
- ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/cacrl2.pem
${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/respcert.pem
${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/respcert.key
${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/openssl.cnf
/opt/apps/widget/tests/vcore_certs/
)
+IF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/cacrl1.pem
+ ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/cacrl2.pem
+ DESTINATION
+ /opt/apps/widget/tests/vcore_certs/
+ )
+ENDIF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+
INSTALL(DIRECTORY
${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/demoCA
DESTINATION
}
TestCRL::TestCRL()
- : CRL(new CRLCacheDAO)
+ : CRLImpl (new CRLCacheDAO)
{
//Add additional lookup dir
int rv = X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR, X509_FILETYPE_PEM);
#define _TEST_CRL_H
#include <string>
-#include <vcore/CRL.h>
+#include <vcore/CRLImpl.h>
#include <vcore/CRLCacheDAO.h>
-class TestCRL : public ValidationCore::CRL
+class TestCRL : public ValidationCore::CRLImpl
{
public:
TestCRL();
/*
+ *
* Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
#include <string>
#include <dpl/test/test_runner.h>
-#include <dpl/wrt-dao-ro/global_config.h>
#include <dpl/log/log.h>
-
+#include <vcore/CryptoHash.h>
#include <vcore/ReferenceValidator.h>
#include <vcore/SignatureFinder.h>
#include <vcore/SignatureReader.h>
#include <vcore/SignatureValidator.h>
-#include <vcore/OCSP.h>
-#include <vcore/CachedOCSP.h>
+#include <vcore/WrtSignatureValidator.h>
#include "TestEnv.h"
-#include <vcore/SSLContainers.h>
#include <vcore/Base64.h>
+#include <vcore/CertificateConfigReader.h>
+#include <vcore/CertificateIdentifier.h>
#include <vcore/CertificateLoader.h>
+#include <vcore/RevocationCheckerBase.h>
+
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+#include <vcore/OCSP.h>
+#include <vcore/CachedOCSP.h>
+#include <vcore/SSLContainers.h>
#include <vcore/CRL.h>
#include <vcore/CachedCRL.h>
-#include <vcore/RevocationCheckerBase.h>
#include "TestCRL.h"
#include <vcore/CertificateCacheDAO.h>
+#endif
namespace {
const std::string widget_path =
"/opt/apps/widget/tests/vcore_widget_uncompressed/";
+const std::string widget_negative_hash_path =
+ "/opt/apps/widget/tests/vcore_widget_uncompressed_negative_hash/";
+const std::string widget_negative_signature_path =
+ "/opt/apps/widget/tests/vcore_widget_uncompressed_negative_signature/";
+const std::string widget_negative_certificate_path =
+ "/opt/apps/widget/tests/vcore_widget_uncompressed_negative_certificate/";
+const std::string widget_partner_path =
+ "/opt/apps/widget/tests/vcore_widget_uncompressed_partner/";
+const std::string widget_partner_operator_path =
+ "/opt/apps/widget/tests/vcore_widget_uncompressed_partner_operator/";
+
+inline const char* GetSignatureXmlSchema()
+{
+ return "/usr/share/wrt-engine/schema.xsd";
+}
+
+
const std::string keys_path = "/opt/apps/widget/tests/vcore_keys/";
const std::string widget_store_path = "/opt/apps/widget/tests/vcore_widgets/";
const std::string cert_store_path = "/opt/apps/widget/tests/vcore_certs/";
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
const std::string crl_URI = "http://localhost/my.crl";
+#endif
const std::string anka_ec_key_type = "urn:oid:1.2.840.10045.3.1.7";
const std::string anka_ec_public_key =
"k7VEkfthURnNR1WtOLT8dmAuKQfwTQLPwCwUM/QiuWSlCyKLTE4Ev8aOG7ZqWudsKm/td"\
"n9pUNGtcod1wo1ZtP7PfEJ6rYZGQDOlz8=";
+const std::string tizen_partner =
+"MIICozCCAgwCCQD9IBoOxzq2hjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC"
+"S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6"
+"ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEq"
+"MCgGA1UEAwwhVGl6ZW4gUGFydG5lciBEaXN0cmlidXRvciBSb290IENBMB4XDTEy"
+"MTAyNjA4MTIzMVoXDTIyMTAyNDA4MTIzMVowgZUxCzAJBgNVBAYTAktSMQ4wDAYD"
+"VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg"
+"Q0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKjAoBgNVBAMM"
+"IVRpemVuIFBhcnRuZXIgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B"
+"AQEFAAOBjQAwgYkCgYEAnIBA2qQEaMzGalP0kzvwUxdCC6ybSC/fb+M9iGvt8QXp"
+"ic2yARQB+bIhfbEu1XHwE1jCAGxKd6uT91b4FWr04YwnBPoRX4rBGIYlqo/dg+pS"
+"rGyFjy7vfr0BOdWp2+WPlTe7SOS6bVauncrSoHxX0spiLaU5LU686BKr7YaABV0C"
+"AwEAATANBgkqhkiG9w0BAQUFAAOBgQAX0Tcfmxcs1TUPBdr1U1dx/W/6Y4PcAF7n"
+"DnMrR0ZNRPgeSCiVLax1bkHxcvW74WchdKIb24ZtAsFwyrsmUCRV842YHdfddjo6"
+"xgUu7B8n7hQeV3EADh6ft/lE8nalzAl9tALTxAmLtYvEYA7thvDoKi1k7bN48izL"
+"gS9G4WEAUg==";
+
+const std::string tizen_partner_operator =
+"MIICzDCCAjWgAwIBAgIJAJrv22F9wyp/MA0GCSqGSIb3DQEBBQUAMIGeMQswCQYD"
+"VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQK"
+"DA1UaXplbiBUZXN0IENBMSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0"
+"IENBMTMwMQYDVQQDDCpUaXplbiBQYXJ0bmVyLU9wZXJhdG9yIERpc3RyaWJ1dG9y"
+"IFJvb3QgQ0EwHhcNMTIxMjEzMDUzOTMyWhcNMjIxMjExMDUzOTMyWjCBnjELMAkG"
+"A1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UE"
+"CgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVz"
+"dCBDQTEzMDEGA1UEAwwqVGl6ZW4gUGFydG5lci1PcGVyYXRvciBEaXN0cmlidXRv"
+"ciBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9X0Hw0EfAuagg"
+"De9h6Jtvh8Df4fyVbvLm9VNea/iVP3/qTbG8tNqoQ32lu0SwzAZBnjpvpbxzsWs9"
+"pSYo7Ys1fymHlu+gf+kmTGTVscBrAHWkr4O0m33x2FYfy/wmu+IImnRDYDud83rN"
+"tjQmMO6BihN9Lb6kLiEtVIa8ITwdQwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G"
+"CSqGSIb3DQEBBQUAA4GBAHS2M2UnfEsZf80/sT84xTcfASXgpFL/1M5HiAVpR+1O"
+"UwLpLyqHiGQaASuADDeGEfcIqEf8gP1SzvnAZqLx9GchbOrOKRleooVFH7PRxFBS"
+"VWJ5Fq46dJ1mCgTWSkrL6dN5j9hWCzzGfv0Wco+NAf61n9kVbCv7AScIJwQNltOy";
+
const std::string googleCA =
"MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG"
"A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz"
// std::string m_strEnvVar;
//};
//
-//class PolicyChanger : public DPL::Event::EventListener<AceUpdateResponseEvent>
+//class PolicyChanger : public
VcoreDPL::Event::EventListener<AceUpdateResponseEvent>
//{
// public:
// PolicyChanger()
// {
-// DPL::Event::EventDeliverySystem::AddListener<AceUpdateResponseEvent>(this);
+//
VcoreDPL::Event::EventDeliverySystem::AddListener<AceUpdateResponseEvent>(this);
// }
//
// ~PolicyChanger()
// {
-// DPL::Event::EventDeliverySystem::RemoveListener<AceUpdateResponseEvent>(this);
+//
VcoreDPL::Event::EventDeliverySystem::RemoveListener<AceUpdateResponseEvent>(this);
// }
//
// void OnEventReceived(const AceUpdateResponseEvent& event)
// void updatePolicy(const std::string& path)
// {
// AceUpdateRequestEvent event(path);
-// DPL::Event::EventDeliverySystem::Publish(event);
+// VcoreDPL::Event::EventDeliverySystem::Publish(event);
// LoopControl::wait_for_wrt_init();
// }
//};
//////// VALIDATION CORE TEST SUITE ////////////
//////////////////////////////////////////////////
+/*
+ * test: Class SignatureFinder
+ * description: SignatureFinder should search directory passed as
+ * param of constructor.
+ * expected: Signature finder should put information about 3
+ * signture files in SinatureFileInfoSet.
+ */
RUNNER_TEST(test01_signature_finder)
{
SignatureFileInfoSet signatureSet;
RUNNER_ASSERT_MSG(signatureSet.size() == 3,
"Some signature has not been found");
- SignatureFileInfo first = *(signatureSet.begin());
- RUNNER_ASSERT_MSG(
- std::string("author-signature.xml") == first.getFileName(),
- "Author Signature");
- RUNNER_ASSERT_MSG(-1 == first.getFileNumber(), "Wrong signature number.");
- first = *(signatureSet.rbegin());
- RUNNER_ASSERT_MSG(std::string("signature22.xml") == first.getFileName(),
- "Wrong signature fileName.");
- RUNNER_ASSERT_MSG(22 == first.getFileNumber(), "Wrong signature number.");
+ SignatureFileInfo first = *(signatureSet.begin());
+ RUNNER_ASSERT_MSG(
+ std::string("author-signature.xml") == first.getFileName(),
+ "Author Signature");
+ RUNNER_ASSERT_MSG(-1 == first.getFileNumber(), "Wrong signature number.");
+ first = *(signatureSet.rbegin());
+ RUNNER_ASSERT_MSG(std::string("signature22.xml") == first.getFileName(),
+ "Wrong signature fileName.");
+ RUNNER_ASSERT_MSG(22 == first.getFileNumber(), "Wrong signature number.");
+}
+
+/*
+ * test: Class SignatureReader
+ * description: SignatureReader should parse widget digigal signaturesignature
+ * without any errors. Path to signature is passed to constructor.
+ * param of destructor.
+ * expected: SignatureReader should not throw any exception.
+ */
+RUNNER_TEST(test02_signature_reader)
+{
+ SignatureFileInfoSet signatureSet;
+ SignatureFinder signatureFinder(widget_path);
+ RUNNER_ASSERT_MSG(
+ SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
+ "SignatureFinder failed");
+
+ SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin();
+
+ for (; iter != signatureSet.rend(); ++iter) {
+ SignatureData data(widget_path + iter->getFileName(),
+ iter->getFileNumber());
+ SignatureReader xml;
+ xml.initialize(data, GetSignatureXmlSchema());
+ xml.read(data);
+ }
+}
+
+/*
+ * test: Integration test of SignatureFinder, SignatureReader,
+ * SignatureValidator
+ * description: Directory passed to SignatureFinded constructor should be searched
+ * and 3 signature should be find. All signature should be parsed and verified.
+ * expected: Verificator should DISREGARD author signature and VERIFY
+ * distrubutor signature.
+ */
+RUNNER_TEST(test03t01_wrtsignature_validator)
+{
+ SignatureFileInfoSet signatureSet;
+ SignatureFinder signatureFinder(widget_path);
+ LogError("Size: " << signatureSet.size());
+ RUNNER_ASSERT_MSG(
+ SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
+ "SignatureFinder failed");
+
+ SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin();
+ LogError("Size: " << signatureSet.size());
+ for (; iter != signatureSet.rend(); ++iter) {
+ SignatureData data(widget_path + iter->getFileName(),
+ iter->getFileNumber());
+ SignatureReader xml;
+ xml.initialize(data, GetSignatureXmlSchema());
+ xml.read(data);
+
+ WrtSignatureValidator validator(
+ WrtSignatureValidator::WAC20,
+ false,
+ false,
+ false);
+
+ if (data.isAuthorSignature()) {
+ LogError("Author");
+ RUNNER_ASSERT_MSG(
+ WrtSignatureValidator::SIGNATURE_DISREGARD ==
+ validator.check(data, widget_path),
+ "Validation failed");
+ } else {
+ if (data.getSignatureNumber() == 1)
+ {
+ LogError("Distributor1");
+ WrtSignatureValidator::Result temp = validator.check(data, widget_path);
+
+ RUNNER_ASSERT_MSG(
+ WrtSignatureValidator::SIGNATURE_DISREGARD ==
+ temp,
+ "Validation failed");
+
+ LogDebug("test03t01 result: " << temp);
+ }
+ else
+ {
+ LogError("DistributorN");
+ WrtSignatureValidator::Result temp = validator.check(data, widget_path);
+
+ RUNNER_ASSERT_MSG(
+ WrtSignatureValidator::SIGNATURE_VERIFIED ==
+ temp,
+ "Validation failed");
+
+ LogDebug("test03t01 result: " << temp);
+ }
+ }
+ }
+}
+
+RUNNER_TEST(test03t02_wrtsignature_validator_negative_hash_input)
+{
+ SignatureFileInfoSet signatureSet;
+ SignatureFinder signatureFinder(widget_negative_hash_path);
+ LogError("Size: " << signatureSet.size());
+ RUNNER_ASSERT_MSG(
+ SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
+ "SignatureFinder failed");
+
+ SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin();
+ LogError("Size: " << signatureSet.size());
+ for (; iter != signatureSet.rend(); ++iter) {
+ SignatureData data(widget_negative_hash_path + iter->getFileName(),
+ iter->getFileNumber());
+ SignatureReader xml;
+ xml.initialize(data, GetSignatureXmlSchema());
+ xml.read(data);
+
+ WrtSignatureValidator validator(
+ WrtSignatureValidator::WAC20,
+ false,
+ false,
+ false);
+
+ if (data.isAuthorSignature()) {
+ LogError("Author");
+ RUNNER_ASSERT_MSG(
+ WrtSignatureValidator::SIGNATURE_INVALID ==
+ validator.check(data, widget_negative_hash_path),
+ "Wrong input file but success..");
+ } else {
+ LogError("Distributor");
+ RUNNER_ASSERT_MSG(
+ WrtSignatureValidator::SIGNATURE_INVALID ==
+ validator.check(data, widget_negative_hash_path),
+ "Wrong input file but success..");
+ }
+ }
+}
+
+RUNNER_TEST(test03t03_wrtsignature_validator_negative_signature_input)
+{
+ SignatureFileInfoSet signatureSet;
+ SignatureFinder signatureFinder(widget_negative_signature_path);
+ LogError("Size: " << signatureSet.size());
+ RUNNER_ASSERT_MSG(
+ SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
+ "SignatureFinder failed");
+
+ SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin();
+ LogError("Size: " << signatureSet.size());
+ for (; iter != signatureSet.rend(); ++iter) {
+ SignatureData data(widget_negative_signature_path + iter->getFileName(),
+ iter->getFileNumber());
+ SignatureReader xml;
+ xml.initialize(data, GetSignatureXmlSchema());
+ xml.read(data);
+
+ WrtSignatureValidator validator(
+ WrtSignatureValidator::WAC20,
+ false,
+ false,
+ false);
+
+ if (data.isAuthorSignature()) {
+ LogError("Author");
+ RUNNER_ASSERT_MSG(
+ WrtSignatureValidator::SIGNATURE_INVALID ==
+ validator.check(data, widget_negative_signature_path),
+ "Wrong input file but success..");
+ } else {
+ LogError("Distributor");
+ RUNNER_ASSERT_MSG(
+ WrtSignatureValidator::SIGNATURE_INVALID ==
+ validator.check(data, widget_negative_signature_path),
+ "Wrong input file but success..");
+ }
+ }
+}
+
+RUNNER_TEST(test03t04_wrtsignature_validator_partner)
+{
+ SignatureFileInfoSet signatureSet;
+ SignatureFinder signatureFinder(widget_partner_path);
+ LogError("Size: " << signatureSet.size());
+ RUNNER_ASSERT_MSG(
+ SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
+ "SignatureFinder failed");
+
+ SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin();
+ LogError("Size: " << signatureSet.size());
+ for (; iter != signatureSet.rend(); ++iter) {
+ SignatureData data(widget_partner_path + iter->getFileName(),
+ iter->getFileNumber());
+ SignatureReader xml;
+ xml.initialize(data, GetSignatureXmlSchema());
+ xml.read(data);
+
+ WrtSignatureValidator validator(
+ WrtSignatureValidator::WAC20,
+ false,
+ false,
+ false);
+
+ if (data.isAuthorSignature()) {
+ LogError("Author");
+ RUNNER_ASSERT_MSG(
+ WrtSignatureValidator::SIGNATURE_VERIFIED ==
+ validator.check(data, widget_partner_path),
+ "Wrong input file but success..");
+ } else {
+ LogError("Distributor");
+ RUNNER_ASSERT_MSG(
+ WrtSignatureValidator::SIGNATURE_VERIFIED ==
+ validator.check(data, widget_partner_path),
+ "Wrong input file but success..");
+
+ RUNNER_ASSERT_MSG(
+ data.getVisibilityLevel() == CertStoreId::VIS_PARTNER,
+ "visibility check failed.");
+ }
+ }
+}
+/* // no partner_operator certificate in kiran emlulator
+RUNNER_TEST(test03t05_wrtsignature_validator_partner_operator)
+{
+ SignatureFileInfoSet signatureSet;
+ SignatureFinder signatureFinder(widget_partner_operator_path);
+ LogError("Size: " << signatureSet.size());
+ RUNNER_ASSERT_MSG(
+ SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
+ "SignatureFinder failed");
+
+ SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin();
+ LogError("Size: " << signatureSet.size());
+ for (; iter != signatureSet.rend(); ++iter) {
+ SignatureData data(widget_partner_operator_path + iter->getFileName(),
+ iter->getFileNumber());
+ SignatureReader xml;
+ xml.initialize(data, GetSignatureXmlSchema());
+ xml.read(data);
+
+ WrtSignatureValidator validator(
+ WrtSignatureValidator::WAC20,
+ false,
+ false,
+ false);
+
+ if (data.isAuthorSignature()) {
+ LogError("Author");
+ RUNNER_ASSERT_MSG(
+ WrtSignatureValidator::SIGNATURE_VERIFIED ==
+ validator.check(data, widget_partner_operator_path),
+ "Wrong input file but success..");
+ } else {
+ LogError("Distributor");
+ RUNNER_ASSERT_MSG(
+ WrtSignatureValidator::SIGNATURE_VERIFIED ==
+ validator.check(data, widget_partner_operator_path),
+ "Wrong input file but success..");
+
+ RUNNER_ASSERT_MSG(
+ data.getVisibilityLevel() == CertStoreId::VIS_PLATFORM,
+ "visibility check failed.");
+ }
+ }
+}
+*/
+
+/*
+RUNNER_TEST(test03t04_wrtsignature_validator_negative_certificate_input)
+{
+ SignatureFileInfoSet signatureSet;
+ SignatureFinder signatureFinder(widget_negative_certificate_path);
+ LogError("Size: " << signatureSet.size());
+ RUNNER_ASSERT_MSG(
+ SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
+ "SignatureFinder failed");
+
+ SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin();
+ LogError("Size: " << signatureSet.size());
+ for (; iter != signatureSet.rend(); ++iter) {
+ SignatureData data(widget_negative_certificate_path + iter->getFileName(),
+ iter->getFileNumber());
+ SignatureReader xml;
+ xml.initialize(data, GetSignatureXmlSchema());
+ xml.read(data);
+
+ WrtSignatureValidator validator(
+ WrtSignatureValidator::WAC20,
+ false,
+ false,
+ false);
+
+ if (data.isAuthorSignature()) {
+ LogError("Author");
+ RUNNER_ASSERT_MSG(
+ WrtSignatureValidator::SIGNATURE_INVALID ==
+ validator.check(data, widget_negative_certificate_path),
+ "Wrong input file but success..");
+ } else {
+ LogError("Distributor");
+ RUNNER_ASSERT_MSG(
+ WrtSignatureValidator::SIGNATURE_DISREGARD ==
+ validator.check(data, widget_negative_certificate_path),
+ "Wrong input file but success..");
+ }
+ }
+}
+*/
+
+/*
+ * test: Integration test of SignatureFinder, SignatureReader,
+ * SignatureValidator
+ * description: Directory passed to SignatureFinded constructor should be searched
+ * and 3 signature should be find. All signature should be parsed and verified.
+ * expected: Verificator should DISREGARD author signature and VERIFY
+ * distrubutor signature.
+ */
+RUNNER_TEST(test04t01_signature_validator)
+{
+ SignatureFileInfoSet signatureSet;
+ SignatureFinder signatureFinder(widget_path);
+ LogError("Size: " << signatureSet.size());
+ RUNNER_ASSERT_MSG(
+ SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
+ "SignatureFinder failed");
+
+ SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin();
+ LogError("Size: " << signatureSet.size());
+ for (; iter != signatureSet.rend(); ++iter) {
+ SignatureData data(widget_path + iter->getFileName(),
+ iter->getFileNumber());
+ SignatureReader xml;
+ xml.initialize(data, GetSignatureXmlSchema());
+ xml.read(data);
+
+ SignatureValidator validator(
+ SignatureValidator::WAC20,
+ false,
+ false,
+ false);
+
+ if (data.isAuthorSignature()) {
+ LogError("Author");
+ RUNNER_ASSERT_MSG(
+ SignatureValidator::SIGNATURE_DISREGARD ==
+ validator.check(data, widget_path),
+ "Validation failed");
+ } else {
+ if (data.getSignatureNumber() == 1)
+ {
+ LogError("Distributor1");
+ SignatureValidator::Result temp = validator.check(data, widget_path);
+
+ RUNNER_ASSERT_MSG(
+ SignatureValidator::SIGNATURE_DISREGARD ==
+ temp,
+ "Validation failed");
+
+ LogDebug("test04t01 result: " << temp);
+ }
+ else
+ {
+ LogError("DistributorN");
+ SignatureValidator::Result temp = validator.check(data, widget_path);
+
+ RUNNER_ASSERT_MSG(
+ SignatureValidator::SIGNATURE_VERIFIED ==
+ temp,
+ "Validation failed");
+
+ LogDebug("test04t01 result: " << temp);
+ }
+ }
+ }
+}
+
+RUNNER_TEST(test04t02_signature_validator_negative_hash_input)
+{
+ SignatureFileInfoSet signatureSet;
+ SignatureFinder signatureFinder(widget_negative_hash_path);
+ LogError("Size: " << signatureSet.size());
+ RUNNER_ASSERT_MSG(
+ SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
+ "SignatureFinder failed");
+
+ SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin();
+ LogError("Size: " << signatureSet.size());
+ for (; iter != signatureSet.rend(); ++iter) {
+ SignatureData data(widget_negative_hash_path + iter->getFileName(),
+ iter->getFileNumber());
+ SignatureReader xml;
+ xml.initialize(data, GetSignatureXmlSchema());
+ xml.read(data);
+
+ SignatureValidator validator(
+ SignatureValidator::WAC20,
+ false,
+ false,
+ false);
+
+ if (data.isAuthorSignature()) {
+ LogError("Author");
+ RUNNER_ASSERT_MSG(
+ SignatureValidator::SIGNATURE_INVALID ==
+ validator.check(data, widget_negative_hash_path),
+ "Wrong input file but success..");
+ } else {
+ LogError("Distributor");
+ RUNNER_ASSERT_MSG(
+ SignatureValidator::SIGNATURE_INVALID ==
+ validator.check(data, widget_negative_hash_path),
+ "Wrong input file but success..");
+ }
+ }
+}
+
+RUNNER_TEST(test04t03_signature_validator_negative_signature_input)
+{
+ SignatureFileInfoSet signatureSet;
+ SignatureFinder signatureFinder(widget_negative_signature_path);
+ LogError("Size: " << signatureSet.size());
+ RUNNER_ASSERT_MSG(
+ SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
+ "SignatureFinder failed");
+
+ SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin();
+ LogError("Size: " << signatureSet.size());
+ for (; iter != signatureSet.rend(); ++iter) {
+ SignatureData data(widget_negative_signature_path + iter->getFileName(),
+ iter->getFileNumber());
+ SignatureReader xml;
+ xml.initialize(data, GetSignatureXmlSchema());
+ xml.read(data);
+
+ SignatureValidator validator(
+ SignatureValidator::WAC20,
+ false,
+ false,
+ false);
+
+ if (data.isAuthorSignature()) {
+ LogError("Author");
+ RUNNER_ASSERT_MSG(
+ SignatureValidator::SIGNATURE_INVALID ==
+ validator.check(data, widget_negative_signature_path),
+ "Wrong input file but success..");
+ } else {
+ LogError("Distributor");
+ RUNNER_ASSERT_MSG(
+ SignatureValidator::SIGNATURE_INVALID ==
+ validator.check(data, widget_negative_signature_path),
+ "Wrong input file but success..");
+ }
+ }
+}
+
+RUNNER_TEST(test04t04_signature_validator_partner)
+{
+ SignatureFileInfoSet signatureSet;
+ SignatureFinder signatureFinder(widget_partner_path);
+ LogError("Size: " << signatureSet.size());
+ RUNNER_ASSERT_MSG(
+ SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
+ "SignatureFinder failed");
+
+ SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin();
+ LogError("Size: " << signatureSet.size());
+ for (; iter != signatureSet.rend(); ++iter) {
+ SignatureData data(widget_partner_path + iter->getFileName(),
+ iter->getFileNumber());
+ SignatureReader xml;
+ xml.initialize(data, GetSignatureXmlSchema());
+ xml.read(data);
+
+ SignatureValidator validator(
+ SignatureValidator::TIZEN,
+ false,
+ false,
+ false);
+
+ if (data.isAuthorSignature()) {
+ LogError("Author");
+ RUNNER_ASSERT_MSG(
+ SignatureValidator::SIGNATURE_VERIFIED ==
+ validator.check(data, widget_partner_path),
+ "Wrong input file but success..");
+ } else {
+ LogError("Distributor");
+ RUNNER_ASSERT_MSG(
+ SignatureValidator::SIGNATURE_VERIFIED ==
+ validator.check(data, widget_partner_path),
+ "Wrong input file but success..");
+
+ RUNNER_ASSERT_MSG(
+ data.getVisibilityLevel() == CertStoreId::VIS_PARTNER,
+ "visibility check failed.");
+ }
+ }
+}
+/* // no partner_operator certificate in kiran emulator
+RUNNER_TEST(test04t05_signature_validator_partner_operator)
+{
+ SignatureFileInfoSet signatureSet;
+ SignatureFinder signatureFinder(widget_partner_operator_path);
+ LogError("Size: " << signatureSet.size());
+ RUNNER_ASSERT_MSG(
+ SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
+ "SignatureFinder failed");
+
+ SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin();
+ LogError("Size: " << signatureSet.size());
+ for (; iter != signatureSet.rend(); ++iter) {
+ SignatureData data(widget_partner_operator_path + iter->getFileName(),
+ iter->getFileNumber());
+ SignatureReader xml;
+ xml.initialize(data, GetSignatureXmlSchema());
+ xml.read(data);
+
+ SignatureValidator validator(
+ SignatureValidator::TIZEN,
+ false,
+ false,
+ false);
+
+ if (data.isAuthorSignature()) {
+ LogError("Author");
+ RUNNER_ASSERT_MSG(
+ SignatureValidator::SIGNATURE_VERIFIED ==
+ validator.check(data, widget_partner_operator_path),
+ "Wrong input file but success..");
+ } else {
+ LogError("Distributor");
+ RUNNER_ASSERT_MSG(
+ SignatureValidator::SIGNATURE_VERIFIED ==
+ validator.check(data, widget_partner_operator_path),
+ "Wrong input file but success..");
+
+ RUNNER_ASSERT_MSG(
+ data.getVisibilityLevel() == CertStoreId::VIS_PLATFORM,
+ "visibility check failed.");
+ }
+ }
}
+*/
-RUNNER_TEST(test02_signature_reader)
+/*
+RUNNER_TEST(test04t04_signature_validator_negative_certificate_input)
{
SignatureFileInfoSet signatureSet;
- SignatureFinder signatureFinder(widget_path);
+ SignatureFinder signatureFinder(widget_negative_certificate_path);
+ LogError("Size: " << signatureSet.size());
RUNNER_ASSERT_MSG(
SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
"SignatureFinder failed");
SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin();
-
+ LogError("Size: " << signatureSet.size());
for (; iter != signatureSet.rend(); ++iter) {
- SignatureData data(widget_path + iter->getFileName(),
+ SignatureData data(widget_negative_certificate_path + iter->getFileName(),
iter->getFileNumber());
SignatureReader xml;
- xml.initialize(data, WrtDB::GlobalConfig::GetSignatureXmlSchema());
+ xml.initialize(data, GetSignatureXmlSchema());
xml.read(data);
+
+ SignatureValidator validator(
+ SignatureValidator::WAC20,
+ false,
+ false,
+ false);
+
+ if (data.isAuthorSignature()) {
+ LogError("Author");
+ RUNNER_ASSERT_MSG(
+ SignatureValidator::SIGNATURE_DISREGARD ==
+ validator.check(data, widget_negative_certificate_path),
+ "Wrong input file but success..");
+ } else {
+ LogError("Distributor");
+ RUNNER_ASSERT_MSG(
+ SignatureValidator::SIGNATURE_DISREGARD ==
+ validator.check(data, widget_negative_certificate_path),
+ "Wrong input file but success..");
+ }
}
}
+*/
-RUNNER_TEST(test03_signature_validator)
+/*
+ * test: Integration test of SignatureFinder, SignatureReader,
+ * SignatureValidator, ReferenceValidator
+ * description: As above but this test also checks reference from signatures.
+ * expected: All reference checks should return NO_ERROR.
+ */
+RUNNER_TEST(test05t01_signature_reference)
{
SignatureFileInfoSet signatureSet;
SignatureFinder signatureFinder(widget_path);
- LogError("Size: " << signatureSet.size());
RUNNER_ASSERT_MSG(
SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
"SignatureFinder failed");
SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin();
- LogError("Size: " << signatureSet.size());
+
for (; iter != signatureSet.rend(); ++iter) {
SignatureData data(widget_path + iter->getFileName(),
iter->getFileNumber());
SignatureReader xml;
- xml.initialize(data, WrtDB::GlobalConfig::GetSignatureXmlSchema());
+ xml.initialize(data, GetSignatureXmlSchema());
xml.read(data);
- SignatureValidator validator(
+ WrtSignatureValidator sval(
+ WrtSignatureValidator::WAC20,
false,
false,
false);
if (data.isAuthorSignature()) {
LogError("Author");
RUNNER_ASSERT_MSG(
- SignatureValidator::SIGNATURE_DISREGARD ==
- validator.check(data, widget_path),
+ WrtSignatureValidator::SIGNATURE_DISREGARD ==
+ sval.check(data, widget_path),
"Validation failed");
} else {
- LogError("Distributor");
- RUNNER_ASSERT_MSG(
- SignatureValidator::SIGNATURE_VERIFIED ==
- validator.check(data, widget_path),
- "Validation failed");
+ if (data.getSignatureNumber() == 1)
+ {
+ LogError("Distributor1");
+ RUNNER_ASSERT_MSG(
+ WrtSignatureValidator::SIGNATURE_DISREGARD ==
+ sval.check(data, widget_path),
+ "Validation failed");
+ }
+ else
+ {
+ LogError("DistributorN");
+ RUNNER_ASSERT_MSG(
+ WrtSignatureValidator::SIGNATURE_VERIFIED ==
+ sval.check(data, widget_path),
+ "Validation failed");
+ }
}
+
+ ReferenceValidator val(widget_path);
+ RUNNER_ASSERT(
+ ReferenceValidator::NO_ERROR == val.checkReferences(data));
}
}
-RUNNER_TEST(test05_signature_reference)
+/*
+ * test: ReferenceValidator::checkReference
+ * description: Simple test. File "encoding test.empty" exists.
+ * expected: checkReference should return NO_ERROR.
+ */
+RUNNER_TEST(test05t02_signature_reference_encoding_dummy)
+{
+ ReferenceSet referenceSet;
+ SignatureData data;
+ ReferenceValidator val("/opt/apps/widget/tests/reference");
+ referenceSet.insert("encoding test.empty");
+ data.setReference(referenceSet);
+
+ RUNNER_ASSERT(
+ ReferenceValidator::NO_ERROR == val.checkReferences(data));
+}
+
+/*
+ * test: ReferenceValidator::checkReference
+ * description: Negative test. File "encoding test" does not exists.
+ * expected: checkReference should return ERROR_REFERENCE_NOT_FOUND
+ */
+RUNNER_TEST(test05t03_signature_reference_encoding_negative)
+{
+ ReferenceSet referenceSet;
+ SignatureData data;
+ ReferenceValidator val("/opt/apps/widget/tests/reference");
+ referenceSet.insert("encoding test");
+ data.setReference(referenceSet);
+
+ RUNNER_ASSERT(
+ ReferenceValidator::ERROR_REFERENCE_NOT_FOUND == val.checkReferences(data));
+}
+
+/*
+ * test: ReferenceValidator::checkReference, ReferenceValidator::decodeProcent
+ * description: File "encoding test.empty" exists. Name set in referenceSet must
+ * be encoded first by decodeProcent function.
+ * expected: checkReference should return NO_ERROR
+ */
+RUNNER_TEST(test05t04_signature_reference_encoding_space)
+{
+ ReferenceSet referenceSet;
+ SignatureData data;
+ ReferenceValidator val("/opt/apps/widget/tests/reference");
+ referenceSet.insert("encoding%20test.empty");
+ data.setReference(referenceSet);
+
+ RUNNER_ASSERT(
+ ReferenceValidator::NO_ERROR == val.checkReferences(data));
+}
+
+/*
+ * test: ReferenceValidator::checkReference, ReferenceValidator::decodeProcent
+ * description: Negative test. File "encoding test" does not exists. Name set in
+ * referenceSet must be encoded first by decodeProcent function.
+ * expected: checkReference should return ERROR_REFERENCE_NOT_FOUND
+ */
+RUNNER_TEST(test05t05_signature_reference_encoding_space_negative)
+{
+ ReferenceSet referenceSet;
+ SignatureData data;
+ ReferenceValidator val("/opt/apps/widget/tests/reference");
+ referenceSet.insert("encoding%20test");
+ data.setReference(referenceSet);
+
+ RUNNER_ASSERT(
+ ReferenceValidator::ERROR_REFERENCE_NOT_FOUND == val.checkReferences(data));
+}
+
+/*
+ * test: ReferenceValidator::checkReference, ReferenceValidator::decodeProcent
+ * description: File "encoding test.empty" exists. Name set in
+ * referenceSet must be encoded first by decodeProcent function.
+ * expected: checkReference should return NO_ERROR
+ */
+RUNNER_TEST(test05t06_signature_reference_encoding)
+{
+ ReferenceSet referenceSet;
+ SignatureData data;
+ ReferenceValidator val("/opt/apps/widget/tests/reference");
+ referenceSet.insert("e%6Ec%6Fding%20te%73%74.e%6d%70ty");
+ data.setReference(referenceSet);
+
+ RUNNER_ASSERT(
+ ReferenceValidator::NO_ERROR == val.checkReferences(data));
+}
+
+/*
+ * test: ReferenceValidator::checkReference, ReferenceValidator::decodeProcent
+ * description: Negative test. "%%" is illegal combination of char. decodeProcent
+ * should throw exception.
+ * expected: checkReference should return ERROR_DECODING_URL
+ */
+RUNNER_TEST(test05t07_signature_reference_encoding_negative)
+{
+ ReferenceSet referenceSet;
+ SignatureData data;
+ ReferenceValidator val("/opt/apps/widget/tests/reference");
+ referenceSet.insert("e%6Ec%6Fding%%0test%2ete%73%74");
+ data.setReference(referenceSet);
+
+ RUNNER_ASSERT(
+ ReferenceValidator::ERROR_DECODING_URL == val.checkReferences(data));
+}
+
+/*
+ * test: Integration test of SignatureFinder, SignatureReader,
+ * SignatureValidator, ReferenceValidator
+ * description: As above but this test also checks reference from signatures.
+ * expected: All reference checks should return NO_ERROR.
+ */
+RUNNER_TEST(test05t08_signature_reference)
{
SignatureFileInfoSet signatureSet;
SignatureFinder signatureFinder(widget_path);
SignatureData data(widget_path + iter->getFileName(),
iter->getFileNumber());
SignatureReader xml;
- xml.initialize(data, WrtDB::GlobalConfig::GetSignatureXmlSchema());
+ xml.initialize(data, GetSignatureXmlSchema());
xml.read(data);
SignatureValidator sval(
+ SignatureValidator::WAC20,
false,
false,
false);
- sval.check(data, widget_path);
+
+ if (data.isAuthorSignature()) {
+ LogError("Author");
+ RUNNER_ASSERT_MSG(
+ SignatureValidator::SIGNATURE_DISREGARD ==
+ sval.check(data, widget_path),
+ "Validation failed");
+ } else {
+ if (data.getSignatureNumber() == 1)
+ {
+ LogError("Distributor1");
+ RUNNER_ASSERT_MSG(
+ SignatureValidator::SIGNATURE_DISREGARD ==
+ sval.check(data, widget_path),
+ "Validation failed");
+ }
+ else
+ {
+ LogError("DistributorN");
+ RUNNER_ASSERT_MSG(
+ SignatureValidator::SIGNATURE_VERIFIED ==
+ sval.check(data, widget_path),
+ "Validation failed");
+ }
+ }
ReferenceValidator val(widget_path);
RUNNER_ASSERT(
}
}
+/*
+ * test: class Base64Encoder and Base64Decoder
+ * description: This test checks implementation of base64 decoder/encoder
+ * algorithm implemented in Base64 classes. It uses printable characters.
+ * expected: Encoded string should be equal to sample values.
+ */
RUNNER_TEST(test07t01_base64)
{
std::string strraw = "1234567890qwertyuiop[]asdfghjkl;'zxcvbnm,.";
RUNNER_ASSERT_MSG(strraw == decoder.get(), "Error in Base64Decoder.");
}
+/*
+ * test: class Base64Encoder and Base64Decoder
+ * description: This test checks implementation of base64 decoder/encoder
+ * algorithm. During tests it uses binary data.
+ * expected: Encoded string should be equal to sample values.
+ */
RUNNER_TEST(test07t02_base64)
{
const size_t MAX = 40;
RUNNER_ASSERT_MSG(raw == decoder.get(), "Error in Base64 conversion.");
}
+/*
+ * test: class Base64Decoder
+ * description: Negative tests. This test will pass invalid string to decoder.
+ * expected: Function finalize should fail and return false.
+ */
RUNNER_TEST(test07t03_base64)
{
std::string invalid = "1234)";
RUNNER_ASSERT(false == decoder.finalize());
}
+/*
+ * test: class Base64Decoder
+ * description: Negative tests. You are not allowed to call get function before
+ * finalize.
+ * expected: Function get should throw Base64Decoder::Exception::NotFinalized.
+ */
RUNNER_TEST(test07t04_base64)
{
std::string invalid = "12234";
RUNNER_ASSERT_MSG(exception, "Base64Decoder does not throw error.");
}
+/*
+ * test: class Certificate
+ * description: Certificate should parse data passed to object constructor.
+ * expected: Getters should be able to return certificate information.
+ */
RUNNER_TEST(test08t01_Certificate)
{
Certificate cert(certVerisign, Certificate::FORM_BASE64);
-
- DPL::OptionalString result;
+ std::string result;
result = cert.getCommonName(Certificate::FIELD_SUBJECT);
- RUNNER_ASSERT_MSG(!result.IsNull(), "No common name");
- RUNNER_ASSERT_MSG(*result == DPL::FromUTF8String("www.verisign.com"),
- "CommonName mismatch");
+ RUNNER_ASSERT_MSG(!result.empty(), "No common name");
+ RUNNER_ASSERT_MSG(!result.compare("www.verisign.com"), "CommonName mismatch");
result = cert.getCommonName(Certificate::FIELD_ISSUER);
- RUNNER_ASSERT_MSG(!result.IsNull(), "No common name");
- RUNNER_ASSERT_MSG(result == DPL::FromUTF8String(
- "VeriSign Class 3 Extended Validation SSL SGC CA"),
+ RUNNER_ASSERT_MSG(!result.empty(), "No common name");
+ RUNNER_ASSERT_MSG(!result.compare("VeriSign Class 3 Extended Validation SSL SGC CA"),
"CommonName mismatch");
result = cert.getCountryName();
- RUNNER_ASSERT_MSG(!result.IsNull(), "No country");
- RUNNER_ASSERT_MSG(*result == DPL::FromUTF8String("US"),
- "Country mismatch");
+ RUNNER_ASSERT_MSG(!result.empty(), "No country");
+ RUNNER_ASSERT_MSG(!result.compare("US"), "Country mismatch");
}
+/*
+ * test: Certificate::getFingerprint
+ * description: Certificate should parse data passed to object constructor.
+ * expected: Function fingerprint should return valid fingerprint.
+ */
RUNNER_TEST(test08t02_Certificate)
{
Certificate cert(certVerisign, Certificate::FORM_BASE64);
}
}
+/*
+ * test: Certificate::getAlternativeNameDNS
+ * description: Certificate should parse data passed to object constructor.
+ * expected: Function getAlternativeNameDNS should return list of
+ * alternativeNames hardcoded in certificate.
+ */
RUNNER_TEST(test08t03_Certificate)
{
Certificate cert(certVerisign, Certificate::FORM_BASE64);
RUNNER_ASSERT(nameSet.size() == 8);
- DPL::String str = DPL::FromUTF8String("verisign.com");
+ std::string str("verisign.com");
RUNNER_ASSERT(nameSet.find(str) != nameSet.end());
- str = DPL::FromUTF8String("fake.com");
+ str = std::string("fake.com");
RUNNER_ASSERT(nameSet.find(str) == nameSet.end());
}
+/*
+ * test: Certificate::isCA
+ * description: Certificate should parse data passed to object constructor.
+ * expected: 1st and 2nd certificate should be identified as CA.
+ */
+RUNNER_TEST(test08t04_Certificate_isCA)
+{
+ Certificate cert1(googleCA, Certificate::FORM_BASE64);
+ RUNNER_ASSERT(cert1.isCA() > 0);
+
+ Certificate cert2(google2nd, Certificate::FORM_BASE64);
+ RUNNER_ASSERT(cert2.isCA() > 0);
+
+ Certificate cert3(google3rd, Certificate::FORM_BASE64);
+ RUNNER_ASSERT(cert3.isCA() == 0);
+}
+
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+/*
+ * test: class CertificateCollection
+ * description: It's not allowed to call function isChain before funciton sort.
+ * expected: Function isChain should throw exception WrongUsage because
+ * function sort was not called before.
+ */
RUNNER_TEST(test09t01_CertificateCollection)
{
CertificateList list;
list = collection.getChain();
- RUNNER_ASSERT(
- DPL::ToUTF8String(*(list.front().Get()->getCommonName())) ==
- "mail.google.com");
- RUNNER_ASSERT(
- DPL::ToUTF8String(*(list.back().Get()->getOrganizationName())) ==
- "VeriSign, Inc.");
+ RUNNER_ASSERT(!list.front().get()->getCommonName().compare("mail.google.com"));
+ RUNNER_ASSERT(!list.back().get()->getOrganizationName().compare("VeriSign, Inc."));
}
+/*
+ * test: class OCSP, VerificationStatusSet
+ * description: OCSP should check certificate chain. One of the certificate
+ * is GOOD and one is broken.
+ * expected: Status from OCSP check should contain status GOOD and status
+ * VERIFICATION_ERROR.
+ */
RUNNER_TEST(test51t01_ocsp_validation_negative)
{
CertificateCacheDAO::clearCertificateCache();
CertificateCacheDAO::clearCertificateCache();
}
+/*
+ * test: class OCSP, VerificationStatusSet
+ * description: OCSP should check certificate chain. All certificates are GOOD.
+ * expected: Status from OCSP check should contain only status GOOD.
+ */
RUNNER_TEST(test51t02_ocsp_validation_positive)
{
CertificateCacheDAO::clearCertificateCache();
CertificateCacheDAO::clearCertificateCache();
}
+/*
+ * test: class OCSP, VerificationStatusSet
+ * description: OCSP should check end entity certificate.
+ * expected: Status from OCSP check should contain only status GOOD.
+ */
RUNNER_TEST(test51t04_ocsp_request)
{
CertificateList lTrustedCerts;
CertificateCollection chain;
chain.load(lTrustedCerts);
- chain.sort();
+ RUNNER_ASSERT(chain.sort());
OCSP ocsp;
ocsp.setDigestAlgorithmForCertId(OCSP::SHA1);
RUNNER_ASSERT(VERIFICATION_STATUS_GOOD == result);
}
+/*
+ * test: class OCSP, VerificationStatusSet, CertificateCachedDao
+ * description: Call OCSP twice. Result of second call should be extracted
+ * from cache.
+ * expected: Both results should be equal.
+ */
RUNNER_TEST(test51t05_cached_ocsp_validation_negative)
{
CertificateCacheDAO::clearCertificateCache();
CertificateCacheDAO::clearCertificateCache();
}
+/*
+ * test: class OCSP, VerificationStatusSet, CertificateCachedDao
+ * description: Call OCSP twice. Result of second call should be extracted
+ * from cache.
+ * expected: Both results should be equal.
+ */
RUNNER_TEST(test51t06_cached_ocsp_validation_positive)
{
CertificateCacheDAO::clearCertificateCache();
CertificateCacheDAO::clearCertificateCache();
}
+/*
+ * test: class CRL
+ * description: N/A
+ * expected: checkCertificateChain should return invalid status.
+ */
RUNNER_TEST(test61_crl_test_revocation_no_crl)
{
//Clear CRL cache so there is no CRL for those certificates URI.
CertificateCacheDAO::clearCertificateCache();
}
+/*
+ * test: class CRL
+ * description: N/A
+ * expected: checkCertificateChain should return valid and revoked.
+ */
RUNNER_TEST(test62_crl_test_revocation_set1)
{
CertificateCacheDAO::clearCertificateCache();
CertificateCacheDAO::clearCertificateCache();
}
+/*
+ * test: class CRL
+ * description: N/A
+ * expected: checkCertificateChain should return valid and revoked.
+ */
RUNNER_TEST(test63_crl_test_revocation_set1)
{
CertificateCacheDAO::clearCertificateCache();
CertificateCacheDAO::clearCertificateCache();
}
+/*
+ * test: class CRL
+ * description: N/A
+ * expected: checkCertificateChain should return valid and revoked.
+ */
RUNNER_TEST(test64_crl_test_revocation_set2)
{
CertificateCacheDAO::clearCertificateCache();
CertificateCacheDAO::clearCertificateCache();
}
+/*
+ * test: class CRL
+ * description: N/A
+ * expected: checkCertificateChain should return valid and revoked.
+ */
RUNNER_TEST(test65_crl_test_revocation_set2)
{
CertificateCacheDAO::clearCertificateCache();
CertificateCacheDAO::clearCertificateCache();
}
+/*
+ * test: class CRL::updateList
+ * description: N/A
+ * expected: checkCertificateChain should return valid and revoked.
+ */
RUNNER_TEST(test66_crl_update_expired_lists)
{
CertificateCacheDAO::clearCertificateCache();
CertificatePtr rootCA(new Certificate(googleCA, Certificate::FORM_BASE64));
CertificateLoader loader;
- loader.loadCertificateFromRawData(google2nd);
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(google2nd) ==
+ CertificateLoader::NO_ERROR);
RUNNER_ASSERT(!!loader.getCertificatePtr());
TestCRL crl;
crl.addToStore(rootCA);
CertificateCacheDAO::clearCertificateCache();
}
+/*
+ * test: class CRL::updateList
+ * description: N/A
+ * expected: checkCertificateChain should return valid and revoked.
+ */
RUNNER_TEST(test67_crl_update_lists_on_demand)
{
CertificateCacheDAO::clearCertificateCache();
CertificatePtr rootCA(new Certificate(googleCA, Certificate::FORM_BASE64));
CertificateLoader loader;
- loader.loadCertificateFromRawData(google2nd);
+ RUNNER_ASSERT(loader.loadCertificateFromRawData(google2nd) ==
+ CertificateLoader::NO_ERROR);
RUNNER_ASSERT(!!loader.getCertificatePtr());
TestCRL crl;
crl.addToStore(rootCA);
CertificateCacheDAO::clearCertificateCache();
}
+/*
+ * test: class CRL::updateList
+ * description: N/A
+ * expected: N/A
+ */
RUNNER_TEST(test68_cached_crl_test_positive)
{
CertificateCacheDAO::clearCertificateCache();
CertificateCacheDAO::clearCertificateCache();
}
+/*
+ * test: class CRL::updateList
+ * description: N/A
+ * expected: N/A
+ */
RUNNER_TEST(test69_cached_crl_test_negative)
{
CertificateCacheDAO::clearCertificateCache();
CertificateCacheDAO::clearCertificateCache();
}
+/*
+ * test: class OCSP
+ * description: All certificates are valid.
+ * expected: Only status VERIFICATION_STATUS_GOOD should be set.
+ */
RUNNER_TEST(test70_ocsp_local_validation_positive)
{
CertificateCacheDAO::clearCertificateCache();
CertificateCacheDAO::clearCertificateCache();
}
+/*
+ * test: class OCSP
+ * description: All certificates are valid.
+ * expected: Only status VERIFICATION_STATUS_GOOD should be set.
+ */
RUNNER_TEST(test71_ocsp_local_validation_positive)
{
CertificateCacheDAO::clearCertificateCache();
CertificateCacheDAO::clearCertificateCache();
}
+/*
+ * test: class OCSP
+ * description: Second certificate is revoked. Root CA certificate wont be checked.
+ * expected: Only status VERIFICATION_STATUS_REVOKED should be set.
+ */
RUNNER_TEST(test72_ocsp_local_validation_revoked)
{
CertificateCacheDAO::clearCertificateCache();
CertificateCacheDAO::clearCertificateCache();
}
+/*
+ * test: class OCSP
+ * description: N/A
+ * expected: Status VERIFICATION_STATUS_GOOD and VERIFICATION_STATUS_VERIFICATION_ERROR
+ * should be set.
+ */
RUNNER_TEST(test73_ocsp_local_validation_error_unknown_cert)
{
CertificateCacheDAO::clearCertificateCache();
CertificateCacheDAO::clearCertificateCache();
}
+#endif
+
+#define CRYPTO_HASH_TEST(text,expected,FUN) \
+ do { \
+ ValidationCore::Crypto::Hash::Base *crypto; \
+ crypto = new ValidationCore::Crypto::Hash::FUN(); \
+ std::string input = text; \
+ crypto->Append(text); \
+ crypto->Finish(); \
+ std::string result = crypto->ToBase64String(); \
+ RUNNER_ASSERT_MSG(result == expected, \
+ "Hash function failed"); \
+ } while(0)
+
+/*
+ * test: class ValidationCore::Crypto::Hash::MD4
+ * description: Test implementation of MD4 hash algorithm
+ * expected: Value counted by algorithm should be eqal to value encoded in test.
+ */
+RUNNER_TEST(test80_crypto_md4)
+{
+ CRYPTO_HASH_TEST("Hi, my name is Bart.",
+ "Rj5V34qqMQmHh2bn3Cb/vQ==",
+ MD4);
+}
+
+/*
+ * test: class ValidationCore::Crypto::Hash::MD5
+ * description: Test implementation of hash algorithm
+ * expected: Value counted by algorithm should be eqal to value encoded in test.
+ */
+RUNNER_TEST(test81_crypto_md5)
+{
+ CRYPTO_HASH_TEST("Hi, my name is Bart.",
+ "4y2iI6QtFC7+0xurBOfcsg==",
+ MD5);
+}
+
+/*
+ * test: class ValidationCore::Crypto::Hash::SHA
+ * description: Test implementation of hash algorithm
+ * expected: Value counted by algorithm should be eqal to value encoded in test.
+ */
+RUNNER_TEST(test82_crypto_sha)
+{
+ CRYPTO_HASH_TEST("Hi, my name is Bart.",
+ "v7w8XNvzQkZPoID+bbdrLwI6zPA=",
+ SHA);
+}
+
+/*
+ * test: class ValidationCore::Crypto::Hash::SHA1
+ * description: Test implementation of hash algorithm
+ * expected: Value counted by algorithm should be eqal to value encoded in test.
+ */
+RUNNER_TEST(test83_crypto_sha1)
+{
+ CRYPTO_HASH_TEST("Hi, my name is Bart.",
+ "Srydq14dzpuLn+xlkGz7ZyFLe1w=",
+ SHA1);
+}
+
+/*
+ * test: class ValidationCore::Crypto::Hash::SHA224
+ * description: Test implementation of hash algorithm
+ * expected: Value counted by algorithm should be eqal to value encoded in test.
+ */
+RUNNER_TEST(test84_crypto_sha224)
+{
+ CRYPTO_HASH_TEST("Hi, my name is Bart.",
+ "Ss2MKa2Mxrf0/hrl8bf0fOSz/e5nQv4J/yX6ig==",
+ SHA224);
+}
+
+/*
+ * test: class ValidationCore::Crypto::Hash::SHA256
+ * description: Test implementation of hash algorithm
+ * expected: Value counted by algorithm should be eqal to value encoded in test.
+ */
+RUNNER_TEST(test85_crypto_sha256)
+{
+ CRYPTO_HASH_TEST("Hi, my name is Bart.",
+ "Bja/IuUJHLPlHYYB2hBcuuOlRWPy1RdF6gzL0VWxeps=",
+ SHA256);
+}
+
+/*
+ * test: class ValidationCore::Crypto::Hash::SHA384
+ * description: Test implementation of hash algorithm
+ * expected: Value counted by algorithm should be eqal to value encoded in test.
+ */
+RUNNER_TEST(test86_crypto_sha384)
+{
+ CRYPTO_HASH_TEST("Hi, my name is Bart.",
+ "5RjtzCnGAt+P6J8h32Dzrmka+5i5MMvDRVz+s9jA7TW508sUZOnKliliad5nUJrj",
+ SHA384);
+}
+
+/*
+ * test: class ValidationCore::Crypto::Hash::SHA512
+ * description: Test implementation of hash algorithm
+ * expected: Value counted by algorithm should be eqal to value encoded in test.
+ */
+RUNNER_TEST(test87_crypto_sha512)
+{
+ CRYPTO_HASH_TEST("Hi, my name is Bart.",
+ "LxemzcQNf5erjA4a6PnTXfL+putB3uElitOjc5QCQ9Mg4ZuxTpre8VIBAviwRcTnui2Y0/Yg7cB40OG3XJMfbA==",
+ SHA512);
+}
+
+/*
+ * test: class ValidationCore::Crypto::Hash::SHA1
+ * description: This example was implemented to show how to count SHA1 value from certificate.
+ * expected: Value counted by algorithm should be eqal to value encoded in test.
+ */
+RUNNER_TEST(test88_crypto_sha1_certificate)
+{
+ Certificate cert(certVerisign, Certificate::FORM_BASE64);
+
+ ValidationCore::Crypto::Hash::SHA1 sha1;
+ sha1.Append(cert.getDER());
+ sha1.Finish();
+ std::string result = sha1.ToBase64String();
+
+ RUNNER_ASSERT_MSG(result == "uXIe1UntvzGE2CcM/gMRGd/CKwo=",
+ "Certificate hash does not match.");
+}
+
+/*
+ * test: CertificateIdentifier::find(Fingerprint)
+ * description: Check implementation of fingerprint_list.
+ * expected: Google CA certificate was added to TIZEN_MEMBER group
+ * and ORANGE_LEGACY. Both domain should be found.
+ */
+/*
+RUNNER_TEST(test90_certificate_identifier_find_fingerprint)
+{
+ CertificateIdentifier certIdent;
+ CertificateConfigReader reader;
+ reader.initialize(
+ "/opt/apps/widget/tests/vcore_config/fin_list.xml",
+ "/opt/apps/widget/tests/vcore_config/fin_list.xsd");
+ reader.read(certIdent);
+
+ Certificate cert(googleCA, Certificate::FORM_BASE64);
+
+ CertStoreId::Set domain =
+ certIdent.find(cert.getFingerprint(Certificate::FINGERPRINT_SHA1));
+
+ RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_PUBLISHER));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::DEVELOPER));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_ROOT));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_MEMBER));
+ RUNNER_ASSERT(domain.contains(CertStoreId::TIZEN_MEMBER));
+ RUNNER_ASSERT(domain.contains(CertStoreId::ORANGE_LEGACY));
+}
+*/
+
+/*
+ * test: CertificateIdentifier::find(CertificatePtr)
+ * description: Check implementation of fingerprint_list.
+ * expected: Google CA certificate was added to TIZEN_MEMBER group
+ * and ORANGE_LEGACY. Both domain should be found.
+ */
+/*
+RUNNER_TEST(test91_certificate_identifier_find_cert)
+{
+ CertificateIdentifier certIdent;
+ CertificateConfigReader reader;
+ reader.initialize(
+ "/opt/apps/widget/tests/vcore_config/fin_list.xml",
+ "/opt/apps/widget/tests/vcore_config/fin_list.xsd");
+ reader.read(certIdent);
+
+ CertificatePtr cert(new Certificate(googleCA, Certificate::FORM_BASE64));
+
+ CertStoreId::Set domain = certIdent.find(cert);
+
+ RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_PUBLISHER));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::DEVELOPER));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_ROOT));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_MEMBER));
+ RUNNER_ASSERT(domain.contains(CertStoreId::TIZEN_MEMBER));
+ RUNNER_ASSERT(domain.contains(CertStoreId::ORANGE_LEGACY));
+}
+*/
+
+/*
+ * test: CertificateIdentifier::find(Fingerprint)
+ * description: Check implementation of fingerprint_list.
+ * expected: google2nd certificate was not added to any group so
+ * no domain should be found.
+ */
+/*
+RUNNER_TEST(test92_certificate_identifier_negative)
+{
+ CertificateIdentifier certIdent;
+ CertificateConfigReader reader;
+ reader.initialize(
+ "/opt/apps/widget/tests/vcore_config/fin_list.xml",
+ "/opt/apps/widget/tests/vcore_config/fin_list.xsd");
+ reader.read(certIdent);
+
+ Certificate cert(google2nd, Certificate::FORM_BASE64);
+
+ CertStoreId::Set domain =
+ certIdent.find(cert.getFingerprint(Certificate::FINGERPRINT_SHA1));
+
+ RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_PUBLISHER));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::DEVELOPER));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_ROOT));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_MEMBER));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::TIZEN_MEMBER));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::ORANGE_LEGACY));
+}
+*/
+/*
+ * test: CertificateIdentifier::find(Fingerprint)
+ * description: Check implementation of fingerprint_list.
+ * expected: Google CA certificate was added to TIZEN_MEMBER group
+ * and ORANGE_LEGACY. Both domain should be found.
+ */
+/*
+RUNNER_TEST(test93_certificate_identifier_find_fingerprint)
+{
+ CertificateIdentifier certIdent;
+ CertificateConfigReader reader;
+ reader.initialize(
+ "/opt/apps/widget/tests/vcore_config/fin_list.xml",
+ "/opt/apps/widget/tests/vcore_config/fin_list.xsd");
+ reader.read(certIdent);
+
+ Certificate cert(googleCA, Certificate::FORM_BASE64);
+
+ CertStoreId::Set visibilityLevel =
+ certIdent.find(cert.getFingerprint(Certificate::FINGERPRINT_SHA1));
+
+ RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::WAC_PUBLISHER));
+ RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::DEVELOPER));
+ RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::WAC_ROOT));
+ RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::WAC_MEMBER));
+ RUNNER_ASSERT(visibilityLevel.contains(CertStoreId::TIZEN_MEMBER));
+ RUNNER_ASSERT(visibilityLevel.contains(CertStoreId::ORANGE_LEGACY));
+
+ RUNNER_ASSERT(visibilityLevel.contains(CertStoreId::VIS_PUBLIC));
+ RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::VIS_PARTNER));
+ RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::VIS_PARTNER_OPERATOR));
+ RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::VIS_PARTNER_MANUFACTURER));
+}
+*/
+
+/*
+ * test: CertificateIdentifier::find(CertificatePtr)
+ * description: Check implementation of fingerprint_list.
+ * expected: Google CA certificate was added to TIZEN_MEMBER group
+ * and ORANGE_LEGACY. Both domain should be found.
+ */
+/*
+RUNNER_TEST(test94_certificate_identifier_find_cert)
+{
+ CertificateIdentifier certIdent;
+ CertificateConfigReader reader;
+ reader.initialize(
+ "/opt/apps/widget/tests/vcore_config/fin_list.xml",
+ "/opt/apps/widget/tests/vcore_config/fin_list.xsd");
+ reader.read(certIdent);
+
+ CertificatePtr cert(new Certificate(googleCA, Certificate::FORM_BASE64));
+
+ CertStoreId::Set visibilityLevel = certIdent.find(cert);
+
+ RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::WAC_PUBLISHER));
+ RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::DEVELOPER));
+ RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::WAC_ROOT));
+ RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::WAC_MEMBER));
+ RUNNER_ASSERT(visibilityLevel.contains(CertStoreId::TIZEN_MEMBER));
+ RUNNER_ASSERT(visibilityLevel.contains(CertStoreId::ORANGE_LEGACY));
+
+ RUNNER_ASSERT(visibilityLevel.contains(CertStoreId::VIS_PUBLIC));
+ RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::VIS_PARTNER));
+ RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::VIS_PARTNER_OPERATOR));
+ RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::VIS_PARTNER_MANUFACTURER));
+}
+*/
+/*
+ * test: CertificateIdentifier::find(Fingerprint)
+ * description: Check implementation of fingerprint_list.
+ * expected: google2nd certificate was not added to any group so
+ * no domain should be found.
+ */
+/*
+RUNNER_TEST(test95_certificate_identifier_negative)
+{
+ CertificateIdentifier certIdent;
+ CertificateConfigReader reader;
+ reader.initialize(
+ "/opt/apps/widget/tests/vcore_config/fin_list.xml",
+ "/opt/apps/widget/tests/vcore_config/fin_list.xsd");
+ reader.read(certIdent);
+
+ Certificate cert(google2nd, Certificate::FORM_BASE64);
+
+ CertStoreId::Set domain =
+ certIdent.find(cert.getFingerprint(Certificate::FINGERPRINT_SHA1));
+
+ RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_PUBLISHER));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::DEVELOPER));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_ROOT));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_MEMBER));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::TIZEN_MEMBER));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::ORANGE_LEGACY));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::VIS_PUBLIC));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::VIS_PARTNER));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::VIS_PARTNER_OPERATOR));
+ RUNNER_ASSERT(!domain.contains(CertStoreId::VIS_PARTNER_MANUFACTURER));
+}
+*/
}
// Scoped close on file
- DPL::ScopedClose scopedClose(file);
+ VcoreDPL::ScopedClose scopedClose(file);
// Calculate file size
off64_t size = lseek64(file, 0, SEEK_END);
#include <dpl/noncopyable.h>
class FileInputMapping
- : private DPL::Noncopyable
+ : private VcoreDPL::Noncopyable
{
public:
class Exception
{
public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
DECLARE_EXCEPTION_TYPE(Base, OpenFailed)
};
--- /dev/null
+<CertificateSet>
+ <CertificateDomain name="wacpublisher">
+ </CertificateDomain>
+ <CertificateDomain name="wacroot">
+ </CertificateDomain>
+ <CertificateDomain name="developer">
+ </CertificateDomain>
+ <CertificateDomain name="wacmember">
+ </CertificateDomain>
+ <CertificateDomain name="tizenmember">
+ <FingerprintSHA1>74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2</FingerprintSHA1>
+ </CertificateDomain>
+ <CertificateDomain name="orangelegacy">
+ <FingerprintSHA1>74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2</FingerprintSHA1>
+ </CertificateDomain>
+ <CertificateDomain name="fake">
+ <FingerprintSHA1>74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2</FingerprintSHA1>
+ </CertificateDomain>
+ <CertificateDomain name="tizen-public">
+ <FingerprintSHA1>74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2</FingerprintSHA1>
+ <FingerprintSHA1>04:C5:A6:1D:75:BB:F5:5C:0F:A2:66:F6:09:4D:9B:2B:5F:3B:44:AE</FingerprintSHA1>
+ </CertificateDomain>
+ <CertificateDomain name="tizen-partner">
+ <FingerprintSHA1>74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E0</FingerprintSHA1>
+ <FingerprintSHA1>67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85</FingerprintSHA1>
+ </CertificateDomain>
+ <CertificateDomain name="tizen-partner-operator">
+ <FingerprintSHA1>74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E1</FingerprintSHA1>
+ <FingerprintSHA1>B0:5F:40:43:71:1F:11:BC:9A:6A:62:FA:DA:92:54:79:92:16:11:DF</FingerprintSHA1>
+ </CertificateDomain>
+ <CertificateDomain name="tizen-partner-manufacturer">
+ <FingerprintSHA1>74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E3</FingerprintSHA1>
+ <FingerprintSHA1>2A:74:E8:CF:9E:0F:C3:D9:80:48:8B:E7:86:F7:83:49:91:11:E1:E0</FingerprintSHA1>
+ </CertificateDomain>
+</CertificateSet>
--- /dev/null
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="AuthorSignature">
+<SignedInfo>
+<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
+<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod>
+<Reference URI="config.xml">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue>
+</Reference>
+<Reference URI="index.html">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue>
+</Reference>
+<Reference URI="#prop">
+<Transforms>
+<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></Transform>
+</Transforms>
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>lpo8tUDs054eLlBQXiDPVDVKfw30ZZdtkRs1jd7H5K8=</DigestValue>
+</Reference>
+</SignedInfo>
+<SignatureValue>
+MU+UfS+N71d+7Q0Bn9TWijjOheSKGQ+uM+//1BAafMwdY/Tq3gCr3nIU7qnojzx3fPWCCmWbz2pV
+PGsgZW+cJGCiVkqfBs8TGkY7CeyGadxrE7vNA3geTx/3Ea8pTngqJ8NKvnzcZ4Lerrnp6gJkrvuF
+EhSOqLgZMCtRdPA9sqA=
+</SignatureValue>
+<KeyInfo>
+<X509Data>
+<X509Certificate>
+MIICUjCCAbugAwIBAgIGATyD2GRvMA0GCSqGSIb3DQEBBQUAMIGEMQswCQYDVQQGEwJLUjEOMAwG
+A1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSAwHgYD
+VQQLDBdUaXplbiBEZXZlbG9wZXIgVGVzdCBDQTEbMBkGA1UEAwwSVGl6ZW4gRGV2ZWxvcGVyIENB
+MB4XDTEzMDEyOTAxMDc0MloXDTQwMDYxNjAxMDc0MVowVDELMAkGA1UEBhMCS1IxCzAJBgNVBAcM
+AmtyMQswCQYDVQQKDAJrcjELMAkGA1UECwwCa3IxETAPBgkqhkiG9w0BCQEWAmtyMQswCQYDVQQD
+DAJrcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAioxXX5wJwnu5Ucv4eMZvlKg0EdOWUtxT
+zFpaRDvNfFfpyuacQzL5V2u4hg5FL6ldNDHJC0U+am60bVcmHxZ9YjGQrp6We7SW1jolC9lM9Dq5
+HIhpjCAbC8GHYHVlxX9vfJMgrqH/WF5P/7LHYpMZ/WoR4CBs2qfSdzOJOejaZSMCAwEAATANBgkq
+hkiG9w0BAQUFAAOBgQDE8Wk+sSeXMfXtoWCetaRBCCkyTTMJJhTnw2wY4CMIDQfWlz0mDnjmDyc9
+SZzMuut3xwuaG5IVNjKb5kqGRoHm5Mweiv9/Unh3thtPNn3gdLr85u4SHOD7yX9fMM5C+4UCbN/i
+okHIvOzFxNo+w6RqoiYuZTN1MLj95HPXx6zijg==
+</X509Certificate>
+<X509Certificate>
+MIICpzCCAhCgAwIBAgIJAKzDjmEF+1OXMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSUw
+IwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQDDBxUaXplbiBUZXN0
+IERldmVsb3BlciBSb290IENBMB4XDTEyMTAyOTEzMDEyMloXDTIyMTAyNzEzMDEyMlowgYQxCzAJ
+BgNVBAYTAktSMQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVu
+IFRlc3QgQ0ExIDAeBgNVBAsMF1RpemVuIERldmVsb3BlciBUZXN0IENBMRswGQYDVQQDDBJUaXpl
+biBEZXZlbG9wZXIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMyG0DSTHBgalQo1seDK
+xpCU61gji+QQlxQkPQOvBrmuF6Z90zFCprTtg2sRjTLCNoRd75+VCCHuKGcrD27t7hwAekusPrpz
+dsq5QoBMvNjGDM22lC45PJ4d86DEDY4erxeJ5aSQxqbfXK4pKe9NwxdkKuA8dTYZM1UcmhXs7YAL
+AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACbr/OPNMJ+Ejrxfm/YjC
+iRPpjJLnwXS2IDtitbxot6bEdZkZvOFXOC0Ca4GT+jtvOcSlU7tM3Mdd1MrKe1kkoVd1vhCV8V4C
+K3/DPj8aN3rxfMfQitA6XMDcxzhsyMWz56OdifX50dvS/G/ad+kGhNhOOEKSE8zUyEDCGwqkfXk=
+</X509Certificate>
+</X509Data>
+</KeyInfo>
+<Object Id="prop"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"><SignatureProperty Id="profile" Target="#AuthorSignature"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"></dsp:Profile></SignatureProperty><SignatureProperty Id="role" Target="#AuthorSignature"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-author"></dsp:Role></SignatureProperty><SignatureProperty Id="identifier" Target="#AuthorSignature"><dsp:Identifier></dsp:Identifier></SignatureProperty></SignatureProperties></Object>
+</Signature>
\ No newline at end of file
--- /dev/null
+<widget xmlns="http://www.w3.org/ns/widgets" id="Test Widget">
+ <name shortname="ShortName">Widget Name OK</name>
+ <version>1.2.3.4</version>
+ <description>A short description of widget</description>
+ <author>Author Name</author>
+</widget>
--- /dev/null
+<!doctype html>
+<title>Not tested</title>
+<body style="background-color:#666">
+<h1>None</h1>
--- /dev/null
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="DistributorSignature">
+<SignedInfo>
+<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
+<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod>
+<Reference URI="author-signature.xml">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>Sg4UB6RV0ABPmFxAQm5oTXV1FPim17Z8akk9BUOMlSQ=</DigestValue>
+</Reference>
+<Reference URI="config.xml">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue>
+</Reference>
+<Reference URI="index.html">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue>
+</Reference>
+<Reference URI="#prop">
+<Transforms>
+<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></Transform>
+</Transforms>
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>u/jU3U4Zm5ihTMSjKGlGYbWzDfRkGphPPHx3gJIYEJ4=</DigestValue>
+</Reference>
+</SignedInfo>
+<SignatureValue>
+QHutakNPUAZyfr5ucoY6YxAwmdSwqJpnBp3r93hFtACG7syvbZ1KZa28u2gwEKZyDALu8Agg4iCX
+9on4rp/kdNIo1mDvzBfKpAaGBjj3bn2Au4uNtsWk8Bn/sOrqZ6DyDtpdm6e85uKhms08EKSf4vPw
+T4o3+IlLoTy2iF2NNVQ=
+</SignatureValue>
+<KeyInfo>
+<X509Data>
+<X509Certificate>
+MIICnTCCAgYCCQDE9MbMmJ/yCzANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCS1IxDjAMBgNV
+BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE
+CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTElMCMGA1UEAwwcVGl6ZW4gUGFydG5lciBEaXN0
+cmlidXRvciBDQTAeFw0xMjEwMjcwNzQ4MzNaFw0yMjEwMjUwNzQ4MzNaMIGUMQswCQYDVQQGEwJL
+UjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB
+MSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSkwJwYDVQQDDCBUaXplbiBQYXJ0
+bmVyIERpc3RyaWJ1dG9yIFNpZ25lcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy9mg2x4B
+zxlK3LJL81GsLq/pJfK1evdCKG/IOBpdoRO0rLhYnsL5+KvToPFa5g9GTZo32LikpW1NZ7++3EHE
+fnO2IGLUau4kquvhmz1LNg5xBTx7IbucmwLMRGo1BPGdsAQQLyXeQKJ5PCERmVg4MIoiL2zT/JsL
+sZ9UPT6GEB8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAw5xPBFR1XKuZ8QpsCtSE0zXVHvwIa+Ha4
+YBdRtGwEoZmiKGZV/wAhPRdmR0kISkTz20kIGz/ZwRZCVGhsr5hkkpFknYlKeKkEJ/tJfZl4D7ec
+GFAnynOzlWZqSIPz+yxX8ah9E6lTv4Vs9DhNb08nxVvxLqlpyVdk9RUsCx/yIA==
+</X509Certificate>
+<X509Certificate>
+MIICnTCCAgYCCQDE9MbMmJ/yCzANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCS1IxDjAMBgNV
+BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE
+CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTElMCMGA1UEAwwcVGl6ZW4gUGFydG5lciBEaXN0
+cmlidXRvciBDQTAeFw0xMjEwMjcwNzQ4MzNaFw0yMjEwMjUwNzQ4MzNaMIGUMQswCQYDVQQGEwJL
+UjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB
+MSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSkwJwYDVQQDDCBUaXplbiBQYXJ0
+bmVyIERpc3RyaWJ1dG9yIFNpZ25lcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy9mg2x4B
+zxlK3LJL81GsLq/pJfK1evdCKG/IOBpdoRO0rLhYnsL5+KvToPFa5g9GTZo32LikpW1NZ7++3EHE
+fnO2IGLUau4kquvhmz1LNg5xBTx7IbucmwLMRGo1BPGdsAQQLyXeQKJ5PCERmVg4MIoiL2zT/JsL
+sZ9UPT6GEB8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAw5xPBFR1XKuZ8QpsCtSE0zXVHvwIa+Ha4
+YBdRtGwEoZmiKGZV/wAhPRdmR0kISkTz20kIGz/ZwRZCVGhsr5hkkpFknYlKeKkEJ/tJfZl4D7ec
+GFAnynOzlWZqSIPz+yxX8ah9E6lTv4Vs9DhNb08nxVvxLqlpyVdk9RUsCx/yIA==
+</X509Certificate>
+<X509Certificate>
+MIICtTCCAh6gAwIBAgIJAKORBcIiXygIMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSIw
+IAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSowKAYDVQQDDCFUaXplbiBQYXJ0bmVy
+IERpc3RyaWJ1dG9yIFJvb3QgQ0EwHhcNMTIxMDI3MDc0NTIwWhcNMjIxMDI1MDc0NTIwWjCBkDEL
+MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6
+ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTElMCMGA1UEAwwc
+VGl6ZW4gUGFydG5lciBEaXN0cmlidXRvciBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+2ZQrdEowjqxUmB8FX8ej19VKY6jGHKNIRE5wrhBkuZ1b0FLRPiN3/Cl9wMkCnyJui4QhC28g1aBg
+w/JnaObcDqW1NgFVH3006+gZvCTDlw1nIEjvZa6P+uWOOi05xPPAE0feKPkO1POnOjnapfkkEVNU
+8TXsLbLYBylWT8rxZC8CAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBJ
+yJ7p6qs0JI+1iKOk/sYWVP6dMueY72qOc/wVj5c3ejOlgJNNXDMAQ14QcRRexffc68ipTwybU/3m
+tcNwydzKJe+GFa4b2zyKOvOgrfs4MKSR0T9XEPmTKeR+NDT2CbA6/kQoRYm0fSORzD2UXJzNZWe/
+WjwSA66hv4q+0QZQFQ==
+</X509Certificate>
+</X509Data>
+</KeyInfo>
+<Object Id="prop"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"><SignatureProperty Id="profile" Target="#DistributorSignature"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"></dsp:Profile></SignatureProperty><SignatureProperty Id="role" Target="#DistributorSignature"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"></dsp:Role></SignatureProperty><SignatureProperty Id="identifier" Target="#DistributorSignature"><dsp:Identifier></dsp:Identifier></SignatureProperty></SignatureProperties></Object>
+</Signature>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="AuthorSignature">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+ <Reference URI="config.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>zUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue>
+ </Reference>
+ <Reference URI="index.html">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>kIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue>
+ </Reference>
+ <Reference URI="#prop">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>MH34nIMXxv0fMQQ8bTV1wZUNLOrXTmpnxpADlNzmQ/4=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>fhh+VQq76Uodq4upHhvcC2tgbVY8bL9DiiSe9wn1O4YrIFKMnEEYqYmpQbL1puWU
+Zbht0hXpvEFXg1010q5kOZQxknqcyFg3hyVUpFDPARkJs1XhRNbFWJJF7qNXVgt5
+NyFrdXFv4lVFjkv+chSykaWu6V22z43E8kJcg+zGVU8=</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD
+ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ
+ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT
+b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx
+kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w
+DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV
+HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5
+IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE
+CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu
+MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN
+BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F
+08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT
+T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg
+6A==</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="prop">
+ <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties">
+ <SignatureProperty Id="profile" Target="#AuthorSignature">
+ <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/>
+ </SignatureProperty>
+ <SignatureProperty Id="role" Target="#AuthorSignature">
+ <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-author"/>
+ </SignatureProperty>
+ <SignatureProperty Id="identifier" Target="#AuthorSignature">
+ <dsp:Identifier/>
+ </SignatureProperty>
+ </SignatureProperties>
+ </Object>
+</Signature>
--- /dev/null
+<widget xmlns="http://www.w3.org/ns/widgets" id="Test Widget">
+ <name shortname="ShortName">Widget Name OK</name>
+ <version>1.2.3.4</version>
+ <description>A short description of widget</description>
+ <author>Author Name</author>
+</widget>
--- /dev/null
+<!doctype html>
+<title>Not tested</title>
+<body style="background-color:#666">
+<h1>None</h1>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="DistributorSignature">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+ <Reference URI="author-signature.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>ZLhd8X2rzCIDGHkIvpDbCXq+dwq+DK7ZZaDD/fII8RU=</DigestValue>
+ </Reference>
+ <Reference URI="config.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue>
+ </Reference>
+ <Reference URI="index.html">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue>
+ </Reference>
+ <Reference URI="#prop">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>ZxnfFPi1rAoxfpN98xSP3lv5tZg9ymJElAFdg3ejrXE=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>Dwm15jQbvUxe7fa7p4RVRAUzYY6eGQmDJSWXnv2LBbouch163OMaXgjKXWOLU+ZA
+MwwuUUXG44QvOIv5M3Kd/Pc6kwvyb9+xm8zqmFF/mhttmAHc7VjY5sfB+bYFt9/3
+8+upSqxiUGLXYzMD/9u4W9ociwAcLiOQytBF1/TCv/4=</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>MIIC4zCCAkygAwIBAgIJAMdKgvadG/Z+MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV
+BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT
+BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA
+c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIwMDUxWhcNMjExMDAyMTIwMDUxWjB4MQsw
+CQYDVQQGEwJQTDEMMAoGA1UECBMDTUFaMQwwCgYDVQQHEwNMZWcxDDAKBgNVBAoT
+A1NhbTENMAsGA1UECxMEU1BSQzEOMAwGA1UEAxMFRmlsaXAxIDAeBgkqhkiG9w0B
+CQEWEWZpbGlwQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDS/sS0wXSCb34ojN8bWFd4Pl9eTLHh18UNGsPpLpp4itdfuc/OgyqaSoDwBzVh
+EWAVLCTxexUa4Ncva+41NbkW4RCsFzeGs0ktpu1+8Q+v0QEOGqVF2rQkgilzDF/o
+O56Fxw9vG1OA+qdQd3yOAV2EqLNBPrEYB9K5GFyffrakSQIDAQABo3sweTAJBgNV
+HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
+Y2F0ZTAdBgNVHQ4EFgQUeyy3iV75KtOkpPFd6mnR9dFGZMwwHwYDVR0jBBgwFoAU
+ggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQADgYEADtv0CBrQ1QCM
+H9jKFjpSpq7zFKMXQeVtb/Zie823//woicg8kxnP5sS4dJWNXNb1iMLdhgV80g1y
+t3gTWPxTtFzprQyNiJHTmrbNWXLX1roRVGUE/I8Q4xexqpbNlJIW2Jjm/kqoKfnK
+xORG6HNPXZV29NY2fDRPPOIYoFQzrXI=</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="prop">
+ <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties">
+ <SignatureProperty Id="profile" Target="#DistributorSignature">
+ <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/>
+ </SignatureProperty>
+ <SignatureProperty Id="role" Target="#DistributorSignature">
+ <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"/>
+ </SignatureProperty>
+ <SignatureProperty Id="identifier" Target="#DistributorSignature">
+ <dsp:Identifier/>
+ </SignatureProperty>
+ </SignatureProperties>
+ </Object>
+</Signature>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="DistributorSignature">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
+ <Reference URI="author-signature.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>ZLhd8X2rzCIDGHkIvpDbCXq+dwq+DK7ZZaDD/fII8RU=</DigestValue>
+ </Reference>
+ <Reference URI="config.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue>
+ </Reference>
+ <Reference URI="index.html">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue>
+ </Reference>
+ <Reference URI="#prop">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>ZxnfFPi1rAoxfpN98xSP3lv5tZg9ymJElAFdg3ejrXE=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>fV1J/120GG5L7qsxEkyH6fBvQh2atlpiGMbVM1+pb8Q6pHib5beV6A==</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>MIIEDzCCA3igAwIBAgIJAMdKgvadG/Z/MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV
+BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT
+BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA
+c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIxMTMzWhcNMjExMDAyMTIxMTMzWjCBijEL
+MAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMRIwEAYDVQQHEwlsZWdp
+b25vd28xEDAOBgNVBAoTB3NhbXN1bmcxDTALBgNVBAsTBHNwcmMxDjAMBgNVBAMT
+BW1hZ2RhMSAwHgYJKoZIhvcNAQkBFhFtYWdkYUBzYW1zdW5nLmNvbTCCAbcwggEr
+BgcqhkjOOAQBMIIBHgKBgQC1PCOasFhlfMc1yjdcp7zkzXGiW+MpVuFlsdYwkAa9
+sIvNrQLi2ulxcnNBeCHKDbk7U+J3/QwO2XanapQMUqvfjfjL1QQ5Vf7ENUWPNP7c
+Evx82Nb5jWdHyRfV//TciBZN8GLNEbfhtWlhI6CbDW1AaY0nPZ879rSIk7/aNKZ3
+FQIVALcr8uQAmnV+3DLIA5nTo0Bg0bjLAoGAJG7meUtQbMulRMdjzeCoya2FXdm+
+4acvInE9/+MybXTB3bFANMyw6WTvk4K9RK8tm52N95cykTjpAbxqTMaXwkdWbOFd
+VKAKnyxi/UKtY9Q6NmwJB2hbA1GUzhPko8rEda66CGl0VbyM1lKMJjA+wp9pG110
+L0ov19Q9fvqKp5UDgYUAAoGBAKxAQg7MqCgkC0MJftYjNaKM5n1iZv4j1li49zKf
+Y5nTLP+vYAvg0owLNYvJ5ncKfY1DACPU4/+tC7TTua95wgj5rwvAXnzgSyOGuSr0
+fK9DyrH6E0LfXT+WuIQHahm2iSbxqPrChlnp5/EXDTBaO6Qfdpq0BP48ClZebxcA
++TYFo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmSpShswvWtEABd+l3WxccRcCydUw
+HwYDVR0jBBgwFoAUggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQAD
+gYEAgfnAu/gMJRC/BFwkgvrHL0TV4ffPVAf7RSnZS6ib4IHGgrvXJvL+Qh7vHykv
+ZIqD2L96nY2EaSNr0yXrT81YROndOQUJNx4Y/W8m6asu4hzANNZqWCbApPDIMK6V
+cPA1wrKgZqbWp218WBqI2v9pXV0O+jpzxq1+GeQV2UsbRwc=</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="prop">
+ <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties">
+ <SignatureProperty Id="profile" Target="#DistributorSignature">
+ <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/>
+ </SignatureProperty>
+ <SignatureProperty Id="role" Target="#DistributorSignature">
+ <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"/>
+ </SignatureProperty>
+ <SignatureProperty Id="identifier" Target="#DistributorSignature">
+ <dsp:Identifier/>
+ </SignatureProperty>
+ </SignatureProperties>
+ </Object>
+</Signature>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="AuthorSignature">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+ <Reference URI="config.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue>
+ </Reference>
+ <Reference URI="index.html">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue>
+ </Reference>
+ <Reference URI="#prop">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>MH34nIMXxv0fMQQ8bTV1wZUNLOrXTmpnxpADlNzmQ/4=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>khh+VQq76Uodq4upHhvcC2tgbVY8bL9DiiSe9wn1O4YrIFKMnEEYqYmpQbL1puWU
+Zbht0hXpvEFXg1010q5kOZQxknqcyFg3hyVUpFDPARkJs1XhRNbFWJJF7qNXVgt5
+NyFrdXFv4lVFjkv+chSykaWu6V22z43E8kJcg+zGVU8=</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD
+ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ
+ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT
+b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx
+kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w
+DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV
+HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5
+IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE
+CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu
+MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN
+BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F
+08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT
+T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg
+6A==</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="prop">
+ <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties">
+ <SignatureProperty Id="profile" Target="#AuthorSignature">
+ <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/>
+ </SignatureProperty>
+ <SignatureProperty Id="role" Target="#AuthorSignature">
+ <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-author"/>
+ </SignatureProperty>
+ <SignatureProperty Id="identifier" Target="#AuthorSignature">
+ <dsp:Identifier/>
+ </SignatureProperty>
+ </SignatureProperties>
+ </Object>
+</Signature>
--- /dev/null
+<widget xmlns="http://www.w3.org/ns/widgets" id="Test Widget">
+ <name shortname="ShortName">Widget Name OK</name>
+ <version>1.2.3.4</version>
+ <description>A short description of widget</description>
+ <author>Author Name</author>
+</widget>
--- /dev/null
+<!doctype html>
+<title>Not tested</title>
+<body style="background-color:#666">
+<h1>None</h1>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="DistributorSignature">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+ <Reference URI="author-signature.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>ZLhd8X2rzCIDGHkIvpDbCXq+dwq+DK7ZZaDD/fII8RU=</DigestValue>
+ </Reference>
+ <Reference URI="config.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue>
+ </Reference>
+ <Reference URI="index.html">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue>
+ </Reference>
+ <Reference URI="#prop">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>ZxnfFPi1rAoxfpN98xSP3lv5tZg9ymJElAFdg3ejrXE=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>Dwm15jQbvUxe7fa7p4RVRAUzYY6eGQmDJSWXnv2LBbouch163OMaXgjKXWOLU+ZA
+MwwuUUXG44QvOIv5M3Kd/Pc6kwvyb9+xm8zqmFF/mhttmAHc7VjY5sfB+bYFt9/3
+8+upSqxiUGLXYzMD/9u4W9ociwAcLiOQytBF1/TCv/4=</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>MIIC4zCCAkygAwIBAgIJAMdKgvadG/Z+MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV
+BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT
+BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA
+c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIwMDUxWhcNMjExMDAyMTIwMDUxWjB4MQsw
+CQYDVQQGEwJQTDEMMAoGA1UECBMDTUFaMQwwCgYDVQQHEwNMZWcxDDAKBgNVBAoT
+A1NhbTENMAsGA1UECxMEU1BSQzEOMAwGA1UEAxMFRmlsaXAxIDAeBgkqhkiG9w0B
+CQEWEWZpbGlwQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDS/sS0wXSCb34ojN8bWFd4Pl9eTLHh18UNGsPpLpp4itdfuc/OgyqaSoDwBzVh
+EWAVLCTxexUa4Ncva+41NbkW4RCsFzeGs0ktpu1+8Q+v0QEOGqVF2rQkgilzDF/o
+O56Fxw9vG1OA+qdQd3yOAV2EqLNBPrEYB9K5GFyffrakSQIDAQABo3sweTAJBgNV
+HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
+Y2F0ZTAdBgNVHQ4EFgQUeyy3iV75KtOkpPFd6mnR9dFGZMwwHwYDVR0jBBgwFoAU
+ggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQADgYEADtv0CBrQ1QCM
+H9jKFjpSpq7zFKMXQeVtb/Zie823//woicg8kxnP5sS4dJWNXNb1iMLdhgV80g1y
+t3gTWPxTtFzprQyNiJHTmrbNWXLX1roRVGUE/I8Q4xexqpbNlJIW2Jjm/kqoKfnK
+xORG6HNPXZV29NY2fDRPPOIYoFQzrXI=</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="prop">
+ <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties">
+ <SignatureProperty Id="profile" Target="#DistributorSignature">
+ <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/>
+ </SignatureProperty>
+ <SignatureProperty Id="role" Target="#DistributorSignature">
+ <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"/>
+ </SignatureProperty>
+ <SignatureProperty Id="identifier" Target="#DistributorSignature">
+ <dsp:Identifier/>
+ </SignatureProperty>
+ </SignatureProperties>
+ </Object>
+</Signature>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="DistributorSignature">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
+ <Reference URI="author-signature.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>ZLhd8X2rzCIDGHkIvpDbCXq+dwq+DK7ZZaDD/fII8RU=</DigestValue>
+ </Reference>
+ <Reference URI="config.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue>
+ </Reference>
+ <Reference URI="index.html">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue>
+ </Reference>
+ <Reference URI="#prop">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>ZxnfFPi1rAoxfpN98xSP3lv5tZg9ymJElAFdg3ejrXE=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>fV1J/120GG5L7qsxEkyH6fBvQh2atlpiGMbVM1+pb8Q6pHib5beV6A==</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>MIIEDzCCA3igAwIBAgIJAMdKgvadG/Z/MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV
+BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT
+BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA
+c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIxMTMzWhcNMjExMDAyMTIxMTMzWjCBijEL
+MAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMRIwEAYDVQQHEwlsZWdp
+b25vd28xEDAOBgNVBAoTB3NhbXN1bmcxDTALBgNVBAsTBHNwcmMxDjAMBgNVBAMT
+BW1hZ2RhMSAwHgYJKoZIhvcNAQkBFhFtYWdkYUBzYW1zdW5nLmNvbTCCAbcwggEr
+BgcqhkjOOAQBMIIBHgKBgQC1PCOasFhlfMc1yjdcp7zkzXGiW+MpVuFlsdYwkAa9
+sIvNrQLi2ulxcnNBeCHKDbk7U+J3/QwO2XanapQMUqvfjfjL1QQ5Vf7ENUWPNP7c
+Evx82Nb5jWdHyRfV//TciBZN8GLNEbfhtWlhI6CbDW1AaY0nPZ879rSIk7/aNKZ3
+FQIVALcr8uQAmnV+3DLIA5nTo0Bg0bjLAoGAJG7meUtQbMulRMdjzeCoya2FXdm+
+4acvInE9/+MybXTB3bFANMyw6WTvk4K9RK8tm52N95cykTjpAbxqTMaXwkdWbOFd
+VKAKnyxi/UKtY9Q6NmwJB2hbA1GUzhPko8rEda66CGl0VbyM1lKMJjA+wp9pG110
+L0ov19Q9fvqKp5UDgYUAAoGBAKxAQg7MqCgkC0MJftYjNaKM5n1iZv4j1li49zKf
+Y5nTLP+vYAvg0owLNYvJ5ncKfY1DACPU4/+tC7TTua95wgj5rwvAXnzgSyOGuSr0
+fK9DyrH6E0LfXT+WuIQHahm2iSbxqPrChlnp5/EXDTBaO6Qfdpq0BP48ClZebxcA
++TYFo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmSpShswvWtEABd+l3WxccRcCydUw
+HwYDVR0jBBgwFoAUggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQAD
+gYEAgfnAu/gMJRC/BFwkgvrHL0TV4ffPVAf7RSnZS6ib4IHGgrvXJvL+Qh7vHykv
+ZIqD2L96nY2EaSNr0yXrT81YROndOQUJNx4Y/W8m6asu4hzANNZqWCbApPDIMK6V
+cPA1wrKgZqbWp218WBqI2v9pXV0O+jpzxq1+GeQV2UsbRwc=</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="prop">
+ <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties">
+ <SignatureProperty Id="profile" Target="#DistributorSignature">
+ <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/>
+ </SignatureProperty>
+ <SignatureProperty Id="role" Target="#DistributorSignature">
+ <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"/>
+ </SignatureProperty>
+ <SignatureProperty Id="identifier" Target="#DistributorSignature">
+ <dsp:Identifier/>
+ </SignatureProperty>
+ </SignatureProperties>
+ </Object>
+</Signature>
--- /dev/null
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="AuthorSignature">
+<SignedInfo>
+<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
+<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod>
+<Reference URI="config.xml">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue>
+</Reference>
+<Reference URI="index.html">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue>
+</Reference>
+<Reference URI="#prop">
+<Transforms>
+<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></Transform>
+</Transforms>
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>lpo8tUDs054eLlBQXiDPVDVKfw30ZZdtkRs1jd7H5K8=</DigestValue>
+</Reference>
+</SignedInfo>
+<SignatureValue>
+MU+UfS+N71d+7Q0Bn9TWijjOheSKGQ+uM+//1BAafMwdY/Tq3gCr3nIU7qnojzx3fPWCCmWbz2pV
+PGsgZW+cJGCiVkqfBs8TGkY7CeyGadxrE7vNA3geTx/3Ea8pTngqJ8NKvnzcZ4Lerrnp6gJkrvuF
+EhSOqLgZMCtRdPA9sqA=
+</SignatureValue>
+<KeyInfo>
+<X509Data>
+<X509Certificate>
+MIICUjCCAbugAwIBAgIGATyD2GRvMA0GCSqGSIb3DQEBBQUAMIGEMQswCQYDVQQGEwJLUjEOMAwG
+A1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSAwHgYD
+VQQLDBdUaXplbiBEZXZlbG9wZXIgVGVzdCBDQTEbMBkGA1UEAwwSVGl6ZW4gRGV2ZWxvcGVyIENB
+MB4XDTEzMDEyOTAxMDc0MloXDTQwMDYxNjAxMDc0MVowVDELMAkGA1UEBhMCS1IxCzAJBgNVBAcM
+AmtyMQswCQYDVQQKDAJrcjELMAkGA1UECwwCa3IxETAPBgkqhkiG9w0BCQEWAmtyMQswCQYDVQQD
+DAJrcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAioxXX5wJwnu5Ucv4eMZvlKg0EdOWUtxT
+zFpaRDvNfFfpyuacQzL5V2u4hg5FL6ldNDHJC0U+am60bVcmHxZ9YjGQrp6We7SW1jolC9lM9Dq5
+HIhpjCAbC8GHYHVlxX9vfJMgrqH/WF5P/7LHYpMZ/WoR4CBs2qfSdzOJOejaZSMCAwEAATANBgkq
+hkiG9w0BAQUFAAOBgQDE8Wk+sSeXMfXtoWCetaRBCCkyTTMJJhTnw2wY4CMIDQfWlz0mDnjmDyc9
+SZzMuut3xwuaG5IVNjKb5kqGRoHm5Mweiv9/Unh3thtPNn3gdLr85u4SHOD7yX9fMM5C+4UCbN/i
+okHIvOzFxNo+w6RqoiYuZTN1MLj95HPXx6zijg==
+</X509Certificate>
+<X509Certificate>
+MIICpzCCAhCgAwIBAgIJAKzDjmEF+1OXMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSUw
+IwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQDDBxUaXplbiBUZXN0
+IERldmVsb3BlciBSb290IENBMB4XDTEyMTAyOTEzMDEyMloXDTIyMTAyNzEzMDEyMlowgYQxCzAJ
+BgNVBAYTAktSMQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVu
+IFRlc3QgQ0ExIDAeBgNVBAsMF1RpemVuIERldmVsb3BlciBUZXN0IENBMRswGQYDVQQDDBJUaXpl
+biBEZXZlbG9wZXIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMyG0DSTHBgalQo1seDK
+xpCU61gji+QQlxQkPQOvBrmuF6Z90zFCprTtg2sRjTLCNoRd75+VCCHuKGcrD27t7hwAekusPrpz
+dsq5QoBMvNjGDM22lC45PJ4d86DEDY4erxeJ5aSQxqbfXK4pKe9NwxdkKuA8dTYZM1UcmhXs7YAL
+AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACbr/OPNMJ+Ejrxfm/YjC
+iRPpjJLnwXS2IDtitbxot6bEdZkZvOFXOC0Ca4GT+jtvOcSlU7tM3Mdd1MrKe1kkoVd1vhCV8V4C
+K3/DPj8aN3rxfMfQitA6XMDcxzhsyMWz56OdifX50dvS/G/ad+kGhNhOOEKSE8zUyEDCGwqkfXk=
+</X509Certificate>
+</X509Data>
+</KeyInfo>
+<Object Id="prop"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"><SignatureProperty Id="profile" Target="#AuthorSignature"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"></dsp:Profile></SignatureProperty><SignatureProperty Id="role" Target="#AuthorSignature"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-author"></dsp:Role></SignatureProperty><SignatureProperty Id="identifier" Target="#AuthorSignature"><dsp:Identifier></dsp:Identifier></SignatureProperty></SignatureProperties></Object>
+</Signature>
\ No newline at end of file
--- /dev/null
+<widget xmlns="http://www.w3.org/ns/widgets" id="Test Widget">
+ <name shortname="ShortName">Widget Name OK</name>
+ <version>1.2.3.4</version>
+ <description>A short description of widget</description>
+ <author>Author Name</author>
+</widget>
--- /dev/null
+<!doctype html>
+<title>Not tested</title>
+<body style="background-color:#666">
+<h1>None</h1>
--- /dev/null
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="DistributorSignature">
+<SignedInfo>
+<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
+<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod>
+<Reference URI="author-signature.xml">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>Sg4UB6RV0ABPmFxAQm5oTXV1FPim17Z8akk9BUOMlSQ=</DigestValue>
+</Reference>
+<Reference URI="config.xml">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue>
+</Reference>
+<Reference URI="index.html">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue>
+</Reference>
+<Reference URI="#prop">
+<Transforms>
+<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></Transform>
+</Transforms>
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>u/jU3U4Zm5ihTMSjKGlGYbWzDfRkGphPPHx3gJIYEJ4=</DigestValue>
+</Reference>
+</SignedInfo>
+<SignatureValue>
+QHutakNPUAZyfr5ucoY6YxAwmdSwqJpnBp3r93hFtACG7syvbZ1KZa28u2gwEKZyDALu8Agg4iCX
+9on4rp/kdNIo1mDvzBfKpAaGBjj3bn2Au4uNtsWk8Bn/sOrqZ6DyDtpdm6e85uKhms08EKSf4vPw
+T4o3+IlLoTy2iF2NNVQ=
+</SignatureValue>
+<KeyInfo>
+<X509Data>
+<X509Certificate>
+MIICnTCCAgYCCQDE9MbMmJ/yDDANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCS1IxDjAMBgNV
+BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE
+CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTElMCMGA1UEAwwcVGl6ZW4gUGFydG5lciBEaXN0
+cmlidXRvciBDQTAeFw0xMjEwMjkxMzAwMDVaFw0yMjEwMjcxMzAwMDVaMIGUMQswCQYDVQQGEwJL
+UjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB
+MSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSkwJwYDVQQDDCBUaXplbiBQYXJ0
+bmVyIERpc3RyaWJ1dG9yIFNpZ25lcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy9mg2x4B
+zxlK3LJL81GsLq/pJfK1evdCKG/IOBpdoRO0rLhYnsL5+KvToPFa5g9GTZo32LikpW1NZ7++3EHE
+fnO2IGLUau4kquvhmz1LNg5xBTx7IbucmwLMRGo1BPGdsAQQLyXeQKJ5PCERmVg4MIoiL2zT/JsL
+sZ9UPT6GEB8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQBaWn8pMZ5LvtTKSTKMic68czQmk4O28s1U
+ScoziPnVPHyFrcp4ZK9yKeqprLhi7diTkAN5awkxN+ImOQpqPFSDMeSPy83EHW6k0C6MBIqcINGI
+0tOCpd1AngXUCYDAg32ymKjk62B/5SvuO3uKLuW1E1r5W9mN/0JpSrt9YVmkww==
+</X509Certificate>
+<X509Certificate>
+MIICnTCCAgYCCQDE9MbMmJ/yDDANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCS1IxDjAMBgNV
+BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE
+CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTElMCMGA1UEAwwcVGl6ZW4gUGFydG5lciBEaXN0
+cmlidXRvciBDQTAeFw0xMjEwMjkxMzAwMDVaFw0yMjEwMjcxMzAwMDVaMIGUMQswCQYDVQQGEwJL
+UjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB
+MSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSkwJwYDVQQDDCBUaXplbiBQYXJ0
+bmVyIERpc3RyaWJ1dG9yIFNpZ25lcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy9mg2x4B
+zxlK3LJL81GsLq/pJfK1evdCKG/IOBpdoRO0rLhYnsL5+KvToPFa5g9GTZo32LikpW1NZ7++3EHE
+fnO2IGLUau4kquvhmz1LNg5xBTx7IbucmwLMRGo1BPGdsAQQLyXeQKJ5PCERmVg4MIoiL2zT/JsL
+sZ9UPT6GEB8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQBaWn8pMZ5LvtTKSTKMic68czQmk4O28s1U
+ScoziPnVPHyFrcp4ZK9yKeqprLhi7diTkAN5awkxN+ImOQpqPFSDMeSPy83EHW6k0C6MBIqcINGI
+0tOCpd1AngXUCYDAg32ymKjk62B/5SvuO3uKLuW1E1r5W9mN/0JpSrt9YVmkww==
+</X509Certificate>
+<X509Certificate>
+MIICtTCCAh6gAwIBAgIJAKORBcIiXygKMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSIw
+IAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSowKAYDVQQDDCFUaXplbiBQYXJ0bmVy
+IERpc3RyaWJ1dG9yIFJvb3QgQ0EwHhcNMTIxMDI5MTI1OTMwWhcNMjIxMDI3MTI1OTMwWjCBkDEL
+MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6
+ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTElMCMGA1UEAwwc
+VGl6ZW4gUGFydG5lciBEaXN0cmlidXRvciBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+2ZQrdEowjqxUmB8FX8ej19VKY6jGHKNIRE5wrhBkuZ1b0FLRPiN3/Cl9wMkCnyJui4QhC28g1aBg
+w/JnaObcDqW1NgFVH3006+gZvCTDlw1nIEjvZa6P+uWOOi05xPPAE0feKPkO1POnOjnapfkkEVNU
+8TXsLbLYBylWT8rxZC8CAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBU
+7jw4Ui241uV4ZGfTOcBsAf7+xf8sysRwiHjQxIGBrJdhIHyCbYJz+GiM/s5wzANl9r1ZoCLkYo0m
+B+sQBO6OZ8R8RrWGrPtLH1PGD1GgAZhbB5oN9BpwuWR9RiJJeJgf98xE6oeOADOYgD7aMr11PVUy
+Xj7q6c4JE3EsWQAe8A==
+</X509Certificate>
+</X509Data>
+</KeyInfo>
+<Object Id="prop"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"><SignatureProperty Id="profile" Target="#DistributorSignature"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"></dsp:Profile></SignatureProperty><SignatureProperty Id="role" Target="#DistributorSignature"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"></dsp:Role></SignatureProperty><SignatureProperty Id="identifier" Target="#DistributorSignature"><dsp:Identifier></dsp:Identifier></SignatureProperty></SignatureProperties></Object>
+</Signature>
\ No newline at end of file
--- /dev/null
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="AuthorSignature">
+<SignedInfo>
+<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
+<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod>
+<Reference URI="config.xml">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue>
+</Reference>
+<Reference URI="index.html">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue>
+</Reference>
+<Reference URI="#prop">
+<Transforms>
+<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></Transform>
+</Transforms>
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>lpo8tUDs054eLlBQXiDPVDVKfw30ZZdtkRs1jd7H5K8=</DigestValue>
+</Reference>
+</SignedInfo>
+<SignatureValue>
+MU+UfS+N71d+7Q0Bn9TWijjOheSKGQ+uM+//1BAafMwdY/Tq3gCr3nIU7qnojzx3fPWCCmWbz2pV
+PGsgZW+cJGCiVkqfBs8TGkY7CeyGadxrE7vNA3geTx/3Ea8pTngqJ8NKvnzcZ4Lerrnp6gJkrvuF
+EhSOqLgZMCtRdPA9sqA=
+</SignatureValue>
+<KeyInfo>
+<X509Data>
+<X509Certificate>
+MIICUjCCAbugAwIBAgIGATyD2GRvMA0GCSqGSIb3DQEBBQUAMIGEMQswCQYDVQQGEwJLUjEOMAwG
+A1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSAwHgYD
+VQQLDBdUaXplbiBEZXZlbG9wZXIgVGVzdCBDQTEbMBkGA1UEAwwSVGl6ZW4gRGV2ZWxvcGVyIENB
+MB4XDTEzMDEyOTAxMDc0MloXDTQwMDYxNjAxMDc0MVowVDELMAkGA1UEBhMCS1IxCzAJBgNVBAcM
+AmtyMQswCQYDVQQKDAJrcjELMAkGA1UECwwCa3IxETAPBgkqhkiG9w0BCQEWAmtyMQswCQYDVQQD
+DAJrcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAioxXX5wJwnu5Ucv4eMZvlKg0EdOWUtxT
+zFpaRDvNfFfpyuacQzL5V2u4hg5FL6ldNDHJC0U+am60bVcmHxZ9YjGQrp6We7SW1jolC9lM9Dq5
+HIhpjCAbC8GHYHVlxX9vfJMgrqH/WF5P/7LHYpMZ/WoR4CBs2qfSdzOJOejaZSMCAwEAATANBgkq
+hkiG9w0BAQUFAAOBgQDE8Wk+sSeXMfXtoWCetaRBCCkyTTMJJhTnw2wY4CMIDQfWlz0mDnjmDyc9
+SZzMuut3xwuaG5IVNjKb5kqGRoHm5Mweiv9/Unh3thtPNn3gdLr85u4SHOD7yX9fMM5C+4UCbN/i
+okHIvOzFxNo+w6RqoiYuZTN1MLj95HPXx6zijg==
+</X509Certificate>
+<X509Certificate>
+MIICpzCCAhCgAwIBAgIJAKzDjmEF+1OXMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSUw
+IwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQDDBxUaXplbiBUZXN0
+IERldmVsb3BlciBSb290IENBMB4XDTEyMTAyOTEzMDEyMloXDTIyMTAyNzEzMDEyMlowgYQxCzAJ
+BgNVBAYTAktSMQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVu
+IFRlc3QgQ0ExIDAeBgNVBAsMF1RpemVuIERldmVsb3BlciBUZXN0IENBMRswGQYDVQQDDBJUaXpl
+biBEZXZlbG9wZXIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMyG0DSTHBgalQo1seDK
+xpCU61gji+QQlxQkPQOvBrmuF6Z90zFCprTtg2sRjTLCNoRd75+VCCHuKGcrD27t7hwAekusPrpz
+dsq5QoBMvNjGDM22lC45PJ4d86DEDY4erxeJ5aSQxqbfXK4pKe9NwxdkKuA8dTYZM1UcmhXs7YAL
+AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACbr/OPNMJ+Ejrxfm/YjC
+iRPpjJLnwXS2IDtitbxot6bEdZkZvOFXOC0Ca4GT+jtvOcSlU7tM3Mdd1MrKe1kkoVd1vhCV8V4C
+K3/DPj8aN3rxfMfQitA6XMDcxzhsyMWz56OdifX50dvS/G/ad+kGhNhOOEKSE8zUyEDCGwqkfXk=
+</X509Certificate>
+</X509Data>
+</KeyInfo>
+<Object Id="prop"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"><SignatureProperty Id="profile" Target="#AuthorSignature"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"></dsp:Profile></SignatureProperty><SignatureProperty Id="role" Target="#AuthorSignature"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-author"></dsp:Role></SignatureProperty><SignatureProperty Id="identifier" Target="#AuthorSignature"><dsp:Identifier></dsp:Identifier></SignatureProperty></SignatureProperties></Object>
+</Signature>
\ No newline at end of file
--- /dev/null
+<widget xmlns="http://www.w3.org/ns/widgets" id="Test Widget">
+ <name shortname="ShortName">Widget Name OK</name>
+ <version>1.2.3.4</version>
+ <description>A short description of widget</description>
+ <author>Author Name</author>
+</widget>
--- /dev/null
+<!doctype html>
+<title>Not tested</title>
+<body style="background-color:#666">
+<h1>None</h1>
--- /dev/null
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="DistributorSignature">
+<SignedInfo>
+<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
+<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod>
+<Reference URI="author-signature.xml">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>Sg4UB6RV0ABPmFxAQm5oTXV1FPim17Z8akk9BUOMlSQ=</DigestValue>
+</Reference>
+<Reference URI="config.xml">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue>
+</Reference>
+<Reference URI="index.html">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue>
+</Reference>
+<Reference URI="#prop">
+<Transforms>
+<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></Transform>
+</Transforms>
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>u/jU3U4Zm5ihTMSjKGlGYbWzDfRkGphPPHx3gJIYEJ4=</DigestValue>
+</Reference>
+</SignedInfo>
+<SignatureValue>
+nXPBByFXKh6LFF6E6DlA+iUFD96YRPN/F9KTBVEYWoTu3y3GARohZFCziM1miCEaHtRf8nXpLx/L
+imFvcvCvA06FGQKk9fegRjv1nz/8nfwsdqBItg0YVrezDPCoCaH7NCEqppQf3OU5Sb1hwzJ57d1V
+LYfuzdxIfEJ+oWArHHY=
+</SignatureValue>
+<KeyInfo>
+<X509Data>
+<X509Certificate>
+MIICrzCCAhgCCQCCu8SOQgWE6TANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCS1IxDjAMBgNV
+BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE
+CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEuMCwGA1UEAwwlVGl6ZW4gUGFydG5lci1PcGVy
+YXRvciBEaXN0cmlidXRvciBDQTAeFw0xMjEyMTMwNTQwMTNaFw0yMjEyMTEwNTQwMTNaMIGdMQsw
+CQYDVQQGEwJLUjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXpl
+biBUZXN0IENBMSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMTIwMAYDVQQDDClU
+aXplbiBQYXJ0bmVyLU9wZXJhdG9yIERpc3RyaWJ1dG9yIFNpZ25lcjCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAt9tUhiRCLP5dXe18Z60Qvql1DMa7wVuTDWmhOEifg2dIhV88jwG41Gdv4K6T
+Jqx2/AQpiI+QHOFfQ/5vyuivn9VnZyXL9gw+wpdTGbDOLhPqQFYjaLBzNVT/9XnBMare6eDlgMHr
+GJ133oxXrF/4CIkb/1LPMIPJ4lOgXg1mnskCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBhXNDMjNiI
+HXOg0SjNUPECLAMUf2fV5H9u1AMzU5vqNnTG+fPQ9ag8YKbb1uhHR1/kpcbT6+koT16Szagn+Brn
+4AIgO8dLfDV80wRHmcbwhcGqsxDJfIEc7/QdBBfKquyAGJxObcGohn+0lw1+bMLtqGDG54f7sEDB
+CNOHxu5Kdg==
+</X509Certificate>
+<X509Certificate>
+MIICrzCCAhgCCQCCu8SOQgWE6TANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCS1IxDjAMBgNV
+BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE
+CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEuMCwGA1UEAwwlVGl6ZW4gUGFydG5lci1PcGVy
+YXRvciBEaXN0cmlidXRvciBDQTAeFw0xMjEyMTMwNTQwMTNaFw0yMjEyMTEwNTQwMTNaMIGdMQsw
+CQYDVQQGEwJLUjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXpl
+biBUZXN0IENBMSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMTIwMAYDVQQDDClU
+aXplbiBQYXJ0bmVyLU9wZXJhdG9yIERpc3RyaWJ1dG9yIFNpZ25lcjCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAt9tUhiRCLP5dXe18Z60Qvql1DMa7wVuTDWmhOEifg2dIhV88jwG41Gdv4K6T
+Jqx2/AQpiI+QHOFfQ/5vyuivn9VnZyXL9gw+wpdTGbDOLhPqQFYjaLBzNVT/9XnBMare6eDlgMHr
+GJ133oxXrF/4CIkb/1LPMIPJ4lOgXg1mnskCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBhXNDMjNiI
+HXOg0SjNUPECLAMUf2fV5H9u1AMzU5vqNnTG+fPQ9ag8YKbb1uhHR1/kpcbT6+koT16Szagn+Brn
+4AIgO8dLfDV80wRHmcbwhcGqsxDJfIEc7/QdBBfKquyAGJxObcGohn+0lw1+bMLtqGDG54f7sEDB
+CNOHxu5Kdg==
+</X509Certificate>
+<X509Certificate>
+MIICxzCCAjCgAwIBAgIJAJM6tpnKoa7wMA0GCSqGSIb3DQEBBQUAMIGeMQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSIw
+IAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMTMwMQYDVQQDDCpUaXplbiBQYXJ0bmVy
+LU9wZXJhdG9yIERpc3RyaWJ1dG9yIFJvb3QgQ0EwHhcNMTIxMjEzMDU0MDA1WhcNMjIxMjExMDU0
+MDA1WjCBmTELMAkGA1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQG
+A1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEu
+MCwGA1UEAwwlVGl6ZW4gUGFydG5lci1PcGVyYXRvciBEaXN0cmlidXRvciBDQTCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEA1QpPynBI3UuTQCUV/J4qemq42WTG6NnjXFyxQtWsUdPqZ77ds/Ob
+HIPSwl0Tqg3owmzzBpStfdaF1liokxIRekWu6nO1tC20GOTYtw6YUzgxROXqzyDO8Q1Pzz/ey9Lq
+dsaF3rjeesYsWaxLr14jCMsZU021gtFRzf+oLny3oSsCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zAN
+BgkqhkiG9w0BAQUFAAOBgQB3qhuwFayfppLL/uhQdYFZTK7kitfmSyPJC/cP3va4gIZn8R4tgaTR
+hr2IbczucwKMsu0jorxO6X5iedBOWaWtNBfw1XFZf9bln3kULfwVx9jWvghJzV17yFQu7tuSG0+p
+8hfUv8fG4lcP/AYzIKqdGASz/XT6I2LYiavdP4/pFQ==
+</X509Certificate>
+</X509Data>
+</KeyInfo>
+<Object Id="prop"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"><SignatureProperty Id="profile" Target="#DistributorSignature"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"></dsp:Profile></SignatureProperty><SignatureProperty Id="role" Target="#DistributorSignature"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"></dsp:Role></SignatureProperty><SignatureProperty Id="identifier" Target="#DistributorSignature"><dsp:Identifier></dsp:Identifier></SignatureProperty></SignatureProperties></Object>
+</Signature>
\ No newline at end of file
* @brief This file is the implementation file of main
*/
#include <dpl/test/test_runner.h>
+
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+#include <dpl/db/orm.h>
+#endif
+
#include <vcore/VCore.h>
-#include <libsoup/soup.h> // includes headers with g_type_init
+#include <glib-object.h>
int main (int argc, char *argv[])
{
- g_type_init();
-// g_thread_init(NULL);
- ValidationCore::VCoreInit(
- "/usr/share/wrt-engine/fingerprint_list.xml",
- "/usr/share/wrt-engine/fingerprint_list.xsd",
- "/opt/dbspace/.vcore.db");
- ValidationCore::AttachToThreadRW();
- int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
- ValidationCore::DetachFromThread();
- ValidationCore::VCoreDeinit();
+ int status = -1;
+
+ g_type_init();
+// g_thread_init(NULL);
+ ValidationCore::VCoreInit(
+ "/usr/share/wrt-engine/fingerprint_list.xml",
+ "/usr/share/wrt-engine/fingerprint_list.xsd",
+ "/opt/dbspace/.cert_svc_vcore.db");
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ Try
+ {
+#endif
+ ValidationCore::AttachToThreadRW();
+ status = VcoreDPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+ ValidationCore::DetachFromThread();
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ }
+ Catch(VcoreDPL::ThreadLocalVariable<VcoreDPL::DB::SqlConnection*>::Exception::NullReference)
+ {
+ status = -1;
+ }catch(...)
+ {
+ return 0;
+ }
+#endif
+ ValidationCore::VCoreDeinit();
- return status;
+ return status;
}
#DB vcore
-PKG_CHECK_MODULES(VCORE_DB_DEP
- dpl-efl
- REQUIRED)
+IF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
ADD_CUSTOM_COMMAND(
OUTPUT ${CMAKE_BINARY_DIR}/vcore/src/database_checksum_vcore.h
COMMENT "Generating VCORE database checksum"
)
-STRING(REPLACE ";" ":" DEPENDENCIES "${VCORE_DB_DEP_INCLUDE_DIRS}")
-
ADD_CUSTOM_COMMAND( OUTPUT .cert_svc_vcore.db
COMMAND rm -f ${CMAKE_CURRENT_BINARY_DIR}/.cert_svc_vcore.db
- COMMAND CPATH=${DEPENDENCIES} gcc -Wall -include ${CMAKE_BINARY_DIR}/vcore/src/database_checksum_vcore.h -I${PROJECT_SOURCE_DIR}/vcore/src/orm -E ${PROJECT_SOURCE_DIR}/vcore/src/orm/vcore_db_sql_generator.h | grep --invert-match "^#" > ${CMAKE_CURRENT_BINARY_DIR}/cert_svc_vcore_db.sql
+ COMMAND CPATH=${DEPENDENCIES} gcc -Wall -include ${CMAKE_BINARY_DIR}/vcore/src/database_checksum_vcore.h -I${PROJECT_SOURCE_DIR}/vcore/src/orm -I${PROJECT_SOURCE_DIR}/vcore/src/dpl/db/include -E ${PROJECT_SOURCE_DIR}/vcore/src/orm/vcore_db_sql_generator.h | grep --invert-match "^#" > ${CMAKE_CURRENT_BINARY_DIR}/cert_svc_vcore_db.sql
COMMAND sqlite3 ${CMAKE_CURRENT_BINARY_DIR}/.cert_svc_vcore.db ".read ${CMAKE_CURRENT_BINARY_DIR}/cert_svc_vcore_db.sql" || rm -f ${CMAKE_CURRENT_BINARY_DIR}/.cert_svc_vcore.db
DEPENDS ${CMAKE_BINARY_DIR}/vcore/src/database_checksum_vcore.h ${PROJECT_SOURCE_DIR}/vcore/src/orm/vcore_db_sql_generator.h ${PROJECT_SOURCE_DIR}/vcore/src/orm/vcore_db
)
INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/cert_svc_vcore_db.sql
DESTINATION /usr/share/cert-svc/
)
+ENDIF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
ADD_SUBDIRECTORY(src)
-# == customized for cert-svc build script ==
-SET(API_VERSION ${VERSION_MAJOR})
-# ==========================================
-
INCLUDE(FindPkgConfig)
+IF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
PKG_CHECK_MODULES(VCORE_DEPS
- dpl-efl
- dpl-db-efl
- ecore
- appcore-efl
+ REQUIRED
+ glib-2.0
libxml-2.0
+ libpcrecpp
+ openssl
+ xmlsec1
+ secure-storage
+ dlog
+ icu-uc
libsoup-2.4
- libpcre
+
+ sqlite3
+ vconf
+ )
+ELSE(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+PKG_CHECK_MODULES(VCORE_DEPS
+ REQUIRED
+ glib-2.0
+ libxml-2.0
libpcrecpp
openssl
xmlsec1
secure-storage
- REQUIRED)
+ dlog
+ icu-uc
+ libsoup-2.4
+ )
+ENDIF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+
+ADD_DEFINITIONS(${VCORE_DEPS_CFLAGS})
+ADD_DEFINITIONS(${VCORE_DEPS_CFLAGS_OTHER})
+ADD_DEFINITIONS("-DSEPARATED_SINGLETON_IMPLEMENTATION")
+
+SET(LIBCRYPTSVC_DIR
+ ${PROJECT_SOURCE_DIR}/vcore
+ )
SET(VCORE_DIR
${PROJECT_SOURCE_DIR}/vcore
${VCORE_DIR}/src/vcore
)
+########### DPL SOURCES ##########
+SET(VCORE_DPL_DIR
+ ${VCORE_DIR}/src/dpl
+ )
+SET(VCORE_DPL_CORE_SRC_DIR
+ ${VCORE_DPL_DIR}/core/src
+ )
+SET(VCORE_DPL_CORE_SOURCES
+ ${VCORE_DPL_CORE_SRC_DIR}/assert.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/binary_queue.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/char_traits.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/colors.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/errno_string.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/exception.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/file_input.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/mutex.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/noncopyable.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/singleton.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/string.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/type_list.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/thread.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/waitable_event.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/waitable_handle.cpp
+ ${VCORE_DPL_CORE_SRC_DIR}/waitable_handle_watch_support.cpp
+ )
+
+SET(VCORE_DPL_DB_SRC_DIR
+ ${VCORE_DPL_DIR}/db/src
+ )
+SET(VCORE_DPL_DB_SOURCES
+ ${VCORE_DPL_DB_SRC_DIR}/naive_synchronization_object.cpp
+ ${VCORE_DPL_DB_SRC_DIR}/orm.cpp
+ ${VCORE_DPL_DB_SRC_DIR}/sql_connection.cpp
+ ${VCORE_DPL_DB_SRC_DIR}/thread_database_support.cpp
+ )
+
+SET(VCORE_DPL_LOG_SRC_DIR
+ ${VCORE_DPL_DIR}/log/src
+ )
+SET(VCORE_DPL_LOG_SOURCES
+ ${VCORE_DPL_LOG_SRC_DIR}/abstract_log_provider.cpp
+ ${VCORE_DPL_LOG_SRC_DIR}/dlog_log_provider.cpp
+ ${VCORE_DPL_LOG_SRC_DIR}/log.cpp
+ ${VCORE_DPL_LOG_SRC_DIR}/old_style_log_provider.cpp
+ )
+########### DPL SOURCES ##########
+
+
+########### VCORE SOURCES ########
SET(VCORE_SOURCES
${VCORE_SRC_DIR}/api.cpp
${VCORE_SRC_DIR}/Base64.cpp
- ${VCORE_SRC_DIR}/CachedCRL.cpp
- ${VCORE_SRC_DIR}/CachedOCSP.cpp
${VCORE_SRC_DIR}/Certificate.cpp
- ${VCORE_SRC_DIR}/CertificateCacheDAO.cpp
${VCORE_SRC_DIR}/CertificateCollection.cpp
${VCORE_SRC_DIR}/CertificateConfigReader.cpp
${VCORE_SRC_DIR}/CertificateLoader.cpp
- ${VCORE_SRC_DIR}/CertificateVerifier.cpp
+ ${VCORE_SRC_DIR}/CertStoreType.cpp
${VCORE_SRC_DIR}/Config.cpp
- ${VCORE_SRC_DIR}/CRL.cpp
- ${VCORE_SRC_DIR}/CRLCacheDAO.cpp
- ${VCORE_SRC_DIR}/Database.cpp
- ${VCORE_SRC_DIR}/DeveloperModeValidator.cpp
- ${VCORE_SRC_DIR}/OCSP.cpp
+ ${VCORE_SRC_DIR}/CryptoHash.cpp
${VCORE_SRC_DIR}/OCSPCertMgrUtil.cpp
- ${VCORE_SRC_DIR}/OCSPUtil.c
${VCORE_SRC_DIR}/ReferenceValidator.cpp
${VCORE_SRC_DIR}/RevocationCheckerBase.cpp
${VCORE_SRC_DIR}/SaxReader.cpp
+ ${VCORE_SRC_DIR}/SignatureData.cpp
${VCORE_SRC_DIR}/SignatureFinder.cpp
${VCORE_SRC_DIR}/SignatureReader.cpp
- ${VCORE_SRC_DIR}/SignatureValidator.cpp
- ${VCORE_SRC_DIR}/SoupMessageSendBase.cpp
- ${VCORE_SRC_DIR}/SoupMessageSendSync.cpp
- ${VCORE_SRC_DIR}/SoupMessageSendAsync.cpp
+ ${VCORE_SRC_DIR}/TimeConversion.cpp
${VCORE_SRC_DIR}/VerificationStatus.cpp
${VCORE_SRC_DIR}/ValidatorFactories.cpp
${VCORE_SRC_DIR}/VCore.cpp
+ ${VCORE_SRC_DIR}/WrtSignatureValidator.cpp
+ ${VCORE_SRC_DIR}/SignatureValidator.cpp
${VCORE_SRC_DIR}/XmlsecAdapter.cpp
${VCORE_SRC_DIR}/pkcs12.c
+ ${VCORE_SRC_DIR}/exception.cpp
+ )
+
+SET(VCORE_OCSP_CRL_SOURCES
+# ${VCORE_SRC_DIR}/DUID.cpp
+ ${VCORE_SRC_DIR}/CachedCRL.cpp
+ ${VCORE_SRC_DIR}/CachedOCSP.cpp
+ ${VCORE_SRC_DIR}/CertificateCacheDAO.cpp
+ ${VCORE_SRC_DIR}/CertificateVerifier.cpp
+ ${VCORE_SRC_DIR}/CRL.cpp
+ ${VCORE_SRC_DIR}/CRLImpl.cpp
+ ${VCORE_SRC_DIR}/CRLCacheDAO.cpp
+ ${VCORE_SRC_DIR}/Database.cpp
+ ${VCORE_SRC_DIR}/OCSP.cpp
+ ${VCORE_SRC_DIR}/OCSPImpl.cpp
+ ${VCORE_SRC_DIR}/SoupMessageSendBase.cpp
+ ${VCORE_SRC_DIR}/SoupMessageSendSync.cpp
+ ${VCORE_SRC_DIR}/OCSPUtil.c
)
SET(VCORE_INCLUDES
${VCORE_DEPS_INCLUDE_DIRS}
${VCORE_SRC_DIR}
${VCORE_DIR}/src
- ${VCORE_DIR}/src/orm
${VCORE_DIR}/src/legacy
- ${CMAKE_BINARY_DIR}/vcore/src
)
-ADD_DEFINITIONS(${VCORE_DEPS_CFLAGS})
-ADD_DEFINITIONS(${VCORE_DEPS_CFLAGS_OTHER})
-ADD_DEFINITIONS("-DSEPARATED_SINGLETON_IMPLEMENTATION")
-ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
+SET(VCORE_INCLUDES_OCSP_CRL
+ ${VCORE_DIR}/src/orm
+ )
+########### VCORE SOURCES ########
-INCLUDE_DIRECTORIES(${VCORE_INCLUDES})
-# cert-svc headers
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/include)
+IF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+SET(VCORE_ALL_SOURCES
+ ${VCORE_SOURCES}
+ ${VCORE_DPL_CORE_SOURCES}
+ ${VCORE_DPL_DB_SOURCES}
+ ${VCORE_DPL_LOG_SOURCES}
+ ${VCORE_OCSP_CRL_SOURCES}
+ )
+SET(VCORE_ALL_INCLUDES
+ ${PROJECT_SOURCE_DIR}/include
+ ${VCORE_INCLUDES}
+ ${VCORE_DPL_DIR}/core/include
+ ${VCORE_DPL_DIR}/db/include
+ ${VCORE_DPL_DIR}/log/include
+ ${VCORE_INCLUDES_OCSP_CRL}
+ )
+ELSE(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+SET(VCORE_ALL_SOURCES
+ ${VCORE_SOURCES}
+ ${VCORE_DPL_CORE_SOURCES}
+ ${VCORE_DPL_LOG_SOURCES}
+ )
+SET(VCORE_ALL_INCLUDES
+ ${PROJECT_SOURCE_DIR}/include
+ ${VCORE_INCLUDES}
+ ${VCORE_DPL_DIR}/core/include
+ ${VCORE_DPL_DIR}/log/include
+ )
+ENDIF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+
+INCLUDE_DIRECTORIES(${VCORE_ALL_INCLUDES})
+
+ADD_LIBRARY(${TARGET_VCORE_LIB} SHARED ${VCORE_ALL_SOURCES})
-ADD_LIBRARY(${TARGET_VCORE_LIB} SHARED ${VCORE_SOURCES})
SET_TARGET_PROPERTIES(${TARGET_VCORE_LIB} PROPERTIES
- SOVERSION ${API_VERSION}
+ SOVERSION ${SO_VERSION}
VERSION ${VERSION})
+IF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
ADD_DEPENDENCIES(${TARGET_VCORE_LIB} Sqlite3DbWTF)
-
-SET_TARGET_PROPERTIES(${TARGET_VCORE_LIB} PROPERTIES
- COMPILE_FLAGS -fPIC)
+ENDIF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
TARGET_LINK_LIBRARIES(${TARGET_VCORE_LIB}
${VCORE_DEPS_LIBRARIES}
- cert-svc
- )
+ ${TARGET_CERT_SVC_LIB}
+ )
INSTALL(TARGETS ${TARGET_VCORE_LIB}
- DESTINATION /usr/lib
- PERMISSIONS OWNER_READ GROUP_READ WORLD_READ
+ DESTINATION ${LIBDIR}
)
INSTALL(FILES
- ${VCORE_SRC_DIR}/Base64.h
- ${VCORE_SRC_DIR}/CachedCRL.h
- ${VCORE_SRC_DIR}/CachedOCSP.h
- ${VCORE_SRC_DIR}/Certificate.h
- ${VCORE_SRC_DIR}/CertificateCacheDAO.h
+ ${VCORE_SRC_DIR}/VCore.h
+ ${VCORE_SRC_DIR}/WrtSignatureValidator.h
+ ${VCORE_SRC_DIR}/SignatureValidator.h
+ ${VCORE_SRC_DIR}/SignatureFinder.h
+ ${VCORE_SRC_DIR}/SignatureReader.h
${VCORE_SRC_DIR}/CertificateCollection.h
- ${VCORE_SRC_DIR}/CertificateConfigReader.h
- ${VCORE_SRC_DIR}/CertificateLoader.h
- ${VCORE_SRC_DIR}/CertificateStorage.h
- ${VCORE_SRC_DIR}/CertificateVerifier.h
- ${VCORE_SRC_DIR}/CertStoreType.h
- ${VCORE_SRC_DIR}/Config.h
- ${VCORE_SRC_DIR}/CRL.h
- ${VCORE_SRC_DIR}/Database.h
- ${VCORE_SRC_DIR}/DeveloperModeValidator.h
- ${VCORE_SRC_DIR}/IAbstractResponseCache.h
- ${VCORE_SRC_DIR}/OCSP.h
- ${VCORE_SRC_DIR}/OCSPCertMgrUtil.h
+ ${VCORE_SRC_DIR}/CryptoHash.h
+
${VCORE_SRC_DIR}/ParserSchema.h
- ${VCORE_SRC_DIR}/ReferenceValidator.h
- ${VCORE_SRC_DIR}/RevocationCheckerBase.h
${VCORE_SRC_DIR}/SaxReader.h
- ${VCORE_SRC_DIR}/scoped_gpointer.h
+
+ ${VCORE_SRC_DIR}/Certificate.h
${VCORE_SRC_DIR}/SignatureData.h
- ${VCORE_SRC_DIR}/SignatureFinder.h
- ${VCORE_SRC_DIR}/SignatureReader.h
- ${VCORE_SRC_DIR}/SignatureValidator.h
- ${VCORE_SRC_DIR}/SoupMessageSendBase.h
- ${VCORE_SRC_DIR}/SoupMessageSendSync.h
- ${VCORE_SRC_DIR}/SoupMessageSendAsync.h
- ${VCORE_SRC_DIR}/SSLContainers.h
- ${VCORE_SRC_DIR}/VerificationStatus.h
- ${VCORE_SRC_DIR}/ValidatorCommon.h
- ${VCORE_SRC_DIR}/ValidatorFactories.h
- ${VCORE_SRC_DIR}/VCore.h
- ${VCORE_SRC_DIR}/XmlsecAdapter.h
- DESTINATION /usr/include/cert-svc/vcore
- PERMISSIONS OWNER_READ GROUP_READ WORLD_READ
+ ${VCORE_SRC_DIR}/CertStoreType.h
+ ${VCORE_SRC_DIR}/exception.h
+ DESTINATION ${INCLUDEDIR}/cert-svc/vcore
)
INSTALL(FILES
${VCORE_DIR}/src/cert-svc/ccert.h
- ${VCORE_DIR}/src/cert-svc/ccrl.h
${VCORE_DIR}/src/cert-svc/cinstance.h
${VCORE_DIR}/src/cert-svc/cerror.h
- ${VCORE_DIR}/src/cert-svc/cocsp.h
${VCORE_DIR}/src/cert-svc/cpkcs12.h
${VCORE_DIR}/src/cert-svc/cprimitives.h
${VCORE_DIR}/src/cert-svc/cstring.h
- DESTINATION /usr/include/cert-svc/cert-svc
- PERMISSIONS OWNER_READ GROUP_READ WORLD_READ
+ DESTINATION ${INCLUDEDIR}/cert-svc/cert-svc
+ )
+
+IF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
+INSTALL(FILES
+ ${VCORE_SRC_DIR}/IAbstractResponseCache.h
+ ${VCORE_SRC_DIR}/VerificationStatus.h
+ ${VCORE_SRC_DIR}/CachedCRL.h
+ ${VCORE_SRC_DIR}/CachedOCSP.h
+ ${VCORE_SRC_DIR}/CRL.h
+ ${VCORE_SRC_DIR}/CRLCacheInterface.h
+ ${VCORE_SRC_DIR}/OCSP.h
+ ${VCORE_SRC_DIR}/OCSPCertMgrUtil.h
+ DESTINATION ${INCLUDEDIR}/cert-svc/vcore
+ )
+
+INSTALL(FILES
+ ${VCORE_DIR}/src/cert-svc/ccrl.h
+ ${VCORE_DIR}/src/cert-svc/cocsp.h
+ DESTINATION ${INCLUDEDIR}/cert-svc/cert-svc
)
+ENDIF(DEFINED TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL)
#FILE(MAKE_DIRECTORY /opt/share/cert-svc/pkcs12)
CERTSVC_SUBJECT_STATE_NAME,
CERTSVC_SUBJECT_ORGANIZATION_NAME,
CERTSVC_SUBJECT_ORGANIZATION_UNIT_NAME,
+ CERTSVC_SUBJECT_EMAIL_ADDRESS,
CERTSVC_ISSUER,
CERTSVC_ISSUER_COMMON_NAME,
CERTSVC_ISSUER_COUNTRY_NAME,
CERTSVC_SIGNATURE_ALGORITHM
} CertSvcCertificateField;
+typedef enum CertSvcVisibility_t {
+ CERTSVC_VISIBILITY_DEVELOPER = 1,
+ CERTSVC_VISIBILITY_TEST = 1 << 1,
+ CERTSVC_VISIBILITY_PUBLIC = 1 << 6,
+ CERTSVC_VISIBILITY_PARTNER = 1 << 7,
+ CERTSVC_VISIBILITY_PARTNER_OPERATOR = 1 << 8,
+ CERTSVC_VISIBILITY_PARTNER_MANUFACTURER = 1 << 9,
+ CERTSVC_VISIBILITY_PLATFORM = 1 << 10
+} CertSvcVisibility;
+
/**
* Read certificate from file. Certificate must be in PEM/CER/DER format.
*
* }
* certsvc_string_list_free(handler); // optional
*/
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
int certsvc_certificate_get_crl_distribution_points(CertSvcCertificate certificate,
CertSvcStringList *handler);
+#endif
/**
* Sort certificates chain. This fuction modifies certificate_array.
int untrustedSize,
int *status);
+/**
+ * This function will create full chain and verify in.
+ * And this function checks the CA Flag strictly.
+ *
+ * First argument of function will be treatet as endentity certificate.
+ *
+ * This function will success if root CA certificate is stored in
+ * trusted array.
+ *
+ * @param[in] certificate Certificate to verify.
+ * @param[in] trusted Array with trusted certificates.
+ * @param[in] trustedSize Number of trusted certificates in array.
+ * @param[in] untrusted Array with untrusted certificates.
+ * @param[in] untrustedSize Number of untrusted certificate in array.
+ * @param[out] status Will be set only if function return CERTSVC_SUCCESS.
+ * It could be set to: CERTSVC_SUCCESS, CERTSVC_FAIL
+ * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
+ */
+int certsvc_certificate_verify_with_caflag(
+ CertSvcCertificate certificate,
+ CertSvcCertificate *trusted,
+ int trustedSize,
+ CertSvcCertificate *untrusted,
+ int untrustedSize,
+ int *status);
+
+/**
+ * This function returns visibility of input certificate.
+ *
+ * @param[in] The root certificate to check visibility.
+ * @param[out] Visibility level
+ * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR
+ *
+ */
+int certsvc_certificate_get_visibility(CertSvcCertificate certificate, int* visibility);
+
#ifdef __cplusplus
}
#endif
#define CERTSVC_OCSP_UNKNOWN (1<<2)
#define CERTSVC_OCSP_VERIFICATION_ERROR (1<<3)
#define CERTSVC_OCSP_NO_SUPPORT (1<<4)
-#define CERTSVC_OCSP_ERROR (1<<5)
-
+#define CERTSVC_OCSP_CONNECTION_FAILED (1<<5)
+#define CERTSVC_OCSP_ERROR (1<<6)
/**
* Implementation of ocsp call.
*
* @param[in] instance CertSvcInstance object.
* @param[in] prfIdString Container bundle identifier.
* @param[out] buffer Poiner to newly-allocated memory with private key data.
- * @param[out] size Size of the newly-allocated buffer.
+ * @param[out] size Size of the newly-allocated buffer. Zero means there is no key.
* @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT
*/
int certsvc_pkcs12_private_key_dup(CertSvcInstance instance,
CertSvcString alias,
char **buffer,
- int *size);
+ size_t *size);
/**
* Couter-routine for certsvc_pkcs12_private_key_dup.
#ifndef _CERTSVC_C_API_EXTENDED_H_
#define _CERTSVC_C_API_EXTENDED_H_
+#include <openssl/evp.h>
#include <openssl/x509.h>
#include <cert-svc/ccert.h>
+#include <cert-svc/cstring.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
- * This will return X509 struct(openssl base struct). This struct must be release by function
+ * This will return pointer to X509 base openssl struct. This struct must be release by function
* certsvc_certificate_free_x509.
*
* vcore_instance_free or vcore_instance_reset will not free memory allocated by this function!
*
* @param[in] certificate Pointer to certificate.
* @param[out] cert Duplicate of certificate.
- * @return X509 CERTSVC_SUCCESS, CERTSVC_WRONG_ARGUMENT, CERTSVC_FAIL
+ * @return CERTSVC_SUCCESS, CERTSVC_WRONG_ARGUMENT, CERTSVC_FAIL
*/
int certsvc_certificate_dup_x509(CertSvcCertificate certificate, X509** cert);
*/
void certsvc_certificate_free_x509(X509 *x509_copy);
+/**
+ * This will return pointer to EVP_PKEY base openssl struct. This struct must
+ * be release with function certsvc_pkcs12_free_evp_pkey
+ *
+ * @param[in] instance
+ * @param[in] alias Pkcs12 identificator.
+ * @param[out] pkey Duplicate of private key.
+ * @return CERTSVC_SUCCESS, CERT_FAIL
+ */
+
+int certsvc_pkcs12_dup_evp_pkey(CertSvcInstance instance,
+ CertSvcString alias,
+ EVP_PKEY** pkey);
+
+void certsvc_pkcs12_free_evp_pkey(EVP_PKEY* pkey);
+
#ifdef __cplusplus
}
#endif
} CertSvcStringList;
typedef struct CertSvcString_t {
+ /*
+ * You are not allowed to use private fields of this structure. It is internal
+ * implementation of strings and it may change at any time without notice!
+ * To extract data use certsvc_string_to_cstring function!
+ */
char* privateHandler;
int privateLength;
CertSvcInstance privateInstance;
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file abstract_input.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of abstract input
+ */
+#ifndef DPL_ABSTRACT_INPUT_H
+#define DPL_ABSTRACT_INPUT_H
+
+#include <dpl/exception.h>
+#include <memory>
+
+namespace VcoreDPL {
+class BinaryQueue;
+typedef std::auto_ptr<BinaryQueue> BinaryQueueAutoPtr;
+
+class AbstractInput
+{
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, ReadFailed)
+ };
+
+ public:
+ virtual ~AbstractInput() {}
+
+ /**
+ * Read binary data from input
+ * If no data is available method returns NULL buffer.
+ * In case connection was successfuly close, method returns empty buffer
+ *
+ * @param[in] size Maximum number of bytes to read from input
+ * @return Buffer containing read bytes
+ * @throw ReadFailed
+ */
+ virtual BinaryQueueAutoPtr Read(size_t size) = 0;
+};
+} // namespace VcoreDPL
+
+#endif // DPL_ABSTRACT_INPUT_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file abstract_output.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of abstract output
+ */
+#ifndef DPL_ABSTRACT_INPUT_OUTPUT_H
+#define DPL_ABSTRACT_INPUT_OUTPUT_H
+
+#include <dpl/abstract_input.h>
+#include <dpl/abstract_output.h>
+
+namespace VcoreDPL {
+class AbstractInputOutput :
+ public AbstractInput,
+ public AbstractOutput
+{
+ public:
+ virtual ~AbstractInputOutput() {}
+};
+} // namespace VcoreDPL
+
+#endif // DPL_ABSTRACT_INPUT_OUTPUT_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file abstract_output.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of abstract output
+ */
+#ifndef DPL_ABSTRACT_OUTPUT_H
+#define DPL_ABSTRACT_OUTPUT_H
+
+#include <dpl/exception.h>
+#include <memory>
+
+namespace VcoreDPL {
+class BinaryQueue;
+typedef std::auto_ptr<BinaryQueue> BinaryQueueAutoPtr;
+
+class AbstractOutput
+{
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, WriteFailed)
+ };
+
+ public:
+ virtual ~AbstractOutput() {}
+
+ /**
+ * Write binary data to output
+ * If output is blocked, Write returns zero, if instance is a type of
+ * WaitableAbstractOutput one can wait for writability then
+ *
+ * @param[in] buffer Input buffer with data to be written
+ * @param[in] bufferSize Maximum number of bytes to write from buffer
+ * @return Number of bytes success successfuly written or zero if output is
+ * blocked
+ * @throw WriteFailed
+ */
+ virtual size_t Write(const BinaryQueue &buffer, size_t bufferSize) = 0;
+};
+} // namespace VcoreDPL
+
+#endif // DPL_ABSTRACT_OUTPUT_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file abstract_waitable_input.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of abstract waitable input
+ */
+#ifndef DPL_ABSTRACT_WAITABLE_INPUT_H
+#define DPL_ABSTRACT_WAITABLE_INPUT_H
+
+#include <dpl/waitable_handle.h>
+#include <dpl/abstract_input.h>
+
+namespace VcoreDPL {
+class AbstractWaitableInput :
+ public AbstractInput
+{
+ public:
+ virtual ~AbstractWaitableInput() {}
+
+ virtual WaitableHandle WaitableReadHandle() const = 0;
+};
+} // namespace VcoreDPL
+
+#endif // DPL_ABSTRACT_WAITABLE_INPUT_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file assert.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of assert
+ */
+#ifndef DPL_ASSERT_H
+#define DPL_ASSERT_H
+
+namespace VcoreDPL {
+// Assertion handler procedure
+// Do not call directly
+// Always use Assert macro
+void AssertProc(const char *condition,
+ const char *file,
+ int line,
+ const char *function) __attribute__ ((__noreturn__));
+} // namespace VcoreDPL
+
+#define Assert(Condition) \
+do { \
+ if (!(Condition)) { \
+ VcoreDPL::AssertProc(#Condition, __FILE__, __LINE__, __FUNCTION__); \
+ } \
+} while (0)
+
+#define AssertMsg(Condition, Msg) \
+ do { \
+ if (!(Condition)) { \
+ VcoreDPL::AssertProc( \
+ (std::string(std::string(#Condition)+" ") + Msg).c_str(), \
+ __FILE__, __LINE__, __FUNCTION__); \
+ } \
+ } while (0)
+
+#endif // DPL_ASSERT_H
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file availability.h
+ * @author Jihoon Chung (jihoon.chung@samsung.com)
+ * @version 1.0
+ */
+#ifndef DPL_AVAILABILITY_H
+#define DPL_AVAILABILITY_H
+
+#define DPL_DEPRECATED __attribute__((deprecated))
+#define DPL_DEPRECATED_WITH_MESSAGE(msg) __attribute__((deprecated(msg)))
+
+#define DPL_UNUSED __attribute__((unused))
+#define DPL_UNUSED_PARAM(variable) (void)variable
+
+#endif // DPL_AVAILABILITY_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file binary_queue.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of binary queue
+ */
+#ifndef DPL_BINARY_QUEUE_H
+#define DPL_BINARY_QUEUE_H
+
+#include <dpl/abstract_input_output.h>
+#include <dpl/exception.h>
+#include <dpl/noncopyable.h>
+#include <memory>
+#include <list>
+
+namespace VcoreDPL {
+/**
+ * Binary stream implemented as constant size bucket list
+ *
+ * @todo Add optimized implementation for FlattenConsume
+ */
+class BinaryQueue :
+ public AbstractInputOutput
+{
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, OutOfData)
+ };
+
+ typedef void (*BufferDeleter)(const void *buffer, size_t bufferSize,
+ void *userParam);
+ static void BufferDeleterFree(const void *buffer,
+ size_t bufferSize,
+ void *userParam);
+
+ class BucketVisitor
+ {
+ public:
+ /**
+ * Destructor
+ */
+ virtual ~BucketVisitor();
+
+ /**
+ * Visit bucket
+ *
+ * @return none
+ * @param[in] buffer Constant pointer to bucket data buffer
+ * @param[in] bufferSize Number of bytes in bucket
+ */
+ virtual void OnVisitBucket(const void *buffer, size_t bufferSize) = 0;
+ };
+
+ private:
+ struct Bucket :
+ private Noncopyable
+ {
+ const void *buffer;
+ const void *ptr;
+ size_t size;
+ size_t left;
+
+ BufferDeleter deleter;
+ void *param;
+
+ Bucket(const void *buffer,
+ size_t bufferSize,
+ BufferDeleter deleter,
+ void *userParam);
+ virtual ~Bucket();
+ };
+
+ typedef std::list<Bucket *> BucketList;
+ BucketList m_buckets;
+ size_t m_size;
+
+ static void DeleteBucket(Bucket *bucket);
+
+ class BucketVisitorCall
+ {
+ private:
+ BucketVisitor *m_visitor;
+
+ public:
+ BucketVisitorCall(BucketVisitor *visitor);
+ virtual ~BucketVisitorCall();
+
+ void operator()(Bucket *bucket) const;
+ };
+
+ public:
+ /**
+ * Construct empty binary queue
+ */
+ BinaryQueue();
+
+ /**
+ * Construct binary queue via bare copy of other binary queue
+ *
+ * @param[in] other Other binary queue to copy from
+ * @warning One cannot assume that bucket structure is preserved during copy
+ */
+ BinaryQueue(const BinaryQueue &other);
+
+ /**
+ * Destructor
+ */
+ virtual ~BinaryQueue();
+
+ /**
+ * Construct binary queue via bare copy of other binary queue
+ *
+ * @param[in] other Other binary queue to copy from
+ * @warning One cannot assume that bucket structure is preserved during copy
+ */
+ BinaryQueue &operator=(const BinaryQueue &other);
+
+ /**
+ * Append copy of @a bufferSize bytes from memory pointed by @a buffer
+ * to the end of binary queue. Uses default deleter based on free.
+ *
+ * @return none
+ * @param[in] buffer Pointer to buffer to copy data from
+ * @param[in] bufferSize Number of bytes to copy
+ * @exception std::bad_alloc Cannot allocate memory to hold additional data
+ * @see BinaryQueue::BufferDeleterFree
+ */
+ void AppendCopy(const void *buffer, size_t bufferSize);
+
+ /**
+ * Append @a bufferSize bytes from memory pointed by @a buffer
+ * to the end of binary queue. Uses custom provided deleter.
+ * Responsibility for deleting provided buffer is transfered to BinaryQueue.
+ *
+ * @return none
+ * @param[in] buffer Pointer to data buffer
+ * @param[in] bufferSize Number of bytes available in buffer
+ * @param[in] deleter Pointer to deleter procedure used to free provided
+ * buffer
+ * @param[in] userParam User parameter passed to deleter routine
+ * @exception std::bad_alloc Cannot allocate memory to hold additional data
+ */
+ void AppendUnmanaged(
+ const void *buffer,
+ size_t bufferSize,
+ BufferDeleter deleter =
+ &BinaryQueue::BufferDeleterFree,
+ void *userParam = NULL);
+
+ /**
+ * Append copy of other binary queue to the end of this binary queue
+ *
+ * @return none
+ * @param[in] other Constant reference to other binary queue to copy data
+ * from
+ * @exception std::bad_alloc Cannot allocate memory to hold additional data
+ * @warning One cannot assume that bucket structure is preserved during copy
+ */
+ void AppendCopyFrom(const BinaryQueue &other);
+
+ /**
+ * Move bytes from other binary queue to the end of this binary queue.
+ * This also removes all bytes from other binary queue.
+ * This method is designed to be as fast as possible (only pointer swaps)
+ * and is suggested over making copies of binary queues.
+ * Bucket structure is preserved after operation.
+ *
+ * @return none
+ * @param[in] other Reference to other binary queue to move data from
+ * @exception std::bad_alloc Cannot allocate memory to hold additional data
+ */
+ void AppendMoveFrom(BinaryQueue &other);
+
+ /**
+ * Append copy of binary queue to the end of other binary queue
+ *
+ * @return none
+ * @param[in] other Constant reference to other binary queue to copy data to
+ * @exception std::bad_alloc Cannot allocate memory to hold additional data
+ * @warning One cannot assume that bucket structure is preserved during copy
+ */
+ void AppendCopyTo(BinaryQueue &other) const;
+
+ /**
+ * Move bytes from binary queue to the end of other binary queue.
+ * This also removes all bytes from binary queue.
+ * This method is designed to be as fast as possible (only pointer swaps)
+ * and is suggested over making copies of binary queues.
+ * Bucket structure is preserved after operation.
+ *
+ * @return none
+ * @param[in] other Reference to other binary queue to move data to
+ * @exception std::bad_alloc Cannot allocate memory to hold additional data
+ */
+ void AppendMoveTo(BinaryQueue &other);
+
+ /**
+ * Retrieve total size of all data contained in binary queue
+ *
+ * @return Number of bytes in binary queue
+ */
+ size_t Size() const;
+
+ /**
+ * Remove all data from binary queue
+ *
+ * @return none
+ */
+ void Clear();
+
+ /**
+ * Check if binary queue is empty
+ *
+ * @return true if binary queue is empty, false otherwise
+ */
+ bool Empty() const;
+
+ /**
+ * Remove @a size bytes from beginning of binary queue
+ *
+ * @return none
+ * @param[in] size Number of bytes to remove
+ * @exception BinaryQueue::Exception::OutOfData Number of bytes is larger
+ * than available bytes in binary queue
+ */
+ void Consume(size_t size);
+
+ /**
+ * Retrieve @a bufferSize bytes from beginning of binary queue and copy them
+ * to user supplied buffer
+ *
+ * @return none
+ * @param[in] buffer Pointer to user buffer to receive bytes
+ * @param[in] bufferSize Size of user buffer pointed by @a buffer
+ * @exception BinaryQueue::Exception::OutOfData Number of bytes to flatten
+ * is larger than available bytes in binary queue
+ */
+ void Flatten(void *buffer, size_t bufferSize) const;
+
+ /**
+ * Retrieve @a bufferSize bytes from beginning of binary queue, copy them
+ * to user supplied buffer, and remove from binary queue
+ *
+ * @return none
+ * @param[in] buffer Pointer to user buffer to receive bytes
+ * @param[in] bufferSize Size of user buffer pointed by @a buffer
+ * @exception BinaryQueue::Exception::OutOfData Number of bytes to flatten
+ * is larger than available bytes in binary queue
+ */
+ void FlattenConsume(void *buffer, size_t bufferSize);
+
+ /**
+ * Visit each buffer with data using visitor object
+ *
+ * @return none
+ * @param[in] visitor Pointer to bucket visitor
+ * @see BinaryQueue::BucketVisitor
+ */
+ void VisitBuckets(BucketVisitor *visitor) const;
+
+ /**
+ * IAbstractInput interface
+ */
+ virtual BinaryQueueAutoPtr Read(size_t size);
+
+ /**
+ * IAbstractOutput interface
+ */
+ virtual size_t Write(const BinaryQueue &buffer, size_t bufferSize);
+};
+
+/**
+ * Binary queue auto pointer
+ */
+typedef std::auto_ptr<BinaryQueue> BinaryQueueAutoPtr;
+} // namespace VcoreDPL
+
+#endif // DPL_BINARY_QUEUE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file char_traits.h
+ * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
+ * @version 1.0
+ * @brief Char traits are used to create basic_string extended with
+ * additional features
+ * Current char traits could be extended in feature to boost
+ * performance
+ */
+#ifndef DPL_CHAR_TRAITS
+#define DPL_CHAR_TRAITS
+
+#include <cstring>
+#include <string>
+#include <ostream>
+#include <algorithm>
+#include <dpl/exception.h>
+
+namespace VcoreDPL {
+typedef std::char_traits<wchar_t> CharTraits;
+} // namespace VcoreDPL
+
+#endif // DPL_CHAR_TRAITS
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file colors.h
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief Some constants with definition of colors for Console
+ * and html output
+ */
+
+#ifndef DPL_COLORS_H
+#define DPL_COLORS_H
+
+namespace VcoreDPL {
+namespace Colors {
+namespace Text {
+extern const char* BOLD_GREEN_BEGIN;
+extern const char* BOLD_GREEN_END;
+extern const char* PURPLE_BEGIN;
+extern const char* PURPLE_END;
+extern const char* RED_BEGIN;
+extern const char* RED_END;
+extern const char* GREEN_BEGIN;
+extern const char* GREEN_END;
+extern const char* CYAN_BEGIN;
+extern const char* CYAN_END;
+extern const char* BOLD_RED_BEGIN;
+extern const char* BOLD_RED_END;
+extern const char* BOLD_YELLOW_BEGIN;
+extern const char* BOLD_YELLOW_END;
+extern const char* BOLD_GOLD_BEGIN;
+extern const char* BOLD_GOLD_END;
+extern const char* BOLD_WHITE_BEGIN;
+extern const char* BOLD_WHITE_END;
+} //namespace Text
+
+namespace Html {
+extern const char* BOLD_GREEN_BEGIN;
+extern const char* BOLD_GREEN_END;
+extern const char* PURPLE_BEGIN;
+extern const char* PURPLE_END;
+extern const char* RED_BEGIN;
+extern const char* RED_END;
+extern const char* GREEN_BEGIN;
+extern const char* GREEN_END;
+extern const char* CYAN_BEGIN;
+extern const char* CYAN_END;
+extern const char* BOLD_RED_BEGIN;
+extern const char* BOLD_RED_END;
+extern const char* BOLD_YELLOW_BEGIN;
+extern const char* BOLD_YELLOW_END;
+extern const char* BOLD_GOLD_BEGIN;
+extern const char* BOLD_GOLD_END;
+extern const char* BOLD_WHITE_BEGIN;
+extern const char* BOLD_WHITE_END;
+} //namespace Html
+} //namespace Colors
+} //namespace VcoreDPL
+
+#endif /* DPL_COLORS_H */
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file errno_string.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of errno string
+ */
+#ifndef DPL_ERRNO_STRING_H
+#define DPL_ERRNO_STRING_H
+
+#include <dpl/exception.h>
+#include <string>
+#include <cerrno>
+
+namespace VcoreDPL {
+DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, InvalidErrnoValue)
+
+std::string GetErrnoString(int error = errno);
+} // namespace VcoreDPL
+
+#endif // DPL_ERRNO_STRING_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file exception.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief Header file for base exception
+ */
+#ifndef VcoreDPL_EXCEPTION_H
+#define VcoreDPL_EXCEPTION_H
+
+#include <string>
+#include <cstring>
+#include <cstdio>
+#include <exception>
+#include <cstdlib>
+#include <sstream>
+
+namespace VcoreDPL {
+void LogUnhandledException(const std::string &str);
+void LogUnhandledException(const std::string &str,
+ const char *filename,
+ int line,
+ const char *function);
+}
+
+namespace VcoreDPL {
+class Exception {
+private:
+ static unsigned int m_exceptionCount;
+ static Exception* m_lastException;
+ static void (*m_terminateHandler)();
+
+ static void AddRef(Exception* exception)
+ {
+ if (!m_exceptionCount) {
+ m_terminateHandler = std::set_terminate(&TerminateHandler);
+ }
+
+ ++m_exceptionCount;
+ m_lastException = exception;
+ }
+
+ static void UnRef(Exception* e)
+ {
+ if (m_lastException == e) {
+ m_lastException = NULL;
+ }
+
+ --m_exceptionCount;
+
+ if (!m_exceptionCount) {
+ std::set_terminate(m_terminateHandler);
+ m_terminateHandler = NULL;
+ }
+ }
+
+ static void TerminateHandler()
+ {
+ if (m_lastException != NULL) {
+ DisplayKnownException(*m_lastException);
+ abort();
+ } else {
+ DisplayUnknownException();
+ abort();
+ }
+ }
+
+ Exception *m_reason;
+ std::string m_path;
+ std::string m_function;
+ int m_line;
+
+protected:
+ std::string m_message;
+ std::string m_className;
+
+public:
+ static std::string KnownExceptionToString(const Exception &e)
+ {
+ std::ostringstream message;
+ message <<
+ "\033[1;5;31m\n=== Unhandled DPL exception occurred ===\033[m\n\n";
+ message << "\033[1;33mException trace:\033[m\n\n";
+ message << e.DumpToString();
+ message << "\033[1;31m\n=== Will now abort ===\033[m\n";
+
+ return message.str();
+ }
+
+ static std::string UnknownExceptionToString()
+ {
+ std::ostringstream message;
+ message <<
+ "\033[1;5;31m\n=== Unhandled non-DPL exception occurred ===\033[m\n\n";
+ message << "\033[1;31m\n=== Will now abort ===\033[m\n";
+
+ return message.str();
+ }
+
+ static void DisplayKnownException(const Exception& e)
+ {
+ LogUnhandledException(KnownExceptionToString(e).c_str());
+ }
+
+ static void DisplayUnknownException()
+ {
+ LogUnhandledException(UnknownExceptionToString().c_str());
+ }
+
+ Exception(const Exception &other)
+ {
+ // Deep copy
+ if (other.m_reason != NULL) {
+ m_reason = new Exception(*other.m_reason);
+ } else {
+ m_reason = NULL;
+ }
+
+ m_message = other.m_message;
+ m_path = other.m_path;
+ m_function = other.m_function;
+ m_line = other.m_line;
+
+ m_className = other.m_className;
+
+ AddRef(this);
+ }
+
+ const Exception &operator =(const Exception &other)
+ {
+ if (this == &other) {
+ return *this;
+ }
+
+ // Deep copy
+ if (other.m_reason != NULL) {
+ m_reason = new Exception(*other.m_reason);
+ } else {
+ m_reason = NULL;
+ }
+
+ m_message = other.m_message;
+ m_path = other.m_path;
+ m_function = other.m_function;
+ m_line = other.m_line;
+
+ m_className = other.m_className;
+
+ AddRef(this);
+
+ return *this;
+ }
+
+ Exception(const char *path,
+ const char *function,
+ int line,
+ const std::string &message) :
+ m_reason(NULL),
+ m_path(path),
+ m_function(function),
+ m_line(line),
+ m_message(message)
+ {
+ AddRef(this);
+ }
+
+ Exception(const char *path,
+ const char *function,
+ int line,
+ const Exception &reason,
+ const std::string &message) :
+ m_reason(new Exception(reason)),
+ m_path(path),
+ m_function(function),
+ m_line(line),
+ m_message(message)
+ {
+ AddRef(this);
+ }
+
+ virtual ~Exception() throw()
+ {
+ if (m_reason != NULL) {
+ delete m_reason;
+ m_reason = NULL;
+ }
+
+ UnRef(this);
+ }
+
+ void Dump() const
+ {
+ // Show reason first
+ if (m_reason != NULL) {
+ m_reason->Dump();
+ }
+
+ // Afterward, dump exception
+ const char *file = strchr(m_path.c_str(), '/');
+
+ if (file == NULL) {
+ file = m_path.c_str();
+ } else {
+ ++file;
+ }
+
+ printf("\033[0;36m[%s:%i]\033[m %s() \033[4;35m%s\033[m: %s\033[m\n",
+ file, m_line,
+ m_function.c_str(),
+ m_className.c_str(),
+ m_message.empty() ? "<EMPTY>" : m_message.c_str());
+ }
+
+ std::string DumpToString() const
+ {
+ std::string ret;
+ if (m_reason != NULL) {
+ ret = m_reason->DumpToString();
+ }
+
+ const char *file = strchr(m_path.c_str(), '/');
+
+ if (file == NULL) {
+ file = m_path.c_str();
+ } else {
+ ++file;
+ }
+
+ char buf[1024];
+ snprintf(buf,
+ sizeof(buf),
+ "\033[0;36m[%s:%i]\033[m %s() \033[4;35m%s\033[m: %s\033[m\n",
+ file,
+ m_line,
+ m_function.c_str(),
+ m_className.c_str(),
+ m_message.empty() ? "<EMPTY>" : m_message.c_str());
+
+ buf[sizeof(buf) - 1] = '\n';
+ ret += buf;
+
+ return ret;
+ }
+
+ Exception *GetReason() const
+ {
+ return m_reason;
+ }
+
+ std::string GetPath() const
+ {
+ return m_path;
+ }
+
+ std::string GetFunction() const
+ {
+ return m_function;
+ }
+
+ int GetLine() const
+ {
+ return m_line;
+ }
+
+ std::string GetMessage() const
+ {
+ return m_message;
+ }
+
+ std::string GetClassName() const
+ {
+ return m_className;
+ }
+};
+} // namespace VcoreDPL
+
+#define Try try
+
+#define Throw(ClassName) \
+ throw ClassName(__FILE__, __FUNCTION__, __LINE__)
+
+#define ThrowMsg(ClassName, Message) \
+ do \
+ { \
+ std::ostringstream dplLoggingStream; \
+ dplLoggingStream << Message; \
+ throw ClassName(__FILE__, __FUNCTION__, __LINE__, dplLoggingStream.str()); \
+ } while (0)
+
+#define ReThrow(ClassName) \
+ throw ClassName(__FILE__, __FUNCTION__, __LINE__, _rethrown_exception)
+
+#define ReThrowMsg(ClassName, Message) \
+ throw ClassName(__FILE__, \
+ __FUNCTION__, \
+ __LINE__, \
+ _rethrown_exception, \
+ Message)
+
+#define Catch(ClassName) \
+ catch (const ClassName &_rethrown_exception)
+
+#define DECLARE_EXCEPTION_TYPE(BaseClass, Class) \
+ class Class : public BaseClass { \
+ public: \
+ Class(const char *path, \
+ const char *function, \
+ int line, \
+ const std::string & message = std::string()) \
+ : BaseClass(path, function, line, message) { \
+ \
+ BaseClass::m_className = #Class; \
+ } \
+ \
+ Class(const char *path, \
+ const char *function, \
+ int line, \
+ const VcoreDPL::Exception & reason, \
+ const std::string & message = std::string()) \
+ : BaseClass(path, function, line, reason, message) { \
+ BaseClass::m_className = #Class; \
+ } \
+ };
+
+#define UNHANDLED_EXCEPTION_HANDLER_BEGIN try
+
+#define UNHANDLED_EXCEPTION_HANDLER_END \
+ catch (const VcoreDPL::Exception &exception) \
+ { \
+ std::ostringstream msg; \
+ msg << VcoreDPL::Exception::KnownExceptionToString(exception); \
+ VcoreDPL::LogUnhandledException(msg.str(), \
+ __FILE__, \
+ __LINE__, \
+ __FUNCTION__); \
+ abort(); \
+ } \
+ catch (std::exception& e) \
+ { \
+ std::ostringstream msg; \
+ msg << e.what(); \
+ msg << "\n"; \
+ msg << VcoreDPL::Exception::UnknownExceptionToString(); \
+ VcoreDPL::LogUnhandledException(msg.str(), \
+ __FILE__, \
+ __LINE__, \
+ __FUNCTION__); \
+ abort(); \
+ } \
+ catch (...) \
+ { \
+ std::ostringstream msg; \
+ msg << VcoreDPL::Exception::UnknownExceptionToString(); \
+ VcoreDPL::LogUnhandledException(msg.str(), \
+ __FILE__, \
+ __LINE__, \
+ __FUNCTION__); \
+ abort(); \
+ }
+
+namespace VcoreDPL {
+namespace CommonException {
+/**
+ * Internal exception definitions
+ *
+ * These should normally not happen.
+ * Usually, exception trace with internal error includes
+ * important messages.
+ */
+DECLARE_EXCEPTION_TYPE(Exception, InternalError) ///< Unexpected error from
+ // underlying libraries or
+ // kernel
+}
+}
+
+#endif // VcoreDPL_EXCEPTION_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file file_input.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of file input
+ */
+#ifndef DPL_FILE_INPUT_H
+#define DPL_FILE_INPUT_H
+
+#include <dpl/noncopyable.h>
+#include <dpl/exception.h>
+#include <dpl/abstract_waitable_input.h>
+
+namespace VcoreDPL {
+class FileInput :
+ private Noncopyable,
+ public AbstractWaitableInput
+{
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, OpenFailed)
+ DECLARE_EXCEPTION_TYPE(Base, CloseFailed)
+ };
+
+ protected:
+ int m_fd;
+
+ public:
+ FileInput();
+ FileInput(const std::string &fileName);
+ virtual ~FileInput();
+
+ void Open(const std::string &fileName);
+ void Close();
+
+ // AbstractInput
+ virtual BinaryQueueAutoPtr Read(size_t size);
+
+ // AbstractWaitableInput
+ virtual WaitableHandle WaitableReadHandle() const;
+};
+} // namespace VcoreDPL
+
+#endif // DPL_FILE_INPUT_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file foreach.h
+ * @author Bartosz Janiak (b.janiak@samsung.com)
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of foreach macro for stl
+ * containers
+ */
+#ifndef DPL_FOREACH_H
+#define DPL_FOREACH_H
+
+#include <dpl/preprocessor.h>
+
+namespace VcoreDPL {
+namespace Private {
+/*
+ * Used to detect type of valid reference to value object.
+ */
+template <typename T>
+T& ValueReference(T& t)
+{
+ return(t);
+}
+
+template <typename T>
+const T& ValueReference(const T& t)
+{
+ return(t);
+}
+} //Private
+} //DPL
+
+#define DPL_FOREACH_IMPL(temporaryName, iterator, container) \
+ __typeof__ (VcoreDPL::Private::ValueReference((container))) & \
+ temporaryName = (container); \
+ for (__typeof__ (temporaryName.begin())iterator = \
+ temporaryName.begin(); \
+ (iterator) != temporaryName.end(); ++iterator)
+
+#define FOREACH(iterator, container) \
+ DPL_FOREACH_IMPL( \
+ DPL_MACRO_CONCAT(foreachContainerReference, __COUNTER__), \
+ iterator, \
+ container)
+
+#endif // DPL_FOREACH_H
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file free_deleter.h
+ * @author Pawel Czajkowski (p.czajkowski@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file deleter with use std::free()
+ */
+#ifndef FREE_DELETER_H
+#define FREE_DELETER_H
+
+#include <cstdlib>
+namespace VcoreDPL
+{
+struct free_deleter
+{
+ void operator()(void *p) { std::free(p); }
+};
+}// DPL
+#endif // FREE_DELETER_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file lexical_cast.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief Header file for lexical cast
+ */
+#ifndef DPL_LEXICAL_CAST_H
+#define DPL_LEXICAL_CAST_H
+
+#include <sstream>
+
+namespace VcoreDPL {
+template<typename TargetType, typename SourceType>
+TargetType lexical_cast(const SourceType &data)
+{
+ TargetType result;
+
+ std::ostringstream out;
+ out << data;
+
+ std::istringstream in(out.str());
+ in >> result;
+
+ return result;
+}
+} // namespace VcoreDPL
+
+#endif // DPL_LEXICAL_CAST_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file mutex.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of mutex
+ */
+#ifndef DPL_MUTEX_H
+#define DPL_MUTEX_H
+
+#include <dpl/noncopyable.h>
+#include <dpl/exception.h>
+#include <dpl/availability.h>
+#include <pthread.h>
+
+namespace VcoreDPL {
+class Mutex :
+ private Noncopyable
+{
+ public:
+ class ScopedLock :
+ private Noncopyable
+ {
+ private:
+ Mutex *m_mutex;
+
+ public:
+ explicit ScopedLock(Mutex *mutex);
+ ~ScopedLock();
+ };
+
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, CreateFailed)
+ DECLARE_EXCEPTION_TYPE(Base, LockFailed)
+ DECLARE_EXCEPTION_TYPE(Base, UnlockFailed)
+ };
+
+ private:
+ mutable pthread_mutex_t m_mutex;
+
+ void Lock() const;
+ void Unlock() const;
+
+ public:
+ Mutex();
+ ~Mutex();
+} DPL_DEPRECATED_WITH_MESSAGE("Use std::mutex instead");
+} // namespace VcoreDPL
+
+#endif // DPL_MUTEX_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file noncopyable
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of noncopyable
+ */
+#ifndef DPL_NONCOPYABLE_H
+#define DPL_NONCOPYABLE_H
+
+namespace VcoreDPL {
+class Noncopyable
+{
+ private:
+ Noncopyable(const Noncopyable &);
+ const Noncopyable &operator=(const Noncopyable &);
+
+ public:
+ Noncopyable();
+ virtual ~Noncopyable();
+};
+} // namespace VcoreDPL
+
+#endif // DPL_NONCOPYABLE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file optional_value.h
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ */
+
+#ifndef DPL_OPTIONAL_H
+#define DPL_OPTIONAL_H
+
+#include <dpl/exception.h>
+#include <dpl/availability.h>
+
+namespace VcoreDPL {
+template <typename Type>
+class Optional
+{
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, NullReference)
+ };
+
+ public:
+ Optional() :
+ m_null(true),
+ m_value()
+ {}
+
+ Optional(const Type& t) :
+ m_null(false),
+ m_value(t)
+ {}
+
+ bool IsNull() const
+ {
+ return m_null;
+ }
+
+ Type& operator*()
+ {
+ if (m_null) {
+ Throw(typename Exception::NullReference);
+ }
+ return m_value;
+ }
+
+ const Type& operator*() const
+ {
+ if (m_null) {
+ Throw(typename Exception::NullReference);
+ }
+ return m_value;
+ }
+
+ const Type* operator->() const
+ {
+ if (m_null) {
+ Throw(typename Exception::NullReference);
+ }
+ return &m_value;
+ }
+
+ Type* operator->()
+ {
+ if (m_null) {
+ Throw(typename Exception::NullReference);
+ }
+ return &m_value;
+ }
+
+ bool operator!() const
+ {
+ return m_null;
+ }
+
+ Optional<Type>& operator=(const Type& other)
+ {
+ m_null = false;
+ m_value = other;
+ return *this;
+ }
+
+ bool operator==(const Optional<Type>& aSecond) const
+ {
+ return LogicalOperator<true>(*this, aSecond,
+ std::equal_to<Type>(), std::equal_to<bool>());
+ }
+
+ bool operator==(const Type& aSecond) const
+ {
+ return Optional<Type>(aSecond) == *this;
+ }
+
+ bool operator!=(const Optional<Type>& aSecond) const
+ {
+ return !(*this == aSecond);
+ }
+
+ bool operator<(const Optional<Type>& aSecond) const
+ {
+ return LogicalOperator<false>(*this, aSecond,
+ std::less<Type>(), std::less<bool>());
+ }
+
+ bool operator>(const Optional<Type>& aSecond) const
+ {
+ return LogicalOperator<false>(*this, aSecond,
+ std::greater<Type>(), std::greater<bool>());
+ }
+
+ bool operator<=(const Optional<Type>& aSecond) const
+ {
+ return *this == aSecond || *this < aSecond;
+ }
+
+ bool operator>=(const Optional<Type>& aSecond) const
+ {
+ return *this == aSecond || *this > aSecond;
+ }
+
+ static Optional<Type> Null;
+
+ private:
+ bool m_null;
+ Type m_value;
+
+ template <bool taEquality, typename taComparator, typename taNullComparator>
+ static bool LogicalOperator(const Optional<Type>& aFirst,
+ const Optional<Type>& aSecond,
+ taComparator aComparator,
+ taNullComparator aNullComparator)
+ {
+ if (aFirst.m_null == aSecond.m_null) {
+ if (aFirst.m_null) {
+ return taEquality;
+ } else {
+ return aComparator(aFirst.m_value, aSecond.m_value);
+ }
+ } else {
+ return aNullComparator(aFirst.m_null, aSecond.m_null);
+ }
+ }
+} DPL_DEPRECATED_WITH_MESSAGE("Use boost::optional instead");
+
+template<typename Type>
+Optional<Type> Optional<Type>::Null = Optional<Type>();
+} //namespace VcoreDPL
+
+template<typename Type>
+std::ostream& operator<<(std::ostream& aStream,
+ const VcoreDPL::Optional<Type>& aOptional)
+{
+ if (aOptional.IsNull()) {
+ return aStream << "null optional";
+ } else {
+ return aStream << *aOptional;
+ }
+}
+
+#endif // DPL_OPTIONAL_VALUE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef DPL_OPTIONAL_TYPEDEFS_H
+#define DPL_OPTIONAL_TYPEDEFS_H
+
+#include <string>
+#include <dpl/string.h>
+#include <boost/optional.hpp>
+
+namespace VcoreDPL {
+typedef boost::optional<String> OptionalString;
+typedef boost::optional<int> OptionalInt;
+typedef boost::optional<unsigned int> OptionalUInt;
+typedef boost::optional<bool> OptionalBool;
+typedef boost::optional<float> OptionalFloat;
+typedef boost::optional<std::string> OptionalStdString;
+} //namespace VcoreDPL
+
+#endif /* DPL_OPTIONAL_TYPEDEFS_H */
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file preprocessor.h
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief This file contains some usefull macros.
+ */
+
+#ifndef DPL_PREPROCESSOR_H
+#define DPL_PREPROCESSOR_H
+
+#define DPL_MACRO_CONCAT_IMPL(x, y) x##y
+#define DPL_MACRO_CONCAT(x, y) DPL_MACRO_CONCAT_IMPL(x, y)
+
+#ifdef __COUNTER__
+#define DPL_ANONYMOUS_VARIABLE(name) DPL_MACRO_CONCAT(name, __COUNTER__)
+#else
+#define DPL_ANONYMOUS_VARIABLE(name) DPL_MACRO_CONCAT(name, __LINE__)
+#endif
+
+#endif //DPL_PREPROCESSOR_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @file scoped_ptr.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of scoped array RAII
+ *
+ * This module is deprecated, please use standard C++11 feature: std::unique_ptr<Type[]>
+ */
+#ifndef DPL_SCOPED_ARRAY_H
+#define DPL_SCOPED_ARRAY_H
+
+#include <cstddef>
+
+#include <dpl/assert.h>
+#include <dpl/scoped_resource.h>
+#include <dpl/availability.h>
+
+namespace VcoreDPL {
+template<typename Class>
+struct ScopedArrayPolicy
+{
+ typedef Class* Type;
+ static Type NullValue()
+ {
+ return NULL;
+ }
+ static void Destroy(Type ptr)
+ {
+ delete[] ptr;
+ }
+};
+
+template<typename Class>
+class ScopedArray : public ScopedResource<ScopedArrayPolicy<Class> >
+{
+ typedef ScopedArrayPolicy<Class> Policy;
+ typedef ScopedResource<Policy> BaseType;
+
+ public:
+ explicit ScopedArray(Class *ptr = Policy::NullValue()) : BaseType(ptr) { }
+
+ Class &operator [](std::ptrdiff_t k) const
+ {
+ Assert(this->m_value != Policy::NullValue() &&
+ "Dereference of scoped NULL array!");
+ Assert(k >= 0 && "Negative array index");
+
+ return this->m_value[k];
+ }
+} DPL_DEPRECATED_WITH_MESSAGE("use standard C++11 feature: std::unique_ptr<Type[]>");
+} // namespace VcoreDPL
+
+#endif // DPL_SCOPED_PTR_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @file scoped_close.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of scoped close RAII
+ */
+#ifndef DPL_SCOPED_CLOSE_H
+#define DPL_SCOPED_CLOSE_H
+
+#include <unistd.h>
+#include <cerrno>
+#include <string>
+#include <dpl/log/vcore_log.h>
+#include <dpl/scoped_resource.h>
+#include <dpl/errno_string.h>
+
+namespace VcoreDPL {
+struct ScopedClosePolicy
+{
+ typedef int Type;
+ static Type NullValue()
+ {
+ return -1;
+ }
+ static void Destroy(Type handle)
+ {
+ if (handle != -1) {
+ if (TEMP_FAILURE_RETRY(::fsync(handle)) == -1) {
+ std::string errString = GetErrnoString();
+ VcoreLogD("Failed to fsync scoped close error: %s",
+ errString.c_str());
+ }
+
+ if (::close(handle) == -1) {
+ std::string errString = GetErrnoString();
+ VcoreLogD("Failed to scoped close error: %s", errString.c_str());
+ }
+ }
+ }
+};
+
+class ScopedClose : public ScopedResource<ScopedClosePolicy>
+{
+ typedef ScopedClosePolicy Policy;
+ typedef ScopedResource<Policy> BaseType;
+ typedef ScopedClosePolicy::Type Type;
+
+ public:
+ explicit ScopedClose(Type handle = Policy::NullValue()) :
+ BaseType(handle)
+ { }
+};
+} // namespace VcoreDPL
+
+#endif // DPL_SCOPED_CLOSE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @file scoped_fclose.h
+ * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of scoped fclose RAII
+ */
+#ifndef DPL_SCOPED_FCLOSE_H
+#define DPL_SCOPED_FCLOSE_H
+
+#include <unistd.h>
+#include <cerrno>
+#include <cstdio>
+#include <string>
+#include <dpl/log/vcore_log.h>
+#include <dpl/scoped_resource.h>
+#include <dpl/errno_string.h>
+
+namespace VcoreDPL {
+struct ScopedFClosePolicy
+{
+ typedef FILE* Type;
+ static Type NullValue()
+ {
+ return NULL;
+ }
+ static void Destroy(Type file)
+ {
+ if (file != NULL) {
+ // Try to flush first
+ if (TEMP_FAILURE_RETRY(fflush(file)) != 0) {
+ std::string errString = GetErrnoString();
+ VcoreLogD("Failed to fflush scoped fclose error: %s",
+ errString.c_str());
+ }
+
+ // fclose cannot be retried, try to close once
+ if (fclose(file) != 0) {
+ std::string errString = GetErrnoString();
+ VcoreLogD("Failed scoped fclose error: %s", errString.c_str());
+ }
+ }
+ }
+};
+
+class ScopedFClose : public ScopedResource<ScopedFClosePolicy>
+{
+ typedef ScopedFClosePolicy Policy;
+ typedef ScopedResource<Policy> BaseType;
+
+ public:
+ explicit ScopedFClose(FILE* argFileStream = Policy::NullValue()) :
+ BaseType(argFileStream)
+ {}
+};
+} // namespace VcoreDPL
+
+#endif // DPL_SCOPED_FCLOSE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @file scoped_free.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of scoped free RAII
+ */
+
+#ifndef DPL_SCOPED_FREE_H
+#define DPL_SCOPED_FREE_H
+
+#include <malloc.h>
+#include <cstddef>
+
+#include <dpl/scoped_resource.h>
+
+namespace VcoreDPL {
+template<typename Class>
+struct ScopedFreePolicy
+{
+ typedef Class* Type;
+ static Type NullValue()
+ {
+ return NULL;
+ }
+ static void Destroy(Type ptr)
+ {
+ free(ptr);
+ }
+};
+
+template<typename Memory>
+class ScopedFree : public ScopedResource<ScopedFreePolicy<Memory> >
+{
+ typedef ScopedFreePolicy<Memory> Policy;
+ typedef ScopedResource<Policy> BaseType;
+
+ public:
+ explicit ScopedFree(Memory *ptr = Policy::NullValue()) : BaseType(ptr) { }
+};
+} // namespace VcoreDPL
+
+#endif // DPL_SCOPED_FREE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file scoped_resource.h
+ * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of scoped resource pattern
+ */
+#ifndef DPL_SCOPED_RESOURCE_H
+#define DPL_SCOPED_RESOURCE_H
+
+#include <dpl/noncopyable.h>
+
+namespace VcoreDPL {
+template<typename ClassPolicy>
+class ScopedResource :
+ private Noncopyable
+{
+ public:
+ typedef typename ClassPolicy::Type ValueType;
+ typedef ScopedResource<ClassPolicy> ThisType;
+
+ protected:
+ ValueType m_value;
+
+ public:
+ explicit ScopedResource(ValueType value) : m_value(value) { }
+
+ ~ScopedResource()
+ {
+ ClassPolicy::Destroy(m_value);
+ }
+
+ ValueType Get() const
+ {
+ return m_value;
+ }
+
+ void Reset(ValueType value = ClassPolicy::NullValue())
+ {
+ ClassPolicy::Destroy(m_value);
+ m_value = value;
+ }
+
+ ValueType Release()
+ {
+ ValueType value = m_value;
+ m_value = ClassPolicy::NullValue();
+ return value;
+ }
+ typedef ValueType ThisType::*UnknownBoolType;
+
+ operator UnknownBoolType() const
+ {
+ return m_value == ClassPolicy::NullValue() ?
+ 0 : //0 is valid here because it converts to false
+ &ThisType::m_value; //it converts to true
+ }
+
+ bool operator !() const
+ {
+ return m_value == ClassPolicy::NullValue();
+ }
+};
+} // namespace VcoreDPL
+
+#endif // DPL_SCOPED_RESOURCE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file singleton.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of singleton
+ */
+#ifndef DPL_SINGLETON_H
+#define DPL_SINGLETON_H
+
+#include <boost/optional.hpp>
+#include <dpl/thread.h>
+#include <dpl/assert.h>
+
+namespace VcoreDPL {
+template<typename Class>
+class Singleton :
+ private Class
+{
+ //
+ // Note:
+ //
+ // To remove posibility of instantiating directly Class,
+ // make Class' default constructor protected
+ //
+
+ private:
+ Singleton()
+ {}
+
+ typedef boost::optional<Thread *> OptionalThreadPtr;
+
+ static Singleton &InternalInstance();
+
+ public:
+ virtual ~Singleton()
+ {}
+
+ static Class &Instance();
+};
+} // namespace VcoreDPL
+
+#endif // DPL_SINGLETON_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file singleton_impl.h
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of singleton
+ */
+#ifndef DPL_SINGLETON_IMPL_H
+#define DPL_SINGLETON_IMPL_H
+
+/*
+ * WARNING!
+ *
+ * If some singleton's implementation uses another singletons implementation,
+ * those templates make the second singleton a dubleton. Be warned. Try to use
+ * singleton_safe_impl.h if possible.
+ */
+
+namespace VcoreDPL {
+template<typename Class>
+Singleton<Class>& Singleton<Class>::InternalInstance()
+{
+ static Singleton<Class> instance;
+ return instance;
+}
+
+template<typename Class>
+Class &Singleton<Class>::Instance()
+{
+ Singleton<Class>& instance = Singleton<Class>::InternalInstance();
+ return instance;
+}
+} // namespace VcoreDPL
+
+#define IMPLEMENT_SINGLETON(Type) \
+ template VcoreDPL::Singleton<Type>&VcoreDPL::Singleton<Type>::InternalInstance(); \
+ template Type & VcoreDPL::Singleton<Type>::Instance(); \
+
+#endif // DPL_SINGLETON_IMPL_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file string.h
+ * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
+ * @version 1.0
+ */
+#ifndef DPL_STRING
+#define DPL_STRING
+
+#include <dpl/exception.h>
+#include <dpl/char_traits.h>
+#include <string>
+#include <ostream>
+#include <numeric>
+
+namespace VcoreDPL {
+// @brief DPL string
+typedef std::basic_string<wchar_t, CharTraits> String;
+
+// @brief String exception class
+class StringException
+{
+ public:
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
+
+ // @brief Invalid init for UTF8 to UTF32 converter
+ DECLARE_EXCEPTION_TYPE(Base, IconvInitErrorUTF8ToUTF32)
+
+ // @brief Invalid taStdContainerinit for UTF32 to UTF32 converter
+ DECLARE_EXCEPTION_TYPE(Base, IconvInitErrorUTF32ToUTF8)
+
+ // @brief Invalid conversion for UTF8 to UTF32 converter
+ DECLARE_EXCEPTION_TYPE(Base, IconvConvertErrorUTF8ToUTF32)
+
+ // @brief Invalid conversion for UTF8 to UTF32 converter
+ DECLARE_EXCEPTION_TYPE(Base, IconvConvertErrorUTF32ToUTF8)
+
+ // @brief Invalid ASCII character detected in FromASCII
+ DECLARE_EXCEPTION_TYPE(Base, InvalidASCIICharacter)
+
+ // @brief Invalid ASCII character detected in FromASCII
+ DECLARE_EXCEPTION_TYPE(Base, ICUInvalidCharacterFound)
+};
+
+//!\brief convert ASCII string to VcoreDPL::String
+String FromASCIIString(const std::string& aString);
+
+//!\brief convert UTF32 string to VcoreDPL::String
+String FromUTF32String(const std::wstring& aString);
+
+//@brief Returns String object created from UTF8 string
+//@param[in] aString input UTF-8 string
+String FromUTF8String(const std::string& aString);
+
+//@brief Returns String content as std::string
+std::string ToUTF8String(const String& aString);
+
+//@brief Compare two unicode strings
+int StringCompare(const String &left,
+ const String &right,
+ bool caseInsensitive = false);
+
+//@brief Splits the string into substrings.
+//@param[in] str Input string
+//@param[in] delimiters array or string containing a sequence of substring
+// delimiters. Can be also a single delimiter character.
+//@param[in] it InserterIterator that is used to save the generated substrings.
+template<typename StringType, typename Delimiters, typename InserterIterator>
+void Tokenize(const StringType& str,
+ const Delimiters& delimiters,
+ InserterIterator it,
+ bool ignoreEmpty = false)
+{
+ typename StringType::size_type nextSearchStart = 0;
+ typename StringType::size_type pos;
+ typename StringType::size_type length;
+
+ while (true) {
+ pos = str.find_first_of(delimiters, nextSearchStart);
+ length =
+ ((pos == StringType::npos) ? str.length() : pos) - nextSearchStart;
+
+ if (!ignoreEmpty || length > 0) {
+ *it = str.substr(nextSearchStart, length);
+ it++;
+ }
+
+ if (pos == StringType::npos) {
+ return;
+ }
+
+ nextSearchStart = pos + 1;
+ }
+}
+
+namespace Utils {
+
+template<typename T> class ConcatFunc : public std::binary_function<T, T, T>
+{
+public:
+ explicit ConcatFunc(const T & val) : m_delim(val) {}
+ T operator()(const T & arg1, const T & arg2) const
+ {
+ return arg1 + m_delim + arg2;
+ }
+private:
+ T m_delim;
+};
+
+}
+
+template<typename ForwardIterator>
+typename ForwardIterator::value_type Join(ForwardIterator begin, ForwardIterator end, typename ForwardIterator::value_type delim)
+{
+ typedef typename ForwardIterator::value_type value;
+ if(begin == end) return value();
+ Utils::ConcatFunc<value> func(delim);
+ ForwardIterator init = begin;
+ return std::accumulate(++begin, end, *init, func);
+}
+
+template<class StringType> void TrimLeft(StringType & obj, typename StringType::const_pointer separators)
+{
+ obj.erase(0, obj.find_first_not_of(separators));
+}
+
+template<class StringType> void TrimRight(StringType & obj, typename StringType::const_pointer separators)
+{
+ obj.erase(obj.find_last_not_of(separators)+1);
+}
+
+template<class StringType> void Trim(StringType & obj, typename StringType::const_pointer separators)
+{
+ TrimLeft(obj, separators);
+ TrimRight(obj, separators);
+}
+
+
+} //namespace VcoreDPL
+
+std::ostream& operator<<(std::ostream& aStream, const VcoreDPL::String& aString);
+
+#endif // DPL_STRING
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file thread.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of thread
+ */
+#ifndef DPL_THREAD_H
+#define DPL_THREAD_H
+
+#include <dpl/waitable_handle_watch_support.h>
+#include <dpl/noncopyable.h>
+#include <dpl/exception.h>
+#include <dpl/assert.h>
+#include <boost/optional.hpp>
+#include <stdint.h>
+#include <cstdlib>
+#include <pthread.h>
+#include <thread>
+#include <vector>
+#include <list>
+#include <mutex>
+
+namespace VcoreDPL {
+class Thread :
+ private Noncopyable,
+ public WaitableHandleWatchSupport
+{
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, CreateFailed)
+ DECLARE_EXCEPTION_TYPE(Base, DestroyFailed)
+ DECLARE_EXCEPTION_TYPE(Base, RunFailed)
+ DECLARE_EXCEPTION_TYPE(Base, QuitFailed)
+ DECLARE_EXCEPTION_TYPE(Base, UnmanagedThread)
+ };
+
+ typedef void (*EventDeleteProc)(void *event, void *userParam);
+ typedef void (*EventDispatchProc)(void *event, void *userParam);
+
+ protected:
+ /**
+ * Main thread entry
+ * The method is intended to be overloaded with custom code.
+ * Default implementation just executes Exec method to process
+ * all thread exents
+ */
+ virtual int ThreadEntry();
+
+ /**
+ * Start processing of thread events
+ */
+ int Exec();
+
+ private:
+ struct InternalEvent
+ {
+ void *event;
+ void *userParam;
+ EventDispatchProc eventDispatchProc;
+ EventDeleteProc eventDeleteProc;
+
+ InternalEvent(void *eventArg,
+ void *userParamArg,
+ EventDispatchProc eventDispatchProcArg,
+ EventDeleteProc eventDeleteProcArg) :
+ event(eventArg),
+ userParam(userParamArg),
+ eventDispatchProc(eventDispatchProcArg),
+ eventDeleteProc(eventDeleteProcArg)
+ {}
+ };
+
+ struct InternalTimedEvent :
+ InternalEvent
+ {
+ unsigned long dueTimeMiliseconds;
+ unsigned long registerTimeMiliseconds;
+
+ InternalTimedEvent(void *eventArg,
+ void *userParamArg,
+ unsigned long dueTimeMilisecondsArg,
+ unsigned long registerTimeMilisecondsArg,
+ EventDispatchProc eventDispatchProcArg,
+ EventDeleteProc eventDeleteProcArg) :
+ InternalEvent(eventArg,
+ userParamArg,
+ eventDispatchProcArg,
+ eventDeleteProcArg),
+ dueTimeMiliseconds(dueTimeMilisecondsArg),
+ registerTimeMiliseconds(registerTimeMilisecondsArg)
+ {}
+
+ bool operator<(const InternalTimedEvent &other)
+ {
+ return registerTimeMiliseconds + dueTimeMiliseconds >
+ other.registerTimeMiliseconds + other.dueTimeMiliseconds;
+ }
+ };
+
+ // Internal event list
+ typedef std::list<InternalEvent> InternalEventList;
+
+ // Internal timed event list
+ typedef std::vector<InternalTimedEvent> InternalTimedEventVector;
+
+ // State managment
+ std::thread m_thread;
+ volatile bool m_abandon;
+ volatile bool m_running;
+ std::mutex m_stateMutex;
+ WaitableEvent m_quitEvent;
+
+ // Event processing
+ std::mutex m_eventMutex;
+ InternalEventList m_eventList;
+ WaitableEvent m_eventInvoker;
+
+ // Timed events processing
+ std::mutex m_timedEventMutex;
+ InternalTimedEventVector m_timedEventVector;
+ WaitableEvent m_timedEventInvoker;
+
+ // WaitableHandleWatchSupport
+ virtual Thread *GetInvokerThread();
+ virtual void HandleDirectInvoker();
+ bool m_directInvoke;
+
+ // Internals
+ unsigned long GetCurrentTimeMiliseconds() const;
+ void ProcessEvents();
+ void ProcessTimedEvents();
+
+ static void *StaticThreadEntry(void *param);
+
+ public:
+ explicit Thread();
+ virtual ~Thread();
+
+ /**
+ * Run thread. Does nothing if thread is already running
+ */
+ void Run();
+
+ /**
+ * Send quit message to thread and wait for its end
+ * Does nothing is thread is not running
+ */
+ void Quit();
+
+ /**
+ * Checks if current thread is main one
+ * Returns true if it is main program thread, false otherwise
+ */
+ static bool IsMainThread();
+
+ /**
+ * Current thread retrieval
+ * Returns DPL thread handle or NULL if it is main program thread
+ */
+ static Thread *GetCurrentThread();
+
+ /**
+ * Low-level event push, usually used only by EventSupport
+ */
+ void PushEvent(void *event,
+ EventDispatchProc eventDispatchProc,
+ EventDeleteProc eventDeleteProc,
+ void *userParam);
+
+ /**
+ * Low-level timed event push, usually used only by EventSupport
+ */
+ void PushTimedEvent(void *event,
+ double dueTimeSeconds,
+ EventDispatchProc eventDispatchProc,
+ EventDeleteProc eventDeleteProc,
+ void *userParam);
+
+ /**
+ * Sleep for a number of seconds
+ */
+ static void Sleep(uint64_t seconds);
+
+ /**
+ * Sleep for a number of miliseconds
+ */
+ static void MiliSleep(uint64_t miliseconds);
+
+ /**
+ * Sleep for a number of microseconds
+ */
+ static void MicroSleep(uint64_t microseconds);
+
+ /**
+ * Sleep for a number of nanoseconds
+ */
+ static void NanoSleep(uint64_t nanoseconds);
+};
+
+extern bool g_TLSforMainCreated;
+
+// In case of using TLV in main thread, pthread_exit(NULL) has to be called in
+// this thread explicitly.
+// On the other hand, possibly, because of the kernel bug, there exist
+// a problem, if any other thread than main exist during pthread_exit call
+// (process can become non-responsive)
+// TODO further investigation is required.
+template<typename Type>
+class ThreadLocalVariable :
+ public Noncopyable
+{
+ public:
+ typedef Type ValueType;
+
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, NullReference)
+ DECLARE_EXCEPTION_TYPE(Base, KeyCreateFailed)
+ };
+
+ private:
+ pthread_key_t m_key;
+
+ struct ManagedValue
+ {
+ ValueType value;
+ boost::optional<pthread_key_t> guardKey;
+ };
+
+ static void MainThreadExitClean()
+ {
+ // There is a possible bug in kernel. If this function is called
+ // before ALL threads are closed, process will hang!
+ // Because of that, by default this function has to be called in well
+ // known "threads state".
+
+ // pthread_exit(NULL);
+ }
+
+ static void InternalDestroy(void *specific)
+ {
+ // Destroy underlying type
+ ManagedValue *instance = static_cast<ManagedValue *>(specific);
+ if (!instance->guardKey) {
+ delete instance;
+ } else {
+ int result = pthread_setspecific(*(instance->guardKey), instance);
+
+ Assert(result == 0 &&
+ "Failed to set thread local variable");
+ }
+ }
+
+ Type &Reference(bool allowInstantiate = false)
+ {
+ ManagedValue *instance =
+ static_cast<ManagedValue *>(pthread_getspecific(m_key));
+
+ if (!instance) {
+ // Check if it is allowed to instantiate
+ if (!allowInstantiate) {
+ Throw(typename Exception::NullReference);
+ }
+
+ // checking, if specific data is created for Main thread
+ // If yes, pthread_exit(NULL) is required
+ if (!g_TLSforMainCreated) {
+ if (Thread::IsMainThread()) {
+ g_TLSforMainCreated = true;
+ atexit(&MainThreadExitClean);
+ }
+ }
+
+ // Need to instantiate underlying type
+ instance = new ManagedValue();
+
+ int result = pthread_setspecific(m_key, instance);
+
+ Assert(result == 0 &&
+ "Failed to set thread local variable");
+ }
+
+ return instance->value;
+ }
+
+ public:
+ ThreadLocalVariable()
+ {
+ int result = pthread_key_create(&m_key, &InternalDestroy);
+ if (result != 0) {
+ ThrowMsg(typename Exception::KeyCreateFailed,
+ "Failed to allocate thread local variable: " << result);
+ }
+ }
+
+ ~ThreadLocalVariable()
+ {
+ pthread_key_delete(m_key);
+ }
+
+ Type &operator=(const Type &other)
+ {
+ Type &reference = Reference(true);
+ reference = other;
+ return reference;
+ }
+
+ bool IsNull() const
+ {
+ return pthread_getspecific(m_key) == NULL;
+ }
+
+ Type& operator*()
+ {
+ return Reference();
+ }
+
+ const Type& operator*() const
+ {
+ return Reference();
+ }
+
+ const Type* operator->() const
+ {
+ return &Reference();
+ }
+
+ Type* operator->()
+ {
+ return &Reference();
+ }
+
+ bool operator!() const
+ {
+ return IsNull();
+ }
+
+ void Reset()
+ {
+ ManagedValue *specific =
+ static_cast<ManagedValue *>(pthread_getspecific(m_key));
+
+ if (!specific) {
+ return;
+ }
+
+ // TODO Should be an assert? is it developers fault to Reset Guarded
+ // value?
+ specific->guardKey = boost::optional<pthread_key_t>();
+
+ InternalDestroy(specific);
+
+ int result = pthread_setspecific(m_key, NULL);
+
+ Assert(result == 0 &&
+ "Failed to reset thread local variable");
+ }
+
+ // GuardValue(true) allows to defer destroy (by pthread internal
+ // functionality) thread specific value until GuardValue(false) will be
+ // called.
+ void GuardValue(bool guard)
+ {
+ ManagedValue *instance =
+ static_cast<ManagedValue *>(pthread_getspecific(m_key));
+
+ Assert(instance && "Failed to get the value");
+
+ instance->guardKey = guard ? m_key : boost::optional<pthread_key_t>();
+ }
+};
+} // namespace VcoreDPL
+
+#endif // DPL_THREAD_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file type_list.h
+ * @author Bartosz Janiak (b.janiak@samsung.com)
+ * @version 1.0
+ * @brief Generic type list template
+ */
+#ifndef DPL_TYPE_LIST_H
+#define DPL_TYPE_LIST_H
+
+#include <cstddef>
+
+namespace VcoreDPL {
+class TypeListGuard
+{
+ public:
+ template<size_t Index>
+ struct Element
+ {
+ struct ERROR_TypeListElementIndexIsOutOfBounds;
+ typedef ERROR_TypeListElementIndexIsOutOfBounds Type;
+ };
+
+ static const size_t Size = 0;
+};
+
+template<typename HeadType, typename TailType>
+class TypeList
+{
+ private:
+ class DummyClass
+ {};
+
+ template<typename List, size_t Enum>
+ struct TypeCounter : public TypeCounter<typename List::Tail, Enum + 1>
+ {};
+
+ template<size_t Enum>
+ struct TypeCounter<TypeListGuard, Enum>
+ {
+ static const size_t Size = Enum;
+ };
+
+ public:
+ typedef TailType Tail;
+ typedef HeadType Head;
+ typedef TypeList<HeadType, TailType> ThisType;
+
+ template<size_t Index, typename DummyType = DummyClass>
+ struct Element
+ {
+ typedef typename TailType::template Element<Index - 1>::Type Type;
+ };
+
+ template<typename DummyType>
+ struct Element<0, DummyType>
+ {
+ typedef HeadType Type;
+ };
+
+ template<typename Type, typename DummyType = DummyClass>
+ struct Contains
+ {
+ typedef typename TailType::template Contains<Type>::Yes Yes;
+ };
+
+ template<typename DummyType>
+ struct Contains<HeadType, DummyType>
+ {
+ typedef int Yes;
+ };
+
+ static const size_t Size = TypeCounter<ThisType, 0>::Size;
+};
+
+template<typename T1 = TypeListGuard, typename T2 = TypeListGuard,
+ typename T3 = TypeListGuard, typename T4 = TypeListGuard,
+ typename T5 = TypeListGuard, typename T6 = TypeListGuard,
+ typename T7 = TypeListGuard, typename T8 = TypeListGuard,
+ typename T9 = TypeListGuard, typename T10 = TypeListGuard,
+ typename T11 = TypeListGuard, typename T12 = TypeListGuard,
+ typename T13 = TypeListGuard, typename T14 = TypeListGuard,
+ typename T15 = TypeListGuard, typename T16 = TypeListGuard,
+ typename T17 = TypeListGuard, typename T18 = TypeListGuard,
+ typename T19 = TypeListGuard, typename T20 = TypeListGuard,
+ typename T21 = TypeListGuard, typename T22 = TypeListGuard,
+ typename T23 = TypeListGuard, typename T24 = TypeListGuard,
+ typename T25 = TypeListGuard, typename T26 = TypeListGuard,
+ typename T27 = TypeListGuard, typename T28 = TypeListGuard,
+ typename T29 = TypeListGuard, typename T30 = TypeListGuard,
+ typename T31 = TypeListGuard, typename T32 = TypeListGuard,
+ typename T33 = TypeListGuard, typename T34 = TypeListGuard,
+ typename T35 = TypeListGuard, typename T36 = TypeListGuard,
+ typename T37 = TypeListGuard, typename T38 = TypeListGuard,
+ typename T39 = TypeListGuard, typename T40 = TypeListGuard,
+ typename T41 = TypeListGuard, typename T42 = TypeListGuard,
+ typename T43 = TypeListGuard, typename T44 = TypeListGuard,
+ typename T45 = TypeListGuard, typename T46 = TypeListGuard,
+ typename T47 = TypeListGuard, typename T48 = TypeListGuard,
+ typename T49 = TypeListGuard, typename T50 = TypeListGuard,
+ typename T51 = TypeListGuard, typename T52 = TypeListGuard,
+ typename T53 = TypeListGuard, typename T54 = TypeListGuard,
+ typename T55 = TypeListGuard, typename T56 = TypeListGuard,
+ typename T57 = TypeListGuard, typename T58 = TypeListGuard,
+ typename T59 = TypeListGuard, typename T60 = TypeListGuard,
+ typename T61 = TypeListGuard, typename T62 = TypeListGuard,
+ typename T63 = TypeListGuard, typename T64 = TypeListGuard>
+struct TypeListDecl
+{
+ typedef TypeList<T1,
+ typename TypeListDecl<
+ T2, T3, T4, T5, T6, T7, T8,
+ T9, T10, T11, T12, T13, T14, T15,
+ T16, T17, T18, T19, T20, T21, T22,
+ T23, T24, T25, T26, T27, T28, T29,
+ T30, T31, T32, T33, T34, T35, T36,
+ T37, T38, T39, T40, T41, T42, T43,
+ T44, T45, T46, T47, T48, T49, T50,
+ T51, T52, T53, T54, T55, T56, T57,
+ T58, T59, T60, T61, T62, T63, T64>::Type> Type;
+};
+
+template<>
+struct TypeListDecl<TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard,
+ TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard,
+ TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard,
+ TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard,
+ TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard,
+ TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard,
+ TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard,
+ TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard,
+ TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard,
+ TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard,
+ TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard,
+ TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard,
+ TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard,
+ TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard,
+ TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard,
+ TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard>
+{
+ typedef TypeListGuard Type;
+};
+} // namespace VcoreDPL
+
+#endif // DPL_TYPE_LIST_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file waitable_event.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of waitable event
+ */
+#ifndef DPL_WAITABLE_EVENT_H
+#define DPL_WAITABLE_EVENT_H
+
+#include <dpl/waitable_handle.h>
+#include <dpl/noncopyable.h>
+#include <dpl/exception.h>
+#include <vector>
+
+namespace VcoreDPL {
+class WaitableEvent :
+ private Noncopyable
+{
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, CreateFailed)
+ DECLARE_EXCEPTION_TYPE(Base, DestroyFailed)
+ DECLARE_EXCEPTION_TYPE(Base, SignalFailed)
+ DECLARE_EXCEPTION_TYPE(Base, ResetFailed)
+ };
+
+ private:
+ int m_pipe[2];
+
+ public:
+ WaitableEvent();
+ virtual ~WaitableEvent();
+
+ WaitableHandle GetHandle() const;
+
+ void Signal() const;
+ void Reset() const;
+};
+} // namespace VcoreDPL
+
+#endif // DPL_WAITABLE_EVENT_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file waitable_handle.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of waitable handle
+ */
+#ifndef DPL_WAITABLE_HANDLE_H
+#define DPL_WAITABLE_HANDLE_H
+
+#include <dpl/noncopyable.h>
+#include <dpl/exception.h>
+#include <vector>
+
+namespace VcoreDPL {
+/**
+ * Waitable unix wait handle definition
+ */
+typedef int WaitableHandle;
+
+/**
+ * Waitable handle list
+ */
+typedef std::vector<WaitableHandle> WaitableHandleList;
+
+/**
+ * Wait mode
+ */
+class WaitMode
+{
+ public:
+ enum Type
+ {
+ Read, ///< Wait for readability state changes
+ Write ///< Wait for writability state changes
+ };
+};
+
+/**
+ * Waitable handle list ex
+ */
+typedef std::vector<std::pair<WaitableHandle,
+ WaitMode::Type> > WaitableHandleListEx;
+
+/**
+ * Waitable handle index list
+ */
+typedef std::vector<size_t> WaitableHandleIndexList;
+
+/**
+ * Wait exceptions
+ */
+DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, WaitFailed)
+
+/**
+ * Wait for single handle readability
+ * Convience function.
+ *
+ * @return Signaled waitable handle index list
+ * @throw WaitFailed Fatal error occurred while waiting for signal
+ */
+WaitableHandleIndexList WaitForSingleHandle(
+ WaitableHandle handle,
+ unsigned long miliseconds =
+ 0xFFFFFFFF);
+
+/**
+ * Wait for single handle
+ * Convience function.
+ *
+ * @return Signaled waitable handle index list
+ * @throw WaitFailed Fatal error occurred while waiting for signal
+ */
+WaitableHandleIndexList WaitForSingleHandle(
+ WaitableHandle handle,
+ WaitMode::Type mode,
+ unsigned long miliseconds =
+ 0xFFFFFFFF);
+
+/**
+ * Wait for multiple handles readability
+ *
+ * @return Signaled waitable handle index list
+ * @throw WaitFailed Fatal error occurred while waiting for signal
+ */
+WaitableHandleIndexList WaitForMultipleHandles(
+ const WaitableHandleList &handleList,
+ unsigned long miliseconds = 0xFFFFFFFF);
+
+/**
+ * Wait for multiple handles readability
+ *
+ * @return Signaled waitable handle index list
+ * @throw WaitFailed Fatal error occurred while waiting for signal
+ */
+WaitableHandleIndexList WaitForMultipleHandles(
+ const WaitableHandleListEx &handleListEx,
+ unsigned long miliseconds = 0xFFFFFFFF);
+} // namespace VcoreDPL
+
+#endif // DPL_WAITABLE_HANDLE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file waitable_handle_watch_support.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of waitable handle watch
+ * support
+ */
+#ifndef DPL_WAITABLE_HANDLE_WATCH_SUPPORT_H
+#define DPL_WAITABLE_HANDLE_WATCH_SUPPORT_H
+
+#include <dpl/waitable_event.h>
+#include <dpl/waitable_handle.h>
+#include <dpl/exception.h>
+#include <list>
+#include <map>
+#include <mutex>
+
+namespace VcoreDPL {
+class Thread;
+
+class WaitableHandleWatchSupport
+{
+ public:
+ class WaitableHandleListener
+ {
+ public:
+ virtual ~WaitableHandleListener() {}
+
+ virtual void OnWaitableHandleEvent(WaitableHandle waitableHandle,
+ WaitMode::Type mode) = 0;
+ };
+
+ protected:
+ // Invoker waitable handle
+ // Signaled by Add/Remove methods
+ // After being signaled one must call Handle invoke to reset invoker
+ WaitableHandle WaitableInvokerHandle() const;
+
+ // Waitable handle ex list
+ WaitableHandleListEx WaitableWatcherHandles() const;
+
+ // Perform actions for signaled waitable handle
+ // Called in execution context, after
+ void HandleWatcher(WaitableHandle waitableHandle, WaitMode::Type mode);
+
+ // Perform actions after invoker was signaled
+ void InvokerFinished();
+
+ // Get invoker context
+ virtual Thread *GetInvokerThread() = 0;
+
+ // Invoke direct invoker
+ virtual void HandleDirectInvoker() = 0;
+
+ private:
+ // Waitable event watchers
+ struct WaitableHandleWatcher
+ {
+ WaitableHandleListener *listener;
+ WaitMode::Type mode;
+
+ WaitableHandleWatcher(WaitableHandleListener *l, WaitMode::Type m) :
+ listener(l),
+ mode(m)
+ {}
+ };
+
+ typedef std::list<WaitableHandleWatcher> WaitableHandleListenerList;
+
+ struct WaitableHandleWatchers
+ {
+ WaitableHandleListenerList listeners;
+ size_t readListenersCount;
+ size_t writeListenersCount;
+
+ WaitableHandleWatchers() :
+ readListenersCount(0),
+ writeListenersCount(0)
+ {}
+ };
+
+ typedef std::map<WaitableHandle,
+ WaitableHandleWatchers> WaitableHandleWatchersMap;
+
+ // Waitable event watch support
+ mutable std::recursive_mutex m_watchersMutex;
+ WaitableHandleWatchersMap m_watchersMap;
+ WaitableEvent m_watchersInvoker;
+ WaitableEvent m_watchersInvokerCommit;
+
+ // Invoke call
+ void CommitInvoker();
+
+ public:
+ /**
+ * Constructor
+ */
+ explicit WaitableHandleWatchSupport();
+
+ /**
+ * Destructor
+ */
+ virtual ~WaitableHandleWatchSupport();
+
+ /**
+ * Adds listener for specific waitable event
+ *
+ * @param[in] listener Listener to attach
+ * @param[in] waitableHandle Waitable handle to listen for changes
+ * @param[in] mode Type of changes to listen to
+ * @return none
+ * @see WaitMode::Type
+ */
+ void AddWaitableHandleWatch(WaitableHandleListener *listener,
+ WaitableHandle waitableHandle,
+ WaitMode::Type mode);
+
+ /**
+ * Remove listener for specific waitable event
+ *
+ * @param[in] listener Listener to detach
+ * @param[in] waitableHandle Waitable handle to unlisten for changes
+ * @param[in] mode Type of changes to unlisten to
+ * @return none
+ * @see WaitMode::Type
+ */
+ void RemoveWaitableHandleWatch(WaitableHandleListener *listener,
+ WaitableHandle waitableHandle,
+ WaitMode::Type mode);
+
+};
+} // namespace VcoreDPL
+
+#endif // DPL_WAITABLE_HANDLE_WATCH_SUPPORT_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file workaround.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of workaround
+ */
+#ifndef DPL_WORKAROUND_H
+#define DPL_WORKAROUND_H
+
+/**
+ * Define following macro to track invalid waitable handles
+ * in WaitForSingle/WaitForMultiple functions
+ */
+#define DPL_ENABLE_WAITABLE_HANDLE_BADF_CHECK
+
+/**
+ * Define following macro to enable workaround for problem
+ * with GLIB loop integration and EBADF error handling
+ */
+#define DPL_ENABLE_GLIB_LOOP_INTEGRATION_WORKAROUND
+
+/**
+ * Define following macro to enable workaround for problem
+ * with invalid conversions in htons/ntohs macros
+ */
+#define DPL_ENABLE_HTONS_NTOHS_I386_WORKAROUND
+
+#endif // DPL_WORKAROUND_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file assert.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of assert
+ */
+#include <cstdlib>
+#include <sstream>
+#include <stddef.h>
+#include <dpl/assert.h>
+#include <dpl/colors.h>
+#include <dpl/exception.h>
+#include <dpl/log/vcore_log.h>
+
+namespace VcoreDPL {
+void AssertProc(const char *condition,
+ const char *file,
+ int line,
+ const char *function)
+{
+
+#define INTERNAL_LOG(message) \
+do { \
+ std::ostringstream platformLog; \
+ platformLog << message; \
+ VcoreLogD("%s", platformLog.str().c_str()); \
+} while (0)
+
+ // Try to log failed assertion to log system
+ Try {
+ INTERNAL_LOG("########################################################################");
+ INTERNAL_LOG("### DPL assertion failed! ###");
+ INTERNAL_LOG("########################################################################");
+ INTERNAL_LOG("### Condition: " << condition);
+ INTERNAL_LOG("### File: " << file);
+ INTERNAL_LOG("### Line: " << line);
+ INTERNAL_LOG("### Function: " << function);
+ INTERNAL_LOG("########################################################################");
+ } catch (Exception) {
+ // Just ignore possible double errors
+ }
+
+ // Fail with c-library abort
+ abort();
+}
+} // namespace VcoreDPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file binary_queue.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of binary queue
+ */
+#include <stddef.h>
+#include <dpl/binary_queue.h>
+#include <dpl/assert.h>
+#include <dpl/scoped_free.h>
+#include <algorithm>
+#include <malloc.h>
+#include <cstring>
+#include <new>
+
+namespace VcoreDPL {
+BinaryQueue::BinaryQueue() :
+ m_size(0)
+{}
+
+BinaryQueue::BinaryQueue(const BinaryQueue &other) :
+ m_size(0)
+{
+ AppendCopyFrom(other);
+}
+
+BinaryQueue::~BinaryQueue()
+{
+ // Remove all remainig buckets
+ Clear();
+}
+
+BinaryQueue &BinaryQueue::operator=(const BinaryQueue &other)
+{
+ if (this != &other) {
+ Clear();
+ AppendCopyFrom(other);
+ }
+
+ return *this;
+}
+
+void BinaryQueue::AppendCopyFrom(const BinaryQueue &other)
+{
+ // To speed things up, always copy as one bucket
+ void *bufferCopy = malloc(other.m_size);
+
+ if (bufferCopy == NULL) {
+ throw std::bad_alloc();
+ }
+
+ try {
+ other.Flatten(bufferCopy, other.m_size);
+ AppendUnmanaged(bufferCopy, other.m_size, &BufferDeleterFree, NULL);
+ } catch (const std::bad_alloc &) {
+ // Free allocated memory
+ free(bufferCopy);
+ throw;
+ }
+}
+
+void BinaryQueue::AppendMoveFrom(BinaryQueue &other)
+{
+ // Copy all buckets
+ std::copy(other.m_buckets.begin(),
+ other.m_buckets.end(), std::back_inserter(m_buckets));
+ m_size += other.m_size;
+
+ // Clear other, but do not free memory
+ other.m_buckets.clear();
+ other.m_size = 0;
+}
+
+void BinaryQueue::AppendCopyTo(BinaryQueue &other) const
+{
+ other.AppendCopyFrom(*this);
+}
+
+void BinaryQueue::AppendMoveTo(BinaryQueue &other)
+{
+ other.AppendMoveFrom(*this);
+}
+
+void BinaryQueue::Clear()
+{
+ std::for_each(m_buckets.begin(), m_buckets.end(), &DeleteBucket);
+ m_buckets.clear();
+ m_size = 0;
+}
+
+void BinaryQueue::AppendCopy(const void* buffer, size_t bufferSize)
+{
+ // Create data copy with malloc/free
+ void *bufferCopy = malloc(bufferSize);
+
+ // Check if allocation succeded
+ if (bufferCopy == NULL) {
+ throw std::bad_alloc();
+ }
+
+ // Copy user data
+ memcpy(bufferCopy, buffer, bufferSize);
+
+ try {
+ // Try to append new bucket
+ AppendUnmanaged(bufferCopy, bufferSize, &BufferDeleterFree, NULL);
+ } catch (const std::bad_alloc &) {
+ // Free allocated memory
+ free(bufferCopy);
+ throw;
+ }
+}
+
+void BinaryQueue::AppendUnmanaged(const void* buffer,
+ size_t bufferSize,
+ BufferDeleter deleter,
+ void* userParam)
+{
+ // Do not attach empty buckets
+ if (bufferSize == 0) {
+ deleter(buffer, bufferSize, userParam);
+ return;
+ }
+
+ // Just add new bucket with selected deleter
+ m_buckets.push_back(new Bucket(buffer, bufferSize, deleter, userParam));
+
+ // Increase total queue size
+ m_size += bufferSize;
+}
+
+size_t BinaryQueue::Size() const
+{
+ return m_size;
+}
+
+bool BinaryQueue::Empty() const
+{
+ return m_size == 0;
+}
+
+void BinaryQueue::Consume(size_t size)
+{
+ // Check parameters
+ if (size > m_size) {
+ Throw(Exception::OutOfData);
+ }
+
+ size_t bytesLeft = size;
+
+ // Consume data and/or remove buckets
+ while (bytesLeft > 0) {
+ // Get consume size
+ size_t count = std::min(bytesLeft, m_buckets.front()->left);
+
+ m_buckets.front()->ptr =
+ static_cast<const char *>(m_buckets.front()->ptr) + count;
+ m_buckets.front()->left -= count;
+ bytesLeft -= count;
+ m_size -= count;
+
+ if (m_buckets.front()->left == 0) {
+ DeleteBucket(m_buckets.front());
+ m_buckets.pop_front();
+ }
+ }
+}
+
+void BinaryQueue::Flatten(void *buffer, size_t bufferSize) const
+{
+ // Check parameters
+ if (bufferSize == 0) {
+ return;
+ }
+
+ if (bufferSize > m_size) {
+ Throw(Exception::OutOfData);
+ }
+
+ size_t bytesLeft = bufferSize;
+ void *ptr = buffer;
+ BucketList::const_iterator bucketIterator = m_buckets.begin();
+ Assert(m_buckets.end() != bucketIterator);
+
+ // Flatten data
+ while (bytesLeft > 0) {
+ // Get consume size
+ size_t count = std::min(bytesLeft, (*bucketIterator)->left);
+
+ // Copy data to user pointer
+ memcpy(ptr, (*bucketIterator)->ptr, count);
+
+ // Update flattened bytes count
+ bytesLeft -= count;
+ ptr = static_cast<char *>(ptr) + count;
+
+ // Take next bucket
+ ++bucketIterator;
+ }
+}
+
+void BinaryQueue::FlattenConsume(void *buffer, size_t bufferSize)
+{
+ // FIXME: Optimize
+ Flatten(buffer, bufferSize);
+ Consume(bufferSize);
+}
+
+void BinaryQueue::DeleteBucket(BinaryQueue::Bucket *bucket)
+{
+ delete bucket;
+}
+
+void BinaryQueue::BufferDeleterFree(const void* data,
+ size_t dataSize,
+ void* userParam)
+{
+ (void)dataSize;
+ (void)userParam;
+
+ // Default free deleter
+ free(const_cast<void *>(data));
+}
+
+BinaryQueue::Bucket::Bucket(const void* data,
+ size_t dataSize,
+ BufferDeleter dataDeleter,
+ void* userParam) :
+ buffer(data),
+ ptr(data),
+ size(dataSize),
+ left(dataSize),
+ deleter(dataDeleter),
+ param(userParam)
+{
+ Assert(data != NULL);
+ Assert(deleter != NULL);
+}
+
+BinaryQueue::Bucket::~Bucket()
+{
+ // Invoke deleter on bucket data
+ deleter(buffer, size, param);
+}
+
+BinaryQueue::BucketVisitor::~BucketVisitor()
+{}
+
+BinaryQueue::BucketVisitorCall::BucketVisitorCall(BucketVisitor *visitor) :
+ m_visitor(visitor)
+{}
+
+BinaryQueue::BucketVisitorCall::~BucketVisitorCall()
+{}
+
+void BinaryQueue::BucketVisitorCall::operator()(Bucket *bucket) const
+{
+ m_visitor->OnVisitBucket(bucket->ptr, bucket->left);
+}
+
+void BinaryQueue::VisitBuckets(BucketVisitor *visitor) const
+{
+ Assert(visitor != NULL);
+
+ // Visit all buckets
+ std::for_each(m_buckets.begin(), m_buckets.end(), BucketVisitorCall(visitor));
+}
+
+BinaryQueueAutoPtr BinaryQueue::Read(size_t size)
+{
+ // Simulate input stream
+ size_t available = std::min(size, m_size);
+
+ ScopedFree<void> bufferCopy(malloc(available));
+
+ if (!bufferCopy) {
+ throw std::bad_alloc();
+ }
+
+ BinaryQueueAutoPtr result(new BinaryQueue());
+
+ Flatten(bufferCopy.Get(), available);
+ result->AppendUnmanaged(
+ bufferCopy.Get(), available, &BufferDeleterFree, NULL);
+ bufferCopy.Release();
+ Consume(available);
+
+ return result;
+}
+
+size_t BinaryQueue::Write(const BinaryQueue &buffer, size_t bufferSize)
+{
+ // Simulate output stream
+ AppendCopyFrom(buffer);
+ return bufferSize;
+}
+} // namespace VcoreDPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file char_traits.cpp
+ * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
+ * @version 1.0
+ * @biref Char traits are used to create basic_string extended with
+ * additional features
+ * Current char traits could be extended in feature to boost
+ * performance
+ */
+#include <stddef.h>
+#include <dpl/char_traits.h>
+
+//
+// Note:
+//
+// The file here is left blank to enable precompilation
+// of templates in corresponding header file.
+// Do not remove this file.
+//
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file colors.cpp
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief Some constants with definition of colors for Console
+ * and html output
+ */
+#include <stddef.h>
+#include <dpl/colors.h>
+
+namespace VcoreDPL {
+namespace Colors {
+namespace Text {
+const char* BOLD_GREEN_BEGIN = "\033[1;32m";
+const char* BOLD_GREEN_END = "\033[m";
+const char* RED_BEGIN = "\033[0;31m";
+const char* RED_END = "\033[m";
+const char* PURPLE_BEGIN = "\033[0;35m";
+const char* PURPLE_END = "\033[m";
+const char* GREEN_BEGIN = "\033[0;32m";
+const char* GREEN_END = "\033[m";
+const char* CYAN_BEGIN = "\033[0;36m";
+const char* CYAN_END = "\033[m";
+const char* BOLD_RED_BEGIN = "\033[1;31m";
+const char* BOLD_RED_END = "\033[m";
+const char* BOLD_YELLOW_BEGIN = "\033[1;33m";
+const char* BOLD_YELLOW_END = "\033[m";
+const char* BOLD_GOLD_BEGIN = "\033[0;33m";
+const char* BOLD_GOLD_END = "\033[m";
+const char* BOLD_WHITE_BEGIN = "\033[1;37m";
+const char* BOLD_WHITE_END = "\033[m";
+} //namespace Text
+
+namespace Html {
+const char* BOLD_GREEN_BEGIN = "<font color=\"green\"><b>";
+const char* BOLD_GREEN_END = "</b></font>";
+const char* PURPLE_BEGIN = "<font color=\"purple\"><b>";
+const char* PURPLE_END = "</b></font>";
+const char* RED_BEGIN = "<font color=\"red\"><b>";
+const char* RED_END = "</b></font>";
+const char* GREEN_BEGIN = "<font color=\"green\">";
+const char* GREEN_END = "</font>";
+const char* CYAN_BEGIN = "<font color=\"cyan\">";
+const char* CYAN_END = "</font>";
+const char* BOLD_RED_BEGIN = "<font color=\"red\"><b>";
+const char* BOLD_RED_END = "</b></font>";
+const char* BOLD_YELLOW_BEGIN = "<font color=\"yellow\"><b>";
+const char* BOLD_YELLOW_END = "</b></font>";
+const char* BOLD_GOLD_BEGIN = "<font color=\"gold\"><b>";
+const char* BOLD_GOLD_END = "</b></font>";
+const char* BOLD_WHITE_BEGIN = "<font color=\"white\"><b>";
+const char* BOLD_WHITE_END = "</b></font>";
+} //namespace Html
+} //namespace Colors
+} //namespace VcoreDPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file errno_string.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of errno string
+ */
+#include <stddef.h>
+#include <dpl/errno_string.h>
+#include <dpl/assert.h>
+#include <dpl/exception.h>
+#include <dpl/assert.h>
+#include <dpl/scoped_free.h>
+#include <string>
+#include <cstddef>
+#include <cstring>
+#include <malloc.h>
+#include <cerrno>
+#include <stdexcept>
+
+namespace VcoreDPL {
+namespace // anonymous
+{
+const size_t DEFAULT_ERRNO_STRING_SIZE = 32;
+} // namespace anonymous
+
+std::string GetErrnoString(int error)
+{
+ size_t size = DEFAULT_ERRNO_STRING_SIZE;
+ char *buffer = NULL;
+
+ for (;;) {
+ // Add one extra characted for end of string null value
+ char *newBuffer = static_cast<char *>(::realloc(buffer, size + 1));
+
+ if (!newBuffer) {
+ // Failed to realloc
+ ::free(buffer);
+ throw std::bad_alloc();
+ }
+
+ // Setup reallocated buffer
+ buffer = newBuffer;
+ ::memset(buffer, 0, size + 1);
+
+ // Try to retrieve error string
+#if (_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600) && !_GNU_SOURCE
+ // The XSI-compliant version of strerror_r() is provided if:
+ int result = ::strerror_r(error, buffer, size);
+
+ if (result == 0) {
+ ScopedFree<char> scopedBufferFree(buffer);
+ return std::string(buffer);
+ }
+#else
+ errno = 0;
+
+ // Otherwise, the GNU-specific version is provided.
+ char *result = ::strerror_r(error, buffer, size);
+
+ if (result != NULL) {
+ ScopedFree<char> scopedBufferFree(buffer);
+ return std::string(result);
+ }
+#endif
+
+ // Interpret errors
+ switch (errno) {
+ case EINVAL:
+ // We got an invalid errno value
+ ::free(buffer);
+ ThrowMsg(InvalidErrnoValue, "Invalid errno value: " << error);
+
+ case ERANGE:
+ // Incease buffer size and retry
+ size <<= 1;
+ continue;
+
+ default:
+ AssertMsg(0, "Invalid errno value after call to strerror_r!");
+ }
+ }
+}
+} // namespace VcoreDPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file exception.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation of exception system
+ */
+#include <stddef.h>
+#include <dpl/exception.h>
+#include <dpl/log/vcore_log.h>
+
+namespace VcoreDPL {
+Exception* Exception::m_lastException = NULL;
+unsigned int Exception::m_exceptionCount = 0;
+void (*Exception::m_terminateHandler)() = NULL;
+
+void LogUnhandledException(const std::string &str)
+{
+ VcoreLogD("%s", str.c_str());
+}
+
+void LogUnhandledException(const std::string &str,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ VcoreLogE("%s", str.c_str());
+}
+} // namespace VcoreDPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file file_input.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of named input pipe
+ */
+#include <stddef.h>
+#include <dpl/file_input.h>
+#include <dpl/binary_queue.h>
+#include <dpl/log/log.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+
+namespace VcoreDPL {
+namespace // anonymous
+{
+const size_t DEFAULT_READ_BUFFER_SIZE = 4096;
+} // namespace anonymous
+
+FileInput::FileInput() :
+ m_fd(-1)
+{}
+
+FileInput::FileInput(const std::string& fileName) :
+ m_fd(-1)
+{
+ Open(fileName);
+}
+
+FileInput::~FileInput()
+{
+ Close();
+}
+
+void FileInput::Open(const std::string& fileName)
+{
+ // Open non-blocking
+ int fd = TEMP_FAILURE_RETRY(open(fileName.c_str(), O_RDONLY | O_NONBLOCK));
+
+ // Throw an exception if an error occurred
+ if (fd == -1) {
+ ThrowMsg(Exception::OpenFailed, fileName);
+ }
+
+ // Close if any existing
+ Close();
+
+ // Save new descriptor
+ m_fd = fd;
+
+ LogPedantic("Opened file: " << fileName);
+}
+
+void FileInput::Close()
+{
+ if (m_fd == -1) {
+ return;
+ }
+
+ if (TEMP_FAILURE_RETRY(close(m_fd)) == -1) {
+ Throw(Exception::CloseFailed);
+ }
+
+ m_fd = -1;
+
+ LogPedantic("Closed file");
+}
+
+BinaryQueueAutoPtr FileInput::Read(size_t size)
+{
+ size_t bytesToRead = size >
+ DEFAULT_READ_BUFFER_SIZE ? DEFAULT_READ_BUFFER_SIZE : size;
+
+ // Malloc default read buffer size
+ // It is unmanaged, so it can be then attached directly to binary queue
+ void *buffer = malloc(bytesToRead);
+
+ if (buffer == NULL) {
+ throw std::bad_alloc();
+ }
+
+ LogPedantic("Trying to read " << bytesToRead << " bytes");
+
+ ssize_t result = TEMP_FAILURE_RETRY(read(m_fd, buffer, bytesToRead));
+
+ LogPedantic("Read " << result << " bytes from file");
+
+ if (result > 0) {
+ // Succedded to read socket data
+ BinaryQueueAutoPtr binaryQueue(new BinaryQueue());
+
+ // Append unmanaged memory
+ binaryQueue->AppendUnmanaged(buffer,
+ result,
+ &BinaryQueue::BufferDeleterFree,
+ NULL);
+
+ // Return buffer
+ return binaryQueue;
+ } else if (result == 0) {
+ // Socket was gracefuly closed
+ free(buffer);
+
+ // Return empty buffer
+ return BinaryQueueAutoPtr(new BinaryQueue());
+ } else {
+ // Must first save errno value, because it may be altered
+ int lastErrno = errno;
+
+ // Free buffer
+ free(buffer);
+
+ // Interpret error result
+ (void)lastErrno;
+
+ // FIXME: Handle specific errno
+ Throw(AbstractInput::Exception::ReadFailed);
+ }
+}
+
+WaitableHandle FileInput::WaitableReadHandle() const
+{
+ return static_cast<WaitableHandle>(m_fd);
+}
+} // namespace VcoreDPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file mutex.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of mutex
+ */
+#include <stddef.h>
+#include <dpl/mutex.h>
+#include <dpl/assert.h>
+#include <dpl/log/vcore_log.h>
+#include <errno.h>
+
+namespace VcoreDPL {
+Mutex::Mutex()
+{
+ if (pthread_mutex_init(&m_mutex, NULL) != 0) {
+ int error = errno;
+
+ VcoreLogD("Failed to create mutex. Errno: %i", error);
+
+ ThrowMsg(Exception::CreateFailed,
+ "Failed to create mutex. Errno: " << error);
+ }
+}
+
+Mutex::~Mutex()
+{
+ if (pthread_mutex_destroy(&m_mutex) != 0) {
+ int error = errno;
+
+ VcoreLogD("Failed to destroy mutex. Errno: %i", error);
+ }
+}
+
+void Mutex::Lock() const
+{
+ if (pthread_mutex_lock(&m_mutex) != 0) {
+ int error = errno;
+
+ VcoreLogD("Failed to lock mutex. Errno: %i", error);
+
+ ThrowMsg(Exception::LockFailed,
+ "Failed to lock mutex. Errno: " << error);
+ }
+}
+
+void Mutex::Unlock() const
+{
+ if (pthread_mutex_unlock(&m_mutex) != 0) {
+ int error = errno;
+
+ VcoreLogD("Failed to unlock mutex. Errno: %i", error);
+
+ ThrowMsg(Exception::UnlockFailed,
+ "Failed to unlock mutex. Errno: " << error);
+ }
+}
+
+Mutex::ScopedLock::ScopedLock(Mutex *mutex) :
+ m_mutex(mutex)
+{
+ Assert(mutex != NULL);
+ m_mutex->Lock();
+}
+
+Mutex::ScopedLock::~ScopedLock()
+{
+ Try
+ {
+ m_mutex->Unlock();
+ }
+ Catch(Mutex::Exception::UnlockFailed)
+ {
+ VcoreLogD("Failed to leave mutex scoped lock");
+ }
+}
+} // namespace VcoreDPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file noncopyable.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of noncopyable
+ */
+#include <stddef.h>
+#include <dpl/noncopyable.h>
+
+namespace VcoreDPL {
+Noncopyable::Noncopyable()
+{}
+
+Noncopyable::~Noncopyable()
+{}
+} // namespace VcoreDPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file generic_event.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of singleton
+ */
+#include <stddef.h>
+#include <dpl/singleton.h>
+
+//
+// Note:
+//
+// The file here is left blank to enable precompilation
+// of templates in corresponding header file.
+// Do not remove this file.
+//
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file string.cpp
+ * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ */
+#include <stddef.h>
+#include <memory>
+#include <dpl/string.h>
+#include <dpl/char_traits.h>
+#include <dpl/errno_string.h>
+#include <dpl/exception.h>
+#include <dpl/log/vcore_log.h>
+#include <string>
+#include <vector>
+#include <algorithm>
+#include <cstring>
+#include <errno.h>
+#include <iconv.h>
+#include <unicode/ustring.h>
+
+// TODO: Completely move to ICU
+namespace VcoreDPL {
+namespace //anonymous
+{
+class ASCIIValidator
+{
+ const std::string& m_TestedString;
+
+ public:
+ ASCIIValidator(const std::string& aTestedString);
+
+ void operator()(char aCharacter) const;
+};
+
+ASCIIValidator::ASCIIValidator(const std::string& aTestedString) :
+ m_TestedString(aTestedString)
+{}
+
+void ASCIIValidator::operator()(char aCharacter) const
+{
+ // Check for ASCII data range
+ if (aCharacter <= 0) {
+ ThrowMsg(
+ StringException::InvalidASCIICharacter,
+ "invalid character code " << static_cast<int>(aCharacter)
+ << " from string [" <<
+ m_TestedString
+ << "] passed as ASCII");
+ }
+}
+
+const iconv_t gc_IconvOperError = reinterpret_cast<iconv_t>(-1);
+const size_t gc_IconvConvertError = static_cast<size_t>(-1);
+} // namespace anonymous
+
+String FromUTF8String(const std::string& aIn)
+{
+ if (aIn.empty()) {
+ return String();
+ }
+
+ size_t inbytes = aIn.size();
+
+ // Default iconv UTF-32 module adds BOM (4 bytes) in from of string
+ // The worst case is when 8bit UTF-8 char converts to 32bit UTF-32
+ // newsize = oldsize * 4 + end + bom
+ // newsize - bytes for UTF-32 string
+ // oldsize - letters in UTF-8 string
+ // end - end character for UTF-32 (\0)
+ // bom - Unicode header in front of string (0xfeff)
+ size_t outbytes = sizeof(wchar_t) * (inbytes + 2);
+ std::vector<wchar_t> output(inbytes + 2, 0);
+
+ size_t outbytesleft = outbytes;
+ char* inbuf = const_cast<char*>(aIn.c_str());
+
+ // vector is used to provide buffer for iconv which expects char* buffer
+ // but during conversion from UTF32 uses internaly wchar_t
+ char* outbuf = reinterpret_cast<char*>(&output[0]);
+
+ iconv_t iconvHandle = iconv_open("UTF-32", "UTF-8");
+
+ if (gc_IconvOperError == iconvHandle) {
+ int error = errno;
+
+ ThrowMsg(StringException::IconvInitErrorUTF8ToUTF32,
+ "iconv_open failed for " << "UTF-32 <- UTF-8" <<
+ "error: " << GetErrnoString(error));
+ }
+
+ size_t iconvRet = iconv(iconvHandle,
+ &inbuf,
+ &inbytes,
+ &outbuf,
+ &outbytesleft);
+
+ iconv_close(iconvHandle);
+
+ if (gc_IconvConvertError == iconvRet) {
+ ThrowMsg(StringException::IconvConvertErrorUTF8ToUTF32,
+ "iconv failed for " << "UTF-32 <- UTF-8" << "error: "
+ << GetErrnoString());
+ }
+
+ // Ignore BOM in front of UTF-32
+ return &output[1];
+}
+
+std::string ToUTF8String(const VcoreDPL::String& aIn)
+{
+ if (aIn.empty()) {
+ return std::string();
+ }
+
+ size_t inbytes = aIn.size() * sizeof(wchar_t);
+ size_t outbytes = inbytes + sizeof(char);
+
+ // wstring returns wchar_t but iconv expects char*
+ // iconv internally is processing input as wchar_t
+ char* inbuf = reinterpret_cast<char*>(const_cast<wchar_t*>(aIn.c_str()));
+ std::vector<char> output(inbytes, 0);
+ char* outbuf = &output[0];
+
+ size_t outbytesleft = outbytes;
+
+ iconv_t iconvHandle = iconv_open("UTF-8", "UTF-32");
+
+ if (gc_IconvOperError == iconvHandle) {
+ ThrowMsg(StringException::IconvInitErrorUTF32ToUTF8,
+ "iconv_open failed for " << "UTF-8 <- UTF-32"
+ << "error: " << GetErrnoString());
+ }
+
+ size_t iconvRet = iconv(iconvHandle,
+ &inbuf,
+ &inbytes,
+ &outbuf,
+ &outbytesleft);
+
+ iconv_close(iconvHandle);
+
+ if (gc_IconvConvertError == iconvRet) {
+ ThrowMsg(StringException::IconvConvertErrorUTF32ToUTF8,
+ "iconv failed for " << "UTF-8 <- UTF-32"
+ << "error: " << GetErrnoString());
+ }
+
+ return &output[0];
+}
+
+String FromASCIIString(const std::string& aString)
+{
+ String output;
+
+ std::for_each(aString.begin(), aString.end(), ASCIIValidator(aString));
+ std::copy(aString.begin(), aString.end(), std::back_inserter<String>(output));
+
+ return output;
+}
+
+String FromUTF32String(const std::wstring& aString)
+{
+ return String(&aString[0]);
+}
+
+static UChar *ConvertToICU(const String &inputString)
+{
+ std::unique_ptr<UChar[]> outputString;
+ int32_t size = 0;
+ int32_t convertedSize = 0;
+ UErrorCode error = U_ZERO_ERROR;
+
+ // Calculate size of output string
+ ::u_strFromWCS(NULL,
+ 0,
+ &size,
+ inputString.c_str(),
+ -1,
+ &error);
+
+ if (error == U_ZERO_ERROR ||
+ error == U_BUFFER_OVERFLOW_ERROR)
+ {
+ // What buffer size is ok ?
+ VcoreLogD("ICU: Output buffer size: %i", size);
+ } else {
+ ThrowMsg(StringException::ICUInvalidCharacterFound,
+ "ICU: Failed to retrieve output string size. Error: "
+ << error);
+ }
+
+ // Allocate proper buffer
+ outputString.reset(new UChar[size + 1]);
+ ::memset(outputString.get(), 0, sizeof(UChar) * (size + 1));
+
+ error = U_ZERO_ERROR;
+
+ // Do conversion
+ ::u_strFromWCS(outputString.get(),
+ size + 1,
+ &convertedSize,
+ inputString.c_str(),
+ -1,
+ &error);
+
+ if (!U_SUCCESS(error)) {
+ ThrowMsg(StringException::ICUInvalidCharacterFound,
+ "ICU: Failed to convert string. Error: " << error);
+ }
+
+ // Done
+ return outputString.release();
+}
+
+int StringCompare(const String &left,
+ const String &right,
+ bool caseInsensitive)
+{
+ // Convert input strings
+ std::unique_ptr<UChar[]> leftICU(ConvertToICU(left));
+ std::unique_ptr<UChar[]> rightICU(ConvertToICU(right));
+
+ if (caseInsensitive) {
+ return static_cast<int>(u_strcasecmp(leftICU.get(), rightICU.get(), 0));
+ } else {
+ return static_cast<int>(u_strcmp(leftICU.get(), rightICU.get()));
+ }
+}
+} //namespace VcoreDPL
+
+std::ostream& operator<<(std::ostream& aStream, const VcoreDPL::String& aString)
+{
+ return aStream << VcoreDPL::ToUTF8String(aString);
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file thread.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of thread
+ */
+#include <stddef.h>
+#include <dpl/thread.h>
+#include <dpl/log/vcore_log.h>
+#include <sys/time.h>
+#include <algorithm>
+#include <dpl/assert.h>
+#include <errno.h>
+#include <time.h>
+#include <string.h>
+
+namespace // anonymous
+{
+static const size_t NANOSECONDS_PER_SECOND =
+ static_cast<uint64_t>(1000 * 1000 * 1000);
+
+static const size_t NANOSECONDS_PER_MILISECOND =
+ static_cast<uint64_t>(1000 * 1000);
+
+static const size_t NANOSECONDS_PER_MICROSECOND =
+ static_cast<uint64_t>(1000);
+
+static const std::thread::id g_mainThread = std::this_thread::get_id();
+
+class ThreadSpecific
+{
+ public:
+ pthread_key_t threadSpecific;
+
+ ThreadSpecific() :
+ threadSpecific(0)
+ {
+ threadSpecific = 0;
+ pthread_key_create(&threadSpecific, NULL);
+ }
+
+ virtual ~ThreadSpecific()
+ {
+ pthread_key_delete(threadSpecific);
+ }
+};
+
+static ThreadSpecific g_threadSpecific;
+} // namespace anonymous
+
+namespace VcoreDPL {
+bool g_TLSforMainCreated = false;
+
+Thread::Thread() :
+ m_thread(),
+ m_abandon(false),
+ m_running(false),
+ m_directInvoke(false)
+{}
+
+Thread::~Thread()
+{
+ // Ensure that we quit thread
+ // Always wait thread by yourself; if thread is still running
+ // this may be sometimes very bad. When derived, some resources
+ // may leak or be doubly freed
+ Quit();
+
+ // Remove any remainig events
+ // Thread proc is surely not running now
+ for (InternalEventList::iterator iterator = m_eventList.begin();
+ iterator != m_eventList.end();
+ ++iterator)
+ {
+ iterator->eventDeleteProc(iterator->event, iterator->userParam);
+ }
+
+ m_eventList.clear();
+}
+
+bool Thread::IsMainThread()
+{
+ return (std::this_thread::get_id() == g_mainThread);
+}
+
+Thread *Thread::GetCurrentThread()
+{
+ if (std::this_thread::get_id() == g_mainThread) {
+ return NULL;
+ }
+
+ void *threadSpecific = pthread_getspecific(g_threadSpecific.threadSpecific);
+
+ // Is this a managed thread ?
+ if (threadSpecific == NULL) {
+ Throw(Exception::UnmanagedThread);
+ }
+
+ return static_cast<Thread *>(threadSpecific);
+}
+
+void *Thread::StaticThreadEntry(void *param)
+{
+ VcoreLogD("Entered static thread entry");
+
+ // Retrieve context
+ Thread *This = static_cast<Thread *>(param);
+ Assert(This != NULL);
+
+ // Set thread specific
+ int result = pthread_setspecific(g_threadSpecific.threadSpecific, This);
+
+ if (result != 0) {
+ VcoreLogE("Failed to set threadSpecific");
+ }
+
+ // Enter thread proc
+ // Do not allow exceptions to hit pthread core
+ UNHANDLED_EXCEPTION_HANDLER_BEGIN
+ {
+ This->ThreadEntry();
+ }
+ UNHANDLED_EXCEPTION_HANDLER_END
+
+ // Critical section
+ {
+ // Leave running state
+ std::lock_guard<std::mutex> lock(This->m_stateMutex);
+
+ This->m_running = false;
+
+ // Abandon thread
+ if (This->m_abandon) {
+ VcoreLogD("Thread was abandoned");
+ This->m_thread.detach();
+ } else {
+ VcoreLogD("Thread is joinable");
+ }
+ }
+
+ return NULL;
+}
+
+int Thread::ThreadEntry()
+{
+ VcoreLogD("Entered default thread entry");
+ return Exec();
+}
+
+void Thread::ProcessEvents()
+{
+ VcoreLogD("Processing events");
+
+ // Steal current event list
+ InternalEventList stolenEvents;
+
+ // Enter event list critical section
+ {
+ std::lock_guard<std::mutex> lock(m_eventMutex);
+ m_eventList.swap(stolenEvents);
+ m_eventInvoker.Reset();
+ }
+
+ // Process event list
+ VcoreLogD("Stolen %u internal events", stolenEvents.size());
+
+ for (InternalEventList::iterator iterator = stolenEvents.begin();
+ iterator != stolenEvents.end();
+ ++iterator)
+ {
+ // Dispatch immediate event
+ iterator->eventDispatchProc(iterator->event, iterator->userParam);
+
+ // Delete event
+ iterator->eventDeleteProc(iterator->event, iterator->userParam);
+ }
+}
+
+void Thread::ProcessTimedEvents()
+{
+ // Critical section on timed events mutex
+ {
+ std::lock_guard<std::mutex> lock(m_timedEventMutex);
+
+ // Get current time
+ unsigned long currentTimeMiliseconds = GetCurrentTimeMiliseconds();
+
+ // Info
+ VcoreLogD("Processing timed events. Time now: %lu ms", currentTimeMiliseconds);
+
+ // All timed events are sorted chronologically
+ // Emit timed out events
+ while (!m_timedEventVector.empty() &&
+ currentTimeMiliseconds >=
+ m_timedEventVector.begin()->registerTimeMiliseconds +
+ m_timedEventVector.begin()->dueTimeMiliseconds)
+ {
+ // Info
+ VcoreLogD("Transforming timed event into immediate event. Absolute due time: %lu ms",
+ (m_timedEventVector.begin()->registerTimeMiliseconds +
+ m_timedEventVector.begin()->dueTimeMiliseconds));
+
+ // Emit immediate event
+ PushEvent(m_timedEventVector.begin()->event,
+ m_timedEventVector.begin()->eventDispatchProc,
+ m_timedEventVector.begin()->eventDeleteProc,
+ m_timedEventVector.begin()->userParam);
+
+ // Remove timed eventand fix heap
+ std::pop_heap(m_timedEventVector.begin(), m_timedEventVector.end());
+ m_timedEventVector.pop_back();
+ }
+ }
+}
+
+unsigned long Thread::GetCurrentTimeMiliseconds() const
+{
+ timeval tv;
+ gettimeofday(&tv, NULL);
+ return static_cast<unsigned long>(tv.tv_sec) * 1000 +
+ static_cast<unsigned long>(tv.tv_usec) / 1000;
+}
+
+int Thread::Exec()
+{
+ VcoreLogD("Executing thread event processing");
+
+ const std::size_t MIN_HANDLE_LIST_SIZE = 4;
+
+ // Start processing of events
+ WaitableHandleListEx handleList;
+
+ // index 0: Quit waitable event handle
+ handleList.push_back(std::make_pair(m_quitEvent.GetHandle(), WaitMode::Read));
+
+ // index 1: Event occurred event handle
+ handleList.push_back(std::make_pair(m_eventInvoker.GetHandle(),
+ WaitMode::Read));
+
+ // index 2: Timed event occurred event handle
+ handleList.push_back(std::make_pair(m_timedEventInvoker.GetHandle(),
+ WaitMode::Read));
+
+ // index 3: Waitable handle watch support invoker
+ handleList.push_back(std::make_pair(WaitableHandleWatchSupport::
+ WaitableInvokerHandle(),
+ WaitMode::Read));
+
+ //
+ // Watch list might have been initialized before threaded started
+ // Need to fill waitable event watch list in this case
+ //
+ {
+ WaitableHandleListEx waitableHandleWatchHandles =
+ WaitableHandleWatchSupport::WaitableWatcherHandles();
+ std::copy(
+ waitableHandleWatchHandles.begin(),
+ waitableHandleWatchHandles.end(), std::back_inserter(handleList));
+ }
+
+ // Quit flag
+ bool quit = false;
+
+ while (!quit) {
+ // Retrieve minimum wait time, according to timed events list
+ unsigned long minimumWaitTime;
+
+ // Critical section on timed events mutex
+ {
+ std::lock_guard<std::mutex> lock(m_timedEventMutex);
+
+ if (!m_timedEventVector.empty()) {
+ unsigned long currentTimeMiliseconds =
+ GetCurrentTimeMiliseconds();
+ unsigned long destinationTimeMiliseconds =
+ m_timedEventVector.begin()->registerTimeMiliseconds +
+ m_timedEventVector.begin()->dueTimeMiliseconds;
+
+ // Are we already late with timed event ?
+ if (currentTimeMiliseconds > destinationTimeMiliseconds) {
+ minimumWaitTime = 0;
+ } else {
+ minimumWaitTime = destinationTimeMiliseconds -
+ currentTimeMiliseconds;
+ }
+ } else {
+ minimumWaitTime = 0xFFFFFFFF; // Infinity
+ }
+ }
+
+ // Info
+ VcoreLogD("Thread loop minimum wait time: %lu ms", minimumWaitTime);
+
+ // Do thread waiting
+ WaitableHandleIndexList waitableHandleIndexList =
+ WaitForMultipleHandles(handleList, minimumWaitTime);
+
+ if (waitableHandleIndexList.empty()) {
+ // Timeout occurred. Process timed events.
+ VcoreLogD("Timed event list elapsed invoker");
+ ProcessTimedEvents();
+ continue;
+ }
+
+ // Go through each index
+ for (WaitableHandleIndexList::const_iterator
+ waitableHandleIndexIterator = waitableHandleIndexList.begin();
+ waitableHandleIndexIterator != waitableHandleIndexList.end();
+ ++waitableHandleIndexIterator)
+ {
+ size_t index = *waitableHandleIndexIterator;
+
+ VcoreLogD("Event loop triggered with index: %u", index);
+
+ switch (index) {
+ case 0:
+ // Quit waitable event handle
+ quit = true;
+ break;
+
+ case 1:
+ // Event occurred event handle
+ ProcessEvents();
+
+ // Handle direct invoker
+ if (m_directInvoke) {
+ m_directInvoke = false;
+
+ VcoreLogD("Handling direct invoker");
+
+ // Update list
+ while (handleList.size() > MIN_HANDLE_LIST_SIZE) {
+ handleList.pop_back();
+ }
+
+ // Insert current waitable event handles instead
+ {
+ WaitableHandleListEx waitableHandleWatchHandles =
+ WaitableHandleWatchSupport::WaitableWatcherHandles();
+ std::copy(
+ waitableHandleWatchHandles.begin(),
+ waitableHandleWatchHandles.end(),
+ std::back_inserter(handleList));
+ }
+ }
+
+ // Done
+ break;
+
+ case 2:
+ // Timed event list changed
+ VcoreLogD("Timed event list changed invoker");
+ ProcessTimedEvents();
+
+ // Reset timed event invoker
+ m_timedEventInvoker.Reset();
+
+ // Done
+ break;
+
+ case 3:
+ // Waitable handle watch support invoker
+ VcoreLogD("Waitable handle watch invoker event occurred");
+
+ // First, remove all previous handles
+ while (handleList.size() > MIN_HANDLE_LIST_SIZE) {
+ handleList.pop_back();
+ }
+
+ // Insert current waitable event handles instead
+ {
+ WaitableHandleListEx waitableHandleWatchHandles =
+ WaitableHandleWatchSupport::WaitableWatcherHandles();
+ std::copy(
+ waitableHandleWatchHandles.begin(),
+ waitableHandleWatchHandles.end(),
+ std::back_inserter(handleList));
+ }
+
+ // Handle invoker in waitable watch support
+ WaitableHandleWatchSupport::InvokerFinished();
+
+ VcoreLogD("Waitable handle watch invoker event handled");
+
+ // Done
+ break;
+
+ default:
+ // Waitable event watch list
+ VcoreLogD("Waitable handle watch event occurred");
+
+ // Handle event in waitable handle watch
+ {
+ std::pair<WaitableHandle,
+ WaitMode::Type> handle = handleList[index];
+ WaitableHandleWatchSupport::HandleWatcher(handle.first,
+ handle.second);
+ }
+
+ if (m_directInvoke) {
+ m_directInvoke = false;
+
+ VcoreLogD("Handling direct invoker");
+
+ // Update list
+ while (handleList.size() > MIN_HANDLE_LIST_SIZE) {
+ handleList.pop_back();
+ }
+
+ // Insert current waitable event handles instead
+ {
+ WaitableHandleListEx waitableHandleWatchHandles =
+ WaitableHandleWatchSupport::
+ WaitableWatcherHandles();
+ std::copy(waitableHandleWatchHandles.begin(),
+ waitableHandleWatchHandles.end(),
+ std::back_inserter(handleList));
+ }
+ }
+
+ VcoreLogD("Waitable handle watch event handled");
+
+ // Done
+ break;
+ }
+ }
+ }
+
+ VcoreLogD("Leaving thread event processing");
+ return 0;
+}
+
+void Thread::Run()
+{
+ VcoreLogD("Running thread");
+
+ // Critical section
+ {
+ std::lock_guard<std::mutex> lock(m_stateMutex);
+
+ if (m_running) {
+ return;
+ }
+
+ try{
+ m_thread = std::thread(StaticThreadEntry,this);
+ }catch(std::system_error e){
+ Throw(Exception::RunFailed);
+ }
+
+ // At default, we abandon thread
+ m_abandon = true;
+
+ // Enter running state
+ m_running = true;
+ }
+
+ VcoreLogD("Thread run");
+}
+
+void Thread::Quit()
+{
+ // Critical section
+ {
+ std::lock_guard<std::mutex> lock(m_stateMutex);
+
+ // Is thread running ?
+ if (!m_running) {
+ return;
+ }
+
+ VcoreLogD("Quitting thread...");
+
+ // Do not abandon thread, we will join
+ m_abandon = false;
+
+ // Singal quit waitable event
+ m_quitEvent.Signal();
+ }
+
+ try{
+ m_thread.join();
+ }catch(std::system_error e){
+ Throw(Exception::QuitFailed);
+ }
+
+ VcoreLogD("Thread quit");
+}
+
+void Thread::PushEvent(void *event,
+ EventDispatchProc eventDispatchProc,
+ EventDeleteProc eventDeleteProc,
+ void *userParam)
+{
+ // Enter event list critical section
+ std::lock_guard<std::mutex> lock(m_eventMutex);
+
+ // Push new event
+ m_eventList.push_back(InternalEvent(event, userParam, eventDispatchProc,
+ eventDeleteProc));
+
+ // Trigger invoker
+ m_eventInvoker.Signal();
+
+ VcoreLogD("Event pushed and invoker signaled");
+}
+
+void Thread::PushTimedEvent(void *event,
+ double dueTimeSeconds,
+ EventDispatchProc eventDispatchProc,
+ EventDeleteProc eventDeleteProc,
+ void *userParam)
+{
+ // Check for developer errors
+ Assert(dueTimeSeconds >= 0.0);
+
+ // Enter timed event list critical section
+ std::lock_guard<std::mutex> lock(m_timedEventMutex);
+
+ // Get current time
+ unsigned long currentTimeMiliseconds = GetCurrentTimeMiliseconds();
+
+ // Convert to miliseconds
+ unsigned long dueTimeMiliseconds =
+ static_cast<unsigned long>(1000.0 * dueTimeSeconds);
+
+ // Push new timed event
+ m_timedEventVector.push_back(InternalTimedEvent(event, userParam,
+ dueTimeMiliseconds,
+ currentTimeMiliseconds,
+ eventDispatchProc,
+ eventDeleteProc));
+
+ // Heapify timed events
+ std::make_heap(m_timedEventVector.begin(), m_timedEventVector.end());
+
+ // Trigger invoker
+ m_timedEventInvoker.Signal();
+
+ VcoreLogD("Timed event pushed and invoker signaled: "
+ "due time: %lu ms, absolute due time: %lu ms",
+ dueTimeMiliseconds, currentTimeMiliseconds + dueTimeMiliseconds);
+}
+
+Thread *Thread::GetInvokerThread()
+{
+ return this;
+}
+
+void Thread::HandleDirectInvoker()
+{
+ // We must be in ProcessEvents call stack
+ // Mark that situation to handle direct invoker
+ m_directInvoke = true;
+}
+
+void Thread::Sleep(uint64_t seconds)
+{
+ NanoSleep(seconds * NANOSECONDS_PER_SECOND);
+}
+
+void Thread::MiliSleep(uint64_t miliseconds)
+{
+ NanoSleep(miliseconds * NANOSECONDS_PER_MILISECOND);
+}
+
+void Thread::MicroSleep(uint64_t microseconds)
+{
+ NanoSleep(microseconds * NANOSECONDS_PER_MICROSECOND);
+}
+
+void Thread::NanoSleep(uint64_t nanoseconds)
+{
+ timespec requestedTime = {
+ static_cast<time_t>(
+ nanoseconds / NANOSECONDS_PER_SECOND),
+
+ static_cast<long>(
+ nanoseconds % NANOSECONDS_PER_SECOND)
+ };
+
+ timespec remainingTime;
+
+ for (;;) {
+ if (nanosleep(&requestedTime, &remainingTime) == 0) {
+ break;
+ }
+
+ int error = errno;
+ Assert(error == EINTR);
+
+ requestedTime = remainingTime;
+ }
+}
+} // namespace VcoreDPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file type_list.cpp
+ * @author Bartosz Janiak (b.janiak@samsung.com)
+ * @version 1.0
+ * @brief Generic type list template
+ */
+#include <stddef.h>
+#include <dpl/type_list.h>
+
+//
+// Note:
+//
+// The file here is left blank to enable precompilation
+// of templates in corresponding header file.
+// Do not remove this file.
+//
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file waitable_event.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of waitable event
+ */
+#include <stddef.h>
+#include <dpl/waitable_event.h>
+#include <sys/select.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <errno.h>
+
+namespace VcoreDPL {
+WaitableEvent::WaitableEvent()
+{
+ if (pipe(m_pipe) == -1) {
+ Throw(Exception::CreateFailed);
+ }
+
+ if (fcntl(m_pipe[0], F_SETFL, O_NONBLOCK |
+ fcntl(m_pipe[0], F_GETFL)) == -1)
+ {
+ Throw(Exception::CreateFailed);
+ }
+}
+
+WaitableEvent::~WaitableEvent()
+{
+ if (TEMP_FAILURE_RETRY(close(m_pipe[0])) == -1) {
+ Throw(Exception::DestroyFailed);
+ }
+
+ if (TEMP_FAILURE_RETRY(close(m_pipe[1])) == -1) {
+ Throw(Exception::DestroyFailed);
+ }
+}
+
+WaitableHandle WaitableEvent::GetHandle() const
+{
+ return m_pipe[0];
+}
+
+void WaitableEvent::Signal() const
+{
+ char data = 0;
+
+ if (TEMP_FAILURE_RETRY(write(m_pipe[1], &data, 1)) != 1) {
+ Throw(Exception::SignalFailed);
+ }
+}
+
+void WaitableEvent::Reset() const
+{
+ char data;
+
+ if (TEMP_FAILURE_RETRY(read(m_pipe[0], &data, 1)) != 1) {
+ Throw(Exception::ResetFailed);
+ }
+}
+} // namespace VcoreDPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file waitable_handle.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of waitable handle
+ */
+#include <stddef.h>
+#include <dpl/waitable_event.h>
+#include <dpl/workaround.h>
+#include <sys/select.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <dpl/assert.h>
+
+namespace VcoreDPL {
+namespace // anonymous
+{
+void CheckWaitableHandle(WaitableHandle handle)
+{
+#ifdef DPL_ENABLE_WAITABLE_HANDLE_BADF_CHECK
+ // Try to get descriptor flags
+ int result = fcntl(handle, F_GETFL);
+
+ if (result == -1 && errno == EBADF) {
+ AssertMsg(0, "CheckWaitableHandle: Invalid WaitableHandle! (EBADF)");
+ }
+
+ AssertMsg(result != -1, "CheckWaitableHandle: Invalid WaitableHandle!");
+#endif // DPL_ENABLE_WAITABLE_HANDLE_BADF_CHECK
+}
+} // namespace anonymous
+
+WaitableHandleIndexList WaitForSingleHandle(WaitableHandle handle,
+ unsigned long miliseconds)
+{
+ WaitableHandleList waitHandles;
+ waitHandles.push_back(handle);
+ return WaitForMultipleHandles(waitHandles, miliseconds);
+}
+
+WaitableHandleIndexList WaitForSingleHandle(WaitableHandle handle,
+ WaitMode::Type mode,
+ unsigned long miliseconds)
+{
+ WaitableHandleListEx waitHandles;
+ waitHandles.push_back(std::make_pair(handle, mode));
+ return WaitForMultipleHandles(waitHandles, miliseconds);
+}
+
+WaitableHandleIndexList WaitForMultipleHandles(
+ const WaitableHandleList &waitableHandleList,
+ unsigned long miliseconds)
+{
+ WaitableHandleListEx handleList;
+
+ for (WaitableHandleList::const_iterator iterator = waitableHandleList.begin();
+ iterator != waitableHandleList.end();
+ ++iterator)
+ {
+ // Wait for multiple objects
+ handleList.push_back(std::make_pair(*iterator, WaitMode::Read));
+ }
+
+ // Do waiting
+ return WaitForMultipleHandles(handleList, miliseconds);
+}
+
+WaitableHandleIndexList WaitForMultipleHandles(
+ const WaitableHandleListEx &waitableHandleListEx,
+ unsigned long miliseconds)
+{
+ fd_set readFds, writeFds, errorFds;
+
+ // Fill sets
+ int maxFd = -1;
+
+ FD_ZERO(&readFds);
+ FD_ZERO(&writeFds);
+ FD_ZERO(&errorFds);
+
+ // Add read wait handles
+ for (WaitableHandleListEx::const_iterator iterator =
+ waitableHandleListEx.begin();
+ iterator != waitableHandleListEx.end();
+ ++iterator)
+ {
+ if (iterator->first > maxFd) {
+ maxFd = iterator->first;
+ }
+
+ CheckWaitableHandle(iterator->first);
+
+ // Handle errors along with read and write events
+ FD_SET(iterator->first, &errorFds);
+
+ if (iterator->second == WaitMode::Read) {
+ FD_SET(iterator->first, &readFds);
+ } else if (iterator->second == WaitMode::Write) {
+ FD_SET(iterator->first, &writeFds);
+ }
+ }
+
+ // Do select
+ timeval timeout;
+ timeval *effectiveTimeout = NULL;
+ if (miliseconds != 0xFFFFFFFF) {
+ timeout.tv_sec = miliseconds / 1000;
+ timeout.tv_usec = (miliseconds % 1000) * 1000;
+ effectiveTimeout = &timeout;
+ }
+
+ if (TEMP_FAILURE_RETRY(select(maxFd + 1, &readFds, &writeFds, &errorFds,
+ effectiveTimeout)) == -1)
+ {
+ Throw(WaitFailed);
+ }
+
+ // Check results
+ WaitableHandleIndexList indexes;
+ size_t index = 0;
+
+ for (WaitableHandleListEx::const_iterator iterator =
+ waitableHandleListEx.begin();
+ iterator != waitableHandleListEx.end();
+ ++iterator)
+ {
+ // Always return errors, no matter what type of listening is set
+ if (FD_ISSET(iterator->first, &errorFds)) {
+ indexes.push_back(index);
+ } else if (iterator->second == WaitMode::Read) {
+ if (FD_ISSET(iterator->first, &readFds)) {
+ indexes.push_back(index);
+ }
+ } else if (iterator->second == WaitMode::Write) {
+ if (FD_ISSET(iterator->first, &writeFds)) {
+ indexes.push_back(index);
+ }
+ }
+ ++index;
+ }
+
+ // Successfuly awaited some events or timeout occurred
+ return indexes;
+}
+} // namespace VcoreDPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file waitable_handle_watch_support.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of waitable handle watch
+ * support
+ */
+#include <stddef.h>
+#include <dpl/waitable_handle_watch_support.h>
+#include <dpl/thread.h>
+#include <dpl/log/vcore_log.h>
+#include <algorithm>
+#include <dpl/assert.h>
+
+namespace VcoreDPL {
+WaitableHandleWatchSupport::WaitableHandleWatchSupport()
+{}
+
+WaitableHandleWatchSupport::~WaitableHandleWatchSupport()
+{
+ // Developer assertions
+ if (!m_watchersMap.empty()) {
+ VcoreLogW("### Leaked watchers map dump ###");
+
+ for (WaitableHandleWatchersMap::const_iterator iterator =
+ m_watchersMap.begin();
+ iterator != m_watchersMap.end();
+ ++iterator)
+ {
+ VcoreLogW("### Waitable handle: %i", iterator->first);
+
+ VcoreLogW("### Read listeners: %u", iterator->second.readListenersCount);
+ VcoreLogW("### Write listeners: %u", iterator->second.writeListenersCount);
+
+ for (WaitableHandleListenerList::const_iterator listenersIterator =
+ iterator->second.listeners.begin();
+ listenersIterator != iterator->second.listeners.end();
+ ++listenersIterator)
+ {
+ VcoreLogW("### Mode: %i. Listener: %p",
+ listenersIterator->mode, listenersIterator->listener);
+ }
+ }
+ }
+}
+
+WaitableHandle WaitableHandleWatchSupport::WaitableInvokerHandle() const
+{
+ return m_watchersInvoker.GetHandle();
+}
+
+WaitableHandleListEx WaitableHandleWatchSupport::WaitableWatcherHandles() const
+{
+ // Critical section
+ {
+ std::lock_guard<std::recursive_mutex> lock(m_watchersMutex);
+
+ WaitableHandleListEx handleList;
+
+ for (WaitableHandleWatchersMap::const_iterator iterator =
+ m_watchersMap.begin();
+ iterator != m_watchersMap.end();
+ ++iterator)
+ {
+ // Register waitable event id for wait
+ // Check if there are any read listeners and write listeners
+ // and register for both if applicable
+ if (iterator->second.readListenersCount > 0) {
+ handleList.push_back(std::make_pair(iterator->first,
+ WaitMode::Read));
+ }
+
+ if (iterator->second.writeListenersCount > 0) {
+ handleList.push_back(std::make_pair(iterator->first,
+ WaitMode::Write));
+ }
+ }
+
+ return handleList;
+ }
+}
+
+void WaitableHandleWatchSupport::InvokerFinished()
+{
+ VcoreLogD("Invoker finished called");
+
+ // Reset invoker
+ m_watchersInvoker.Reset();
+
+ // Commit invoke
+ m_watchersInvokerCommit.Signal();
+}
+
+void WaitableHandleWatchSupport::HandleWatcher(WaitableHandle waitableHandle,
+ WaitMode::Type mode)
+{
+ //
+ // Waitable event occurred
+ // Now call all listeners for that waitable event. It is possible
+ // that some of listeners early disappeared. This is not a problem.
+ // Warning: Listeners and/or watcher may also disappear during dispatching
+ // handlers!
+ //
+ VcoreLogD("Waitable event occurred");
+
+ // Critical section for other threads
+ {
+ std::lock_guard<std::recursive_mutex> lock(m_watchersMutex);
+
+ // Notice: We must carefully call watchers here as they may disappear
+ // (zero listeners) or be created during each of handler call
+ // All removed listeners are handled correctly. Adding
+ // additional listener to the same waitable handle
+ // during handler dispatch sequence is _not_ supported.
+ WaitableHandleWatchersMap trackedWatchers = m_watchersMap;
+
+ for (WaitableHandleWatchersMap::const_iterator trackedWatchersIterator
+ = trackedWatchers.begin();
+ trackedWatchersIterator != trackedWatchers.end();
+ ++trackedWatchersIterator)
+ {
+ // Check if this watcher still exists
+ // If not, go to next tracked watcher
+ if (m_watchersMap.find(trackedWatchersIterator->first) ==
+ m_watchersMap.end())
+ {
+ VcoreLogD("Watcher disappeared during watcher handler");
+ continue;
+ }
+
+ // Is this is a waitable handle that we are searching for ?
+ if (waitableHandle != trackedWatchersIterator->first) {
+ continue;
+ }
+
+ // Track watcher listeners list
+ WaitableHandleListenerList trackedListeners =
+ trackedWatchersIterator->second.listeners;
+
+ VcoreLogD("Calling waitable event listeners (%u)...",
+ trackedListeners.size());
+
+ // Notice: We must carefully call listeners here as they may
+ // disappear or be created during each of handler call
+ // All removed listeners are handled correctly. Adding
+ // additional listener to the same waitable handle
+ // during handler dispatch sequence is should be also
+ // handled, as an extremly case.
+
+ // Call all waitable event listeners who listen for that event
+ for (WaitableHandleListenerList::const_iterator
+ trackedListenersIterator = trackedListeners.begin();
+ trackedListenersIterator != trackedListeners.end();
+ ++trackedListenersIterator)
+ {
+ // Check if this watcher still exists
+ // If not, there cannot be another one. Must exit now (after
+ // break, we actually exit)
+ if (m_watchersMap.find(trackedWatchersIterator->first) ==
+ m_watchersMap.end())
+ {
+ VcoreLogD("Watcher disappeared during watcher handler");
+ break;
+ }
+
+ // Check if this watcher listener still exists
+ // If not, go to next tracked watcher listener
+ bool listenerStillExists = false;
+
+ for (WaitableHandleListenerList::const_iterator
+ searchListenerIterator =
+ trackedWatchersIterator->second.listeners.begin();
+ searchListenerIterator !=
+ trackedWatchersIterator->second.listeners.end();
+ ++searchListenerIterator)
+ {
+ if (searchListenerIterator->listener ==
+ trackedListenersIterator->listener &&
+ searchListenerIterator->mode ==
+ trackedListenersIterator->mode)
+ {
+ listenerStillExists = true;
+ break;
+ }
+ }
+
+ if (!listenerStillExists) {
+ VcoreLogD("Watcher listener disappeared during watcher handler");
+ break;
+ }
+
+ // Is this is a listener mode that we are searching for ?
+ if (mode != trackedListenersIterator->mode) {
+ continue;
+ }
+
+ // Call waitable event watch listener
+ VcoreLogD("Before tracker listener call...");
+ trackedListenersIterator->listener->OnWaitableHandleEvent(
+ trackedWatchersIterator->first,
+ trackedListenersIterator->mode);
+ VcoreLogD("After tracker listener call...");
+ }
+
+ // Now call all those listeners who registered during listener calls
+ // FIXME: Implement! Notice, that scenario may be recursive!
+
+ VcoreLogD("Waitable event listeners called");
+
+ // No more waitable events possible - consistency check
+ break;
+ }
+ }
+}
+
+void WaitableHandleWatchSupport::AddWaitableHandleWatch(
+ WaitableHandleListener* listener,
+ WaitableHandle waitableHandle,
+ WaitMode::Type mode)
+{
+ // Enter waitable event list critical section
+ std::lock_guard<std::recursive_mutex> lock(m_watchersMutex);
+
+ // Find proper list to register into
+ WaitableHandleWatchersMap::iterator mapIterator = m_watchersMap.find(
+ waitableHandle);
+
+ if (mapIterator != m_watchersMap.end()) {
+ // Assert if there is no such listener already that is listening in this
+ // mode
+ for (WaitableHandleListenerList::iterator listenersIterator =
+ mapIterator->second.listeners.begin();
+ listenersIterator != mapIterator->second.listeners.end();
+ ++listenersIterator)
+ {
+ // Must not insert same listener-mode pair
+ Assert(
+ listenersIterator->listener != listener ||
+ listenersIterator->mode != mode);
+ }
+ }
+
+ VcoreLogD("Adding waitable handle watch: %i", waitableHandle);
+
+ // Push new waitable event watch
+ if (mapIterator != m_watchersMap.end()) {
+ mapIterator->second.listeners.push_back(WaitableHandleWatcher(listener,
+ mode));
+ } else {
+ m_watchersMap[waitableHandle].listeners.push_back(WaitableHandleWatcher(
+ listener, mode));
+ }
+
+ // Update counters
+ switch (mode) {
+ case WaitMode::Read:
+ m_watchersMap[waitableHandle].readListenersCount++;
+ break;
+
+ case WaitMode::Write:
+ m_watchersMap[waitableHandle].writeListenersCount++;
+ break;
+
+ default:
+ Assert(0);
+ }
+
+ // Trigger waitable event invoker to commit changes
+ CommitInvoker();
+
+ VcoreLogD("Waitable event watch added and invoker signaled");
+}
+
+void WaitableHandleWatchSupport::RemoveWaitableHandleWatch(
+ WaitableHandleListener *listener,
+ WaitableHandle waitableHandle,
+ WaitMode::Type mode)
+{
+ // Enter waitable event list critical section
+ std::lock_guard<std::recursive_mutex> lock(m_watchersMutex);
+
+ // Find proper list with listener
+ WaitableHandleWatchersMap::iterator mapIterator = m_watchersMap.find(
+ waitableHandle);
+
+ Assert(mapIterator != m_watchersMap.end());
+
+ // Assert if there is such listener and mode
+ WaitableHandleListenerList::iterator listIterator =
+ mapIterator->second.listeners.end();
+
+ for (WaitableHandleListenerList::iterator listenersIterator =
+ mapIterator->second.listeners.begin();
+ listenersIterator != mapIterator->second.listeners.end();
+ ++listenersIterator)
+ {
+ // Check same pair listener-mode
+ if (listenersIterator->listener == listener &&
+ listenersIterator->mode == mode)
+ {
+ listIterator = listenersIterator;
+ break;
+ }
+ }
+
+ // Same pair listener-mode must exist
+ Assert(listIterator != mapIterator->second.listeners.end());
+
+ VcoreLogD("Removing waitable handle watch: %i", waitableHandle);
+
+ // Remove waitable event watch
+ mapIterator->second.listeners.erase(listIterator);
+
+ // Update counters
+ switch (mode) {
+ case WaitMode::Read:
+ mapIterator->second.readListenersCount--;
+ break;
+
+ case WaitMode::Write:
+ mapIterator->second.writeListenersCount--;
+ break;
+
+ default:
+ Assert(0);
+ }
+
+ // If list is empty, remove it too
+ if (mapIterator->second.listeners.empty()) {
+ m_watchersMap.erase(mapIterator);
+ }
+
+ // Trigger waitable event invoker to commit changes
+ CommitInvoker();
+
+ VcoreLogD("Waitable event watch removed and invoker signaled");
+}
+
+void WaitableHandleWatchSupport::CommitInvoker()
+{
+ // Check calling context and execute invoker
+ if (Thread::GetCurrentThread() == GetInvokerThread()) {
+ VcoreLogD("Calling direct invoker");
+
+ // Direct invoker call
+ HandleDirectInvoker();
+ } else {
+ VcoreLogD("Calling indirect invoker");
+
+ // Indirect invoker call
+ m_watchersInvoker.Signal();
+
+ WaitableHandleList waitHandles;
+ waitHandles.push_back(m_watchersInvokerCommit.GetHandle());
+ WaitForMultipleHandles(waitHandles);
+
+ m_watchersInvokerCommit.Reset();
+ }
+}
+
+} // namespace VcoreDPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file naive_synchronization_object.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of SQL naive
+ * synchronization object
+ */
+#ifndef DPL_NAIVE_SYNCHRONIZATION_OBJECT_H
+#define DPL_NAIVE_SYNCHRONIZATION_OBJECT_H
+
+#include <dpl/db/sql_connection.h>
+
+namespace VcoreDPL {
+namespace DB {
+/**
+ * Naive synchronization object used to synchronize SQL connection
+ * to the same database across different threads and processes
+ */
+class NaiveSynchronizationObject :
+ public SqlConnection::SynchronizationObject
+{
+ public:
+ // [SqlConnection::SynchronizationObject]
+ virtual void Synchronize();
+ virtual void NotifyAll();
+};
+} // namespace DB
+} // namespace VcoreDPL
+
+#endif // DPL_NAIVE_SYNCHRONIZATION_OBJECT_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file orm.h
+ * @author Bartosz Janiak (b.janiak@samsung.com)
+ * @version 1.0
+ * @brief DPL-ORM: Object-relational mapping for sqlite database, written on top of DPL.
+ */
+
+#include <cstdlib>
+#include <cstdio>
+#include <string>
+#include <typeinfo>
+#include <utility>
+#include <set>
+#include <list>
+#include <memory>
+#include <boost/optional.hpp>
+
+#include <dpl/db/sql_connection.h>
+#include <dpl/db/orm_interface.h>
+#include <dpl/string.h>
+#include <dpl/type_list.h>
+#include <dpl/assert.h>
+#include <dpl/foreach.h>
+
+#ifndef DPL_ORM_H
+#define DPL_ORM_H
+
+namespace VcoreDPL {
+namespace DB {
+namespace ORM {
+
+//TODO move to type utils
+#define DPL_CHECK_TYPE_INSTANTIABILITY(type) \
+ { \
+ type _ignored_; \
+ (void)_ignored_; \
+ }
+
+#define DECLARE_COLUMN_TYPE_LIST() typedef VcoreDPL::TypeListDecl<
+#define SELECTED_COLUMN(table_name, column_name) table_name::column_name,
+#define DECLARE_COLUMN_TYPE_LIST_END(name) VcoreDPL::TypeListGuard>::Type name;
+
+typedef size_t ColumnIndex;
+typedef size_t ArgumentIndex;
+typedef boost::optional<VcoreDPL::String> OptionalString;
+typedef boost::optional<int> OptionalInteger;
+typedef VcoreDPL::DB::SqlConnection::DataCommand DataCommand;
+
+namespace RelationTypes {
+ extern const char Equal[];
+ extern const char LessThan[];
+ extern const char And[];
+ extern const char Or[];
+ extern const char Is[];
+ extern const char In[];
+ //TODO define more relation types
+}
+
+namespace DataCommandUtils {
+ //TODO move to VcoreDPL::DataCommand?
+ void BindArgument(DataCommand *command, ArgumentIndex index, int argument);
+ void BindArgument(DataCommand *command, ArgumentIndex index, const OptionalInteger& argument);
+ void BindArgument(DataCommand *command, ArgumentIndex index, const VcoreDPL::String& argument);
+ void BindArgument(DataCommand *command, ArgumentIndex index, const OptionalString& argument);
+}
+class __attribute__ ((visibility("hidden"))) Expression {
+public:
+ virtual ~Expression() {}
+ virtual std::string GetString() const = 0;
+ virtual ArgumentIndex BindTo(DataCommand *command, ArgumentIndex index) = 0;
+};
+
+typedef std::shared_ptr<Expression> ExpressionPtr;
+
+namespace OrderingUtils {
+
+template<typename CompoundType> inline std::string OrderByInternal()
+{
+ std::string order = OrderByInternal<typename CompoundType::Tail>();
+ if(!order.empty()) return CompoundType::Head::GetString() + ", " + order;
+ else return CompoundType::Head::GetString();
+}
+
+template<> inline std::string OrderByInternal<TypeListGuard>()
+{
+ return std::string();
+}
+
+}
+
+template<typename ColumnType>
+class __attribute__ ((visibility("hidden"))) OrderingExpression {
+protected:
+ static std::string GetSchemaAndName()
+ {
+ std::string statement;
+ statement += ColumnType::GetTableName();
+ statement += ".";
+ statement += ColumnType::GetColumnName();
+ statement += " ";
+ return statement;
+ }
+public:
+ virtual ~OrderingExpression() {}
+};
+
+template<const char* Operator, typename LeftExpression, typename RightExpression>
+class __attribute__ ((visibility("hidden"))) BinaryExpression : public Expression {
+protected:
+ LeftExpression m_leftExpression;
+ RightExpression m_rightExpression;
+ bool m_outerParenthesis;
+public:
+ BinaryExpression(const LeftExpression& leftExpression, const RightExpression& rightExpression, bool outerParenthesis = true) :
+ m_leftExpression(leftExpression),
+ m_rightExpression(rightExpression),
+ m_outerParenthesis(outerParenthesis)
+ {}
+
+ virtual std::string GetString() const
+ {
+ return (m_outerParenthesis ? "( " : " " ) +
+ m_leftExpression.GetString() + " " + Operator + " " + m_rightExpression.GetString() +
+ (m_outerParenthesis ? " )" : " " ) ;
+ }
+
+ virtual ArgumentIndex BindTo(DataCommand *command, ArgumentIndex index)
+ {
+ index = m_leftExpression.BindTo(command, index);
+ return m_rightExpression.BindTo(command, index);
+ }
+
+ template<typename TableDefinition>
+ struct ValidForTable {
+ typedef std::pair<typename LeftExpression ::template ValidForTable<TableDefinition>::Yes ,
+ typename RightExpression::template ValidForTable<TableDefinition>::Yes >
+ Yes;
+ };
+};
+
+template<typename LeftExpression, typename RightExpression>
+BinaryExpression<RelationTypes::And, LeftExpression, RightExpression>
+ And(const LeftExpression& leftExpression, const RightExpression& rightExpression)
+{
+ return BinaryExpression<RelationTypes::And, LeftExpression, RightExpression>
+ (leftExpression, rightExpression);
+}
+
+template<typename LeftExpression, typename RightExpression>
+BinaryExpression<RelationTypes::Or, LeftExpression, RightExpression>
+ Or(const LeftExpression& leftExpression, const RightExpression& rightExpression)
+{
+ return BinaryExpression<RelationTypes::Or, LeftExpression, RightExpression>
+ (leftExpression, rightExpression);
+}
+
+template<typename ArgumentType>
+class __attribute__ ((visibility("hidden"))) ExpressionWithArgument : public Expression {
+protected:
+ ArgumentType argument;
+
+public:
+ explicit ExpressionWithArgument(const ArgumentType& _argument) : argument(_argument) {}
+
+ virtual ArgumentIndex BindTo(DataCommand *command, ArgumentIndex index)
+ {
+ DataCommandUtils::BindArgument(command, index, argument);
+ return index + 1;
+ }
+};
+
+template<typename ColumnData, const char* Relation>
+class __attribute__ ((visibility("hidden"))) Compare : public ExpressionWithArgument<typename ColumnData::ColumnType> {
+public:
+ explicit Compare(typename ColumnData::ColumnType column) :
+ ExpressionWithArgument<typename ColumnData::ColumnType>(column)
+ {}
+
+ virtual std::string GetString() const
+ {
+ std::string statement;
+ statement += ColumnData::GetTableName();
+ statement += ".";
+ statement += ColumnData::GetColumnName();
+ statement += " ";
+ statement += Relation;
+ statement += " ?";
+ return statement;
+ }
+
+ template<typename TableDefinition>
+ struct ValidForTable {
+ typedef typename TableDefinition::ColumnList::template Contains<ColumnData> Yes;
+ };
+};
+#define ORM_DEFINE_COMPARE_EXPRESSION(name, relationType) \
+ template<typename ColumnData> \
+ class __attribute__ ((visibility("hidden"))) name : public Compare<ColumnData, RelationTypes::relationType> { \
+ public: \
+ name(typename ColumnData::ColumnType column) : \
+ Compare<ColumnData, RelationTypes::relationType>(column) \
+ {} \
+ };
+
+ORM_DEFINE_COMPARE_EXPRESSION(Equals, Equal)
+ORM_DEFINE_COMPARE_EXPRESSION(Is, Is)
+
+#define ORM_DEFINE_ORDERING_EXPRESSION(name, value) \
+ template<typename ColumnType> \
+ class __attribute__ ((visibility("hidden"))) name \
+ : OrderingExpression<ColumnType> { \
+ public: \
+ static std::string GetString() \
+ { \
+ std::string statement = OrderingExpression<ColumnType>::GetSchemaAndName(); \
+ statement += value; \
+ return statement; \
+ } \
+ };
+
+ORM_DEFINE_ORDERING_EXPRESSION(OrderingAscending, "ASC")
+ORM_DEFINE_ORDERING_EXPRESSION(OrderingDescending, "DESC")
+
+template<typename ColumnData1, typename ColumnData2>
+class __attribute__ ((visibility("hidden"))) CompareBinaryColumn {
+private:
+ std::string m_relation;
+public:
+ CompareBinaryColumn(const char* Relation) :
+ m_relation(Relation)
+ {}
+
+ virtual ~CompareBinaryColumn() {}
+
+ virtual std::string GetString() const
+ {
+ std::string statement;
+ statement += ColumnData1::GetTableName();
+ statement += ".";
+ statement += ColumnData1::GetColumnName();
+ statement += " ";
+ statement += m_relation;
+ statement += " ";
+ statement += ColumnData2::GetTableName();
+ statement += ".";
+ statement += ColumnData2::GetColumnName();
+
+ return statement;
+ }
+};
+
+template<typename ColumnData1, typename ColumnData2>
+CompareBinaryColumn<ColumnData1, ColumnData2>
+ Equal()
+{
+ return CompareBinaryColumn<ColumnData1, ColumnData2>(RelationTypes::Equal);
+}
+
+template<typename ColumnData, const char* Relation>
+class __attribute__ ((visibility("hidden"))) NumerousArguments : public Expression {
+protected:
+ std::set<typename ColumnData::ColumnType> m_argumentList;
+public:
+ NumerousArguments(const std::set<typename ColumnData::ColumnType>& argumentList) : m_argumentList(argumentList) {}
+
+ virtual std::string GetString() const
+ {
+ std::string statement;
+ statement += ColumnData::GetColumnName();
+ statement += " ";
+ statement += Relation;
+ statement += " ( ";
+
+ int argumentCount = m_argumentList.size();
+ while(argumentCount)
+ {
+ statement += "?";
+ argumentCount--;
+ if (argumentCount)
+ {
+ statement += ", ";
+ }
+ }
+
+ statement += " )";
+
+ return statement;
+ }
+
+ virtual ArgumentIndex BindTo(DataCommand *command, ArgumentIndex index)
+ {
+ ArgumentIndex argumentIndex = index;
+ FOREACH(argumentIt, m_argumentList)
+ {
+ DataCommandUtils::BindArgument(command, argumentIndex, *argumentIt);
+ argumentIndex++;
+ }
+ return argumentIndex + 1;
+ }
+
+ template<typename TableDefinition>
+ struct ValidForTable {
+ typedef typename TableDefinition::ColumnList::template Contains<ColumnData> Yes;
+ };
+};
+
+#define ORM_DEFINE_COMPARE_EXPRESSION_NUMEROUS_ARGUMENTS(name, relationType) \
+ template<typename ColumnData> \
+ class __attribute__ ((visibility("hidden"))) name : public NumerousArguments<ColumnData, RelationTypes::relationType> { \
+ public: \
+ name(std::set<typename ColumnData::ColumnType> column) : \
+ NumerousArguments<ColumnData, RelationTypes::relationType>(column) \
+ {} \
+ };
+
+ORM_DEFINE_COMPARE_EXPRESSION_NUMEROUS_ARGUMENTS(In, In)
+
+template<typename ColumnType>
+ColumnType GetColumnFromCommand(ColumnIndex columnIndex, DataCommand *command);
+
+class __attribute__ ((visibility("hidden"))) CustomColumnBase {
+public:
+ CustomColumnBase() {}
+ virtual ~CustomColumnBase() {}
+};
+
+template<typename ColumnType>
+class __attribute__ ((visibility("hidden"))) CustomColumn : public CustomColumnBase {
+private:
+ ColumnType m_columnData;
+
+public:
+ CustomColumn() {}
+ CustomColumn(ColumnType data)
+ {
+ m_columnData = data;
+ }
+
+ void SetColumnData(ColumnType data)
+ {
+ m_columnData = data;
+ }
+
+ ColumnType GetColumnData() const
+ {
+ return m_columnData;
+ }
+};
+
+template<typename ColumnList>
+class __attribute__ ((visibility("hidden"))) CustomRowUtil {
+public:
+ static void MakeColumnList(std::vector<CustomColumnBase*>& columnList)
+ {
+ typedef CustomColumn<typename ColumnList::Head::ColumnType> Type;
+ Type* pColumn = new Type();
+ columnList.push_back(pColumn);
+ CustomRowUtil<typename ColumnList::Tail>::MakeColumnList(columnList);
+ }
+
+ static void CopyColumnList(const std::vector<CustomColumnBase*>& srcList, std::vector<CustomColumnBase*>& dstList)
+ {
+ CopyColumnList(srcList, dstList, 0);
+ }
+
+ static ColumnIndex GetColumnIndex(const std::string& columnName)
+ {
+ return GetColumnIndex(columnName, 0);
+ }
+
+private:
+ static void CopyColumnList(const std::vector<CustomColumnBase*>& srcList, std::vector<CustomColumnBase*>& dstList, ColumnIndex index)
+ {
+ typedef CustomColumn<typename ColumnList::Head::ColumnType> Type;
+ Type* pColumn = new Type(((Type*)(srcList.at(index)))->GetColumnData());
+ dstList.push_back(pColumn);
+ CustomRowUtil<typename ColumnList::Tail>::CopyColumnList(srcList, dstList, index + 1);
+ }
+
+ static ColumnIndex GetColumnIndex(const std::string& columnName, ColumnIndex index)
+ {
+ if (ColumnList::Head::GetColumnName() == columnName)
+ return index;
+
+ return CustomRowUtil<typename ColumnList::Tail>::GetColumnIndex(columnName, index + 1);
+ }
+
+template<typename Other>
+friend class CustomRowUtil;
+};
+
+template<>
+class __attribute__ ((visibility("hidden"))) CustomRowUtil<VcoreDPL::TypeListGuard> {
+public:
+ static void MakeColumnList(std::vector<CustomColumnBase*>&) {}
+private:
+ static void CopyColumnList(const std::vector<CustomColumnBase*>&, std::vector<CustomColumnBase*>&, ColumnIndex) {}
+ static ColumnIndex GetColumnIndex(const std::string&, ColumnIndex) { return -1; }
+
+template<typename Other>
+friend class CustomRowUtil;
+};
+
+template<typename ColumnList>
+class __attribute__ ((visibility("hidden"))) CustomRow {
+private:
+ std::vector<CustomColumnBase*> m_columns;
+
+public:
+ CustomRow()
+ {
+ CustomRowUtil<ColumnList>::MakeColumnList(m_columns);
+ }
+
+ CustomRow(const CustomRow& r)
+ {
+ CustomRowUtil<ColumnList>::CopyColumnList(r.m_columns, m_columns);
+ }
+
+ virtual ~CustomRow()
+ {
+ while (!m_columns.empty())
+ {
+ CustomColumnBase* pCustomColumn = m_columns.back();
+ m_columns.pop_back();
+ if (pCustomColumn)
+ delete pCustomColumn;
+ }
+ }
+
+ template<typename ColumnType>
+ void SetColumnData(ColumnIndex columnIndex, ColumnType data)
+ {
+ typedef CustomColumn<ColumnType> Type;
+ Assert(columnIndex < m_columns.size());
+ Type* pColumn = dynamic_cast<Type*>(m_columns.at(columnIndex));
+ Assert(pColumn);
+ pColumn->SetColumnData(data);
+ }
+
+ template<typename ColumnData>
+ typename ColumnData::ColumnType GetColumnData()
+ {
+ typedef CustomColumn<typename ColumnData::ColumnType> Type;
+ ColumnIndex index = CustomRowUtil<ColumnList>::GetColumnIndex(ColumnData::GetColumnName());
+ Assert(index < m_columns.size());
+ Type* pColumn = dynamic_cast<Type*>(m_columns.at(index));
+ Assert(pColumn);
+ return pColumn->GetColumnData();
+ }
+};
+
+template<typename CustomRow, typename ColumnType>
+void SetColumnData(CustomRow& row, ColumnType columnData, ColumnIndex columnIndex)
+{
+ row.SetColumnData<ColumnType>(columnIndex, columnData);
+}
+
+template<typename ColumnList, typename CustomRow>
+class __attribute__ ((visibility("hidden"))) FillCustomRowUtil {
+public:
+ static void FillCustomRow(CustomRow& row, DataCommand* command)
+ {
+ FillCustomRow(row, 0, command);
+ }
+
+private:
+ static void FillCustomRow(CustomRow& row, ColumnIndex columnIndex, DataCommand* command)
+ {
+ typename ColumnList::Head::ColumnType columnData;
+ columnData = GetColumnFromCommand<typename ColumnList::Head::ColumnType>(columnIndex, command);
+ SetColumnData<CustomRow, typename ColumnList::Head::ColumnType>(row, columnData, columnIndex);
+ FillCustomRowUtil<typename ColumnList::Tail, CustomRow>::FillCustomRow(row, columnIndex + 1, command);
+ }
+
+template<typename Other, typename OtherRow>
+friend class FillCustomRowUtil;
+};
+
+template<typename CustomRow>
+class __attribute__ ((visibility("hidden"))) FillCustomRowUtil<VcoreDPL::TypeListGuard, CustomRow> {
+private:
+ static void FillCustomRow(CustomRow&, ColumnIndex, DataCommand *)
+ { /* do nothing, we're past the last element of column list */ }
+
+template<typename Other, typename OtherRow>
+friend class FillCustomRowUtil;
+};
+
+template<typename ColumnList, typename Row>
+class __attribute__ ((visibility("hidden"))) FillRowUtil {
+public:
+ static void FillRow(Row& row, DataCommand *command)
+ {
+ FillRow(row, 0, command);
+ }
+
+private:
+ static void FillRow(Row& row, ColumnIndex columnIndex, DataCommand *command)
+ {
+ typename ColumnList::Head::ColumnType rowField;
+ rowField = GetColumnFromCommand<typename ColumnList::Head::ColumnType>(columnIndex, command);
+ ColumnList::Head::SetRowField(row, rowField);
+ FillRowUtil<typename ColumnList::Tail, Row>::FillRow(row, columnIndex + 1, command);
+ }
+
+template<typename Other, typename OtherRow>
+friend class FillRowUtil;
+};
+
+template<typename Row>
+class __attribute__ ((visibility("hidden"))) FillRowUtil<VcoreDPL::TypeListGuard, Row> {
+private:
+ static void FillRow(Row&, ColumnIndex, DataCommand *)
+ { /* do nothing, we're past the last element of column list */ }
+
+template<typename Other, typename OtherRow>
+friend class FillRowUtil;
+};
+
+template<typename ColumnList>
+class __attribute__ ((visibility("hidden"))) JoinUtil {
+public:
+ static std::string GetColumnNames()
+ {
+ std::string result;
+ result = ColumnList::Head::GetTableName();
+ result += ".";
+ result += ColumnList::Head::GetColumnName();
+ if (ColumnList::Tail::Size > 0)
+ result += ", ";
+
+ return result += JoinUtil<typename ColumnList::Tail>::GetColumnNames();
+ }
+
+ static std::string GetJoinTableName(const std::string& tableName)
+ {
+ std::string joinTableName = ColumnList::Head::GetTableName();
+ if (tableName.find(joinTableName) == std::string::npos)
+ return joinTableName;
+
+ return JoinUtil<typename ColumnList::Tail>::GetJoinTableName(tableName);
+ }
+};
+
+template<>
+class __attribute__ ((visibility("hidden"))) JoinUtil<VcoreDPL::TypeListGuard> {
+public:
+ static std::string GetColumnNames() { return ""; }
+ static std::string GetJoinTableName(std::string) { return ""; }
+};
+
+class Exception {
+public:
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, SelectReuseWithDifferentQuerySignature)
+ DECLARE_EXCEPTION_TYPE(Base, RowFieldNotInitialized)
+ DECLARE_EXCEPTION_TYPE(Base, EmptyUpdateStatement)
+};
+
+template<typename TableDefinition>
+class __attribute__ ((visibility("hidden"))) Query
+{
+protected:
+ explicit Query(IOrmInterface* interface) :
+ m_interface(interface),
+ m_command(NULL)
+ {
+ }
+
+ virtual ~Query()
+ {
+ if (m_command == NULL)
+ return;
+
+ TableDefinition::FreeTableDataCommand(m_command, m_interface);
+ }
+
+ IOrmInterface* m_interface;
+ DataCommand *m_command;
+ std::string m_commandString;
+ ArgumentIndex m_bindArgumentIndex;
+};
+
+template<typename TableDefinition>
+class __attribute__ ((visibility("hidden"))) QueryWithWhereClause : public Query<TableDefinition>
+{
+protected:
+ ExpressionPtr m_whereExpression;
+
+ void Prepare()
+ {
+ if ( !!m_whereExpression )
+ {
+ this->m_commandString += " WHERE ";
+ this->m_commandString += m_whereExpression->GetString();
+ }
+ }
+
+ void Bind()
+ {
+ if ( !!m_whereExpression )
+ {
+ this->m_bindArgumentIndex = m_whereExpression->BindTo(
+ this->m_command, this->m_bindArgumentIndex);
+ }
+ }
+
+public:
+ explicit QueryWithWhereClause(IOrmInterface* interface) :
+ Query<TableDefinition>(interface)
+ {
+ }
+
+ template<typename Expression>
+ void Where(const Expression& expression)
+ {
+ DPL_CHECK_TYPE_INSTANTIABILITY(typename Expression::template ValidForTable<TableDefinition>::Yes);
+ if ( !!m_whereExpression && ( typeid(Expression) != typeid(*m_whereExpression) ) )
+ {
+ std::ostringstream str;
+ str << "Current ORM implementation doesn't allow to reuse Select"
+ " instance with different query signature (particularly "
+ "WHERE on different column).\n";
+ str << "Query: ";
+ str << this->m_commandString;
+ ThrowMsg(Exception::SelectReuseWithDifferentQuerySignature,
+ str.str());
+ }
+ //TODO maybe don't make a copy here but just generate the string part of the query.
+ m_whereExpression.reset(new Expression(expression));
+ }
+
+};
+
+template<typename TableDefinition>
+class __attribute__ ((visibility("hidden"))) Delete : public QueryWithWhereClause<TableDefinition>
+{
+protected:
+ void Prepare()
+ {
+ if ( !this->m_command)
+ {
+ this->m_commandString = "DELETE FROM ";
+ this->m_commandString += TableDefinition::GetName();
+
+ QueryWithWhereClause<TableDefinition>::Prepare();
+
+ this->m_command = TableDefinition::AllocTableDataCommand(
+ this->m_commandString.c_str(),
+ Query<TableDefinition>::m_interface);
+ VcoreLogD("Prepared SQL command %s", this->m_commandString.c_str());
+ }
+ }
+
+ void Bind()
+ {
+ this->m_bindArgumentIndex = 1;
+ QueryWithWhereClause<TableDefinition>::Bind();
+ }
+
+public:
+ explicit Delete(IOrmInterface *interface = NULL) :
+ QueryWithWhereClause<TableDefinition>(interface)
+ {
+ }
+
+ void Execute()
+ {
+ Prepare();
+ Bind();
+ this->m_command->Step();
+ this->m_command->Reset();
+ }
+};
+
+namespace {
+class BindVisitor {
+private:
+ DataCommand *m_command;
+public:
+ ArgumentIndex m_bindArgumentIndex;
+
+ BindVisitor(DataCommand *command) :
+ m_command(command),
+ m_bindArgumentIndex(1)
+ {}
+
+ template<typename ColumnType>
+ void Visit(const char*, const ColumnType& value, bool isSet)
+ {
+ if ( isSet )
+ {
+ DataCommandUtils::BindArgument(m_command, m_bindArgumentIndex, value);
+ m_bindArgumentIndex++;
+ }
+ }
+};
+} //anonymous namespace
+template<typename TableDefinition>
+class __attribute__ ((visibility("hidden"))) Insert : public Query<TableDefinition>
+{
+public:
+ typedef typename TableDefinition::Row Row;
+ typedef VcoreDPL::DB::SqlConnection::RowID RowID;
+
+protected:
+ boost::optional<std::string> m_orClause;
+ Row m_row;
+
+ class PrepareVisitor {
+ public:
+ std::string m_columnNames;
+ std::string m_values;
+
+ template<typename ColumnType>
+ void Visit(const char* name, const ColumnType&, bool isSet)
+ {
+ if ( isSet )
+ {
+ if ( !m_columnNames.empty() )
+ {
+ m_columnNames += ", ";
+ m_values += ", ";
+ }
+ m_columnNames += name;
+ m_values += "?";
+ }
+ }
+ };
+
+ void Prepare()
+ {
+ if ( !this->m_command )
+ {
+ this->m_commandString = "INSERT ";
+ if ( !!m_orClause )
+ {
+ this->m_commandString += " OR " + *m_orClause + " ";
+ }
+ this->m_commandString += "INTO ";
+ this->m_commandString += TableDefinition::GetName();
+
+ PrepareVisitor visitor;
+ m_row.VisitColumns(visitor);
+
+ this->m_commandString += " ( " + visitor.m_columnNames + " ) ";
+ this->m_commandString += "VALUES ( " + visitor.m_values + " )";
+
+ VcoreLogD("Prepared SQL command %s", this->m_commandString.c_str());
+ this->m_command = TableDefinition::AllocTableDataCommand(
+ this->m_commandString.c_str(),
+ Query<TableDefinition>::m_interface);
+ }
+ }
+
+ void Bind()
+ {
+ BindVisitor visitor(this->m_command);
+ m_row.VisitColumns(visitor);
+ }
+
+public:
+ explicit Insert(
+ IOrmInterface* interface = NULL,
+ const boost::optional<std::string>& orClause = boost::optional<std::string>()) :
+ Query<TableDefinition>(interface),
+ m_orClause(orClause)
+ {
+ }
+
+ void Values(const Row& row)
+ {
+ if ( this->m_command )
+ {
+ if ( !row.IsSignatureMatching(m_row) )
+ {
+ ThrowMsg(Exception::SelectReuseWithDifferentQuerySignature,
+ "Current ORM implementation doesn't allow to reuse Insert instance "
+ "with different query signature.");
+ }
+ }
+ m_row = row;
+ }
+
+ RowID Execute()
+ {
+ Prepare();
+ Bind();
+ this->m_command->Step();
+
+ RowID result = TableDefinition::GetLastInsertRowID(
+ Query<TableDefinition>::m_interface);
+
+ this->m_command->Reset();
+ return result;
+ }
+};
+
+template<typename TableDefinition>
+class __attribute__ ((visibility("hidden"))) Select : public QueryWithWhereClause<TableDefinition>
+{
+public:
+ typedef typename TableDefinition::ColumnList ColumnList;
+ typedef typename TableDefinition::Row Row;
+
+ typedef std::list<Row> RowList;
+protected:
+ boost::optional<std::string> m_orderBy;
+ std::string m_JoinClause;
+ bool m_distinctResults;
+
+ void Prepare(const char* selectColumnName)
+ {
+ if ( !this->m_command )
+ {
+ this->m_commandString = "SELECT ";
+ if (m_distinctResults)
+ this->m_commandString += "DISTINCT ";
+ this->m_commandString += selectColumnName;
+ this->m_commandString += " FROM ";
+ this->m_commandString += TableDefinition::GetName();
+
+ this->m_commandString += m_JoinClause;
+
+ QueryWithWhereClause<TableDefinition>::Prepare();
+
+ if ( !!m_orderBy )
+ {
+ this->m_commandString += " ORDER BY " + *m_orderBy;
+ }
+
+ this->m_command = TableDefinition::AllocTableDataCommand(
+ this->m_commandString.c_str(),
+ Query<TableDefinition>::m_interface);
+
+ VcoreLogD("Prepared SQL command %s", this->m_commandString.c_str());
+ }
+ }
+
+ void Bind()
+ {
+ this->m_bindArgumentIndex = 1;
+ QueryWithWhereClause<TableDefinition>::Bind();
+ }
+
+ template<typename ColumnType>
+ ColumnType GetColumn(ColumnIndex columnIndex)
+ {
+ return GetColumnFromCommand<ColumnType>(columnIndex, this->m_command);
+ }
+
+ Row GetRow()
+ {
+ Row row;
+ FillRowUtil<ColumnList, Row>::FillRow(row, this->m_command);
+ return row;
+ }
+
+ template<typename ColumnList, typename CustomRow>
+ CustomRow GetCustomRow()
+ {
+ CustomRow row;
+ FillCustomRowUtil<ColumnList, CustomRow>::FillCustomRow(row, this->m_command);
+ return row;
+ }
+
+public:
+
+ explicit Select(IOrmInterface *interface = NULL) :
+ QueryWithWhereClause<TableDefinition>(interface),
+ m_distinctResults(false)
+ {
+ }
+
+ void Distinct()
+ {
+ m_distinctResults = true;
+ }
+
+ template<typename CompoundType>
+ void OrderBy(const CompoundType&)
+ {
+ m_orderBy = OrderingUtils::OrderByInternal<typename CompoundType::Type>();
+ }
+
+ void OrderBy(const std::string & orderBy) //backward compatibility
+ {
+ m_orderBy = orderBy;
+ }
+
+ void OrderBy(const char * orderBy) //backward compatibility
+ {
+ m_orderBy = std::string(orderBy);
+ }
+
+ template<typename ColumnList, typename Expression>
+ void Join(const Expression& expression) {
+ std::string usedTableNames = TableDefinition::GetName();
+ if (!m_JoinClause.empty())
+ usedTableNames += m_JoinClause;
+
+ this->m_JoinClause += " JOIN ";
+ this->m_JoinClause += JoinUtil<ColumnList>::GetJoinTableName(usedTableNames);
+ this->m_JoinClause += " ON ";
+ this->m_JoinClause += expression.GetString();
+ }
+
+ template<typename ColumnData>
+ typename ColumnData::ColumnType GetSingleValue()
+ {
+ Prepare(ColumnData::GetColumnName());
+ Bind();
+ this->m_command->Step();
+
+ typename ColumnData::ColumnType result =
+ GetColumn<typename ColumnData::ColumnType>(0);
+
+ this->m_command->Reset();
+ return result;
+ }
+
+ //TODO return range - pair of custom iterators
+ template<typename ColumnData>
+ std::list<typename ColumnData::ColumnType> GetValueList()
+ {
+ Prepare(ColumnData::GetColumnName());
+ Bind();
+
+ std::list<typename ColumnData::ColumnType> resultList;
+
+ while (this->m_command->Step())
+ resultList.push_back(GetColumn<typename ColumnData::ColumnType>(0));
+
+ this->m_command->Reset();
+ return resultList;
+ }
+
+ Row GetSingleRow()
+ {
+ Prepare("*");
+ Bind();
+ this->m_command->Step();
+
+ Row result = GetRow();
+
+ this->m_command->Reset();
+ return result;
+ }
+
+ //TODO return range - pair of custom iterators
+ RowList GetRowList()
+ {
+ Prepare("*");
+ Bind();
+
+ RowList resultList;
+
+ while (this->m_command->Step())
+ resultList.push_back(GetRow());
+
+ this->m_command->Reset();
+ return resultList;
+ }
+
+ template<typename ColumnList, typename CustomRow>
+ CustomRow GetCustomSingleRow()
+ {
+ Prepare(JoinUtil<ColumnList>::GetColumnNames().c_str());
+ Bind();
+ this->m_command->Step();
+
+ CustomRow result = GetCustomRow<ColumnList, CustomRow>();
+
+ this->m_command->Reset();
+ return result;
+ }
+
+ template<typename ColumnList, typename CustomRow>
+ std::list<CustomRow> GetCustomRowList()
+ {
+ Prepare(JoinUtil<ColumnList>::GetColumnNames().c_str());
+ Bind();
+
+ std::list<CustomRow> resultList;
+
+ while (this->m_command->Step())
+ resultList.push_back(GetCustomRow<ColumnList, CustomRow>());
+
+ this->m_command->Reset();
+ return resultList;
+ }
+};
+
+template<typename TableDefinition>
+class __attribute__ ((visibility("hidden"))) Update : public QueryWithWhereClause<TableDefinition> {
+public:
+ typedef typename TableDefinition::Row Row;
+
+protected:
+ boost::optional<std::string> m_orClause;
+ Row m_row;
+
+ class PrepareVisitor {
+ public:
+ std::string m_setExpressions;
+
+ template<typename ColumnType>
+ void Visit(const char* name, const ColumnType&, bool isSet)
+ {
+ if ( isSet )
+ {
+ if ( !m_setExpressions.empty() )
+ {
+ m_setExpressions += ", ";
+ }
+ m_setExpressions += name;
+ m_setExpressions += " = ";
+ m_setExpressions += "?";
+ }
+ }
+ };
+
+ void Prepare()
+ {
+ if ( !this->m_command )
+ {
+ this->m_commandString = "UPDATE ";
+ if ( !!m_orClause )
+ {
+ this->m_commandString += " OR " + *m_orClause + " ";
+ }
+ this->m_commandString += TableDefinition::GetName();
+ this->m_commandString += " SET ";
+
+ // got through row columns and values
+ PrepareVisitor visitor;
+ m_row.VisitColumns(visitor);
+
+ if(visitor.m_setExpressions.empty())
+ {
+ ThrowMsg(Exception::EmptyUpdateStatement, "No SET expressions in update statement");
+ }
+
+ this->m_commandString += visitor.m_setExpressions;
+
+ // where
+ QueryWithWhereClause<TableDefinition>::Prepare();
+
+ this->m_command = TableDefinition::AllocTableDataCommand(
+ this->m_commandString.c_str(),
+ Query<TableDefinition>::m_interface);
+ VcoreLogD("Prepared SQL command %s", this->m_commandString.c_str());
+ }
+ }
+
+ void Bind()
+ {
+ BindVisitor visitor(this->m_command);
+ m_row.VisitColumns(visitor);
+
+ this->m_bindArgumentIndex = visitor.m_bindArgumentIndex;
+ QueryWithWhereClause<TableDefinition>::Bind();
+ }
+
+
+public:
+ explicit Update(IOrmInterface *interface = NULL,
+ const boost::optional<std::string>& orClause = boost::optional<std::string>()) :
+ QueryWithWhereClause<TableDefinition>(interface),
+ m_orClause(orClause)
+ {
+ }
+
+ void Values(const Row& row)
+ {
+ if ( this->m_command )
+ {
+ if ( !row.IsSignatureMatching(m_row) )
+ {
+ ThrowMsg(Exception::SelectReuseWithDifferentQuerySignature,
+ "Current ORM implementation doesn't allow to reuse Update instance "
+ "with different query signature.");
+ }
+ }
+ m_row = row;
+ }
+
+ void Execute()
+ {
+ Prepare();
+ Bind();
+ this->m_command->Step();
+ this->m_command->Reset();
+ }
+};
+
+} //namespace ORM
+} //namespace DB
+} //namespace VcoreDPL
+
+#endif // DPL_ORM_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file orm_generator.h
+ * @author Bartosz Janiak (b.janiak@samsung.com)
+ * @version 1.0
+ * @brief Macro definitions for generating the DPL-ORM table definitions from database definitions.
+ */
+
+#ifndef ORM_GENERATOR_DATABASE_NAME
+#error You need to define database name in ORM_GENERATOR_DATABASE_NAME define before you include orm_generator.h file
+#endif
+
+#include <dpl/db/orm_interface.h>
+
+#define ORM_GENERATOR_DATABASE_NAME_LOCAL <ORM_GENERATOR_DATABASE_NAME>
+
+#ifdef DPL_ORM_GENERATOR_H
+#warning orm_generator.h is included multiply times. Make sure it has different ORM_GENERATOR_DATABASE_NAME set.
+#endif
+
+#define DPL_ORM_GENERATOR_H
+
+
+#include <boost/optional.hpp>
+#include <dpl/string.h>
+#include <dpl/type_list.h>
+#include <dpl/db/sql_connection.h>
+#include <dpl/db/orm.h>
+#include <dpl/assert.h>
+#include <string>
+
+/*
+
+This is true only when exactly one db is available.
+
+#if (defined DECLARE_COLUMN) || (defined INT) || (defined TINYINT) || \
+ (defined INTEGER) || (defined BIGINT) || defined(VARCHAR) || defined(TEXT) || \
+ (defined SQL) || (defined TABLE_CONSTRAINTS) || (defined OPTIONAL) || \
+ (defined DATABASE_START) || (defined DATABASE_END) || (defined CREATE_TABLE) || \
+ (defined COLUMN) || (defined COLUMN_NOT_NULL) || (defined CREATE_TABLE_END)
+
+#error This file temporarily defines many macros with generic names. To avoid name clash please include \
+ this file as early as possible. If this is not possible please report this problem to DPL developers.
+
+#endif
+*/
+
+namespace VcoreDPL {
+namespace DB {
+namespace ORM {
+
+// Global macros
+
+#define STRINGIFY(s) _str(s)
+#define _str(s) #s
+#define DECLARE_COLUMN(FIELD, TYPE) \
+ struct FIELD { \
+ typedef TYPE ColumnType; \
+ static const char* GetTableName() { return GetName(); } \
+ static const char* GetColumnName() { return STRINGIFY(FIELD); } \
+ static void SetRowField(Row& row, const TYPE& _value) { row.Set_##FIELD(_value);} \
+ };
+
+#define INT int
+#define TINYINT int
+#define INTEGER int //TODO: should be long long?
+#define BIGINT int //TODO: should be long long?
+#define VARCHAR(x) VcoreDPL::String
+#define TEXT VcoreDPL::String
+
+#define SQL(...)
+#define TABLE_CONSTRAINTS(...)
+#define OPTIONAL(type) boost::optional< type >
+#define DATABASE_START(db_name) \
+ namespace db_name \
+ { \
+ class ScopedTransaction \
+ { \
+ bool m_commited; \
+ IOrmInterface *m_interface; \
+ \
+ public: \
+ ScopedTransaction(IOrmInterface *interface) : \
+ m_commited(false), \
+ m_interface(interface) \
+ { \
+ Assert(interface != NULL); \
+ m_interface->TransactionBegin(); \
+ } \
+ \
+ ~ScopedTransaction() \
+ { \
+ if (!m_commited) \
+ m_interface->TransactionRollback(); \
+ } \
+ \
+ void Commit() \
+ { \
+ m_interface->TransactionCommit(); \
+ m_commited = true; \
+ } \
+ };
+
+#define DATABASE_END() }
+
+// RowBase ostream operator<< declaration
+
+#define CREATE_TABLE(name) \
+ namespace name { \
+ class RowBase; \
+ inline std::ostream& operator<<(std::ostream& ostr, const RowBase& row); \
+ }
+#define COLUMN_NOT_NULL(name, type, ...)
+#define COLUMN(name, type, ...)
+#define CREATE_TABLE_END()
+
+#include ORM_GENERATOR_DATABASE_NAME_LOCAL
+
+#undef CREATE_TABLE
+#undef COLUMN_NOT_NULL
+#undef COLUMN
+#undef CREATE_TABLE_END
+
+#undef DATABASE_START
+#define DATABASE_START(db_name) namespace db_name {
+
+// RowBase class
+
+#define CREATE_TABLE(name) namespace name { class RowBase { \
+ public: friend std::ostream& operator<<(std::ostream&, const RowBase&);
+#define COLUMN_NOT_NULL(name, type, ...) \
+ protected: type name; bool m_##name##_set; \
+ public: void Set_##name(const type& _value) { \
+ m_##name##_set = true; \
+ this->name = _value; \
+ } \
+ public: type Get_##name() const { \
+ if ( !m_##name##_set ) { \
+ ThrowMsg(Exception::RowFieldNotInitialized, \
+ "You tried to read a row field that hasn't been set yet."); \
+ } \
+ return name; \
+ }
+
+#define COLUMN(name, type, ...) \
+ protected: OPTIONAL(type) name; bool m_##name##_set; \
+ public: void Set_##name(const OPTIONAL(type)& _value) { \
+ m_##name##_set = true; \
+ this->name = _value; \
+ } \
+ public: OPTIONAL(type) Get_##name() const { \
+ if ( !m_##name##_set ) { \
+ ThrowMsg(Exception::RowFieldNotInitialized, \
+ "You tried to read a row field that hasn't been set yet."); \
+ } \
+ return name; \
+ }
+#define CREATE_TABLE_END() }; }
+
+#include ORM_GENERATOR_DATABASE_NAME_LOCAL
+
+#undef CREATE_TABLE
+#undef COLUMN_NOT_NULL
+#undef COLUMN
+#undef CREATE_TABLE_END
+
+// RowBase ostream operator<<
+
+#define CREATE_TABLE(name) std::ostream& name::operator<<(std::ostream& ostr, const RowBase& row) { using ::operator<< ; ostr << STRINGIFY(name) << " (";
+#define COLUMN_NOT_NULL(name, type, ...) ostr << " '" << row.name << "'" ;
+#define COLUMN(name, type, ...) ostr << " '" << row.name << "'" ;
+#define CREATE_TABLE_END() ostr << " )" ; return ostr; }
+
+#include ORM_GENERATOR_DATABASE_NAME_LOCAL
+
+#undef CREATE_TABLE
+#undef COLUMN_NOT_NULL
+#undef COLUMN
+#undef CREATE_TABLE_END
+
+// RowBase2 class (== RowBase + operator==)
+
+#define CREATE_TABLE(name) namespace name { class RowBase2 : public RowBase { \
+ public: bool operator==(const RowBase2& row) const { return true
+#define COLUMN_NOT_NULL(name, type, ...) && (this->name == row.name)
+#define COLUMN(name, type, ...) && (this->name == row.name)
+#define CREATE_TABLE_END() ; } }; }
+
+#include ORM_GENERATOR_DATABASE_NAME_LOCAL
+
+#undef CREATE_TABLE
+#undef COLUMN_NOT_NULL
+#undef COLUMN
+#undef CREATE_TABLE_END
+
+// RowBase3 class (== RowBase2 + operator<)
+
+#define CREATE_TABLE(name) namespace name { class RowBase3 : public RowBase2 { \
+ public: bool operator<(const RowBase3& row) const {
+#define COLUMN_NOT_NULL(name, type, ...) if (this->name < row.name) { return true; } if (this->name > row.name) { return false; }
+#define COLUMN(name, type, ...) if (this->name < row.name) { return true; } if (this->name > row.name) { return false; }
+#define CREATE_TABLE_END() return false; } }; }
+
+#include ORM_GENERATOR_DATABASE_NAME_LOCAL
+
+#undef CREATE_TABLE
+#undef COLUMN_NOT_NULL
+#undef COLUMN
+#undef CREATE_TABLE_END
+
+// RowBase4 class (== RowBase3 + IsSignatureMatching )
+
+#define CREATE_TABLE(name) namespace name { class RowBase4 : public RowBase3 { \
+ public: bool IsSignatureMatching(const RowBase4& row) const { return true
+#define COLUMN_NOT_NULL(name, type, ...) && (this->m_##name##_set == row.m_##name##_set)
+#define COLUMN(name, type, ...) && (this->m_##name##_set == row.m_##name##_set)
+#define CREATE_TABLE_END() ; } }; }
+
+#include ORM_GENERATOR_DATABASE_NAME_LOCAL
+
+#undef CREATE_TABLE
+#undef COLUMN_NOT_NULL
+#undef COLUMN
+#undef CREATE_TABLE_END
+
+// RowBase5 class (== RowBase4 + default constructor)
+
+#define CREATE_TABLE(name) namespace name { class RowBase5 : public RowBase4 { \
+ public: RowBase5() {
+#define COLUMN_NOT_NULL(name, type, ...) m_##name##_set = false;
+#define COLUMN(name, type, ...) m_##name##_set = false;
+#define CREATE_TABLE_END() } }; }
+
+#include ORM_GENERATOR_DATABASE_NAME_LOCAL
+
+#undef CREATE_TABLE
+#undef COLUMN_NOT_NULL
+#undef COLUMN
+#undef CREATE_TABLE_END
+
+// Row class (== RowBase5 + ForEachColumn )
+
+#define CREATE_TABLE(name) namespace name { class Row : public RowBase5 { \
+ public: template<typename Visitor> \
+ void VisitColumns(Visitor& visitor) const {
+#define COLUMN_NOT_NULL(name, type, ...) visitor.Visit(STRINGIFY(name), this->name, this->m_##name##_set);
+#define COLUMN(name, type, ...) visitor.Visit(STRINGIFY(name), this->name, this->m_##name##_set);
+#define CREATE_TABLE_END() } }; }
+
+#include ORM_GENERATOR_DATABASE_NAME_LOCAL
+
+#undef CREATE_TABLE
+#undef COLUMN_NOT_NULL
+#undef COLUMN
+#undef CREATE_TABLE_END
+
+// Field structure declarations
+
+#define CREATE_TABLE(name) namespace name { \
+ static const char* GetName() { return STRINGIFY(name); }
+#define COLUMN_NOT_NULL(name, type, ...) DECLARE_COLUMN(name, type)
+#define COLUMN(name, type, ...) DECLARE_COLUMN(name, OPTIONAL(type))
+#define CREATE_TABLE_END() }
+
+#include ORM_GENERATOR_DATABASE_NAME_LOCAL
+
+#undef CREATE_TABLE
+#undef COLUMN_NOT_NULL
+#undef COLUMN
+#undef CREATE_TABLE_END
+
+// ColumnList typedef
+
+#define CREATE_TABLE(name) namespace name { typedef VcoreDPL::TypeListDecl<
+#define COLUMN_NOT_NULL(name, type, ...) name,
+#define COLUMN(name, type, ...) name,
+#define CREATE_TABLE_END() VcoreDPL::TypeListGuard>::Type ColumnList; }
+
+#include ORM_GENERATOR_DATABASE_NAME_LOCAL
+
+#undef CREATE_TABLE
+#undef COLUMN_NOT_NULL
+#undef COLUMN
+#undef CREATE_TABLE_END
+
+// TableDefinition struct
+
+#define CREATE_TABLE(table_name) \
+ namespace table_name { \
+ struct TableDefinition { \
+ typedef table_name::ColumnList ColumnList; \
+ typedef table_name::Row Row; \
+ static const char* GetName() { return STRINGIFY(table_name); } \
+ static VcoreDPL::DB::SqlConnection::DataCommand *AllocTableDataCommand( \
+ const std::string &statement, \
+ IOrmInterface *interface) \
+ { \
+ Assert(interface != NULL); \
+ return interface->AllocDataCommand(statement); \
+ } \
+ static void FreeTableDataCommand( \
+ VcoreDPL::DB::SqlConnection::DataCommand *command, \
+ IOrmInterface *interface) \
+ { \
+ Assert(interface != NULL); \
+ interface->FreeDataCommand(command); \
+ } \
+ static VcoreDPL::DB::SqlConnection::RowID GetLastInsertRowID( \
+ IOrmInterface *interface) \
+ { \
+ Assert(interface != NULL); \
+ return interface->GetLastInsertRowID(); \
+ } \
+ }; \
+ }
+
+#define COLUMN_NOT_NULL(name, type, ...)
+#define COLUMN(name, type, ...)
+#define CREATE_TABLE_END()
+
+#include ORM_GENERATOR_DATABASE_NAME_LOCAL
+
+#undef CREATE_TABLE
+#undef COLUMN_NOT_NULL
+#undef COLUMN
+#undef CREATE_TABLE_END
+
+// Query typedefs
+
+#define CREATE_TABLE(name) \
+ namespace name { \
+ typedef Select<TableDefinition> Select; \
+ typedef Insert<TableDefinition> Insert; \
+ typedef Delete<TableDefinition> Delete; \
+ typedef Update<TableDefinition> Update; \
+ }
+#define COLUMN_NOT_NULL(name, type, ...)
+#define COLUMN(name, type, ...)
+#define CREATE_TABLE_END()
+
+#include ORM_GENERATOR_DATABASE_NAME_LOCAL
+
+#undef CREATE_TABLE
+#undef COLUMN_NOT_NULL
+#undef COLUMN
+#undef CREATE_TABLE_END
+
+
+// Global undefs
+#undef INT
+#undef TINYINT
+#undef INTEGER
+#undef BIGINT
+#undef VARCHAR
+#undef TEXT
+
+#undef SQL
+#undef TABLE_CONSTRAINTS
+#undef OPTIONAL
+#undef DATABASE_START
+#undef DATABASE_END
+
+} //namespace ORM
+} //namespace DB
+} //namespace VcoreDPL
+
+#undef ORM_GENERATOR_DATABASE_NAME
+#undef ORM_GENERATOR_DATABASE_NAME_LOCAL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file orm_interface.h
+ * @author Lukasz Marek (l.marek@samsung.com)
+ * @version 1.0
+ */
+
+#include <string>
+#include <dpl/db/sql_connection.h>
+
+#ifndef DPL_ORM_INTERFACE_H
+#define DPL_ORM_INTERFACE_H
+
+namespace VcoreDPL {
+namespace DB {
+namespace ORM {
+class IOrmInterface
+{
+ public:
+ virtual ~IOrmInterface() {}
+ virtual VcoreDPL::DB::SqlConnection::DataCommand *AllocDataCommand(
+ const std::string &statement) = 0;
+ virtual void FreeDataCommand(VcoreDPL::DB::SqlConnection::DataCommand *command)
+ = 0;
+ virtual void TransactionBegin() = 0;
+ virtual void TransactionCommit() = 0;
+ virtual void TransactionRollback() = 0;
+ virtual VcoreDPL::DB::SqlConnection::RowID GetLastInsertRowID() = 0;
+};
+}
+}
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file orm_macros.h
+ * @author Bartosz Janiak (b.janiak@samsung.com)
+ * @version 1.0
+ * @brief Macro definitions for generating the SQL input file from
+ * database definition.
+ */
+
+//Do not include this file directly! It is used only for SQL code generation.
+
+#define CREATE_TABLE(name) CREATE TABLE name(
+#define COLUMN(name, type, ...) name type __VA_ARGS__,
+#define COLUMN_NOT_NULL(name, type, ...) name type __VA_ARGS__ not null,
+#define SQL(...) __VA_ARGS__
+#define TABLE_CONSTRAINTS(...) __VA_ARGS__,
+#define CREATE_TABLE_END() CHECK(1) );
+#define DATABASE_START(db_name)
+#define DATABASE_END()
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file sql_connection.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of SQL connection
+ */
+#ifndef DPL_SQL_CONNECTION_H
+#define DPL_SQL_CONNECTION_H
+
+#include <dpl/noncopyable.h>
+#include <dpl/exception.h>
+#include <dpl/availability.h>
+#include <memory>
+#include <boost/optional.hpp>
+#include <dpl/string.h>
+#include <dpl/log/vcore_log.h>
+#include <sqlite3.h>
+#include <string>
+#include <dpl/assert.h>
+#include <memory>
+#include <stdint.h>
+
+namespace VcoreDPL {
+namespace DB {
+/**
+ * SQL connection class
+ */
+class SqlConnection
+{
+ public:
+ /**
+ * SQL Exception classes
+ */
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, SyntaxError)
+ DECLARE_EXCEPTION_TYPE(Base, ConnectionBroken)
+ DECLARE_EXCEPTION_TYPE(Base, InternalError)
+ DECLARE_EXCEPTION_TYPE(Base, InvalidColumn)
+ };
+
+ typedef int ColumnIndex;
+ typedef int ArgumentIndex;
+
+ /*
+ * SQL processed data command
+ */
+ class DataCommand :
+ private Noncopyable
+ {
+ private:
+ SqlConnection *m_masterConnection;
+ sqlite3_stmt *m_stmt;
+
+ void CheckBindResult(int result);
+ void CheckColumnIndex(SqlConnection::ColumnIndex column);
+
+ DataCommand(SqlConnection *connection, const char *buffer);
+
+ friend class SqlConnection;
+
+ public:
+ virtual ~DataCommand();
+
+ /**
+ * Bind null to the prepared statement argument
+ *
+ * @param position Index of argument to bind value to
+ */
+ void BindNull(ArgumentIndex position);
+
+ /**
+ * Bind int to the prepared statement argument
+ *
+ * @param position Index of argument to bind value to
+ * @param value Value to bind
+ */
+ void BindInteger(ArgumentIndex position, int value);
+
+ /**
+ * Bind int8_t to the prepared statement argument
+ *
+ * @param position Index of argument to bind value to
+ * @param value Value to bind
+ */
+ void BindInt8(ArgumentIndex position, int8_t value);
+
+ /**
+ * Bind int16 to the prepared statement argument
+ *
+ * @param position Index of argument to bind value to
+ * @param value Value to bind
+ */
+ void BindInt16(ArgumentIndex position, int16_t value);
+
+ /**
+ * Bind int32 to the prepared statement argument
+ *
+ * @param position Index of argument to bind value to
+ * @param value Value to bind
+ */
+ void BindInt32(ArgumentIndex position, int32_t value);
+
+ /**
+ * Bind int64 to the prepared statement argument
+ *
+ * @param position Index of argument to bind value to
+ * @param value Value to bind
+ */
+ void BindInt64(ArgumentIndex position, int64_t value);
+
+ /**
+ * Bind float to the prepared statement argument
+ *
+ * @param position Index of argument to bind value to
+ * @param value Value to bind
+ */
+ void BindFloat(ArgumentIndex position, float value);
+
+ /**
+ * Bind double to the prepared statement argument
+ *
+ * @param position Index of argument to bind value to
+ * @param value Value to bind
+ */
+ void BindDouble(ArgumentIndex position, double value);
+
+ /**
+ * Bind string to the prepared statement argument
+ *
+ * @param position Index of argument to bind value to
+ * @param value Value to bind
+ */
+ void BindString(ArgumentIndex position, const char *value);
+
+ /**
+ * Bind string to the prepared statement argument
+ *
+ * @param position Index of argument to bind value to
+ * @param value Value to bind
+ */
+ void BindString(ArgumentIndex position, const String& value);
+
+ /**
+ * Bind optional int to the prepared statement argument.
+ * If optional is not set null will be bound
+ *
+ * @param position Index of argument to bind value to
+ * @param value Value to bind
+ */
+ void BindInteger(ArgumentIndex position, const boost::optional<int> &value);
+
+ /**
+ * Bind optional int8 to the prepared statement argument.
+ * If optional is not set null will be bound
+ *
+ * @param position Index of argument to bind value to
+ * @param value Value to bind
+ */
+ void BindInt8(ArgumentIndex position, const boost::optional<int8_t> &value);
+
+ /**
+ * Bind optional int16 to the prepared statement argument.
+ * If optional is not set null will be bound
+ *
+ * @param position Index of argument to bind value to
+ * @param value Value to bind
+ */
+ void BindInt16(ArgumentIndex position, const boost::optional<int16_t> &value);
+
+ /**
+ * Bind optional int32 to the prepared statement argument.
+ * If optional is not set null will be bound
+ *
+ * @param position Index of argument to bind value to
+ * @param value Value to bind
+ */
+ void BindInt32(ArgumentIndex position, const boost::optional<int32_t> &value);
+
+ /**
+ * Bind optional int64 to the prepared statement argument.
+ * If optional is not set null will be bound
+ *
+ * @param position Index of argument to bind value to
+ * @param value Value to bind
+ */
+ void BindInt64(ArgumentIndex position, const boost::optional<int64_t> &value);
+
+ /**
+ * Bind optional float to the prepared statement argument.
+ * If optional is not set null will be bound
+ *
+ * @param position Index of argument to bind value to
+ * @param value Value to bind
+ */
+ void BindFloat(ArgumentIndex position, const boost::optional<float> &value);
+
+ /**
+ * Bind optional double to the prepared statement argument.
+ * If optional is not set null will be bound
+ *
+ * @param position Index of argument to bind value to
+ * @param value Value to bind
+ */
+ void BindDouble(ArgumentIndex position, const boost::optional<double> &value);
+
+ /**
+ * Bind optional string to the prepared statement argument.
+ * If optional is not set null will be bound
+ *
+ * @param position Index of argument to bind value to
+ * @param value Value to bind
+ */
+ void BindString(ArgumentIndex position, const boost::optional<String> &value);
+
+ /**
+ * Execute the prepared statement and/or move
+ * to the next row of the result
+ *
+ * @return True when there was a row returned
+ */
+ bool Step();
+
+ /**
+ * Reset prepared statement's arguments
+ * All parameters will become null
+ */
+ void Reset();
+
+ /**
+ * Checks whether column value is null
+ *
+ * @throw Exception::InvalidColumn
+ */
+ bool IsColumnNull(ColumnIndex column);
+
+ /**
+ * Get integer value from column in current row.
+ *
+ * @throw Exception::InvalidColumn
+ */
+ int GetColumnInteger(ColumnIndex column);
+
+ /**
+ * Get int8 value from column in current row.
+ *
+ * @throw Exception::InvalidColumn
+ */
+ int8_t GetColumnInt8(ColumnIndex column);
+
+ /**
+ * Get int16 value from column in current row.
+ *
+ * @throw Exception::InvalidColumn
+ */
+ int16_t GetColumnInt16(ColumnIndex column);
+ /**
+ * Get int32 value from column in current row.
+ *
+ * @throw Exception::InvalidColumn
+ */
+ int32_t GetColumnInt32(ColumnIndex column);
+
+ /**
+ * Get int64 value from column in current row.
+ *
+ * @throw Exception::InvalidColumn
+ */
+ int64_t GetColumnInt64(ColumnIndex column);
+
+ /**
+ * Get float value from column in current row.
+ *
+ * @throw Exception::InvalidColumn
+ */
+ float GetColumnFloat(ColumnIndex column);
+
+ /**
+ * Get double value from column in current row.
+ *
+ * @throw Exception::InvalidColumn
+ */
+ double GetColumnDouble(ColumnIndex column);
+
+ /**
+ * Get string value from column in current row.
+ *
+ * @throw Exception::InvalidColumn
+ */
+ std::string GetColumnString(ColumnIndex column);
+
+ /**
+ * Get optional integer value from column in current row.
+ *
+ * @throw Exception::InvalidColumn
+ */
+ boost::optional<int> GetColumnOptionalInteger(ColumnIndex column);
+
+ /**
+ * Get optional int8 value from column in current row.
+ *
+ * @throw Exception::InvalidColumn
+ */
+ boost::optional<int8_t> GetColumnOptionalInt8(ColumnIndex column);
+
+ /**
+ * Get optional int16value from column in current row.
+ *
+ * @throw Exception::InvalidColumn
+ */
+ boost::optional<int16_t> GetColumnOptionalInt16(ColumnIndex column);
+
+ /**
+ * Get optional int32 value from column in current row.
+ *
+ * @throw Exception::InvalidColumn
+ */
+ boost::optional<int32_t> GetColumnOptionalInt32(ColumnIndex column);
+
+ /**
+ * Get optional int64 value from column in current row.
+ *
+ * @throw Exception::InvalidColumn
+ */
+ boost::optional<int64_t> GetColumnOptionalInt64(ColumnIndex column);
+
+ /**
+ * Get optional float value from column in current row.
+ *
+ * @throw Exception::InvalidColumn
+ */
+ boost::optional<float> GetColumnOptionalFloat(ColumnIndex column);
+
+ /**
+ * Get optional double value from column in current row.
+ *
+ * @throw Exception::InvalidColumn
+ */
+ boost::optional<double> GetColumnOptionalDouble(ColumnIndex column);
+
+ /**
+ * Get optional string value from column in current row.
+ *
+ * @throw Exception::InvalidColumn
+ */
+ boost::optional<String> GetColumnOptionalString(ColumnIndex column);
+ };
+
+ // Move on copy semantics
+ typedef std::auto_ptr<DataCommand> DataCommandAutoPtr;
+
+ // Open flags
+ class Flag
+ {
+ public:
+ enum Type
+ {
+ None = 1 << 0,
+ UseLucene = 1 << 1
+ };
+
+ enum Option
+ {
+ RO = SQLITE_OPEN_NOMUTEX | SQLITE_OPEN_READONLY,
+ /**
+ * *TODO: please remove CREATE option from RW flag when all places
+ * that need that switched do CRW
+ */
+ RW = SQLITE_OPEN_NOMUTEX | SQLITE_OPEN_READWRITE |
+ SQLITE_OPEN_CREATE,
+ CRW = RW | SQLITE_OPEN_CREATE
+ };
+ };
+
+ // RowID
+ typedef sqlite3_int64 RowID;
+
+ /**
+ * Synchronization object used to synchronize SQL connection
+ * to the same database across different threads and processes
+ */
+ class SynchronizationObject
+ {
+ public:
+ virtual ~SynchronizationObject() {}
+
+ /**
+ * Synchronizes SQL connection for multiple clients.
+ */
+ virtual void Synchronize() = 0;
+
+ /**
+ * Notify all waiting clients that the connection is no longer locked.
+ */
+ virtual void NotifyAll() = 0;
+ };
+
+ protected:
+ sqlite3 *m_connection;
+
+ // Options
+ bool m_usingLucene;
+
+ // Stored data procedures
+ int m_dataCommandsCount;
+
+ // Synchronization object
+ std::unique_ptr<SynchronizationObject> m_synchronizationObject;
+
+ virtual void Connect(const std::string &address,
+ Flag::Type = Flag::None, Flag::Option = Flag::RO);
+ virtual void Disconnect();
+
+ void TurnOnForeignKeys();
+
+ static SynchronizationObject *AllocDefaultSynchronizationObject();
+
+ public:
+ /**
+ * Open SQL connection
+ *
+ * Synchronization is archieved by using provided asynchronization object.
+ * If synchronizationObject is set to NULL, so synchronization is performed.
+ * Ownership of the synchronization object is transfered to sql connection
+ * object.
+ *
+ * @param address Database file name
+ * @param flags Open flags
+ * @param synchronizationObject A synchronization object to use.
+ */
+ explicit SqlConnection(const std::string &address = std::string(),
+ Flag::Type flags = Flag::None,
+ Flag::Option options = Flag::RO,
+ SynchronizationObject *synchronizationObject =
+ AllocDefaultSynchronizationObject());
+
+ /**
+ * Destructor
+ */
+ virtual ~SqlConnection();
+
+ /**
+ * Execute SQL command without result
+ *
+ * @param format
+ * @param ...
+ */
+ void ExecCommand(const char *format, ...) DPL_DEPRECATED_WITH_MESSAGE(
+ "To prevent sql injection do not use this \
+ method for direct sql execution");
+
+ /**
+ * Execute BEGIN; command to start new transaction
+ *
+ */
+ void BeginTransaction();
+
+ /**
+ * Execute ROLLBACK; command to discard changes made
+ *
+ */
+ void RollbackTransaction();
+
+ /**
+ * Execute COMMIT; command to commit changes in database
+ *
+ */
+ void CommitTransaction();
+
+ /**
+ * Prepare stored procedure
+ *
+ * @param format SQL statement
+ * @return Data command representing stored procedure
+ */
+ DataCommandAutoPtr PrepareDataCommand(const char *format, ...);
+
+ /**
+ * Check whether given table exists
+ *
+ * @param tableName Name of the table to check
+ * @return True if given table name exists
+ */
+ bool CheckTableExist(const char *tableName);
+
+ /**
+ * Get last insert operation new row id
+ *
+ * @return Row ID
+ */
+ RowID GetLastInsertRowID() const;
+
+ private:
+ int db_util_open_with_options(const char *pszFilePath, sqlite3 **ppDB,
+ int flags, const char *zVfs);
+ int db_util_close(sqlite3 *pDB);
+
+};
+} // namespace DB
+} // namespace VcoreDPL
+
+#endif // DPL_SQL_CONNECTION_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file thread_database_support.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk)
+ * @version 1.0
+ * @brief This file contains the declaration of thread database support
+ */
+
+#ifndef DPL_THREAD_DATABASE_SUPPORT_H
+#define DPL_THREAD_DATABASE_SUPPORT_H
+
+#include <string>
+#include <dpl/db/sql_connection.h>
+#include <dpl/db/orm_interface.h>
+#include <dpl/thread.h>
+#include <dpl/assert.h>
+#include <stdint.h>
+
+namespace VcoreDPL {
+namespace DB {
+/**
+ * Thread database support
+ *
+ * Associate database connection with thread lifecycle
+ *
+ */
+
+class ThreadDatabaseSupport :
+ public VcoreDPL::DB::ORM::IOrmInterface
+{
+ private:
+ typedef VcoreDPL::DB::SqlConnection *SqlConnectionPtr;
+ typedef VcoreDPL::ThreadLocalVariable<SqlConnectionPtr> TLVSqlConnectionPtr;
+ typedef VcoreDPL::ThreadLocalVariable<size_t> TLVSizeT;
+ typedef VcoreDPL::ThreadLocalVariable<bool> TLVBool;
+
+ TLVSqlConnectionPtr m_connection;
+ TLVBool m_linger;
+ TLVSizeT m_refCounter;
+ TLVSizeT m_transactionDepth;
+ TLVSizeT m_attachCount;
+ TLVBool m_transactionCancel;
+ std::string m_address;
+ VcoreDPL::DB::SqlConnection::Flag::Type m_flags;
+
+ TLVSqlConnectionPtr &Connection()
+ {
+ return m_connection;
+ }
+
+ TLVBool &Linger()
+ {
+ return m_linger;
+ }
+
+ TLVSizeT &RefCounter()
+ {
+ return m_refCounter;
+ }
+
+ TLVSizeT &TransactionDepth()
+ {
+ return m_transactionDepth;
+ }
+
+ TLVSizeT &AttachCount()
+ {
+ return m_attachCount;
+ }
+
+ TLVBool &TransactionCancel()
+ {
+ return m_transactionCancel;
+ }
+
+ void CheckedConnectionDelete()
+ {
+ Assert(!Connection().IsNull());
+ Assert(*Linger() == true);
+
+ if (*RefCounter() > 0 || *AttachCount() > 0) {
+ return;
+ }
+
+ // Destroy connection
+ VcoreLogD("Destroying thread database connection: %s", m_address.c_str());
+
+ delete *Connection();
+
+ // Blocking destroy
+ Connection().GuardValue(false);
+ Linger().GuardValue(false);
+ RefCounter().GuardValue(false);
+ TransactionCancel().GuardValue(false);
+ TransactionDepth().GuardValue(false);
+ AttachCount().GuardValue(false);
+
+ Connection().Reset();
+ Linger().Reset();
+ RefCounter().Reset();
+ TransactionCancel().Reset();
+ TransactionDepth().Reset();
+ AttachCount().Reset();
+ }
+
+ void TransactionUnref()
+ {
+ VcoreLogD("Unref transaction");
+
+ if (--(*TransactionDepth()) == 0) {
+ VcoreLogD("Transaction is finalized");
+
+ if (*TransactionCancel()) {
+ VcoreLogD("Transaction will be rolled back");
+ (*Connection())->RollbackTransaction();
+ } else {
+ VcoreLogD("Transaction will be commited");
+ (*Connection())->CommitTransaction();
+ }
+ }
+ }
+
+ public:
+ ThreadDatabaseSupport(const std::string &address,
+ VcoreDPL::DB::SqlConnection::Flag::Type flags) :
+ m_address(address),
+ m_flags(flags)
+ {}
+
+ virtual ~ThreadDatabaseSupport()
+ {}
+
+ void AttachToThread(
+ VcoreDPL::DB::SqlConnection::Flag::Option options =
+ VcoreDPL::DB::SqlConnection::Flag::RO)
+ {
+ Linger() = false;
+
+ if (!Connection().IsNull()) {
+ // Add reference
+ ++*AttachCount();
+ return;
+ }
+
+ // Initialize SQL connection described in traits
+ VcoreLogD("Attaching thread database connection: %s", m_address.c_str());
+
+ Connection() = new VcoreDPL::DB::SqlConnection(
+ m_address.c_str(), m_flags, options);
+
+ RefCounter() = 0;
+
+ AttachCount() = 1;
+
+ //Init Transaction related variables
+ TransactionDepth() = 0;
+ TransactionCancel() = false;
+
+ // Blocking destroy
+ Connection().GuardValue(true);
+ Linger().GuardValue(true);
+ RefCounter().GuardValue(true);
+ TransactionDepth().GuardValue(true);
+ AttachCount().GuardValue(true);
+ TransactionCancel().GuardValue(true);
+ }
+
+ void DetachFromThread()
+ {
+ // Calling thread must support thread database connections
+ Assert(!Connection().IsNull());
+
+ // Remove reference
+ --*AttachCount();
+
+ if (*AttachCount() > 0) {
+ return;
+ }
+
+ // It must not be in linger state yet
+ Assert(*Linger() == false);
+
+ VcoreLogD("Detaching thread database connection: %s", m_address.c_str());
+
+ // Enter linger state
+ *Linger() = true;
+
+ // Checked delete
+ CheckedConnectionDelete();
+ }
+
+ bool IsAttached()
+ {
+ return !AttachCount().IsNull() && *AttachCount() > 0;
+ }
+
+ VcoreDPL::DB::SqlConnection::DataCommand *AllocDataCommand(
+ const std::string &statement)
+ {
+ // Calling thread must support thread database connections
+ Assert(!Connection().IsNull());
+
+ // Calling thread must not be in linger state
+ Assert(*Linger() == false);
+
+ // Add reference
+ ++*RefCounter();
+
+ // Create new unmanaged data command
+ return (*Connection())->PrepareDataCommand(statement.c_str()).release();
+ }
+
+ void FreeDataCommand(VcoreDPL::DB::SqlConnection::DataCommand *command)
+ {
+ // Calling thread must support thread database connections
+ Assert(!Connection().IsNull());
+
+ // Delete data command
+ delete command;
+
+ // Unreference SQL connection
+ --*RefCounter();
+
+ // If it is linger state, connection may be destroyed
+ if (*Linger() == true) {
+ CheckedConnectionDelete();
+ }
+ }
+
+ void TransactionBegin()
+ {
+ // Calling thread must support thread database connections
+ Assert(!Connection().IsNull());
+
+ VcoreLogD("Begin transaction");
+
+ // Addref transaction
+ if (++(*TransactionDepth()) == 1) {
+ VcoreLogD("Transaction is initialized");
+
+ TransactionCancel() = false;
+ (*Connection())->BeginTransaction();
+ }
+ }
+
+ void TransactionCommit()
+ {
+ // Calling thread must support thread database connections
+ Assert(!Connection().IsNull());
+
+ VcoreLogD("Commit transaction");
+
+ // Unref transation
+ TransactionUnref();
+ }
+
+ void TransactionRollback()
+ {
+ // Calling thread must support thread database connections
+ Assert(!Connection().IsNull());
+
+ // Cancel and unref transaction
+ TransactionCancel() = true;
+ TransactionUnref();
+ }
+
+ VcoreDPL::DB::SqlConnection::RowID GetLastInsertRowID()
+ {
+ // Calling thread must support thread database connections
+ Assert(!Connection().IsNull());
+
+ return (*Connection())->GetLastInsertRowID();
+ }
+
+ bool CheckTableExist(const char *name)
+ {
+ // Calling thread must support thread database connections
+ Assert(!Connection().IsNull());
+
+ return (*Connection())->CheckTableExist(name);
+ }
+};
+}
+}
+
+#endif // DPL_THREAD_DATABASE_SUPPORT_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file naive_synchronization_object.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of SQL naive
+ * synchronization object
+ */
+#include <stddef.h>
+#include <dpl/db/naive_synchronization_object.h>
+#include <dpl/thread.h>
+
+namespace {
+ unsigned int seed = time(NULL);
+}
+
+namespace VcoreDPL {
+namespace DB {
+void NaiveSynchronizationObject::Synchronize()
+{
+ // Sleep for about 10ms - 30ms
+ Thread::MiliSleep(10 + rand_r(&seed) % 20);
+}
+
+void NaiveSynchronizationObject::NotifyAll()
+{
+ // No need to inform about anything
+}
+} // namespace DB
+} // namespace VcoreDPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file orm.cpp
+ * @author Bartosz Janiak (b.janiak@samsung.com)
+ * @version 1.0
+ * @brief Static definitions and function template specialziations of
+ * DPL-ORM.
+ */
+#include <stddef.h>
+#include <dpl/db/orm.h>
+
+namespace VcoreDPL {
+namespace DB {
+namespace ORM {
+namespace RelationTypes {
+const char Equal[] = "=";
+const char LessThan[] = "<";
+const char And[] = "AND";
+const char Or[] = "OR";
+const char Is[] = "IS";
+const char In[] = "IN";
+}
+
+template<>
+int GetColumnFromCommand<int>(ColumnIndex columnIndex,
+ DataCommand *command)
+{
+ return command->GetColumnInteger(columnIndex);
+}
+
+template<>
+VcoreDPL::String GetColumnFromCommand<VcoreDPL::String>(ColumnIndex columnIndex,
+ DataCommand *command)
+{
+ return VcoreDPL::FromUTF8String(command->GetColumnString(columnIndex));
+}
+
+template<>
+OptionalInteger GetColumnFromCommand<OptionalInteger>(ColumnIndex columnIndex,
+ DataCommand *command)
+{
+ return command->GetColumnOptionalInteger(columnIndex);
+}
+
+template<>
+OptionalString GetColumnFromCommand<OptionalString>(ColumnIndex columnIndex,
+ DataCommand *command)
+{
+ return command->GetColumnOptionalString(columnIndex);
+}
+
+template<>
+double GetColumnFromCommand<double>(ColumnIndex columnIndex,
+ DataCommand *command)
+{
+ return command->GetColumnDouble(columnIndex);
+}
+
+void DataCommandUtils::BindArgument(DataCommand *command,
+ ArgumentIndex index,
+ int argument)
+{
+ command->BindInteger(index, argument);
+}
+
+void DataCommandUtils::BindArgument(DataCommand *command,
+ ArgumentIndex index,
+ const OptionalInteger& argument)
+{
+ command->BindInteger(index, argument);
+}
+
+void DataCommandUtils::BindArgument(DataCommand *command,
+ ArgumentIndex index,
+ const VcoreDPL::String& argument)
+{
+ command->BindString(index, argument);
+}
+
+void DataCommandUtils::BindArgument(DataCommand *command,
+ ArgumentIndex index,
+ const OptionalString& argument)
+{
+ command->BindString(index, argument);
+}
+}
+}
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file sql_connection.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of SQL connection
+ */
+#include <stddef.h>
+#include <dpl/db/sql_connection.h>
+#include <dpl/db/naive_synchronization_object.h>
+#include <dpl/free_deleter.h>
+#include <memory>
+#include <dpl/noncopyable.h>
+#include <dpl/assert.h>
+#include <unistd.h>
+#include <cstdio>
+#include <cstdarg>
+
+namespace VcoreDPL {
+namespace DB {
+namespace // anonymous
+{
+class ScopedNotifyAll :
+ public Noncopyable
+{
+ private:
+ SqlConnection::SynchronizationObject *m_synchronizationObject;
+
+ public:
+ explicit ScopedNotifyAll(
+ SqlConnection::SynchronizationObject *synchronizationObject) :
+ m_synchronizationObject(synchronizationObject)
+ {}
+
+ ~ScopedNotifyAll()
+ {
+ if (!m_synchronizationObject) {
+ return;
+ }
+
+ VcoreLogD("Notifying after successful synchronize");
+ m_synchronizationObject->NotifyAll();
+ }
+};
+} // namespace anonymous
+
+SqlConnection::DataCommand::DataCommand(SqlConnection *connection,
+ const char *buffer) :
+ m_masterConnection(connection),
+ m_stmt(NULL)
+{
+ Assert(connection != NULL);
+
+ // Notify all after potentially synchronized database connection access
+ ScopedNotifyAll notifyAll(connection->m_synchronizationObject.get());
+
+ for (;;) {
+ int ret = sqlite3_prepare_v2(connection->m_connection,
+ buffer, strlen(buffer),
+ &m_stmt, NULL);
+
+ if (ret == SQLITE_OK) {
+ VcoreLogD("Data command prepared successfuly");
+ break;
+ } else if (ret == SQLITE_BUSY) {
+ VcoreLogD("Collision occurred while preparing SQL command");
+
+ // Synchronize if synchronization object is available
+ if (connection->m_synchronizationObject) {
+ VcoreLogD("Performing synchronization");
+ connection->m_synchronizationObject->Synchronize();
+ continue;
+ }
+
+ // No synchronization object defined. Fail.
+ }
+
+ // Fatal error
+ const char *error = sqlite3_errmsg(m_masterConnection->m_connection);
+
+ VcoreLogD("SQL prepare data command failed");
+ VcoreLogD(" Statement: %s", buffer);
+ VcoreLogD(" Error: %s", error);
+
+ ThrowMsg(Exception::SyntaxError, error);
+ }
+
+ VcoreLogD("Prepared data command: %s", buffer);
+
+ // Increment stored data command count
+ ++m_masterConnection->m_dataCommandsCount;
+}
+
+SqlConnection::DataCommand::~DataCommand()
+{
+ VcoreLogD("SQL data command finalizing");
+
+ if (sqlite3_finalize(m_stmt) != SQLITE_OK) {
+ VcoreLogD("Failed to finalize data command");
+ }
+
+ // Decrement stored data command count
+ --m_masterConnection->m_dataCommandsCount;
+}
+
+void SqlConnection::DataCommand::CheckBindResult(int result)
+{
+ if (result != SQLITE_OK) {
+ const char *error = sqlite3_errmsg(
+ m_masterConnection->m_connection);
+
+ VcoreLogD("Failed to bind SQL statement parameter");
+ VcoreLogD(" Error: %s", error);
+
+ ThrowMsg(Exception::SyntaxError, error);
+ }
+}
+
+void SqlConnection::DataCommand::BindNull(
+ SqlConnection::ArgumentIndex position)
+{
+ CheckBindResult(sqlite3_bind_null(m_stmt, position));
+ VcoreLogD("SQL data command bind null: [%i]", position);
+}
+
+void SqlConnection::DataCommand::BindInteger(
+ SqlConnection::ArgumentIndex position,
+ int value)
+{
+ CheckBindResult(sqlite3_bind_int(m_stmt, position, value));
+ VcoreLogD("SQL data command bind integer: [%i] -> %i", position, value);
+}
+
+void SqlConnection::DataCommand::BindInt8(
+ SqlConnection::ArgumentIndex position,
+ int8_t value)
+{
+ CheckBindResult(sqlite3_bind_int(m_stmt, position,
+ static_cast<int>(value)));
+ VcoreLogD("SQL data command bind int8: [%i] -> %i", position, value);
+}
+
+void SqlConnection::DataCommand::BindInt16(
+ SqlConnection::ArgumentIndex position,
+ int16_t value)
+{
+ CheckBindResult(sqlite3_bind_int(m_stmt, position,
+ static_cast<int>(value)));
+ VcoreLogD("SQL data command bind int16: [%i] -> %i", position, value);
+}
+
+void SqlConnection::DataCommand::BindInt32(
+ SqlConnection::ArgumentIndex position,
+ int32_t value)
+{
+ CheckBindResult(sqlite3_bind_int(m_stmt, position,
+ static_cast<int>(value)));
+ VcoreLogD("SQL data command bind int32: [%i] -> %i", position, value);
+}
+
+void SqlConnection::DataCommand::BindInt64(
+ SqlConnection::ArgumentIndex position,
+ int64_t value)
+{
+ CheckBindResult(sqlite3_bind_int64(m_stmt, position,
+ static_cast<sqlite3_int64>(value)));
+ VcoreLogD("SQL data command bind int64: [%i] -> %lli", position, value);
+}
+
+void SqlConnection::DataCommand::BindFloat(
+ SqlConnection::ArgumentIndex position,
+ float value)
+{
+ CheckBindResult(sqlite3_bind_double(m_stmt, position,
+ static_cast<double>(value)));
+ VcoreLogD("SQL data command bind float: [%i] -> %f", position, value);
+}
+
+void SqlConnection::DataCommand::BindDouble(
+ SqlConnection::ArgumentIndex position,
+ double value)
+{
+ CheckBindResult(sqlite3_bind_double(m_stmt, position, value));
+ VcoreLogD("SQL data command bind double: [%i] -> %f", position, value);
+}
+
+void SqlConnection::DataCommand::BindString(
+ SqlConnection::ArgumentIndex position,
+ const char *value)
+{
+ if (!value) {
+ BindNull(position);
+ return;
+ }
+
+ // Assume that text may disappear
+ CheckBindResult(sqlite3_bind_text(m_stmt, position,
+ value, strlen(value),
+ SQLITE_TRANSIENT));
+
+ VcoreLogD("SQL data command bind string: [%i] -> %s", position, value);
+}
+
+void SqlConnection::DataCommand::BindString(
+ SqlConnection::ArgumentIndex position,
+ const String &value)
+{
+ BindString(position, ToUTF8String(value).c_str());
+}
+
+void SqlConnection::DataCommand::BindInteger(
+ SqlConnection::ArgumentIndex position,
+ const boost::optional<int> &value)
+{
+ if (!value) {
+ BindNull(position);
+ } else {
+ BindInteger(position, *value);
+ }
+}
+
+void SqlConnection::DataCommand::BindInt8(
+ SqlConnection::ArgumentIndex position,
+ const boost::optional<int8_t> &value)
+{
+ if (!value) {
+ BindNull(position);
+ } else {
+ BindInt8(position, *value);
+ }
+}
+
+void SqlConnection::DataCommand::BindInt16(
+ SqlConnection::ArgumentIndex position,
+ const boost::optional<int16_t> &value)
+{
+ if (!value) {
+ BindNull(position);
+ } else {
+ BindInt16(position, *value);
+ }
+}
+
+void SqlConnection::DataCommand::BindInt32(
+ SqlConnection::ArgumentIndex position,
+ const boost::optional<int32_t> &value)
+{
+ if (!value) {
+ BindNull(position);
+ } else {
+ BindInt32(position, *value);
+ }
+}
+
+void SqlConnection::DataCommand::BindInt64(
+ SqlConnection::ArgumentIndex position,
+ const boost::optional<int64_t> &value)
+{
+ if (!value) {
+ BindNull(position);
+ } else {
+ BindInt64(position, *value);
+ }
+}
+
+void SqlConnection::DataCommand::BindFloat(
+ SqlConnection::ArgumentIndex position,
+ const boost::optional<float> &value)
+{
+ if (!value) {
+ BindNull(position);
+ } else {
+ BindFloat(position, *value);
+ }
+}
+
+void SqlConnection::DataCommand::BindDouble(
+ SqlConnection::ArgumentIndex position,
+ const boost::optional<double> &value)
+{
+ if (!value) {
+ BindNull(position);
+ } else {
+ BindDouble(position, *value);
+ }
+}
+
+void SqlConnection::DataCommand::BindString(
+ SqlConnection::ArgumentIndex position,
+ const boost::optional<String> &value)
+{
+ if (!!value) {
+ BindString(position, ToUTF8String(*value).c_str());
+ } else {
+ BindNull(position);
+ }
+}
+
+bool SqlConnection::DataCommand::Step()
+{
+ // Notify all after potentially synchronized database connection access
+ ScopedNotifyAll notifyAll(
+ m_masterConnection->m_synchronizationObject.get());
+
+ for (;;) {
+ int ret = sqlite3_step(m_stmt);
+
+ if (ret == SQLITE_ROW) {
+ VcoreLogD("SQL data command step ROW");
+ return true;
+ } else if (ret == SQLITE_DONE) {
+ VcoreLogD("SQL data command step DONE");
+ return false;
+ } else if (ret == SQLITE_BUSY) {
+ VcoreLogD("Collision occurred while executing SQL command");
+
+ // Synchronize if synchronization object is available
+ if (m_masterConnection->m_synchronizationObject) {
+ VcoreLogD("Performing synchronization");
+
+ m_masterConnection->
+ m_synchronizationObject->Synchronize();
+
+ continue;
+ }
+
+ // No synchronization object defined. Fail.
+ }
+
+ // Fatal error
+ const char *error = sqlite3_errmsg(m_masterConnection->m_connection);
+
+ VcoreLogD("SQL step data command failed");
+ VcoreLogD(" Error: %s", error);
+
+ ThrowMsg(Exception::InternalError, error);
+ }
+}
+
+void SqlConnection::DataCommand::Reset()
+{
+ /*
+ * According to:
+ * http://www.sqlite.org/c3ref/stmt.html
+ *
+ * if last sqlite3_step command on this stmt returned an error,
+ * then sqlite3_reset will return that error, althought it is not an error.
+ * So sqlite3_reset allways succedes.
+ */
+ sqlite3_reset(m_stmt);
+
+ VcoreLogD("SQL data command reset");
+}
+
+void SqlConnection::DataCommand::CheckColumnIndex(
+ SqlConnection::ColumnIndex column)
+{
+ if (column < 0 || column >= sqlite3_column_count(m_stmt)) {
+ ThrowMsg(Exception::InvalidColumn, "Column index is out of bounds");
+ }
+}
+
+bool SqlConnection::DataCommand::IsColumnNull(
+ SqlConnection::ColumnIndex column)
+{
+ VcoreLogD("SQL data command get column type: [%i]", column);
+ CheckColumnIndex(column);
+ return sqlite3_column_type(m_stmt, column) == SQLITE_NULL;
+}
+
+int SqlConnection::DataCommand::GetColumnInteger(
+ SqlConnection::ColumnIndex column)
+{
+ VcoreLogD("SQL data command get column integer: [%i]", column);
+ CheckColumnIndex(column);
+ int value = sqlite3_column_int(m_stmt, column);
+ VcoreLogD(" Value: %i", value);
+ return value;
+}
+
+int8_t SqlConnection::DataCommand::GetColumnInt8(
+ SqlConnection::ColumnIndex column)
+{
+ VcoreLogD("SQL data command get column int8: [%i]", column);
+ CheckColumnIndex(column);
+ int8_t value = static_cast<int8_t>(sqlite3_column_int(m_stmt, column));
+ VcoreLogD(" Value: %i", value);
+ return value;
+}
+
+int16_t SqlConnection::DataCommand::GetColumnInt16(
+ SqlConnection::ColumnIndex column)
+{
+ VcoreLogD("SQL data command get column int16: [%i]", column);
+ CheckColumnIndex(column);
+ int16_t value = static_cast<int16_t>(sqlite3_column_int(m_stmt, column));
+ VcoreLogD(" Value: %i", value);
+ return value;
+}
+
+int32_t SqlConnection::DataCommand::GetColumnInt32(
+ SqlConnection::ColumnIndex column)
+{
+ VcoreLogD("SQL data command get column int32: [%i]", column);
+ CheckColumnIndex(column);
+ int32_t value = static_cast<int32_t>(sqlite3_column_int(m_stmt, column));
+ VcoreLogD(" Value: %i", value);
+ return value;
+}
+
+int64_t SqlConnection::DataCommand::GetColumnInt64(
+ SqlConnection::ColumnIndex column)
+{
+ VcoreLogD("SQL data command get column int64: [%i]", column);
+ CheckColumnIndex(column);
+ int64_t value = static_cast<int64_t>(sqlite3_column_int64(m_stmt, column));
+ VcoreLogD(" Value: %lli", value);
+ return value;
+}
+
+float SqlConnection::DataCommand::GetColumnFloat(
+ SqlConnection::ColumnIndex column)
+{
+ VcoreLogD("SQL data command get column float: [%i]", column);
+ CheckColumnIndex(column);
+ float value = static_cast<float>(sqlite3_column_double(m_stmt, column));
+ VcoreLogD(" Value: %f", value);
+ return value;
+}
+
+double SqlConnection::DataCommand::GetColumnDouble(
+ SqlConnection::ColumnIndex column)
+{
+ VcoreLogD("SQL data command get column double: [%i]", column);
+ CheckColumnIndex(column);
+ double value = sqlite3_column_double(m_stmt, column);
+ VcoreLogD(" Value: %f", value);
+ return value;
+}
+
+std::string SqlConnection::DataCommand::GetColumnString(
+ SqlConnection::ColumnIndex column)
+{
+ VcoreLogD("SQL data command get column string: [%i]", column);
+ CheckColumnIndex(column);
+
+ const char *value = reinterpret_cast<const char *>(
+ sqlite3_column_text(m_stmt, column));
+
+ VcoreLogD(" Value: %s", value);
+
+ if (value == NULL) {
+ return std::string();
+ }
+
+ return std::string(value);
+}
+
+boost::optional<int> SqlConnection::DataCommand::GetColumnOptionalInteger(
+ SqlConnection::ColumnIndex column)
+{
+ VcoreLogD("SQL data command get column optional integer: [%i]", column);
+ CheckColumnIndex(column);
+ if (sqlite3_column_type(m_stmt, column) == SQLITE_NULL) {
+ return boost::optional<int>();
+ }
+ int value = sqlite3_column_int(m_stmt, column);
+ VcoreLogD(" Value: %i", value);
+ return boost::optional<int>(value);
+}
+
+boost::optional<int8_t> SqlConnection::DataCommand::GetColumnOptionalInt8(
+ SqlConnection::ColumnIndex column)
+{
+ VcoreLogD("SQL data command get column optional int8: [%i]", column);
+ CheckColumnIndex(column);
+ if (sqlite3_column_type(m_stmt, column) == SQLITE_NULL) {
+ return boost::optional<int8_t>();
+ }
+ int8_t value = static_cast<int8_t>(sqlite3_column_int(m_stmt, column));
+ VcoreLogD(" Value: %i", value);
+ return boost::optional<int8_t>(value);
+}
+
+boost::optional<int16_t> SqlConnection::DataCommand::GetColumnOptionalInt16(
+ SqlConnection::ColumnIndex column)
+{
+ VcoreLogD("SQL data command get column optional int16: [%i]", column);
+ CheckColumnIndex(column);
+ if (sqlite3_column_type(m_stmt, column) == SQLITE_NULL) {
+ return boost::optional<int16_t>();
+ }
+ int16_t value = static_cast<int16_t>(sqlite3_column_int(m_stmt, column));
+ VcoreLogD(" Value: %i", value);
+ return boost::optional<int16_t>(value);
+}
+
+boost::optional<int32_t> SqlConnection::DataCommand::GetColumnOptionalInt32(
+ SqlConnection::ColumnIndex column)
+{
+ VcoreLogD("SQL data command get column optional int32: [%i]", column);
+ CheckColumnIndex(column);
+ if (sqlite3_column_type(m_stmt, column) == SQLITE_NULL) {
+ return boost::optional<int32_t>();
+ }
+ int32_t value = static_cast<int32_t>(sqlite3_column_int(m_stmt, column));
+ VcoreLogD(" Value: %i", value);
+ return boost::optional<int32_t>(value);
+}
+
+boost::optional<int64_t> SqlConnection::DataCommand::GetColumnOptionalInt64(
+ SqlConnection::ColumnIndex column)
+{
+ VcoreLogD("SQL data command get column optional int64: [%i]", column);
+ CheckColumnIndex(column);
+ if (sqlite3_column_type(m_stmt, column) == SQLITE_NULL) {
+ return boost::optional<int64_t>();
+ }
+ int64_t value = static_cast<int64_t>(sqlite3_column_int64(m_stmt, column));
+ VcoreLogD(" Value: %lli", value);
+ return boost::optional<int64_t>(value);
+}
+
+boost::optional<float> SqlConnection::DataCommand::GetColumnOptionalFloat(
+ SqlConnection::ColumnIndex column)
+{
+ VcoreLogD("SQL data command get column optional float: [%i]", column);
+ CheckColumnIndex(column);
+ if (sqlite3_column_type(m_stmt, column) == SQLITE_NULL) {
+ return boost::optional<float>();
+ }
+ float value = static_cast<float>(sqlite3_column_double(m_stmt, column));
+ VcoreLogD(" Value: %f", value);
+ return boost::optional<float>(value);
+}
+
+boost::optional<double> SqlConnection::DataCommand::GetColumnOptionalDouble(
+ SqlConnection::ColumnIndex column)
+{
+ VcoreLogD("SQL data command get column optional double: [%i]", column);
+ CheckColumnIndex(column);
+ if (sqlite3_column_type(m_stmt, column) == SQLITE_NULL) {
+ return boost::optional<double>();
+ }
+ double value = sqlite3_column_double(m_stmt, column);
+ VcoreLogD(" Value: %f", value);
+ return boost::optional<double>(value);
+}
+
+boost::optional<String> SqlConnection::DataCommand::GetColumnOptionalString(
+ SqlConnection::ColumnIndex column)
+{
+ VcoreLogD("SQL data command get column optional string: [%i]", column);
+ CheckColumnIndex(column);
+ if (sqlite3_column_type(m_stmt, column) == SQLITE_NULL) {
+ return boost::optional<String>();
+ }
+ const char *value = reinterpret_cast<const char *>(
+ sqlite3_column_text(m_stmt, column));
+ VcoreLogD(" Value: %s", value);
+ String s = FromUTF8String(value);
+ return boost::optional<String>(s);
+}
+
+void SqlConnection::Connect(const std::string &address,
+ Flag::Type type,
+ Flag::Option flag)
+{
+ if (m_connection != NULL) {
+ VcoreLogD("Already connected.");
+ return;
+ }
+ VcoreLogD("Connecting to DB: %s...", address.c_str());
+
+ // Connect to database
+ int result;
+ if (type & Flag::UseLucene) {
+ result = db_util_open_with_options(
+ address.c_str(),
+ &m_connection,
+ flag,
+ NULL);
+
+ m_usingLucene = true;
+ VcoreLogD("Lucene index enabled");
+ } else {
+ result = sqlite3_open_v2(
+ address.c_str(),
+ &m_connection,
+ flag,
+ NULL);
+
+ m_usingLucene = false;
+ VcoreLogD("Lucene index disabled");
+ }
+
+ if (result == SQLITE_OK) {
+ VcoreLogD("Connected to DB");
+ } else {
+ VcoreLogD("Failed to connect to DB!");
+ ThrowMsg(Exception::ConnectionBroken, address);
+ }
+
+ // Enable foreign keys
+ TurnOnForeignKeys();
+}
+
+void SqlConnection::Disconnect()
+{
+ if (m_connection == NULL) {
+ VcoreLogD("Already disconnected.");
+ return;
+ }
+
+ VcoreLogD("Disconnecting from DB...");
+
+ // All stored data commands must be deleted before disconnect
+ AssertMsg(m_dataCommandsCount == 0,
+ "All stored procedures must be deleted"
+ " before disconnecting SqlConnection");
+
+ int result;
+
+ if (m_usingLucene) {
+ result = db_util_close(m_connection);
+ } else {
+ result = sqlite3_close(m_connection);
+ }
+
+ if (result != SQLITE_OK) {
+ const char *error = sqlite3_errmsg(m_connection);
+ VcoreLogD("SQL close failed");
+ VcoreLogD(" Error: %s", error);
+ Throw(Exception::InternalError);
+ }
+
+ m_connection = NULL;
+
+ VcoreLogD("Disconnected from DB");
+}
+
+bool SqlConnection::CheckTableExist(const char *tableName)
+{
+ if (m_connection == NULL) {
+ VcoreLogD("Cannot execute command. Not connected to DB!");
+ return false;
+ }
+
+ DataCommandAutoPtr command =
+ PrepareDataCommand("select tbl_name from sqlite_master where name=?;");
+
+ command->BindString(1, tableName);
+
+ if (!command->Step()) {
+ VcoreLogD("No matching records in table");
+ return false;
+ }
+
+ return command->GetColumnString(0) == tableName;
+}
+
+SqlConnection::SqlConnection(const std::string &address,
+ Flag::Type flag,
+ Flag::Option option,
+ SynchronizationObject *synchronizationObject) :
+ m_connection(NULL),
+ m_usingLucene(false),
+ m_dataCommandsCount(0),
+ m_synchronizationObject(synchronizationObject)
+{
+ VcoreLogD("Opening database connection to: %s", address.c_str());
+
+ // Connect to DB
+ SqlConnection::Connect(address, flag, option);
+
+ if (!m_synchronizationObject) {
+ VcoreLogD("No synchronization object defined");
+ }
+}
+
+SqlConnection::~SqlConnection()
+{
+ VcoreLogD("Closing database connection");
+
+ // Disconnect from DB
+ Try
+ {
+ SqlConnection::Disconnect();
+ }
+ Catch(Exception::Base)
+ {
+ VcoreLogD("Failed to disconnect from database");
+ }
+}
+
+void SqlConnection::ExecCommand(const char *format, ...)
+{
+ if (m_connection == NULL) {
+ VcoreLogD("Cannot execute command. Not connected to DB!");
+ return;
+ }
+
+ if (format == NULL) {
+ VcoreLogD("Null query!");
+ ThrowMsg(Exception::SyntaxError, "Null statement");
+ }
+
+ char *rawBuffer;
+
+ va_list args;
+ va_start(args, format);
+
+ if (vasprintf(&rawBuffer, format, args) == -1) {
+ rawBuffer = NULL;
+ }
+
+ va_end(args);
+
+ std::unique_ptr<char[],free_deleter> buffer(rawBuffer);
+
+ if (!buffer) {
+ VcoreLogD("Failed to allocate statement string");
+ return;
+ }
+
+ VcoreLogD("Executing SQL command: %s", buffer.get());
+
+ // Notify all after potentially synchronized database connection access
+ ScopedNotifyAll notifyAll(m_synchronizationObject.get());
+
+ for (;;) {
+ char *errorBuffer;
+
+ int ret = sqlite3_exec(m_connection,
+ buffer.get(),
+ NULL,
+ NULL,
+ &errorBuffer);
+
+ std::string errorMsg;
+
+ // Take allocated error buffer
+ if (errorBuffer != NULL) {
+ errorMsg = errorBuffer;
+ sqlite3_free(errorBuffer);
+ }
+
+ if (ret == SQLITE_OK) {
+ return;
+ }
+
+ if (ret == SQLITE_BUSY) {
+ VcoreLogD("Collision occurred while executing SQL command");
+
+ // Synchronize if synchronization object is available
+ if (m_synchronizationObject) {
+ VcoreLogD("Performing synchronization");
+ m_synchronizationObject->Synchronize();
+ continue;
+ }
+
+ // No synchronization object defined. Fail.
+ }
+
+ // Fatal error
+ VcoreLogD("Failed to execute SQL command. Error: %s", errorMsg.c_str());
+ ThrowMsg(Exception::SyntaxError, errorMsg);
+ }
+}
+
+SqlConnection::DataCommandAutoPtr SqlConnection::PrepareDataCommand(
+ const char *format,
+ ...)
+{
+ if (m_connection == NULL) {
+ VcoreLogD("Cannot execute data command. Not connected to DB!");
+ return DataCommandAutoPtr();
+ }
+
+ char *rawBuffer;
+
+ va_list args;
+ va_start(args, format);
+
+ if (vasprintf(&rawBuffer, format, args) == -1) {
+ rawBuffer = NULL;
+ }
+
+ va_end(args);
+
+ std::unique_ptr<char[],free_deleter> buffer(rawBuffer);
+
+ if (!buffer) {
+ VcoreLogD("Failed to allocate statement string");
+ return DataCommandAutoPtr();
+ }
+
+ VcoreLogD("Executing SQL data command: %s", buffer.get());
+
+ return DataCommandAutoPtr(new DataCommand(this, buffer.get()));
+}
+
+SqlConnection::RowID SqlConnection::GetLastInsertRowID() const
+{
+ return static_cast<RowID>(sqlite3_last_insert_rowid(m_connection));
+}
+
+void SqlConnection::TurnOnForeignKeys()
+{
+ ExecCommand("PRAGMA foreign_keys = ON;");
+}
+
+void SqlConnection::BeginTransaction()
+{
+ ExecCommand("BEGIN;");
+}
+
+void SqlConnection::RollbackTransaction()
+{
+ ExecCommand("ROLLBACK;");
+}
+
+void SqlConnection::CommitTransaction()
+{
+ ExecCommand("COMMIT;");
+}
+
+SqlConnection::SynchronizationObject *
+SqlConnection::AllocDefaultSynchronizationObject()
+{
+ return new NaiveSynchronizationObject();
+}
+
+int SqlConnection::db_util_open_with_options(const char *pszFilePath, sqlite3 **ppDB,
+ int flags, const char *zVfs)
+{
+ int mode;
+
+ if((pszFilePath == NULL) || (ppDB == NULL)) {
+ VcoreLogW("sqlite3 handle null error");
+ return SQLITE_ERROR;
+ }
+
+ mode = R_OK;
+
+ if((geteuid() != 0) && (access(pszFilePath, mode))) {
+ if(errno == EACCES) {
+ VcoreLogD("file access permission error");
+ return SQLITE_PERM;
+ }
+ }
+
+ /* Open DB */
+ int rc = sqlite3_open_v2(pszFilePath, ppDB, flags, zVfs);
+ if (SQLITE_OK != rc) {
+ VcoreLogE("sqlite3_open_v2 error(%d)",rc);
+ return rc;
+ }
+
+ //rc = __db_util_open(*ppDB);
+
+ return rc;
+}
+
+
+int SqlConnection::db_util_close(sqlite3 *pDB)
+{
+ char *pszErrorMsg = NULL;
+
+ /* Close DB */
+ int rc = sqlite3_close(pDB);
+ if (SQLITE_OK != rc) {
+ VcoreLogW("Fail to change journal mode: %s\n", pszErrorMsg);
+ sqlite3_free(pszErrorMsg);
+ return rc;
+ }
+
+ return SQLITE_OK;
+}
+
+} // namespace DB
+} // namespace VcoreDPL
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+/*
+ * @file thread_database_support.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk)
+ * @version 1.0
+ * @brief This file contains the definition of thread database support
+ */
+#include <stddef.h>
+#include <dpl/db/thread_database_support.h>
\ No newline at end of file
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file abstract_log_provider.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of abstract log provider
+ */
+#ifndef DPL_ABSTRACT_LOG_PROVIDER_H
+#define DPL_ABSTRACT_LOG_PROVIDER_H
+
+namespace VcoreDPL {
+namespace Log {
+class AbstractLogProvider
+{
+ public:
+ virtual ~AbstractLogProvider() {}
+
+ virtual void Debug(const char *message,
+ const char *fileName,
+ int line,
+ const char *function) = 0;
+ virtual void Info(const char *message,
+ const char *fileName,
+ int line,
+ const char *function) = 0;
+ virtual void Warning(const char *message,
+ const char *fileName,
+ int line,
+ const char *function) = 0;
+ virtual void Error(const char *message,
+ const char *fileName,
+ int line,
+ const char *function) = 0;
+ virtual void Pedantic(const char *message,
+ const char *fileName,
+ int line,
+ const char *function) = 0;
+
+ protected:
+ static const char *LocateSourceFileName(const char *filename);
+};
+}
+} // namespace VcoreDPL
+
+#endif // DPL_ABSTRACT_LOG_PROVIDER_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file dlog_log_provider.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of DLOG log provider
+ */
+#ifndef DPL_DLOG_LOG_PROVIDER_H
+#define DPL_DLOG_LOG_PROVIDER_H
+
+#include <dpl/log/abstract_log_provider.h>
+#include <dpl/scoped_free.h>
+#include <string>
+
+namespace VcoreDPL {
+namespace Log {
+class DLOGLogProvider :
+ public AbstractLogProvider
+{
+ private:
+ VcoreDPL::ScopedFree<char> m_tag;
+
+ static std::string FormatMessage(const char *message,
+ const char *filename,
+ int line,
+ const char *function);
+
+ public:
+ DLOGLogProvider();
+ virtual ~DLOGLogProvider();
+
+ virtual void Debug(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+ virtual void Info(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+ virtual void Warning(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+ virtual void Error(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+ virtual void Pedantic(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+
+ // Set global Tag according to DLOG
+ void SetTag(const char *tag);
+};
+}
+} // namespace VcoreDPL
+
+#endif // DPL_DLOG_LOG_PROVIDER_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file log.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of log system
+ */
+#ifndef DPL_LOG_H
+#define DPL_LOG_H
+
+#include <dpl/singleton.h>
+#include <dpl/noncopyable.h>
+#include <dpl/log/abstract_log_provider.h>
+#include <dpl/log/dlog_log_provider.h>
+#include <dpl/log/old_style_log_provider.h>
+#include <sstream>
+#include <list>
+
+namespace VcoreDPL {
+namespace Log {
+/**
+ * DPL log system
+ *
+ * To switch logs into old style, export
+ * DPL_USE_OLD_STYLE_LOGS before application start
+ */
+class LogSystem :
+ private Noncopyable
+{
+ private:
+ typedef std::list<AbstractLogProvider *> AbstractLogProviderPtrList;
+ AbstractLogProviderPtrList m_providers;
+
+ DLOGLogProvider *m_dlogProvider;
+ OldStyleLogProvider *m_oldStyleProvider;
+
+ bool m_isLoggingEnabled;
+
+ public:
+ bool IsLoggingEnabled() const;
+ LogSystem();
+ virtual ~LogSystem();
+
+ /**
+ * Log debug message
+ */
+ void Debug(const char *message,
+ const char *filename,
+ int line,
+ const char *function);
+
+ /**
+ * Log info message
+ */
+ void Info(const char *message,
+ const char *filename,
+ int line,
+ const char *function);
+
+ /**
+ * Log warning message
+ */
+ void Warning(const char *message,
+ const char *filename,
+ int line,
+ const char *function);
+
+ /**
+ * Log error message
+ */
+ void Error(const char *message,
+ const char *filename,
+ int line,
+ const char *function);
+
+ /**
+ * Log pedantic message
+ */
+ void Pedantic(const char *message,
+ const char *filename,
+ int line,
+ const char *function);
+
+ /**
+ * Set default's DLOG provider Tag
+ */
+ void SetTag(const char *tag);
+
+ /**
+ * Add abstract provider to providers list
+ *
+ * @notice Ownership is transfered to LogSystem and deleted upon exit
+ */
+ void AddProvider(AbstractLogProvider *provider);
+
+ /**
+ * Remove abstract provider from providers list
+ */
+ void RemoveProvider(AbstractLogProvider *provider);
+};
+
+/*
+ * Replacement low overhead null logging class
+ */
+class NullStream
+{
+ public:
+ NullStream() {}
+
+ template <typename T>
+ NullStream& operator<<(const T&)
+ {
+ return *this;
+ }
+};
+
+/**
+ * Log system singleton
+ */
+typedef Singleton<LogSystem> LogSystemSingleton;
+}
+} // namespace VcoreDPL
+
+//
+// Log support
+//
+//
+
+#ifdef DPL_LOGS_ENABLED
+ #define DPL_MACRO_FOR_LOGGING(message, function) \
+ do \
+ { \
+ if (VcoreDPL::Log::LogSystemSingleton::Instance().IsLoggingEnabled()) \
+ { \
+ std::ostringstream platformLog; \
+ platformLog << message; \
+ VcoreDPL::Log::LogSystemSingleton::Instance().function( \
+ platformLog.str().c_str(), \
+ __FILE__, __LINE__, __FUNCTION__); \
+ } \
+ } while (0)
+#else
+/* avoid warnings about unused variables */
+ #define DPL_MACRO_FOR_LOGGING(message, function) \
+ do { \
+ VcoreDPL::Log::NullStream ns; \
+ ns << message; \
+ } while (0)
+#endif
+
+#define LogDebug(message) DPL_MACRO_FOR_LOGGING(message, Debug)
+#define LogInfo(message) DPL_MACRO_FOR_LOGGING(message, Info)
+#define LogWarning(message) DPL_MACRO_FOR_LOGGING(message, Warning)
+#define LogError(message) DPL_MACRO_FOR_LOGGING(message, Error)
+#define LogPedantic(message) DPL_MACRO_FOR_LOGGING(message, Pedantic)
+
+#endif // DPL_LOG_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file old_style_log_provider.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of old style log provider
+ */
+#ifndef DPL_OLD_STYLE_LOG_PROVIDER_H
+#define DPL_OLD_STYLE_LOG_PROVIDER_H
+
+#include <dpl/log/abstract_log_provider.h>
+#include <string>
+
+namespace VcoreDPL {
+namespace Log {
+class OldStyleLogProvider :
+ public AbstractLogProvider
+{
+ private:
+ bool m_showDebug;
+ bool m_showInfo;
+ bool m_showWarning;
+ bool m_showError;
+ bool m_showPedantic;
+ bool m_printStdErr;
+
+ static std::string FormatMessage(const char *message,
+ const char *filename,
+ int line,
+ const char *function);
+
+ public:
+ OldStyleLogProvider(bool showDebug,
+ bool showInfo,
+ bool showWarning,
+ bool showError,
+ bool showPedantic);
+ OldStyleLogProvider(bool showDebug,
+ bool showInfo,
+ bool showWarning,
+ bool showError,
+ bool showPedantic,
+ bool printStdErr);
+ virtual ~OldStyleLogProvider() {}
+
+ virtual void Debug(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+ virtual void Info(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+ virtual void Warning(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+ virtual void Error(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+ virtual void Pedantic(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+};
+}
+} // namespace VcoreDPL
+
+#endif // DPL_OLD_STYLE_LOG_PROVIDER_H
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef VCORE_LOG_H
+#define VCORE_LOG_H
+
+#ifdef DPL_LOGS_ENABLED
+
+#ifndef TIZEN_DEBUG_ENABLE
+#define TIZEN_DEBUG_ENABLE
+#endif //TIZEN_DEBUG_ENABLE
+
+#else //DPL_LOGS_ENABLED
+
+#undef TIZEN_DEBUG_ENABLE
+
+#endif //DPL_LOGS_ENABLED
+
+// Log tag check
+#ifdef LOG_TAG
+#undef LOG_TAG
+#endif
+#define LOG_TAG "CERT_SVC_VCORE"
+
+#include <dlog.h>
+
+#define COLOR_ERROR "\033[38;5;160;1m" // bold red
+#define COLOR_WARNING "\033[38;5;202;1m" // bold orange
+#define COLOR_INFO "\033[38;5;243;1m" // bold light gray
+#define COLOR_DEBUG "\033[38;5;243;0m" // normal light gray
+
+#define COLOR_END "\033[0m"
+
+#define INTERNAL_SECURE_LOG __extension__ SECURE_SLOG
+#define VCORE_LOG(priority, color, format, ...) \
+do { \
+ INTERNAL_SECURE_LOG(priority, LOG_TAG, color format "%s", __VA_ARGS__); \
+} while(0)
+
+/*
+ * Please use following macros
+ */
+
+#define VcoreLogD(...) VCORE_LOG(LOG_DEBUG, COLOR_DEBUG, __VA_ARGS__, COLOR_END)
+#define VcoreLogI(...) VCORE_LOG(LOG_INFO, COLOR_INFO, __VA_ARGS__, COLOR_END)
+#define VcoreLogW(...) VCORE_LOG(LOG_WARN, COLOR_WARNING, __VA_ARGS__, COLOR_END)
+#define VcoreLogE(...) VCORE_LOG(LOG_ERROR, COLOR_ERROR, __VA_ARGS__, COLOR_END)
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file abstract_log_provider.cpp
+ * @author Pawel Sikorski (p.sikorski@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of abstract log provider
+ */
+#include <stddef.h>
+#include <dpl/log/abstract_log_provider.h>
+#include <cstring>
+
+namespace VcoreDPL {
+namespace Log {
+const char *AbstractLogProvider::LocateSourceFileName(const char *filename)
+{
+ const char *ptr = strrchr(filename, '/');
+ return ptr != NULL ? ptr + 1 : filename;
+}
+}
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file dlog_log_provider.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of DLOG log provider
+ */
+#include <stddef.h>
+#include <dpl/log/dlog_log_provider.h>
+#include <cstring>
+#include <sstream>
+#include <dlog.h>
+
+#ifdef SECURE_LOG
+ #define INTERNAL_DLP_LOG_ SECURE_LOG
+#else
+ #define INTERNAL_DLP_LOG_ LOG
+#endif
+
+/*
+ * The __extension__ keyword in the following define is required because
+ * macros used here from dlog.h use non-standard extension that cause
+ * gcc to show unwanted warnings when compiling with -pedantic switch.
+ */
+#define INTERNAL_DLP_LOG __extension__ INTERNAL_DLP_LOG_
+
+namespace VcoreDPL {
+namespace Log {
+std::string DLOGLogProvider::FormatMessage(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ std::ostringstream val;
+
+ val << std::string("[") <<
+ LocateSourceFileName(filename) << std::string(":") << line <<
+ std::string("] ") << function << std::string("(): ") << message;
+
+ return val.str();
+}
+
+DLOGLogProvider::DLOGLogProvider()
+{}
+
+DLOGLogProvider::~DLOGLogProvider()
+{}
+
+void DLOGLogProvider::SetTag(const char *tag)
+{
+ m_tag.Reset(strdup(tag));
+}
+
+void DLOGLogProvider::Debug(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ INTERNAL_DLP_LOG(LOG_DEBUG, m_tag.Get(), "%s",
+ FormatMessage(message, filename, line, function).c_str());
+}
+
+void DLOGLogProvider::Info(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ INTERNAL_DLP_LOG(LOG_INFO, m_tag.Get(), "%s",
+ FormatMessage(message, filename, line, function).c_str());
+}
+
+void DLOGLogProvider::Warning(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ INTERNAL_DLP_LOG(LOG_WARN, m_tag.Get(), "%s",
+ FormatMessage(message, filename, line, function).c_str());
+}
+
+void DLOGLogProvider::Error(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ INTERNAL_DLP_LOG(LOG_ERROR, m_tag.Get(), "%s",
+ FormatMessage(message, filename, line, function).c_str());
+}
+
+void DLOGLogProvider::Pedantic(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ INTERNAL_DLP_LOG(LOG_DEBUG, "DPL", "%s",
+ FormatMessage(message, filename, line, function).c_str());
+}
+}
+} // namespace VcoreDPL
+
+#undef INTERNAL_DLP_LOG
+#undef INTERNAL_DLP_LOG_
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file log.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of log system
+ */
+#include <stddef.h>
+#include <dpl/log/log.h>
+#include <dpl/singleton_impl.h>
+
+IMPLEMENT_SINGLETON(VcoreDPL::Log::LogSystem)
+
+namespace VcoreDPL {
+namespace Log {
+namespace // anonymous
+{
+const char *OLD_STYLE_LOGS_ENV_NAME = "DPL_USE_OLD_STYLE_LOGS";
+const char *OLD_STYLE_PEDANTIC_LOGS_ENV_NAME =
+ "DPL_USE_OLD_STYLE_PEDANTIC_LOGS";
+const char *OLD_STYLE_LOGS_MASK_ENV_NAME = "DPL_USE_OLD_STYLE_LOGS_MASK";
+const char *DPL_LOG_OFF = "DPL_LOG_OFF";
+} // namespace anonymous
+
+bool LogSystem::IsLoggingEnabled() const
+{
+ return m_isLoggingEnabled;
+}
+
+LogSystem::LogSystem() :
+ m_dlogProvider(NULL),
+ m_oldStyleProvider(NULL),
+ m_isLoggingEnabled(!getenv(DPL_LOG_OFF))
+{
+ bool oldStyleLogs = false;
+ bool oldStyleDebugLogs = true;
+ bool oldStyleInfoLogs = true;
+ bool oldStyleWarningLogs = true;
+ bool oldStyleErrorLogs = true;
+ bool oldStylePedanticLogs = false;
+
+ // Check environment settings about pedantic logs
+ const char *value = getenv(OLD_STYLE_LOGS_ENV_NAME);
+
+ if (value != NULL && !strcmp(value, "1")) {
+ oldStyleLogs = true;
+ }
+
+ value = getenv(OLD_STYLE_PEDANTIC_LOGS_ENV_NAME);
+
+ if (value != NULL && !strcmp(value, "1")) {
+ oldStylePedanticLogs = true;
+ }
+
+ value = getenv(OLD_STYLE_LOGS_MASK_ENV_NAME);
+
+ if (value != NULL) {
+ size_t len = strlen(value);
+
+ if (len >= 1) {
+ if (value[0] == '0') {
+ oldStyleDebugLogs = false;
+ } else if (value[0] == '1') {
+ oldStyleDebugLogs = true;
+ }
+ }
+
+ if (len >= 2) {
+ if (value[1] == '0') {
+ oldStyleInfoLogs = false;
+ } else if (value[1] == '1') {
+ oldStyleInfoLogs = true;
+ }
+ }
+
+ if (len >= 3) {
+ if (value[2] == '0') {
+ oldStyleWarningLogs = false;
+ } else if (value[2] == '1') {
+ oldStyleWarningLogs = true;
+ }
+ }
+
+ if (len >= 4) {
+ if (value[3] == '0') {
+ oldStyleErrorLogs = false;
+ } else if (value[3] == '1') {
+ oldStyleErrorLogs = true;
+ }
+ }
+ }
+
+ // Setup default DLOG and old style logging
+ if (oldStyleLogs) {
+ // Old style
+ m_oldStyleProvider = new OldStyleLogProvider(oldStyleDebugLogs,
+ oldStyleInfoLogs,
+ oldStyleWarningLogs,
+ oldStyleErrorLogs,
+ oldStylePedanticLogs);
+ AddProvider(m_oldStyleProvider);
+ } else {
+ // DLOG
+ m_dlogProvider = new DLOGLogProvider();
+ AddProvider(m_dlogProvider);
+ }
+}
+
+LogSystem::~LogSystem()
+{
+ // Delete all providers
+ for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin();
+ iterator != m_providers.end();
+ ++iterator)
+ {
+ delete *iterator;
+ }
+
+ m_providers.clear();
+
+ // And even default providers
+ m_dlogProvider = NULL;
+ m_oldStyleProvider = NULL;
+}
+
+void LogSystem::SetTag(const char* tag)
+{
+ if (m_dlogProvider != NULL) {
+ m_dlogProvider->SetTag(tag);
+ }
+}
+
+void LogSystem::AddProvider(AbstractLogProvider *provider)
+{
+ m_providers.push_back(provider);
+}
+
+void LogSystem::RemoveProvider(AbstractLogProvider *provider)
+{
+ m_providers.remove(provider);
+}
+
+void LogSystem::Debug(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin();
+ iterator != m_providers.end();
+ ++iterator)
+ {
+ (*iterator)->Debug(message, filename, line, function);
+ }
+}
+
+void LogSystem::Info(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin();
+ iterator != m_providers.end();
+ ++iterator)
+ {
+ (*iterator)->Info(message, filename, line, function);
+ }
+}
+
+void LogSystem::Warning(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin();
+ iterator != m_providers.end();
+ ++iterator)
+ {
+ (*iterator)->Warning(message, filename, line, function);
+ }
+}
+
+void LogSystem::Error(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin();
+ iterator != m_providers.end();
+ ++iterator)
+ {
+ (*iterator)->Error(message, filename, line, function);
+ }
+}
+
+void LogSystem::Pedantic(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin();
+ iterator != m_providers.end();
+ ++iterator)
+ {
+ (*iterator)->Pedantic(message, filename, line, function);
+ }
+}
+}
+} // namespace VcoreDPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file old_style_log_provider.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of old style log provider
+ */
+#include <stddef.h>
+#include <dpl/log/old_style_log_provider.h>
+#include <dpl/colors.h>
+#include <cstdio>
+#include <cstring>
+#include <sstream>
+#include <sys/time.h>
+#include <unistd.h>
+
+namespace VcoreDPL {
+namespace Log {
+namespace // anonymous
+{
+using namespace VcoreDPL::Colors::Text;
+const char *DEBUG_BEGIN = GREEN_BEGIN;
+const char *DEBUG_END = GREEN_END;
+const char *INFO_BEGIN = CYAN_BEGIN;
+const char *INFO_END = CYAN_END;
+const char *ERROR_BEGIN = RED_BEGIN;
+const char *ERROR_END = RED_END;
+const char *WARNING_BEGIN = BOLD_GOLD_BEGIN;
+const char *WARNING_END = BOLD_GOLD_END;
+const char *PEDANTIC_BEGIN = PURPLE_BEGIN;
+const char *PEDANTIC_END = PURPLE_END;
+
+std::string GetFormattedTime()
+{
+ timeval tv;
+ tm localNowTime;
+
+ gettimeofday(&tv, NULL);
+ localtime_r(&tv.tv_sec, &localNowTime);
+
+ char format[64];
+ snprintf(format,
+ sizeof(format),
+ "%02i:%02i:%02i.%03i",
+ localNowTime.tm_hour,
+ localNowTime.tm_min,
+ localNowTime.tm_sec,
+ static_cast<int>(tv.tv_usec / 1000));
+ return format;
+}
+} // namespace anonymous
+
+std::string OldStyleLogProvider::FormatMessage(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ std::ostringstream val;
+
+ val << std::string("[") << GetFormattedTime() << std::string("] [") <<
+ static_cast<unsigned long>(pthread_self()) << "/" <<
+ static_cast<int>(getpid()) << std::string("] [") <<
+ LocateSourceFileName(filename) << std::string(":") << line <<
+ std::string("] ") << function << std::string("(): ") << message;
+
+ return val.str();
+}
+
+OldStyleLogProvider::OldStyleLogProvider(bool showDebug,
+ bool showInfo,
+ bool showWarning,
+ bool showError,
+ bool showPedantic) :
+ m_showDebug(showDebug),
+ m_showInfo(showInfo),
+ m_showWarning(showWarning),
+ m_showError(showError),
+ m_showPedantic(showPedantic),
+ m_printStdErr(false)
+{}
+
+OldStyleLogProvider::OldStyleLogProvider(bool showDebug,
+ bool showInfo,
+ bool showWarning,
+ bool showError,
+ bool showPedantic,
+ bool printStdErr) :
+ m_showDebug(showDebug),
+ m_showInfo(showInfo),
+ m_showWarning(showWarning),
+ m_showError(showError),
+ m_showPedantic(showPedantic),
+ m_printStdErr(printStdErr)
+{}
+
+void OldStyleLogProvider::Debug(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ if (m_showDebug) {
+ if (m_printStdErr) {
+ fprintf(stderr, "%s%s%s\n", DEBUG_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), DEBUG_END);
+ } else {
+ fprintf(stdout, "%s%s%s\n", DEBUG_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), DEBUG_END);
+ }
+ }
+}
+
+void OldStyleLogProvider::Info(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ if (m_showInfo) {
+ if (m_printStdErr) {
+ fprintf(stderr, "%s%s%s\n", INFO_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), INFO_END);
+ } else {
+ fprintf(stdout, "%s%s%s\n", INFO_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), INFO_END);
+ }
+ }
+}
+
+void OldStyleLogProvider::Warning(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ if (m_showWarning) {
+ if (m_printStdErr) {
+ fprintf(stderr, "%s%s%s\n", WARNING_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), WARNING_END);
+ } else {
+ fprintf(stdout, "%s%s%s\n", WARNING_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), WARNING_END);
+ }
+ }
+}
+
+void OldStyleLogProvider::Error(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ if (m_showError) {
+ if (m_printStdErr) {
+ fprintf(stderr, "%s%s%s\n", ERROR_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), ERROR_END);
+ } else {
+ fprintf(stdout, "%s%s%s\n", ERROR_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), ERROR_END);
+ }
+ }
+}
+
+void OldStyleLogProvider::Pedantic(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ if (m_showPedantic) {
+ if (m_printStdErr) {
+ fprintf(stderr, "%s%s%s\n", PEDANTIC_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), PEDANTIC_END);
+ } else {
+ fprintf(stdout, "%s%s%s\n", PEDANTIC_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), PEDANTIC_END);
+ }
+ }
+}
+}
+} // namespace VcoreDPL
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file abstract_input_parser.h
+ * @author Tomasz Iwanek (t.iwanek@samsung.com)
+ * @brief Simple parser abstraction to be included into reader
+ */
+
+#ifndef ABSTRACT_INPUT_PARSER_H
+#define ABSTRACT_INPUT_PARSER_H
+
+#include <dpl/exception.h>
+
+#include <memory>
+
+namespace VcoreDPL {
+
+/**
+ * Abstract class of parser that produces some higher level abstraction
+ * basing on incoming tokens
+ */
+template<class Result, class Token> class AbstractInputParser
+{
+public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, ParserError)
+ };
+
+ typedef Result ResultType;
+ typedef Token TokenType;
+
+ virtual ~AbstractInputParser() {}
+
+ virtual void ConsumeToken(std::unique_ptr<Token> && token) = 0;
+ virtual bool IsStateValid() = 0;
+ virtual Result GetResult() const = 0;
+};
+
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file abstract_input_reader.h
+ * @author Tomasz Iwanek (t.iwanek@samsung.com)
+ * @brief Simple output reader template
+ *
+ * This generic skeleton for parser which assume being composed from abstract two logical components:
+ *
+ * - parser,
+ * - tokenizer/lexer,
+ * which implements token flow logic. Logic of components may be arbitrary. See depending change for uses.
+ *
+ * Components are created at start time of reader (constructor which moves arguments).
+ * Virtuality (abstract base classes) are for enforcing same token type.
+ * I assumed it's more clear than writen static asserts in code enforcing this.
+ */
+
+#ifndef ABSTRACT_INPUT_READER_H
+#define ABSTRACT_INPUT_READER_H
+
+#include <memory>
+
+#include <dpl/test/abstract_input_tokenizer.h>
+#include <dpl/test/abstract_input_parser.h>
+#include <dpl/abstract_input.h>
+
+namespace VcoreDPL {
+
+/**
+ * Base reader class that can be used with any AbstractInput instance
+ *
+ * This class is encapsulation class for tokenizer and reader subelements
+ * and contains basic calculation pattern
+ *
+ * There a waste in form of virtuality for parser and tokenizer
+ * -> this for forcing same tokenT type in both components
+ */
+template<class ResultT, class TokenT> class AbstractInputReader
+{
+public:
+ typedef ResultT TokenType;
+ typedef TokenT ResultType;
+ typedef AbstractInputParser<ResultT, TokenT> ParserBase;
+ typedef AbstractInputTokenizer<TokenT> TokenizerBase;
+
+ class Exception
+ {
+ public:
+ typedef typename TokenizerBase::Exception::TokenizerError TokenizerError;
+ typedef typename ParserBase::Exception::ParserError ParserError;
+ };
+
+ AbstractInputReader(std::shared_ptr<AbstractInput> ia,
+ std::unique_ptr<ParserBase> && parser,
+ std::unique_ptr<TokenizerBase> && tokenizer)
+ : m_parser(std::move(parser)), m_tokenizer(std::move(tokenizer))
+ {
+ m_tokenizer->Reset(ia);
+ }
+
+ virtual ~AbstractInputReader() {}
+
+ ResultT ReadInput()
+ {
+ typedef typename Exception::TokenizerError TokenizerError;
+ typedef typename Exception::ParserError ParserError;
+
+ while(true)
+ {
+ std::unique_ptr<TokenT> token = m_tokenizer->GetNextToken();
+ if(!token)
+ {
+ if(!m_tokenizer->IsStateValid())
+ {
+ ThrowMsg(TokenizerError, "Tokenizer error");
+ }
+ if(!m_parser->IsStateValid())
+ {
+ ThrowMsg(ParserError, "Parser error");
+ }
+
+ return m_parser->GetResult();
+ }
+ m_parser->ConsumeToken(std::move(token));
+ }
+ }
+
+protected:
+ std::unique_ptr<ParserBase> m_parser;
+ std::unique_ptr<TokenizerBase> m_tokenizer;
+};
+
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file abstract_input_tokenizer.h
+ * @author Tomasz Iwanek (t.iwanek@samsung.com)
+ * @brief Simple tokenizer abstraction
+ */
+
+#ifndef ABSTRACT_INPUT_TOKENIZER_H
+#define ABSTRACT_INPUT_TOKENIZER_H
+
+#include <memory>
+#include <string>
+
+#include <dpl/abstract_input.h>
+#include <dpl/exception.h>
+
+namespace VcoreDPL {
+
+/**
+ * Tokenizer abstract base class
+ *
+ * This class is supposed to accept AbstractInput in constructor
+ * and produce tokens until end of source. If parsing ends in invalid state
+ * then IsStateValid() should return false
+ */
+template<class Token> class AbstractInputTokenizer
+{
+public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, TokenizerError)
+ };
+
+ typedef Token TokenType;
+
+ AbstractInputTokenizer() {}
+ virtual ~AbstractInputTokenizer() {}
+
+ /**
+ * @brief Reset resets data source
+ * @param wia AbstractWaitableInputAdapter instance
+ */
+ virtual void Reset(std::shared_ptr<AbstractInput> wia)
+ {
+ m_input = wia;
+ }
+
+ /**
+ * @brief GetNextToken
+ *
+ * Parses next token.
+ * Returns pointer to token
+ * @throw TokenizerError in condition of input source error
+ * If returned empty pointer IsStateValid() == true -> end of input
+ * IsStateValid() == false -> error
+ *
+ * @param token token to be set
+ * @return
+ */
+ virtual std::unique_ptr<Token> GetNextToken() = 0;
+ virtual bool IsStateValid() = 0;
+
+protected:
+ std::shared_ptr<AbstractInput> m_input;
+};
+
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file process_pipe.h
+ * @author Tomasz Iwanek (t.iwanek@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation pipe from process
+ */
+#ifndef PROCESS_PIPE_H
+#define PROCESS_PIPE_H
+
+#include <dpl/file_input.h>
+#include <dpl/exception.h>
+
+#include <cstdio>
+
+namespace VcoreDPL {
+
+class ProcessPipe : public FileInput
+{
+public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, DoubleOpen)
+ };
+
+ enum class PipeErrorPolicy
+ {
+ NONE,
+ OFF,
+ PIPE
+ };
+
+ explicit ProcessPipe(PipeErrorPolicy err = PipeErrorPolicy::NONE);
+ virtual ~ProcessPipe();
+
+ void Open(const std::string &command);
+ void Close();
+
+private:
+ FILE * m_file;
+ PipeErrorPolicy m_errPolicy;
+};
+
+}
+
+#endif // PROCESS_PIPE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_results_collector.h
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief Header file with declaration of TestResultsCollectorBase
+ */
+
+#ifndef DPL_TEST_RESULTS_COLLECTOR_H
+#define DPL_TEST_RESULTS_COLLECTOR_H
+
+#include <dpl/noncopyable.h>
+#include <dpl/availability.h>
+#include <vector>
+#include <list>
+#include <map>
+#include <string>
+#include <memory>
+
+namespace VcoreDPL {
+namespace Test {
+class TestResultsCollectorBase;
+typedef std::shared_ptr<TestResultsCollectorBase>
+TestResultsCollectorBasePtr;
+
+class TestResultsCollectorBase :
+ private VcoreDPL::Noncopyable
+{
+ public:
+ typedef TestResultsCollectorBase* (*CollectorConstructorFunc)();
+ typedef std::list<std::string> TestCaseIdList;
+ struct FailStatus
+ {
+ enum Type
+ {
+ NONE,
+ FAILED,
+ IGNORED,
+ INTERNAL
+ };
+ };
+
+ virtual ~TestResultsCollectorBase() {}
+
+ virtual bool Configure()
+ {
+ return true;
+ }
+ virtual void Start(int count) { DPL_UNUSED_PARAM(count); }
+ virtual void Finish() { }
+ virtual void CollectCurrentTestGroupName(const std::string& /*groupName*/)
+ {}
+
+ virtual void CollectTestsCasesList(const TestCaseIdList& /*list*/) {}
+ virtual void CollectResult(const std::string& id,
+ const std::string& description,
+ const FailStatus::Type status = FailStatus::NONE,
+ const std::string& reason = "") = 0;
+ virtual std::string CollectorSpecificHelp() const
+ {
+ return "";
+ }
+ virtual bool ParseCollectorSpecificArg (const std::string& /*arg*/)
+ {
+ return false;
+ }
+
+ static TestResultsCollectorBase* Create(const std::string& name);
+ static void RegisterCollectorConstructor(
+ const std::string& name,
+ CollectorConstructorFunc
+ constructor);
+ static std::vector<std::string> GetCollectorsNames();
+
+ private:
+ typedef std::map<std::string, CollectorConstructorFunc> ConstructorsMap;
+ static ConstructorsMap m_constructorsMap;
+};
+}
+}
+
+#endif /* DPL_TEST_RESULTS_COLLECTOR_H */
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_runner.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of test runner
+ */
+#ifndef DPL_TEST_RUNNER_H
+#define DPL_TEST_RUNNER_H
+
+#include <dpl/singleton.h>
+#include <dpl/availability.h>
+#include <dpl/test/test_results_collector.h>
+
+#include <atomic>
+#include <sstream>
+#include <string>
+#include <vector>
+#include <list>
+#include <set>
+#include <map>
+
+namespace VcoreDPL {
+namespace Test {
+class TestRunner
+{
+ typedef std::map<std::string, TestResultsCollectorBasePtr>
+ TestResultsCollectors;
+ TestResultsCollectors m_collectors;
+
+ std::string m_startTestId;
+ bool m_runIgnored;
+
+ public:
+ TestRunner()
+ : m_runIgnored(false)
+ , m_allowChildLogs(false)
+ , m_terminate(false)
+ , m_totalAssertions(0)
+ {}
+
+ typedef void (*TestCase)();
+
+ private:
+ struct TestCaseStruct
+ {
+ std::string name;
+ TestCase proc;
+
+ bool operator <(const TestCaseStruct &other) const
+ {
+ return name < other.name;
+ }
+
+ bool operator ==(const TestCaseStruct &other) const
+ {
+ return name == other.name;
+ }
+
+ TestCaseStruct(const std::string &n, TestCase p) :
+ name(n),
+ proc(p)
+ {}
+ };
+
+ typedef std::list<TestCaseStruct> TestCaseStructList;
+ typedef std::map<std::string, TestCaseStructList> TestCaseGroupMap;
+ TestCaseGroupMap m_testGroups;
+
+ typedef std::set<std::string> SelectedTestNameSet;
+ SelectedTestNameSet m_selectedTestNamesSet;
+ typedef std::set<std::string> SelectedTestGroupSet;
+ SelectedTestGroupSet m_selectedTestGroupSet;
+ std::string m_currentGroup;
+
+ // Terminate without any logs.
+ // Some test requires to call fork function.
+ // Child process must not produce any logs and should die quietly.
+ bool m_allowChildLogs;
+ bool m_terminate;
+
+ std::atomic<int> m_totalAssertions;
+
+ void Banner();
+ void InvalidArgs(const std::string& message = "Invalid arguments!");
+ void Usage();
+
+ bool filterGroupsByXmls(const std::vector<std::string> & files);
+ bool filterByXML(std::map<std::string, bool> & casesMap);
+ void normalizeXMLTag(std::string& str, const std::string& testcase);
+
+ enum Status { FAILED, IGNORED, PASS };
+
+ Status RunTestCase(const TestCaseStruct& testCase);
+
+ void RunTests();
+
+ void CollectResult(const std::string& id,
+ const std::string& description,
+ const TestResultsCollectorBase::FailStatus::Type status
+ = TestResultsCollectorBase::FailStatus::NONE,
+ const std::string& reason = std::string());
+
+ public:
+ class TestFailed
+ {
+ private:
+ std::string m_message;
+
+ public:
+ TestFailed()
+ {}
+
+ //! \brief Failed test message creator
+ //!
+ //! \param[in] aTest string for tested expression
+ //! \param[in] aFile source file name
+ //! \param[in] aLine source file line
+ //! \param[in] aMessage error message
+ TestFailed(const char* aTest,
+ const char* aFile,
+ int aLine,
+ const std::string &aMessage);
+
+ TestFailed(const std::string &message);
+
+ std::string GetMessage() const
+ {
+ return m_message;
+ }
+ };
+
+ class Ignored
+ {
+ private:
+ std::string m_message;
+
+ public:
+ Ignored()
+ {}
+
+ Ignored(const std::string &message) :
+ m_message(message)
+ {}
+
+ std::string GetMessage() const
+ {
+ return m_message;
+ }
+ };
+
+ void MarkAssertion();
+
+ void RegisterTest(const char *testName, TestCase proc);
+ void InitGroup(const char* name);
+
+ int ExecTestRunner(int argc, char *argv[]);
+ typedef std::vector<std::string> ArgsList;
+ int ExecTestRunner(const ArgsList& args);
+ bool getRunIgnored() const;
+ // The runner will terminate as soon as possible (after current test).
+ void Terminate();
+ bool GetAllowChildLogs();
+};
+
+typedef VcoreDPL::Singleton<TestRunner> TestRunnerSingleton;
+}
+} // namespace VcoreDPL
+
+#define RUNNER_TEST_GROUP_INIT(GroupName) \
+ static int Static##GroupName##Init() \
+ { \
+ VcoreDPL::Test::TestRunnerSingleton::Instance().InitGroup(#GroupName); \
+ return 0; \
+ } \
+ const int DPL_UNUSED Static##GroupName##InitVar = \
+ Static##GroupName##Init();
+
+#define RUNNER_TEST(Proc) \
+ void Proc(); \
+ static int Static##Proc##Init() \
+ { \
+ VcoreDPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc);\
+ return 0; \
+ } \
+ const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
+ void Proc()
+
+#define RUNNER_ASSERT_MSG(test, message) \
+ do \
+ { \
+ VcoreDPL::Test::TestRunnerSingleton::Instance().MarkAssertion(); \
+ \
+ if (!(test)) \
+ { \
+ std::ostringstream assertMsg; \
+ assertMsg << message; \
+ throw VcoreDPL::Test::TestRunner::TestFailed(#test, \
+ __FILE__, \
+ __LINE__, \
+ assertMsg.str()); \
+ } \
+ } while (0)
+
+#define RUNNER_ASSERT(test) RUNNER_ASSERT_MSG(test, "")
+
+#define RUNNER_FAIL RUNNER_ASSERT(false)
+
+#define RUNNER_IGNORED_MSG(message) \
+ do { \
+ std::ostringstream assertMsg; \
+ assertMsg << message; \
+ throw VcoreDPL::Test::TestRunner::Ignored( assertMsg.str() ); \
+ } while (0)
+
+#endif // DPL_TEST_RUNNER_H
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_runner_child.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of test runner
+ */
+#ifndef DPL_TEST_RUNNER_CHILD_H
+#define DPL_TEST_RUNNER_CHILD_H
+
+#include <dpl/test/test_runner.h>
+
+namespace VcoreDPL {
+namespace Test {
+
+class PipeWrapper : VcoreDPL::Noncopyable
+{
+ public:
+ enum Usage {
+ READONLY,
+ WRITEONLY
+ };
+
+ enum Status {
+ SUCCESS,
+ TIMEOUT,
+ ERROR
+ };
+
+ PipeWrapper();
+
+ bool isReady();
+
+ void setUsage(Usage usage);
+
+ virtual ~PipeWrapper();
+
+ Status send(int code, std::string &message);
+
+ Status receive(int &code, std::string &data, time_t deadline);
+
+ void closeAll();
+
+ protected:
+
+ std::string toBinaryString(int data);
+
+ void closeHelp(int desc);
+
+ Status writeHelp(const void *buffer, int size);
+
+ Status readHelp(void *buf, int size, time_t deadline);
+
+ static const int PIPE_CLOSED = -1;
+
+ int m_pipefd[2];
+};
+
+void RunChildProc(TestRunner::TestCase procChild);
+} // namespace Test
+} // namespace VcoreDPL
+
+#define RUNNER_CHILD_TEST(Proc) \
+ void Proc(); \
+ void Proc##Child(); \
+ static int Static##Proc##Init() \
+ { \
+ VcoreDPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
+ return 0; \
+ } \
+ const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
+ void Proc(){ \
+ VcoreDPL::Test::RunChildProc(&Proc##Child); \
+ } \
+ void Proc##Child()
+
+#endif // DPL_TEST_RUNNER_CHILD_H
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_runner_multiprocess.h
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of multiprocess test runner
+ */
+#ifndef DPL_TEST_RUNNER_MULTIPROCESS_H
+#define DPL_TEST_RUNNER_MULTIPROCESS_H
+
+#include <dpl/test/test_runner_child.h>
+
+namespace VcoreDPL {
+namespace Test {
+
+class SimplePipeWrapper :
+ public PipeWrapper
+{
+ public:
+ SimplePipeWrapper();
+
+ virtual ~SimplePipeWrapper();
+
+ Status send(std::string &message);
+ Status receive(std::string &data, bool &empty, time_t deadline);
+};
+
+void RunMultiProc(TestRunner::TestCase procMulti);
+} // namespace Test
+} // namespace VcoreDPL
+
+#define RUNNER_MULTIPROCESS_TEST(Proc) \
+ void Proc(); \
+ void Proc##Multi(); \
+ static int Static##Proc##Init() \
+ { \
+ VcoreDPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
+ return 0; \
+ } \
+ const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
+ void Proc(){ \
+ VcoreDPL::Test::RunMultiProc(&Proc##Multi); \
+ } \
+ void Proc##Multi()
+
+#endif // DPL_TEST_RUNNER_MULTIPROCESS_H
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file value_separated_parser.h
+ * @author Tomasz Iwanek (t.iwanek@samsung.com)
+ * @brief Parser for some value seperated files/data
+ */
+
+#ifndef VALUE_SEPARATED_PARSER_H
+#define VALUE_SEPARATED_PARSER_H
+
+#include<string>
+#include<vector>
+#include<memory>
+
+#include<dpl/test/value_separated_tokens.h>
+#include<dpl/test/abstract_input_parser.h>
+
+namespace VcoreDPL {
+
+typedef std::vector<std::string> VSLine;
+typedef std::vector<VSLine> VSResult;
+typedef std::shared_ptr<VSResult> VSResultPtr;
+
+/**
+ * Value Seperated parser
+ *
+ * Requires following policy class:
+ *
+ * template<VSResultPtr>
+ * struct CSVParserPolicy
+ * {
+ * static bool SkipLine(VSLine & );
+ * static bool Validate(VSResultPtr& result);
+ * };
+ */
+template<class ParserPolicy>
+class VSParser : public AbstractInputParser<VSResultPtr, VSToken>
+{
+public:
+ VSParser() : m_switchLine(true), m_result(new VSResult()) {}
+
+ void ConsumeToken(std::unique_ptr<VSToken> && token)
+ {
+ if(m_switchLine)
+ {
+ m_result->push_back(VSLine());
+ m_switchLine = false;
+ }
+ if(token->isNewLine())
+ {
+ if(ParserPolicy::SkipLine(*m_result->rbegin()))
+ {
+ m_result->pop_back();
+ }
+ m_switchLine = true;
+ }
+ else
+ {
+ m_result->rbegin()->push_back(token->cell());
+ }
+ }
+
+ bool IsStateValid()
+ {
+ return ParserPolicy::Validate(m_result);
+ }
+
+ VSResultPtr GetResult() const
+ {
+ return m_result;
+ }
+
+private:
+ bool m_switchLine;
+ VSResultPtr m_result;
+};
+
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file value_separated_policies.h
+ * @author Tomasz Iwanek (t.iwanek@samsung.com)
+ * @brief Example policy classes for some value seperated files/data
+ */
+
+#ifndef VALUE_SEPARATED_POLICIES_H
+#define VALUE_SEPARATED_POLICIES_H
+
+#include<string>
+#include<vector>
+#include<memory>
+
+namespace VcoreDPL {
+
+struct CSVTokenizerPolicy
+{
+ static std::string GetSeperators(); //cells in line are separated by given characters
+ static bool SkipEmpty(); //if cell is empty, shoudl I skip?
+ static void PrepareValue(std::string &); //transform each value
+ static bool TryAgainAtEnd(int); //read is nonblocking so dat may not be yet available, should I retry?
+};
+
+struct CSVParserPolicy
+{
+ static bool SkipLine(const std::vector<std::string> & ); //should I skip whole readline?
+ static bool Validate(std::shared_ptr<std::vector<std::vector<std::string> > > & result); //validate and adjust output data
+};
+
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file value_separated_reader.h
+ * @author Tomasz Iwanek (t.iwanek@samsung.com)
+ * @brief Reader for some value seperated files/data
+ *
+ * This is parser for files containing lines with values seperated with custom charaters.
+ * Purpose of this is to parse output similar to csv and hide (no need for rewriting)
+ * buffers, reads, code errors. Result is two dimensional array.
+ *
+ * Reader is designed as class configured with policies classes:
+ * http://en.wikipedia.org/wiki/Policy-based_design
+ */
+
+#ifndef VALUE_SEPARATED_READER_H
+#define VALUE_SEPARATED_READER_H
+
+#include<dpl/test/abstract_input_reader.h>
+#include<dpl/test/value_separated_tokenizer.h>
+#include<dpl/test/value_separated_parser.h>
+#include<dpl/test/value_separated_tokens.h>
+#include<dpl/test/value_separated_policies.h>
+
+namespace VcoreDPL {
+
+/**
+ * Reader for input with values separated with defined characters
+ *
+ * Usage:
+ * - define both policies classes for defining and customize exact behaviour of reader
+ * - make typedef for VSReader template instance with your policies
+ *
+ */
+template<class ParserPolicy, class TokenizerPolicy>
+class VSReader : public AbstractInputReader<VSResultPtr, VSToken>
+{
+public:
+ VSReader(std::shared_ptr<AbstractInput> wia)
+ : AbstractInputReader<VSResultPtr, VSToken>(wia,
+ std::unique_ptr<ParserBase>(new VSParser<ParserPolicy>()),
+ std::unique_ptr<TokenizerBase>(new VSTokenizer<TokenizerPolicy>()))
+ {}
+};
+
+typedef VSReader<CSVParserPolicy, CSVTokenizerPolicy> CSVReader;
+
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file value_separated_tokenizer.h
+ * @author Tomasz Iwanek (t.iwanek@samsung.com)
+ * @brief Tokenizer for some value seperated files/data
+ */
+
+#ifndef VALUE_SEPARATED_TOKENIZER_H
+#define VALUE_SEPARATED_TOKENIZER_H
+
+#include<dpl/test/abstract_input_tokenizer.h>
+#include<dpl/test/value_separated_tokens.h>
+#include<dpl/binary_queue.h>
+
+
+namespace VcoreDPL {
+
+/**
+ * Value Sperated tokenizer
+ *
+ * Requires following policy class:
+ *
+ * struct TokenizerPolicy
+ * {
+ * static std::string GetSeperators();
+ * static bool SkipEmpty();
+ * static void PrepareValue(std::string & value);
+ * };
+ */
+template<class TokenizerPolicy>
+class VSTokenizer : public AbstractInputTokenizer<VSToken>
+{
+public:
+ VSTokenizer() {}
+
+ void Reset(std::shared_ptr<AbstractInput> ia)
+ {
+ AbstractInputTokenizer<VSToken>::Reset(ia);
+ m_queue.Clear();
+ m_finished = false;
+ m_newline = false;
+ }
+
+ std::unique_ptr<VSToken> GetNextToken()
+ {
+ std::unique_ptr<VSToken> token;
+ std::string data;
+ char byte;
+ int tryNumber = 0;
+
+ while(true)
+ {
+ //check if newline was approched
+ if(m_newline)
+ {
+ token.reset(new VSToken());
+ m_newline = false;
+ return token;
+ }
+
+ //read next data
+ if(m_queue.Empty())
+ {
+ if(m_finished)
+ {
+ return token;
+ }
+ else
+ {
+ auto baptr = m_input->Read(4096);
+ if(baptr.get() == 0)
+ {
+ ThrowMsg(Exception::TokenizerError, "Input read failed");
+ }
+ if(baptr->Empty())
+ {
+ if(TokenizerPolicy::TryAgainAtEnd(tryNumber))
+ {
+ ++tryNumber;
+ continue;
+ }
+ m_finished = true;
+ return token;
+ }
+ m_queue.AppendMoveFrom(*baptr);
+ }
+ }
+
+ //process
+ m_queue.FlattenConsume(&byte, 1); //queue uses pointer to consume bytes, this do not causes reallocations
+ if(byte == '\n')
+ {
+ m_newline = true;
+ if(!data.empty() || !TokenizerPolicy::SkipEmpty())
+ {
+ ProduceString(token, data);
+ return token;
+ }
+ }
+ else if(TokenizerPolicy::GetSeperators().find(byte) != std::string::npos)
+ {
+ if(!data.empty() || !TokenizerPolicy::SkipEmpty())
+ {
+ ProduceString(token, data);
+ return token;
+ }
+ }
+ else
+ {
+ data += byte;
+ }
+ }
+ }
+
+ bool IsStateValid()
+ {
+ if(!m_queue.Empty() && m_finished) return false;
+ return true;
+ }
+
+protected:
+ void ProduceString(std::unique_ptr<VSToken> & token, std::string & data)
+ {
+ TokenizerPolicy::PrepareValue(data);
+ token.reset(new VSToken(data));
+ }
+
+ BinaryQueue m_queue;
+ bool m_finished;
+ bool m_newline;
+};
+
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file value_separated_tokens.h
+ * @author Tomasz Iwanek (t.iwanek@samsung.com)
+ * @brief Token class for some value seperated files/data
+ */
+
+#ifndef VALUE_SEPARATED_TOKENS_H
+#define VALUE_SEPARATED_TOKENS_H
+
+#include<string>
+
+namespace VcoreDPL {
+
+class VSToken
+{
+public:
+ VSToken(const std::string & c);
+ VSToken(); //newline token - no new class to simplify
+ const std::string & cell() const;
+
+ bool isNewLine();
+private:
+ bool m_newline;
+ std::string m_cell;
+};
+
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file process_pipe.cpp
+ * @author Tomasz Iwanek (t.iwanek@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation pipe from process
+ */
+
+#include<dpl/test/process_pipe.h>
+#include<dpl/log/vcore_log.h>
+
+namespace VcoreDPL {
+
+ProcessPipe::ProcessPipe(PipeErrorPolicy err) : m_file(NULL), m_errPolicy(err)
+{
+}
+
+ProcessPipe::~ProcessPipe()
+{
+}
+
+void ProcessPipe::Open(const std::string & command)
+{
+ if(m_file != NULL)
+ {
+ ThrowMsg(Exception::DoubleOpen, "Trying to open pipe second time. Close it first");
+ }
+
+ std::string stdErrRedirection;
+ switch(m_errPolicy)
+ {
+ case PipeErrorPolicy::NONE: break;
+ case PipeErrorPolicy::OFF: stdErrRedirection = " 2>/dev/null"; break;
+ case PipeErrorPolicy::PIPE: stdErrRedirection = " 2>&1"; break;
+ default: break;
+ }
+
+ std::string fcommand = command + stdErrRedirection;
+ FILE * file = popen(fcommand.c_str(), "r");
+
+ // Throw an exception if an error occurred
+ if (file == NULL) {
+ ThrowMsg(FileInput::Exception::OpenFailed, fcommand);
+ }
+
+ // Save new descriptor
+ m_file = file;
+ m_fd = fileno(m_file);
+
+ VcoreLogD("Opened pipe: %s", fcommand.c_str());
+}
+
+void ProcessPipe::Close()
+{
+ if (m_fd == -1) {
+ return;
+ }
+
+ if (pclose(m_file) == -1) {
+ Throw(FileInput::Exception::CloseFailed);
+ }
+
+ m_fd = -1;
+ m_file = NULL;
+
+ VcoreLogD("Closed pipe");
+}
+
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_results_collector.h
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief Implementation file some concrete TestResulstsCollector
+ */
+#include <cstddef>
+#include <dpl/test/test_results_collector.h>
+#include <dpl/colors.h>
+#include <dpl/assert.h>
+#include <dpl/foreach.h>
+#include <dpl/scoped_fclose.h>
+#include <dpl/exception.h>
+#include <dpl/errno_string.h>
+#include <dpl/lexical_cast.h>
+#include <dpl/availability.h>
+
+#include <string>
+#include <string.h>
+#include <cstdio>
+#include <fstream>
+#include <sstream>
+#include <cstdlib>
+
+#define GREEN_RESULT_OK "[%s%s%s]\n", BOLD_GREEN_BEGIN, " OK ", \
+ BOLD_GREEN_END
+
+namespace VcoreDPL {
+namespace Test {
+namespace {
+const char *DEFAULT_HTML_FILE_NAME = "index.html";
+const char *DEFAULT_TAP_FILE_NAME = "results.tap";
+const char *DEFAULT_XML_FILE_NAME = "results.xml";
+
+bool ParseCollectorFileArg(const std::string &arg, std::string &filename)
+{
+ const std::string argname = "--file=";
+ if (arg.find(argname) == 0 ) {
+ filename = arg.substr(argname.size());
+ return true;
+ }
+ return false;
+}
+
+class Statistic
+{
+ public:
+ Statistic() :
+ m_failed(0),
+ m_ignored(0),
+ m_passed(0),
+ m_count(0)
+ {}
+
+ void AddTest(TestResultsCollectorBase::FailStatus::Type type)
+ {
+ ++m_count;
+ switch (type) {
+ case TestResultsCollectorBase::FailStatus::INTERNAL:
+ case TestResultsCollectorBase::FailStatus::FAILED: ++m_failed;
+ break;
+ case TestResultsCollectorBase::FailStatus::IGNORED: ++m_ignored;
+ break;
+ case TestResultsCollectorBase::FailStatus::NONE: ++m_passed;
+ break;
+ default:
+ Assert(false && "Bad FailStatus");
+ }
+ }
+
+ std::size_t GetTotal() const
+ {
+ return m_count;
+ }
+ std::size_t GetPassed() const
+ {
+ return m_passed;
+ }
+ std::size_t GetSuccesed() const
+ {
+ return m_passed;
+ }
+ std::size_t GetFailed() const
+ {
+ return m_failed;
+ }
+ std::size_t GetIgnored() const
+ {
+ return m_ignored;
+ }
+ float GetPassedOrIgnoredPercend() const
+ {
+ float passIgnoredPercent =
+ 100.0f * (static_cast<float>(m_passed)
+ + static_cast<float>(m_ignored))
+ / static_cast<float>(m_count);
+ return passIgnoredPercent;
+ }
+
+ private:
+ std::size_t m_failed;
+ std::size_t m_ignored;
+ std::size_t m_passed;
+ std::size_t m_count;
+};
+
+class ConsoleCollector :
+ public TestResultsCollectorBase
+{
+ public:
+ static TestResultsCollectorBase* Constructor();
+
+ private:
+ ConsoleCollector() {}
+
+ virtual void CollectCurrentTestGroupName(const std::string& name)
+ {
+ printf("Starting group %s\n", name.c_str());
+ m_currentGroup = name;
+ }
+
+ virtual void Finish()
+ {
+ using namespace VcoreDPL::Colors::Text;
+
+ // Show result
+ FOREACH(group, m_groupsStats) {
+ PrintStats(group->first, group->second);
+ }
+ PrintStats("All tests together", m_stats);
+ }
+
+ virtual void CollectResult(const std::string& id,
+ const std::string& /*description*/,
+ const FailStatus::Type status = FailStatus::NONE,
+ const std::string& reason = "")
+ {
+ using namespace VcoreDPL::Colors::Text;
+ std::string tmp = "'" + id + "' ...";
+
+ printf("Running test case %-60s", tmp.c_str());
+ switch (status) {
+ case TestResultsCollectorBase::FailStatus::NONE:
+ printf(GREEN_RESULT_OK);
+ break;
+ case TestResultsCollectorBase::FailStatus::FAILED:
+ PrintfErrorMessage(" FAILED ", reason, true);
+ break;
+ case TestResultsCollectorBase::FailStatus::IGNORED:
+ PrintfIgnoredMessage("Ignored ", reason, true);
+ break;
+ case TestResultsCollectorBase::FailStatus::INTERNAL:
+ PrintfErrorMessage("INTERNAL", reason, true);
+ break;
+ default:
+ Assert(false && "Bad status");
+ }
+ m_stats.AddTest(status);
+ m_groupsStats[m_currentGroup].AddTest(status);
+ }
+
+ void PrintfErrorMessage(const char* type,
+ const std::string& message,
+ bool verbosity)
+ {
+ using namespace VcoreDPL::Colors::Text;
+ if (verbosity) {
+ printf("[%s%s%s] %s%s%s\n",
+ BOLD_RED_BEGIN,
+ type,
+ BOLD_RED_END,
+ BOLD_YELLOW_BEGIN,
+ message.c_str(),
+ BOLD_YELLOW_END);
+ } else {
+ printf("[%s%s%s]\n",
+ BOLD_RED_BEGIN,
+ type,
+ BOLD_RED_END);
+ }
+ }
+
+ void PrintfIgnoredMessage(const char* type,
+ const std::string& message,
+ bool verbosity)
+ {
+ using namespace VcoreDPL::Colors::Text;
+ if (verbosity) {
+ printf("[%s%s%s] %s%s%s\n",
+ CYAN_BEGIN,
+ type,
+ CYAN_END,
+ BOLD_GOLD_BEGIN,
+ message.c_str(),
+ BOLD_GOLD_END);
+ } else {
+ printf("[%s%s%s]\n",
+ CYAN_BEGIN,
+ type,
+ CYAN_END);
+ }
+ }
+
+ void PrintStats(const std::string& title, const Statistic& stats)
+ {
+ using namespace VcoreDPL::Colors::Text;
+ printf("\n%sResults [%s]: %s\n", BOLD_GREEN_BEGIN,
+ title.c_str(), BOLD_GREEN_END);
+ printf("%s%s%3d%s\n",
+ CYAN_BEGIN,
+ "Total tests: ",
+ stats.GetTotal(),
+ CYAN_END);
+ printf(" %s%s%3d%s\n",
+ CYAN_BEGIN,
+ "Succeeded: ",
+ stats.GetPassed(),
+ CYAN_END);
+ printf(" %s%s%3d%s\n",
+ CYAN_BEGIN,
+ "Failed: ",
+ stats.GetFailed(),
+ CYAN_END);
+ printf(" %s%s%3d%s\n",
+ CYAN_BEGIN,
+ "Ignored: ",
+ stats.GetIgnored(),
+ CYAN_END);
+ }
+
+ Statistic m_stats;
+ std::map<std::string, Statistic> m_groupsStats;
+ std::string m_currentGroup;
+};
+
+TestResultsCollectorBase* ConsoleCollector::Constructor()
+{
+ return new ConsoleCollector();
+}
+
+class HtmlCollector :
+ public TestResultsCollectorBase
+{
+ public:
+ static TestResultsCollectorBase* Constructor();
+
+ private:
+ HtmlCollector() : m_filename(DEFAULT_HTML_FILE_NAME) {}
+
+ virtual void CollectCurrentTestGroupName(const std::string& name)
+ {
+ fprintf(m_fp.Get(), "<b>Starting group %s", name.c_str());
+ m_currentGroup = name;
+ }
+
+ virtual bool Configure()
+ {
+ m_fp.Reset(fopen(m_filename.c_str(), "w"));
+ if (!m_fp) {
+ VcoreLogD("Could not open file %s for writing", m_filename.c_str());
+ return false;
+ }
+ return true;
+ }
+ virtual std::string CollectorSpecificHelp() const
+ {
+ return "--file=<filename> - name of file for output\n"
+ " default - index.html\n";
+ }
+
+ virtual void Start(int count)
+ {
+ DPL_UNUSED_PARAM(count);
+ AssertMsg(!!m_fp, "File handle must not be null");
+ fprintf(m_fp.Get(),
+ "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0"
+ "Transitional//EN\" "
+ "\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\""
+ ">\n");
+ fprintf(m_fp.Get(),
+ "<html xmlns=\"http://www.w3.org/1999/xhtml\" "
+ "lang=\"en\" dir=\"ltr\">\n");
+ fprintf(m_fp.Get(), "<body style=\"background-color: black;\">\n");
+ fprintf(m_fp.Get(), "<pre>\n");
+ fprintf(m_fp.Get(), "<font color=\"white\">\n");
+ }
+
+ virtual void Finish()
+ {
+ using namespace VcoreDPL::Colors::Html;
+ // Show result
+ FOREACH(group, m_groupsStats) {
+ PrintStats(group->first, group->second);
+ }
+ PrintStats("All tests together", m_stats);
+ fprintf(m_fp.Get(), "</font>\n");
+ fprintf(m_fp.Get(), "</pre>\n");
+ fprintf(m_fp.Get(), "</body>\n");
+ fprintf(m_fp.Get(), "</html>\n");
+ }
+
+ virtual bool ParseCollectorSpecificArg(const std::string& arg)
+ {
+ return ParseCollectorFileArg(arg, m_filename);
+ }
+
+ virtual void CollectResult(const std::string& id,
+ const std::string& /*description*/,
+ const FailStatus::Type status = FailStatus::NONE,
+ const std::string& reason = "")
+ {
+ using namespace VcoreDPL::Colors::Html;
+ std::string tmp = "'" + id + "' ...";
+
+ fprintf(m_fp.Get(), "Running test case %-100s", tmp.c_str());
+ switch (status) {
+ case TestResultsCollectorBase::FailStatus::NONE:
+ fprintf(m_fp.Get(), GREEN_RESULT_OK);
+ break;
+ case TestResultsCollectorBase::FailStatus::FAILED:
+ PrintfErrorMessage(" FAILED ", reason, true);
+ break;
+ case TestResultsCollectorBase::FailStatus::IGNORED:
+ PrintfIgnoredMessage("Ignored ", reason, true);
+ break;
+ case TestResultsCollectorBase::FailStatus::INTERNAL:
+ PrintfErrorMessage("INTERNAL", reason, true);
+ break;
+ default:
+ Assert(false && "Bad status");
+ }
+ m_groupsStats[m_currentGroup].AddTest(status);
+ m_stats.AddTest(status);
+ }
+
+ void PrintfErrorMessage(const char* type,
+ const std::string& message,
+ bool verbosity)
+ {
+ using namespace VcoreDPL::Colors::Html;
+ if (verbosity) {
+ fprintf(m_fp.Get(),
+ "[%s%s%s] %s%s%s\n",
+ BOLD_RED_BEGIN,
+ type,
+ BOLD_RED_END,
+ BOLD_YELLOW_BEGIN,
+ message.c_str(),
+ BOLD_YELLOW_END);
+ } else {
+ fprintf(m_fp.Get(),
+ "[%s%s%s]\n",
+ BOLD_RED_BEGIN,
+ type,
+ BOLD_RED_END);
+ }
+ }
+
+ void PrintfIgnoredMessage(const char* type,
+ const std::string& message,
+ bool verbosity)
+ {
+ using namespace VcoreDPL::Colors::Html;
+
+ if (verbosity) {
+ fprintf(m_fp.Get(),
+ "[%s%s%s] %s%s%s\n",
+ CYAN_BEGIN,
+ type,
+ CYAN_END,
+ BOLD_GOLD_BEGIN,
+ message.c_str(),
+ BOLD_GOLD_END);
+ } else {
+ fprintf(m_fp.Get(),
+ "[%s%s%s]\n",
+ CYAN_BEGIN,
+ type,
+ CYAN_END);
+ }
+ }
+
+ void PrintStats(const std::string& name, const Statistic& stats)
+ {
+ using namespace VcoreDPL::Colors::Html;
+ fprintf(
+ m_fp.Get(), "\n%sResults [%s]:%s\n", BOLD_GREEN_BEGIN,
+ name.c_str(), BOLD_GREEN_END);
+ fprintf(
+ m_fp.Get(), "%s%s%3d%s\n", CYAN_BEGIN,
+ "Total tests: ", stats.GetTotal(), CYAN_END);
+ fprintf(
+ m_fp.Get(), " %s%s%3d%s\n", CYAN_BEGIN,
+ "Succeeded: ", stats.GetPassed(), CYAN_END);
+ fprintf(
+ m_fp.Get(), " %s%s%3d%s\n", CYAN_BEGIN,
+ "Failed: ", stats.GetFailed(), CYAN_END);
+ fprintf(
+ m_fp.Get(), " %s%s%3d%s\n", CYAN_BEGIN,
+ "Ignored: ", stats.GetIgnored(), CYAN_END);
+ }
+
+ std::string m_filename;
+ ScopedFClose m_fp;
+ Statistic m_stats;
+ std::string m_currentGroup;
+ std::map<std::string, Statistic> m_groupsStats;
+};
+
+TestResultsCollectorBase* HtmlCollector::Constructor()
+{
+ return new HtmlCollector();
+}
+
+class XmlCollector :
+ public TestResultsCollectorBase
+{
+ public:
+ static TestResultsCollectorBase* Constructor();
+
+ private:
+ XmlCollector() : m_filename(DEFAULT_XML_FILE_NAME) {}
+
+ virtual void CollectCurrentTestGroupName(const std::string& name)
+ {
+ std::size_t pos = GetCurrentGroupPosition();
+ if (std::string::npos != pos) {
+ GroupFinish(pos);
+ FlushOutput();
+ m_stats = Statistic();
+ }
+
+ pos = m_outputBuffer.find("</testsuites>");
+ if (std::string::npos == pos) {
+ ThrowMsg(VcoreDPL::Exception, "Could not find test suites closing tag");
+ }
+ GroupStart(pos, name);
+ }
+
+ void GroupStart(const std::size_t pos, const std::string& name)
+ {
+ std::stringstream groupHeader;
+ groupHeader << "\n\t<testsuite";
+ groupHeader << " name=\"" << EscapeSpecialCharacters(name) << "\"";
+ groupHeader << R"( tests="1")"; // include SegFault
+ groupHeader << R"( failures="1")"; // include SegFault
+ groupHeader << R"( skipped="0")";
+ groupHeader << ">";
+
+ groupHeader << "\n\t\t<testcase name=\"unknown\" status=\"FAILED\">";
+ groupHeader <<
+ "\n\t\t\t<failure type=\"FAILED\" message=\"segmentation fault\"/>";
+ groupHeader << "\n\t\t</testcase>";
+
+ groupHeader << "\n\t</testsuite>";
+
+ m_outputBuffer.insert(pos - 1, groupHeader.str());
+ }
+
+ virtual bool Configure()
+ {
+ m_fp.Reset(fopen(m_filename.c_str(), "w"));
+ if (!m_fp) {
+ VcoreLogD("Could not open file %s for writing", m_filename.c_str());
+ return false;
+ }
+ return true;
+ }
+
+ virtual std::string CollectorSpecificHelp() const
+ {
+ return "--file=<filename> - name of file for output\n"
+ " default - results.xml\n";
+ }
+
+ virtual void Start(int count)
+ {
+ AssertMsg(!!m_fp, "File handle must not be null");
+ m_outputBuffer.append("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n");
+ m_outputBuffer.append("<testsuites ");
+ if(count >= 0)
+ {
+ m_outputBuffer.append("total=\"");
+ m_outputBuffer.append(VcoreDPL::lexical_cast<std::string>(count));
+ m_outputBuffer.append("\"");
+ }
+ m_outputBuffer.append(" >\n</testsuites>");
+ FlushOutput();
+ }
+
+ virtual void Finish()
+ {
+ std::size_t pos = GetCurrentGroupPosition();
+ if (std::string::npos != pos) {
+ GroupFinish(pos);
+ FlushOutput();
+ }
+ }
+
+ virtual bool ParseCollectorSpecificArg(const std::string& arg)
+ {
+ return ParseCollectorFileArg(arg, m_filename);
+ }
+
+ virtual void CollectResult(const std::string& id,
+ const std::string& /*description*/,
+ const FailStatus::Type status = FailStatus::NONE,
+ const std::string& reason = "")
+ {
+ m_resultBuffer.erase();
+ m_resultBuffer.append("\t\t<testcase name=\"");
+ m_resultBuffer.append(EscapeSpecialCharacters(id));
+ m_resultBuffer.append("\"");
+ switch (status) {
+ case TestResultsCollectorBase::FailStatus::NONE:
+ m_resultBuffer.append(" status=\"OK\"/>\n");
+ break;
+ case TestResultsCollectorBase::FailStatus::FAILED:
+ m_resultBuffer.append(" status=\"FAILED\">\n");
+ PrintfErrorMessage("FAILED", EscapeSpecialCharacters(reason), true);
+ m_resultBuffer.append("\t\t</testcase>\n");
+ break;
+ case TestResultsCollectorBase::FailStatus::IGNORED:
+ m_resultBuffer.append(" status=\"Ignored\">\n");
+ PrintfIgnoredMessage("Ignored", EscapeSpecialCharacters(
+ reason), true);
+ m_resultBuffer.append("\t\t</testcase>\n");
+ break;
+ case TestResultsCollectorBase::FailStatus::INTERNAL:
+ m_resultBuffer.append(" status=\"FAILED\">\n");
+ PrintfErrorMessage("INTERNAL", EscapeSpecialCharacters(
+ reason), true);
+ m_resultBuffer.append("\t\t</testcase>");
+ break;
+ default:
+ Assert(false && "Bad status");
+ }
+ std::size_t group_pos = GetCurrentGroupPosition();
+ if (std::string::npos == group_pos) {
+ ThrowMsg(VcoreDPL::Exception, "No current group set");
+ }
+
+ std::size_t last_case_pos = m_outputBuffer.find(
+ "<testcase name=\"unknown\"",
+ group_pos);
+ if (std::string::npos == last_case_pos) {
+ ThrowMsg(VcoreDPL::Exception, "Could not find SegFault test case");
+ }
+ m_outputBuffer.insert(last_case_pos - 2, m_resultBuffer);
+
+ m_stats.AddTest(status);
+
+ UpdateGroupHeader(group_pos,
+ m_stats.GetTotal() + 1, // include SegFault
+ m_stats.GetFailed() + 1, // include SegFault
+ m_stats.GetIgnored());
+ FlushOutput();
+ }
+
+ std::size_t GetCurrentGroupPosition() const
+ {
+ return m_outputBuffer.rfind("<testsuite ");
+ }
+
+ void UpdateGroupHeader(const std::size_t groupPosition,
+ const unsigned int tests,
+ const unsigned int failures,
+ const unsigned int skipped)
+ {
+ UpdateElementAttribute(groupPosition, "tests", UIntToString(tests));
+ UpdateElementAttribute(groupPosition, "failures", UIntToString(failures));
+ UpdateElementAttribute(groupPosition, "skipped", UIntToString(skipped));
+ }
+
+ void UpdateElementAttribute(const std::size_t elementPosition,
+ const std::string& name,
+ const std::string& value)
+ {
+ std::string pattern = name + "=\"";
+
+ std::size_t start = m_outputBuffer.find(pattern, elementPosition);
+ if (std::string::npos == start) {
+ ThrowMsg(VcoreDPL::Exception,
+ "Could not find attribute " << name << " beginning");
+ }
+
+ std::size_t end = m_outputBuffer.find("\"", start + pattern.length());
+ if (std::string::npos == end) {
+ ThrowMsg(VcoreDPL::Exception,
+ "Could not find attribute " << name << " end");
+ }
+
+ m_outputBuffer.replace(start + pattern.length(),
+ end - start - pattern.length(),
+ value);
+ }
+
+ std::string UIntToString(const unsigned int value)
+ {
+ std::stringstream result;
+ result << value;
+ return result.str();
+ }
+
+ void GroupFinish(const std::size_t groupPosition)
+ {
+ std::size_t segFaultStart =
+ m_outputBuffer.find("<testcase name=\"unknown\"", groupPosition);
+ if (std::string::npos == segFaultStart) {
+ ThrowMsg(VcoreDPL::Exception,
+ "Could not find SegFault test case start position");
+ }
+ segFaultStart -= 2; // to erase tabs
+
+ std::string closeTag = "</testcase>";
+ std::size_t segFaultEnd = m_outputBuffer.find(closeTag, segFaultStart);
+ if (std::string::npos == segFaultEnd) {
+ ThrowMsg(VcoreDPL::Exception,
+ "Could not find SegFault test case end position");
+ }
+ segFaultEnd += closeTag.length() + 1; // to erase new line
+
+ m_outputBuffer.erase(segFaultStart, segFaultEnd - segFaultStart);
+
+ UpdateGroupHeader(groupPosition,
+ m_stats.GetTotal(),
+ m_stats.GetFailed(),
+ m_stats.GetIgnored());
+ }
+
+ void FlushOutput()
+ {
+ int fd = fileno(m_fp.Get());
+ if (-1 == fd) {
+ int error = errno;
+ ThrowMsg(VcoreDPL::Exception, VcoreDPL::GetErrnoString(error));
+ }
+
+ if (-1 == TEMP_FAILURE_RETRY(ftruncate(fd, 0L))) {
+ int error = errno;
+ ThrowMsg(VcoreDPL::Exception, VcoreDPL::GetErrnoString(error));
+ }
+
+ if (-1 == TEMP_FAILURE_RETRY(fseek(m_fp.Get(), 0L, SEEK_SET))) {
+ int error = errno;
+ ThrowMsg(VcoreDPL::Exception, VcoreDPL::GetErrnoString(error));
+ }
+
+ if (m_outputBuffer.size() !=
+ fwrite(m_outputBuffer.c_str(), 1, m_outputBuffer.size(),
+ m_fp.Get()))
+ {
+ int error = errno;
+ ThrowMsg(VcoreDPL::Exception, VcoreDPL::GetErrnoString(error));
+ }
+
+ if (-1 == TEMP_FAILURE_RETRY(fflush(m_fp.Get()))) {
+ int error = errno;
+ ThrowMsg(VcoreDPL::Exception, VcoreDPL::GetErrnoString(error));
+ }
+ }
+
+ void PrintfErrorMessage(const char* type,
+ const std::string& message,
+ bool verbosity)
+ {
+ if (verbosity) {
+ m_resultBuffer.append("\t\t\t<failure type=\"");
+ m_resultBuffer.append(EscapeSpecialCharacters(type));
+ m_resultBuffer.append("\" message=\"");
+ m_resultBuffer.append(EscapeSpecialCharacters(message));
+ m_resultBuffer.append("\"/>\n");
+ } else {
+ m_resultBuffer.append("\t\t\t<failure type=\"");
+ m_resultBuffer.append(EscapeSpecialCharacters(type));
+ m_resultBuffer.append("\"/>\n");
+ }
+ }
+
+ void PrintfIgnoredMessage(const char* type,
+ const std::string& message,
+ bool verbosity)
+ {
+ if (verbosity) {
+ m_resultBuffer.append("\t\t\t<skipped type=\"");
+ m_resultBuffer.append(EscapeSpecialCharacters(type));
+ m_resultBuffer.append("\" message=\"");
+ m_resultBuffer.append(EscapeSpecialCharacters(message));
+ m_resultBuffer.append("\"/>\n");
+ } else {
+ m_resultBuffer.append("\t\t\t<skipped type=\"");
+ m_resultBuffer.append(EscapeSpecialCharacters(type));
+ m_resultBuffer.append("\"/>\n");
+ }
+ }
+
+ std::string EscapeSpecialCharacters(std::string s)
+ {
+ for (unsigned int i = 0; i < s.size();) {
+ switch (s[i]) {
+ case '"':
+ s.erase(i, 1);
+ s.insert(i, """);
+ i += 6;
+ break;
+
+ case '&':
+ s.erase(i, 1);
+ s.insert(i, "&");
+ i += 5;
+ break;
+
+ case '<':
+ s.erase(i, 1);
+ s.insert(i, "<");
+ i += 4;
+ break;
+
+ case '>':
+ s.erase(i, 1);
+ s.insert(i, ">");
+ i += 4;
+ break;
+
+ case '\'':
+ s.erase(i, 1);
+ s.insert(i, "'");
+ i += 5;
+ break;
+ default:
+ ++i;
+ break;
+ }
+ }
+ return s;
+ }
+
+ std::string m_filename;
+ ScopedFClose m_fp;
+ Statistic m_stats;
+ std::string m_outputBuffer;
+ std::string m_resultBuffer;
+};
+
+TestResultsCollectorBase* XmlCollector::Constructor()
+{
+ return new XmlCollector();
+}
+
+class CSVCollector :
+ public TestResultsCollectorBase
+{
+ public:
+ static TestResultsCollectorBase* Constructor();
+
+ private:
+ CSVCollector() {}
+
+ virtual void Start(int count)
+ {
+ DPL_UNUSED_PARAM(count);
+ printf("GROUP;ID;RESULT;REASON\n");
+ }
+
+ virtual void CollectCurrentTestGroupName(const std::string& name)
+ {
+ m_currentGroup = name;
+ }
+
+ virtual void CollectResult(const std::string& id,
+ const std::string& /*description*/,
+ const FailStatus::Type status = FailStatus::NONE,
+ const std::string& reason = "")
+ {
+ std::string statusMsg = "";
+ switch (status) {
+ case TestResultsCollectorBase::FailStatus::NONE: statusMsg = "OK";
+ break;
+ case TestResultsCollectorBase::FailStatus::FAILED: statusMsg = "FAILED";
+ break;
+ case TestResultsCollectorBase::FailStatus::IGNORED: statusMsg =
+ "IGNORED";
+ break;
+ case TestResultsCollectorBase::FailStatus::INTERNAL: statusMsg =
+ "FAILED";
+ break;
+ default:
+ Assert(false && "Bad status");
+ }
+ printf("%s;%s;%s;%s\n",
+ m_currentGroup.c_str(),
+ id.c_str(),
+ statusMsg.c_str(),
+ reason.c_str());
+ }
+
+ std::string m_currentGroup;
+};
+
+TestResultsCollectorBase* CSVCollector::Constructor()
+{
+ return new CSVCollector();
+}
+}
+
+class TAPCollector :
+ public TestResultsCollectorBase
+{
+ public:
+ static TestResultsCollectorBase* Constructor();
+
+ private:
+ TAPCollector() : m_filename(DEFAULT_TAP_FILE_NAME) {}
+
+ virtual bool Configure()
+ {
+ m_output.open(m_filename.c_str(), std::ios_base::trunc);
+ if (m_output.fail()) {
+ VcoreLogE("Can't open output file: %s", m_filename.c_str());
+ return false;
+ }
+ return true;
+ }
+ virtual std::string CollectorSpecificHelp() const
+ {
+ std::string retVal = "--file=<filename> - name of file for output\n"
+ " default - ";
+ retVal += DEFAULT_TAP_FILE_NAME;
+ retVal += "\n";
+ return retVal;
+ }
+
+ virtual void Start(int count)
+ {
+ DPL_UNUSED_PARAM(count);
+ AssertMsg(m_output.good(), "Output file must be opened.");
+ m_output << "TAP version 13" << std::endl;
+ m_testIndex = 0;
+ }
+
+ virtual void Finish()
+ {
+ m_output << "1.." << m_testIndex << std::endl;
+ m_output << m_collectedData.rdbuf();
+ m_output.close();
+ }
+
+ virtual bool ParseCollectorSpecificArg(const std::string& arg)
+ {
+ return ParseCollectorFileArg(arg, m_filename);
+ }
+
+ virtual void CollectResult(const std::string& id,
+ const std::string& description,
+ const FailStatus::Type status = FailStatus::NONE,
+ const std::string& reason = "")
+ {
+ m_testIndex++;
+ switch (status) {
+ case TestResultsCollectorBase::FailStatus::NONE:
+ LogBasicTAP(true, id, description);
+ endTAPLine();
+ break;
+ case TestResultsCollectorBase::FailStatus::FAILED:
+ LogBasicTAP(false, id, description);
+ endTAPLine();
+ break;
+ case TestResultsCollectorBase::FailStatus::IGNORED:
+ LogBasicTAP(true, id, description);
+ m_collectedData << " # skip " << reason;
+ endTAPLine();
+ break;
+ case TestResultsCollectorBase::FailStatus::INTERNAL:
+ LogBasicTAP(true, id, description);
+ endTAPLine();
+ m_collectedData << " ---" << std::endl;
+ m_collectedData << " message: " << reason << std::endl;
+ m_collectedData << " severity: Internal" << std::endl;
+ m_collectedData << " ..." << std::endl;
+ break;
+ default:
+ Assert(false && "Bad status");
+ }
+ }
+
+ void LogBasicTAP(bool isOK, const std::string& id,
+ const std::string& description)
+ {
+ if (!isOK) {
+ m_collectedData << "not ";
+ }
+ m_collectedData << "ok " << m_testIndex << " [" <<
+ id << "] " << description;
+ }
+
+ void endTAPLine()
+ {
+ m_collectedData << std::endl;
+ }
+
+ std::string m_filename;
+ std::stringstream m_collectedData;
+ std::ofstream m_output;
+ int m_testIndex;
+};
+
+TestResultsCollectorBase* TAPCollector::Constructor()
+{
+ return new TAPCollector();
+}
+
+void TestResultsCollectorBase::RegisterCollectorConstructor(
+ const std::string& name,
+ TestResultsCollectorBase::CollectorConstructorFunc func)
+{
+ Assert(m_constructorsMap.find(name) == m_constructorsMap.end());
+ m_constructorsMap[name] = func;
+}
+
+TestResultsCollectorBase* TestResultsCollectorBase::Create(
+ const std::string& name)
+{
+ ConstructorsMap::iterator found = m_constructorsMap.find(name);
+ if (found != m_constructorsMap.end()) {
+ return found->second();
+ } else {
+ return NULL;
+ }
+}
+
+std::vector<std::string> TestResultsCollectorBase::GetCollectorsNames()
+{
+ std::vector<std::string> list;
+ FOREACH(it, m_constructorsMap)
+ {
+ list.push_back(it->first);
+ }
+ return list;
+}
+
+TestResultsCollectorBase::ConstructorsMap TestResultsCollectorBase::
+ m_constructorsMap;
+
+namespace {
+static int RegisterCollectorConstructors();
+static const int RegisterHelperVariable = RegisterCollectorConstructors();
+int RegisterCollectorConstructors()
+{
+ (void)RegisterHelperVariable;
+
+ TestResultsCollectorBase::RegisterCollectorConstructor(
+ "text",
+ &ConsoleCollector::Constructor);
+ TestResultsCollectorBase::RegisterCollectorConstructor(
+ "html",
+ &HtmlCollector::Constructor);
+ TestResultsCollectorBase::RegisterCollectorConstructor(
+ "csv",
+ &CSVCollector::Constructor);
+ TestResultsCollectorBase::RegisterCollectorConstructor(
+ "tap",
+ &TAPCollector::Constructor);
+ TestResultsCollectorBase::RegisterCollectorConstructor(
+ "xml",
+ &XmlCollector::Constructor);
+
+ return 0;
+}
+}
+}
+}
+#undef GREEN_RESULT_OK
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_runner.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of test runner
+ */
+#include <stddef.h>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_results_collector.h>
+#include <dpl/exception.h>
+#include <dpl/free_deleter.h>
+#include <memory>
+#include <dpl/foreach.h>
+#include <dpl/log/vcore_log.h>
+#include <dpl/colors.h>
+#include <pcrecpp.h>
+#include <algorithm>
+#include <cstdio>
+#include <memory.h>
+#include <libgen.h>
+#include <cstring>
+#include <cstdlib>
+
+#include <libxml/xpath.h>
+#include <libxml/xpathInternals.h>
+#include <libxml/parser.h>
+#include <libxml/tree.h>
+
+#include <dpl/singleton_impl.h>
+IMPLEMENT_SINGLETON(VcoreDPL::Test::TestRunner)
+
+namespace {
+
+std::string getXMLNode(xmlNodePtr node)
+{
+ std::string ret;
+ xmlChar * value = xmlNodeGetContent(node);
+ if (value != NULL) {
+ ret = std::string(reinterpret_cast<char*>(value));
+ xmlFree(value);
+ }
+ return ret;
+}
+
+}
+
+
+namespace VcoreDPL {
+namespace Test {
+namespace // anonymous
+{
+std::string BaseName(std::string aPath)
+{
+ std::unique_ptr<char[],free_deleter> path(strdup(aPath.c_str()));
+ if (NULL == path.get()) {
+ throw std::bad_alloc();
+ }
+ char* baseName = basename(path.get());
+ std::string retValue = baseName;
+ return retValue;
+}
+} // namespace anonymous
+
+//! \brief Failed test message creator
+//!
+//! \param[in] aTest string for tested expression
+//! \param[in] aFile source file name
+//! \param[in] aLine source file line
+//! \param[in] aMessage error message
+TestRunner::TestFailed::TestFailed(const char* aTest,
+ const char* aFile,
+ int aLine,
+ const std::string &aMessage)
+{
+ std::ostringstream assertMsg;
+ assertMsg << "[" << BaseName(aFile) << ":" << aLine
+ << "] Assertion failed ("
+ << aTest << ") " << aMessage;
+ m_message = assertMsg.str();
+}
+
+TestRunner::TestFailed::TestFailed(const std::string &message)
+{
+ m_message = message;
+}
+
+void TestRunner::RegisterTest(const char *testName, TestCase proc)
+{
+ m_testGroups[m_currentGroup].push_back(TestCaseStruct(testName, proc));
+}
+
+void TestRunner::InitGroup(const char* name)
+{
+ m_currentGroup = name;
+}
+
+void TestRunner::normalizeXMLTag(std::string& str, const std::string& testcase)
+{
+ //Add testcase if missing
+ std::string::size_type pos = str.find(testcase);
+ if(pos != 0)
+ {
+ str = testcase + "_" + str;
+ }
+
+ //dpl test runner cannot have '-' character in name so it have to be replaced
+ // for TCT case to make comparision works
+ std::replace(str.begin(), str.end(), '-', '_');
+}
+
+bool TestRunner::filterGroupsByXmls(const std::vector<std::string> & files)
+{
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, XMLError)
+
+ const std::string idPath = "/test_definition/suite/set/testcase/@id";
+
+ bool success = true;
+ std::map<std::string, bool> casesMap;
+
+ std::string testsuite;
+ if(!m_testGroups.empty())
+ {
+ for(TestCaseGroupMap::const_iterator cit = m_testGroups.begin(); cit != m_testGroups.end(); ++cit)
+ {
+ if(!cit->second.empty())
+ {
+ for(TestCaseStructList::const_iterator cj = cit->second.begin(); cj != cit->second.end(); ++cj)
+ {
+ std::string name = cj->name;
+ std::string::size_type st = name.find('_');
+ if(st != std::string::npos)
+ {
+ name = name.substr(0, st);
+ testsuite = name;
+ break;
+ }
+ }
+ if(!testsuite.empty()) break;
+ }
+ }
+ }
+
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlXPathInit();
+
+ Try
+ {
+ FOREACH(file, files)
+ {
+ xmlDocPtr doc;
+ xmlXPathContextPtr xpathCtx;
+
+ doc = xmlReadFile(file->c_str(), NULL, 0);
+ if (doc == NULL) {
+ ThrowMsg(XMLError, "File Problem");
+ } else {
+ //context
+ xpathCtx = xmlXPathNewContext(doc);
+ if (xpathCtx == NULL) {
+ ThrowMsg(XMLError,
+ "Error: unable to create new XPath context\n");
+ }
+ xpathCtx->node = xmlDocGetRootElement(doc);
+ }
+
+ std::string result;
+ xmlXPathObjectPtr xpathObject;
+ //get requested node's values
+ xpathObject = xmlXPathEvalExpression(BAD_CAST idPath.c_str(), xpathCtx);
+ if (xpathObject == NULL)
+ {
+ ThrowMsg(XMLError, "XPath evaluation failure: " << idPath);
+ }
+ xmlNodeSetPtr nodes = xpathObject->nodesetval;
+ unsigned size = (nodes) ? nodes->nodeNr : 0;
+ VcoreLogD("Found %i nodes matching xpath", size);
+ for(unsigned i = 0; i < size; ++i)
+ {
+ VcoreLogD("Type: %i", nodes->nodeTab[i]->type);
+ if (nodes->nodeTab[i]->type == XML_ATTRIBUTE_NODE) {
+ xmlNodePtr curNode = nodes->nodeTab[i];
+ result = getXMLNode(curNode);
+ VcoreLogD("Result: %s", result.c_str());
+ normalizeXMLTag(result, testsuite);
+ casesMap.insert(make_pair(result, false));
+ }
+ }
+ //Cleanup of XPath data
+ xmlXPathFreeObject(xpathObject);
+ xmlXPathFreeContext(xpathCtx);
+ xmlFreeDoc(doc);
+ }
+ }
+ Catch(XMLError)
+ {
+ VcoreLogE("Libxml error: %s", _rethrown_exception.DumpToString().c_str());
+ success = false;
+ }
+ xmlCleanupParser();
+
+ if(!filterByXML(casesMap))
+ {
+ success = false;
+ }
+
+ return success;
+}
+
+bool TestRunner::filterByXML(std::map<std::string, bool> & casesMap)
+{
+ FOREACH(group, m_testGroups) {
+ TestCaseStructList newList;
+ FOREACH(iterator, group->second)
+ {
+ if (casesMap.find(iterator->name) != casesMap.end()) {
+ casesMap[iterator->name] = true;
+ newList.push_back(*iterator);
+ }
+ }
+ group->second = newList;
+ }
+ FOREACH(cs, casesMap)
+ {
+ if(cs->second == false)
+ {
+ VcoreLogE("Cannot find testcase from XML file: %s", cs->first.c_str());
+ return false;
+ }
+ }
+ return true;
+}
+
+TestRunner::Status TestRunner::RunTestCase(const TestCaseStruct& testCase)
+{
+ try {
+ testCase.proc();
+ } catch (const TestFailed &e) {
+ // Simple test failure
+ CollectResult(testCase.name,
+ "",
+ TestResultsCollectorBase::FailStatus::FAILED,
+ e.GetMessage());
+ return FAILED;
+ } catch (const Ignored &e) {
+ if (m_runIgnored) {
+ // Simple test have to be implemented
+ CollectResult(testCase.name,
+ "",
+ TestResultsCollectorBase::FailStatus::IGNORED,
+ e.GetMessage());
+ }
+
+ return IGNORED;
+ } catch (const VcoreDPL::Exception &e) {
+ // DPL exception failure
+ CollectResult(testCase.name,
+ "",
+ TestResultsCollectorBase::FailStatus::INTERNAL,
+ "DPL exception:" + e.GetMessage() + "\n" + e.DumpToString());
+
+ return FAILED;
+ } catch (const std::exception &) {
+ // std exception failure
+ CollectResult(testCase.name,
+ "",
+ TestResultsCollectorBase::FailStatus::INTERNAL,
+ "std exception");
+
+ return FAILED;
+ } catch (...) {
+ // Unknown exception failure
+ CollectResult(testCase.name,
+ "",
+ TestResultsCollectorBase::FailStatus::INTERNAL,
+ "unknown exception");
+
+ return FAILED;
+ }
+
+ CollectResult(testCase.name,
+ "",
+ TestResultsCollectorBase::FailStatus::NONE);
+
+ // Everything OK
+ return PASS;
+}
+
+void TestRunner::RunTests()
+{
+ using namespace VcoreDPL::Colors::Text;
+
+ Banner();
+
+ unsigned count = 0;
+ FOREACH(group, m_testGroups) {
+ count += group->second.size();
+ }
+
+ std::for_each(m_collectors.begin(),
+ m_collectors.end(),
+ [count] (const TestResultsCollectors::value_type & collector)
+ {
+ collector.second->Start(count);
+ });
+
+ fprintf(stderr, "%sFound %d testcases...%s\n", GREEN_BEGIN, count, GREEN_END);
+ fprintf(stderr, "%s%s%s\n", GREEN_BEGIN, "Running tests...", GREEN_END);
+ FOREACH(group, m_testGroups) {
+ TestCaseStructList list = group->second;
+ if (!list.empty()) {
+ std::for_each(
+ m_collectors.begin(),
+ m_collectors.end(),
+ [&group](const TestResultsCollectors::value_type & collector)
+ {
+ collector.second->
+ CollectCurrentTestGroupName(group->first);
+ });
+ list.sort();
+
+ for (TestCaseStructList::const_iterator iterator = list.begin();
+ iterator != list.end();
+ ++iterator)
+ {
+ TestCaseStruct test = *iterator;
+ if (m_startTestId == test.name) {
+ m_startTestId = "";
+ }
+
+ if (m_startTestId.empty()) {
+ RunTestCase(test);
+ }
+ if (m_terminate == true) {
+ // Terminate quietly without any logs
+ return;
+ }
+ }
+ }
+ }
+
+ std::for_each(m_collectors.begin(),
+ m_collectors.end(),
+ [] (const TestResultsCollectors::value_type & collector)
+ {
+ collector.second->Finish();
+ });
+
+ // Finished
+ fprintf(stderr, "%s%s%s\n\n", GREEN_BEGIN, "Finished", GREEN_END);
+}
+
+void TestRunner::CollectResult(
+ const std::string& id,
+ const std::string& description,
+ const TestResultsCollectorBase::FailStatus::Type status,
+ const std::string& reason)
+{
+ std::for_each(m_collectors.begin(),
+ m_collectors.end(),
+ [&](const TestResultsCollectors::value_type & collector)
+ {
+ collector.second->CollectResult(id,
+ description,
+ status,
+ reason);
+ });
+}
+
+void TestRunner::Banner()
+{
+ using namespace VcoreDPL::Colors::Text;
+ fprintf(stderr,
+ "%s%s%s\n",
+ BOLD_GREEN_BEGIN,
+ "DPL tests runner",
+ BOLD_GREEN_END);
+ fprintf(stderr,
+ "%s%s%s%s\n\n",
+ GREEN_BEGIN,
+ "Build: ",
+ __TIMESTAMP__,
+ GREEN_END);
+}
+
+void TestRunner::InvalidArgs(const std::string& message)
+{
+ using namespace VcoreDPL::Colors::Text;
+ fprintf(stderr,
+ "%s%s%s\n",
+ BOLD_RED_BEGIN,
+ message.c_str(),
+ BOLD_RED_END);
+}
+
+void TestRunner::Usage()
+{
+ fprintf(stderr, "Usage: runner [options]\n\n");
+ fprintf(stderr, "Output type:\n");
+ fprintf(stderr, " --output=<output type> --output=<output type> ...\n");
+ fprintf(stderr, "\n possible output types:\n");
+ FOREACH(type, TestResultsCollectorBase::GetCollectorsNames()) {
+ fprintf(stderr, " --output=%s\n", type->c_str());
+ }
+ fprintf(stderr, "\n example:\n");
+ fprintf(stderr,
+ " test-binary --output=text --output=xml --file=output.xml\n\n");
+ fprintf(stderr, "Other parameters:\n");
+ fprintf(stderr,
+ " --regexp='regexp'\t Only selected tests"
+ " which names match regexp run\n\n");
+ fprintf(stderr, " --start=<test id>\tStart from concrete test id");
+ fprintf(stderr, " --group=<group name>\t Run tests only from one group\n");
+ fprintf(stderr, " --runignored\t Run also ignored tests\n");
+ fprintf(stderr, " --list\t Show a list of Test IDs\n");
+ fprintf(stderr, " --listgroups\t Show a list of Test Group names \n");
+ fprintf(stderr, " --only-from-xml=<xml file>\t Run only testcases specified in XML file \n"
+ " XML name is taken from attribute id=\"part1_part2\" as whole.\n"
+ " If part1 is not found (no _) then it is implicitily "
+ "set according to suite part1 from binary tests\n");
+ fprintf(
+ stderr,
+ " --listingroup=<group name>\t Show a list of Test IDS in one group\n");
+ fprintf(stderr, " --allowchildlogs\t Allow to print logs from child process on screen.\n");
+ fprintf(stderr, " When active child process will be able to print logs on stdout and stderr.\n");
+ fprintf(stderr, " Both descriptors will be closed after test.\n");
+ fprintf(stderr, " --help\t This help\n\n");
+ std::for_each(m_collectors.begin(),
+ m_collectors.end(),
+ [] (const TestResultsCollectors::value_type & collector)
+ {
+ fprintf(stderr,
+ "Output %s has specific args:\n",
+ collector.first.c_str());
+ fprintf(stderr,
+ "%s\n",
+ collector.second->
+ CollectorSpecificHelp().c_str());
+ });
+ fprintf(stderr, "For bug reporting, please write to:\n");
+ fprintf(stderr, "<p.dobrowolsk@samsung.com>\n");
+}
+
+int TestRunner::ExecTestRunner(int argc, char *argv[])
+{
+ std::vector<std::string> args;
+ for (int i = 0; i < argc; ++i) {
+ args.push_back(argv[i]);
+ }
+ return ExecTestRunner(args);
+}
+
+void TestRunner::MarkAssertion()
+{
+ ++m_totalAssertions;
+}
+
+int TestRunner::ExecTestRunner(const ArgsList& value)
+{
+ m_runIgnored = false;
+ ArgsList args = value;
+ // Parse command line
+ if (args.size() == 1) {
+ InvalidArgs();
+ Usage();
+ return -1;
+ }
+
+ args.erase(args.begin());
+
+ bool showHelp = false;
+ bool justList = false;
+ std::vector<std::string> xmlFiles;
+
+ TestResultsCollectorBasePtr currentCollector;
+
+ // Parse each argument
+ FOREACH(it, args)
+ {
+ std::string arg = *it;
+ const std::string regexp = "--regexp=";
+ const std::string output = "--output=";
+ const std::string groupId = "--group=";
+ const std::string runIgnored = "--runignored";
+ const std::string listCmd = "--list";
+ const std::string startCmd = "--start=";
+ const std::string listGroupsCmd = "--listgroups";
+ const std::string listInGroup = "--listingroup=";
+ const std::string allowChildLogs = "--allowchildlogs";
+ const std::string onlyFromXML = "--only-from-xml=";
+
+ if (currentCollector) {
+ if (currentCollector->ParseCollectorSpecificArg(arg)) {
+ continue;
+ }
+ }
+
+ if (arg.find(startCmd) == 0) {
+ arg.erase(0, startCmd.length());
+ FOREACH(group, m_testGroups) {
+ FOREACH(tc, group->second) {
+ if (tc->name == arg) {
+ m_startTestId = arg;
+ break;
+ }
+ }
+ if (!m_startTestId.empty()) {
+ break;
+ }
+ }
+ if (!m_startTestId.empty()) {
+ continue;
+ }
+ InvalidArgs();
+ fprintf(stderr, "Start test id has not been found\n");
+ Usage();
+ return 0;
+ } else if (arg.find(groupId) == 0) {
+ arg.erase(0, groupId.length());
+ TestCaseGroupMap::iterator found = m_testGroups.find(arg);
+ if (found != m_testGroups.end()) {
+ std::string name = found->first;
+ TestCaseStructList newList = found->second;
+ m_testGroups.clear();
+ m_testGroups[name] = newList;
+ } else {
+ fprintf(stderr, "Group %s not found\n", arg.c_str());
+ InvalidArgs();
+ Usage();
+ return -1;
+ }
+ } else if (arg == runIgnored) {
+ m_runIgnored = true;
+ } else if (arg == listCmd) {
+ justList = true;
+ } else if (arg == listGroupsCmd) {
+ FOREACH(group, m_testGroups) {
+ printf("GR:%s\n", group->first.c_str());
+ }
+ return 0;
+ } else if (arg.find(listInGroup) == 0) {
+ arg.erase(0, listInGroup.length());
+ FOREACH(test, m_testGroups[arg]) {
+ printf("ID:%s\n", test->name.c_str());
+ }
+ return 0;
+ } else if (arg.find(allowChildLogs) == 0) {
+ arg.erase(0, allowChildLogs.length());
+ m_allowChildLogs = true;
+ } else if (arg == "--help") {
+ showHelp = true;
+ } else if (arg.find(output) == 0) {
+ arg.erase(0, output.length());
+ if (m_collectors.find(arg) != m_collectors.end()) {
+ InvalidArgs(
+ "Multiple outputs of the same type are not supported!");
+ Usage();
+ return -1;
+ }
+ currentCollector.reset(TestResultsCollectorBase::Create(arg));
+ if (!currentCollector) {
+ InvalidArgs("Unsupported output type!");
+ Usage();
+ return -1;
+ }
+ m_collectors[arg] = currentCollector;
+ } else if (arg.find(regexp) == 0) {
+ arg.erase(0, regexp.length());
+ if (arg.length() == 0) {
+ InvalidArgs();
+ Usage();
+ return -1;
+ }
+
+ if (arg[0] == '\'' && arg[arg.length() - 1] == '\'') {
+ arg.erase(0);
+ arg.erase(arg.length() - 1);
+ }
+
+ if (arg.length() == 0) {
+ InvalidArgs();
+ Usage();
+ return -1;
+ }
+
+ pcrecpp::RE re(arg.c_str());
+ FOREACH(group, m_testGroups) {
+ TestCaseStructList newList;
+ FOREACH(iterator, group->second)
+ {
+ if (re.PartialMatch(iterator->name)) {
+ newList.push_back(*iterator);
+ }
+ }
+ group->second = newList;
+ }
+ } else if(arg.find(onlyFromXML) == 0) {
+ arg.erase(0, onlyFromXML.length());
+ if (arg.length() == 0) {
+ InvalidArgs();
+ Usage();
+ return -1;
+ }
+
+ if (arg[0] == '\'' && arg[arg.length() - 1] == '\'') {
+ arg.erase(0);
+ arg.erase(arg.length() - 1);
+ }
+
+ if (arg.length() == 0) {
+ InvalidArgs();
+ Usage();
+ return -1;
+ }
+
+ xmlFiles.push_back(arg);
+ } else {
+ InvalidArgs();
+ Usage();
+ return -1;
+ }
+ }
+
+ if(!xmlFiles.empty())
+ {
+ if(!filterGroupsByXmls(xmlFiles))
+ {
+ fprintf(stderr, "XML file is not correct\n");
+ return 0;
+ }
+ }
+
+ if(justList)
+ {
+ FOREACH(group, m_testGroups) {
+ FOREACH(test, group->second) {
+ printf("ID:%s:%s\n", group->first.c_str(), test->name.c_str());
+ }
+ }
+ return 0;
+ }
+
+ currentCollector.reset();
+
+ // Show help
+ if (showHelp) {
+ Usage();
+ return 0;
+ }
+
+ if (m_collectors.empty()) {
+ TestResultsCollectorBasePtr collector(
+ TestResultsCollectorBase::Create("text"));
+ m_collectors["text"] = collector;
+ }
+
+ for (auto it = m_collectors.begin(); it != m_collectors.end(); ++it) {
+ if (!it->second->Configure()) {
+ fprintf(stderr, "Could not configure selected output");
+ return 0;
+ }
+ }
+
+ // Run tests
+ RunTests();
+
+ return 0;
+}
+
+bool TestRunner::getRunIgnored() const
+{
+ return m_runIgnored;
+}
+
+void TestRunner::Terminate()
+{
+ m_terminate = true;
+}
+
+bool TestRunner::GetAllowChildLogs()
+{
+ return m_allowChildLogs;
+}
+
+}
+} // namespace VcoreDPL
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_runner_child.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of test runner
+ */
+#include <stddef.h>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+#include <dpl/test/test_results_collector.h>
+#include <dpl/binary_queue.h>
+#include <dpl/exception.h>
+#include <dpl/scoped_free.h>
+#include <dpl/foreach.h>
+#include <dpl/colors.h>
+#include <pcrecpp.h>
+#include <algorithm>
+#include <cstdio>
+#include <memory.h>
+#include <libgen.h>
+#include <cstring>
+#include <cstdlib>
+#include <ctime>
+#include <unistd.h>
+#include <poll.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+
+namespace {
+const int CHILD_TEST_FAIL = 0;
+const int CHILD_TEST_PASS = 1;
+const int CHILD_TEST_IGNORED = 2;
+
+int closeOutput() {
+ int devnull;
+ int retcode = -1;
+ if (-1 == (devnull = TEMP_FAILURE_RETRY(open("/dev/null", O_WRONLY))))
+ return -1;
+
+ // replace stdout with /dev/null
+ if (-1 == TEMP_FAILURE_RETRY(dup2(devnull, STDOUT_FILENO)))
+ goto end;
+
+ // replace stderr with /dev/null
+ if (-1 == TEMP_FAILURE_RETRY(dup2(devnull, STDERR_FILENO)))
+ goto end;
+
+ retcode = 0;
+
+end:
+ close(devnull);
+ return retcode;
+}
+
+} // namespace anonymous
+
+namespace VcoreDPL {
+namespace Test {
+
+PipeWrapper::PipeWrapper()
+{
+ if (-1 == pipe(m_pipefd)) {
+ m_pipefd[0] = PIPE_CLOSED;
+ m_pipefd[1] = PIPE_CLOSED;
+ }
+}
+
+PipeWrapper::~PipeWrapper()
+{
+ closeHelp(0);
+ closeHelp(1);
+}
+
+bool PipeWrapper::isReady()
+{
+ return m_pipefd[0] != PIPE_CLOSED || m_pipefd[1] != PIPE_CLOSED;
+}
+
+void PipeWrapper::setUsage(Usage usage)
+{
+ if (usage == READONLY) {
+ closeHelp(1);
+ }
+ if (usage == WRITEONLY) {
+ closeHelp(0);
+ }
+}
+
+PipeWrapper::Status PipeWrapper::send(int code, std::string &message)
+{
+ if (m_pipefd[1] == PIPE_CLOSED) {
+ return ERROR;
+ }
+
+ std::ostringstream output;
+ output << toBinaryString(code);
+ output << toBinaryString(static_cast<int>(message.size()));
+ output << message;
+
+ std::string binary = output.str();
+ int size = binary.size();
+
+ if ((writeHelp(&size,
+ sizeof(int)) == ERROR) ||
+ (writeHelp(binary.c_str(), size) == ERROR))
+ {
+ return ERROR;
+ }
+ return SUCCESS;
+}
+
+PipeWrapper::Status PipeWrapper::receive(int &code, std::string &data, time_t deadline)
+{
+ if (m_pipefd[0] == PIPE_CLOSED) {
+ return ERROR;
+ }
+
+ int size;
+ Status ret;
+
+ if ((ret = readHelp(&size, sizeof(int), deadline)) != SUCCESS) {
+ return ret;
+ }
+
+ std::vector<char> buffer;
+ buffer.resize(size);
+
+ if ((ret = readHelp(&buffer[0], size, deadline)) != SUCCESS) {
+ return ret;
+ }
+
+ try {
+ VcoreDPL::BinaryQueue queue;
+ queue.AppendCopy(&buffer[0], size);
+
+ queue.FlattenConsume(&code, sizeof(int));
+ queue.FlattenConsume(&size, sizeof(int));
+
+ buffer.resize(size);
+
+ queue.FlattenConsume(&buffer[0], size);
+ data.assign(buffer.begin(), buffer.end());
+ } catch (VcoreDPL::BinaryQueue::Exception::Base &e) {
+ return ERROR;
+ }
+ return SUCCESS;
+}
+
+void PipeWrapper::closeAll()
+{
+ closeHelp(0);
+ closeHelp(1);
+}
+
+std::string PipeWrapper::toBinaryString(int data)
+{
+ char buffer[sizeof(int)];
+ memcpy(buffer, &data, sizeof(int));
+ return std::string(buffer, buffer + sizeof(int));
+}
+
+void PipeWrapper::closeHelp(int desc)
+{
+ if (m_pipefd[desc] != PIPE_CLOSED) {
+ TEMP_FAILURE_RETRY(close(m_pipefd[desc]));
+ m_pipefd[desc] = PIPE_CLOSED;
+ }
+}
+
+PipeWrapper::Status PipeWrapper::writeHelp(const void *buffer, int size)
+{
+ int ready = 0;
+ const char *p = static_cast<const char *>(buffer);
+ while (ready != size) {
+ int ret = write(m_pipefd[1], &p[ready], size - ready);
+
+ if (ret == -1 && (errno == EAGAIN || errno == EINTR)) {
+ continue;
+ }
+
+ if (ret == -1) {
+ closeHelp(1);
+ return ERROR;
+ }
+
+ ready += ret;
+ }
+ return SUCCESS;
+}
+
+PipeWrapper::Status PipeWrapper::readHelp(void *buf, int size, time_t deadline)
+{
+ int ready = 0;
+ char *buffer = static_cast<char*>(buf);
+ while (ready != size) {
+ time_t wait = deadline - time(0);
+ wait = wait < 1 ? 1 : wait;
+ pollfd fds = { m_pipefd[0], POLLIN, 0 };
+
+ int pollReturn = poll(&fds, 1, wait * 1000);
+
+ if (pollReturn == 0) {
+ return TIMEOUT; // Timeout
+ }
+
+ if (pollReturn < -1) {
+ return ERROR;
+ }
+
+ int ret = read(m_pipefd[0], &buffer[ready], size - ready);
+
+ if (ret == -1 && (errno == EAGAIN || errno == EINTR)) {
+ continue;
+ }
+
+ if (ret == -1 || ret == 0) {
+ closeHelp(0);
+ return ERROR;
+ }
+
+ ready += ret;
+ }
+ return SUCCESS;
+}
+
+void RunChildProc(TestRunner::TestCase procChild)
+{
+ PipeWrapper pipe;
+ if (!pipe.isReady()) {
+ throw TestRunner::TestFailed("Pipe creation failed");
+ }
+
+ pid_t pid = fork();
+
+ if (pid == -1) {
+ throw TestRunner::TestFailed("Child creation failed");
+ }
+
+ if (pid != 0) {
+ // parent code
+ pipe.setUsage(PipeWrapper::READONLY);
+
+ int code;
+ std::string message;
+
+ int pipeReturn = pipe.receive(code, message, time(0) + 10);
+
+ if (pipeReturn != PipeWrapper::SUCCESS) { // Timeout or reading error
+ pipe.closeAll();
+ kill(pid, SIGKILL);
+ }
+
+ int status;
+ waitpid(pid, &status, 0);
+
+ if (pipeReturn == PipeWrapper::TIMEOUT) {
+ throw TestRunner::TestFailed("Timeout");
+ }
+
+ if (pipeReturn == PipeWrapper::ERROR) {
+ throw TestRunner::TestFailed("Reading pipe error");
+ }
+
+ if (code == CHILD_TEST_FAIL) {
+ throw TestRunner::TestFailed(message);
+ } else if (code == CHILD_TEST_IGNORED) {
+ throw TestRunner::Ignored(message);
+ }
+ } else {
+ // child code
+
+ // End Runner after current test
+ TestRunnerSingleton::Instance().Terminate();
+
+ int code = CHILD_TEST_PASS;
+ std::string msg;
+
+ bool allowLogs = TestRunnerSingleton::Instance().GetAllowChildLogs();
+
+ close(STDIN_FILENO);
+ if (!allowLogs) {
+ closeOutput(); // if fails nothing we can do
+ }
+
+ pipe.setUsage(PipeWrapper::WRITEONLY);
+
+ try {
+ procChild();
+ } catch (const VcoreDPL::Test::TestRunner::TestFailed &e) {
+ msg = e.GetMessage();
+ code = CHILD_TEST_FAIL;
+ } catch (const VcoreDPL::Test::TestRunner::Ignored &e) {
+ msg = e.GetMessage();
+ code = CHILD_TEST_IGNORED;
+ } catch (...) { // catch all exception generated by "user" code
+ msg = "unhandled exeception";
+ code = CHILD_TEST_FAIL;
+ }
+
+ if (allowLogs) {
+ closeOutput();
+ }
+
+ pipe.send(code, msg);
+ }
+}
+} // namespace Test
+} // namespace VcoreDPL
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_runner_multiprocess.cpp
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of multiprocess test runner
+ */
+
+#include <sys/file.h>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+#include <dpl/test/test_runner_multiprocess.h>
+#include <poll.h>
+#include <limits.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+namespace {
+
+const int MULTI_TEST_ERROR = -1;
+const int MULTI_TEST_PASS = 0;
+const int MULTI_TEST_FAILED = 1;
+const int MULTI_TEST_IGNORED = 2;
+const int MULTI_TEST_INTERNAL = 3;
+
+}
+
+namespace VcoreDPL {
+namespace Test {
+
+SimplePipeWrapper::SimplePipeWrapper()
+: PipeWrapper()
+{
+
+}
+
+SimplePipeWrapper::~SimplePipeWrapper()
+{
+
+}
+
+PipeWrapper::Status SimplePipeWrapper::send(std::string &message)
+{
+ if (m_pipefd[1] == PIPE_CLOSED) {
+ return ERROR;
+ }
+
+ if (message.size() > PIPE_BUF-1) {
+ return ERROR;
+ }
+
+ char buffer[PIPE_BUF] = { 0 };
+
+
+ for(unsigned int i = 0; i < message.size(); ++i) {
+ buffer[i] = message[i];
+ }
+
+ return writeHelp(buffer, PIPE_BUF);
+}
+
+PipeWrapper::Status SimplePipeWrapper::receive(std::string &data, bool &empty, time_t deadline)
+{
+ if (m_pipefd[0] == PIPE_CLOSED) {
+ return ERROR;
+ }
+
+ empty = false;
+
+ data.resize(PIPE_BUF);
+
+ char buffer[PIPE_BUF] = { 0 };
+
+ int ready = 0;
+ while (ready != PIPE_BUF) {
+ time_t wait = deadline - time(0);
+ wait = wait < 1 ? 1 : wait;
+ pollfd fds = { m_pipefd[0], POLLIN, 0 };
+
+ int pollReturn = poll(&fds, 1, wait * 1000);
+
+ if (pollReturn == 0) {
+ return TIMEOUT; // Timeout
+ }
+
+ if (pollReturn < -1) {
+ return ERROR;
+ }
+ int ret = read(m_pipefd[0], &buffer[ready], PIPE_BUF - ready);
+ if (ret == -1 && (errno == EAGAIN || errno == EINTR)) {
+ continue;
+ }
+
+ if (ret == -1) {
+ closeHelp(0);
+ return ERROR;
+ }
+ if (ret == 0) {
+ empty = true;
+ break;
+ }
+
+ ready += ret;
+ }
+
+
+ for(unsigned int i = 0; i < PIPE_BUF; ++i){
+ if(buffer[i] == 0) {
+ data.resize(i);
+ return SUCCESS;
+ }
+ data[i] = buffer[i];
+ }
+
+ return ERROR;
+}
+
+void RunMultiProc(TestRunner::TestCase procMulti)
+{
+ SimplePipeWrapper pipe;
+ int code = MULTI_TEST_PASS;
+ std::string msg = "";
+ int pipeReturn;
+
+ int waitStatus;
+
+ pid_t top_pid = getpid();
+
+ if (!pipe.isReady()) {
+ throw TestRunner::TestFailed("Pipe creation failed");
+ }
+ // pipe
+
+ try {
+ procMulti();
+ } catch (const TestRunner::TestFailed &e) {
+ code = MULTI_TEST_FAILED;
+ msg = e.GetMessage();
+ } catch (const TestRunner::Ignored &e) {
+ code = MULTI_TEST_IGNORED;
+ msg = e.GetMessage();
+ } catch (const VcoreDPL::Exception &e) {
+ code = MULTI_TEST_INTERNAL;
+ msg = "DPL exception:" + e.GetMessage();
+ } catch (const std::exception &) {
+ code = MULTI_TEST_INTERNAL;
+ msg = "std exception";
+ } catch (...) {
+ // Unknown exception failure
+ code = MULTI_TEST_INTERNAL;
+ msg = "unknown exception";
+ }
+
+ while (true) {
+ pid_t child_pid = wait(&waitStatus);
+ if (child_pid == -1) {
+ if (errno == ECHILD) {
+ if (top_pid == getpid()) {
+ std::string recMsg="";
+
+ pipe.setUsage(PipeWrapper::READONLY);
+
+ bool empty=false;
+ while(true) {
+ pipeReturn = pipe.receive(recMsg, empty, time(0) + 10);
+
+ if (empty) {
+ break;
+ }
+ if (pipeReturn == PipeWrapper::ERROR) {
+ pipe.closeAll();
+ throw TestRunner::TestFailed("Reading pipe error");
+ } else if (pipeReturn == PipeWrapper::TIMEOUT) {
+ pipe.closeAll();
+ throw TestRunner::TestFailed("Timeout error");
+ }
+ msg = msg + "\n" + recMsg;
+ }
+ pipe.closeAll();
+
+ switch(code) {
+ case MULTI_TEST_PASS:
+ return;
+ case MULTI_TEST_FAILED:
+ throw TestRunner::TestFailed(msg);
+ case MULTI_TEST_IGNORED:
+ throw TestRunner::Ignored(msg);
+ case MULTI_TEST_INTERNAL:
+ throw TestRunner::TestFailed(msg);
+ default:
+ throw TestRunner::TestFailed(msg);
+ }
+ } else {
+ pipe.setUsage(PipeWrapper::WRITEONLY);
+
+ pipeReturn = pipe.send(msg);
+
+ if (pipeReturn == PipeWrapper::ERROR) {
+ pipe.closeAll();
+ code = MULTI_TEST_ERROR;
+ }
+
+ exit(code);
+ }
+ }
+ } else if (WIFEXITED(waitStatus)) {
+ if ((signed char)WEXITSTATUS(waitStatus) == MULTI_TEST_FAILED) {
+ switch (code) {
+ case MULTI_TEST_PASS:
+ code = MULTI_TEST_FAILED;
+ break;
+ case MULTI_TEST_FAILED:
+ break;
+ case MULTI_TEST_IGNORED:
+ code = MULTI_TEST_FAILED;
+ break;
+ case MULTI_TEST_INTERNAL:
+ break;
+ default:
+ break;
+ }
+ } else if ((signed char)WEXITSTATUS(waitStatus) == MULTI_TEST_IGNORED) {
+ switch (code) {
+ case MULTI_TEST_PASS:
+ code = MULTI_TEST_IGNORED;
+ break;
+ case MULTI_TEST_FAILED:
+ break;
+ case MULTI_TEST_IGNORED:
+ break;
+ case MULTI_TEST_INTERNAL:
+ break;
+ default:
+ break;
+ }
+ } else if ((signed char)WEXITSTATUS(waitStatus) == MULTI_TEST_INTERNAL) {
+ switch (code) {
+ case MULTI_TEST_PASS:
+ code = MULTI_TEST_INTERNAL;
+ break;
+ case MULTI_TEST_FAILED:
+ code = MULTI_TEST_INTERNAL;
+ break;
+ case MULTI_TEST_IGNORED:
+ code = MULTI_TEST_INTERNAL;
+ break;
+ case MULTI_TEST_INTERNAL:
+ break;
+ default:
+ break;
+ }
+ } else if ((signed char)WEXITSTATUS(waitStatus) != MULTI_TEST_PASS) {
+ code = MULTI_TEST_ERROR;
+ msg = "PROCESS BAD CODE RETURN";
+ }
+ }
+ }
+}
+} // namespace Test
+} // namespace VcoreDPL
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file value_separated_policies.cpp
+ * @author Tomasz Iwanek (t.iwanek@samsung.com)
+ * @brief ...
+ */
+
+#include<dpl/test/value_separated_policies.h>
+#include<dpl/foreach.h>
+#include<dpl/log/vcore_log.h>
+
+namespace VcoreDPL {
+
+std::string CSVTokenizerPolicy::GetSeperators()
+{
+ return ",";
+}
+
+bool CSVTokenizerPolicy::SkipEmpty()
+{
+ return false;
+}
+
+void CSVTokenizerPolicy::PrepareValue(std::string &)
+{
+}
+
+bool CSVTokenizerPolicy::TryAgainAtEnd(int)
+{
+ return false;
+}
+
+bool CSVParserPolicy::SkipLine(const std::vector<std::string> & )
+{
+ return false;
+}
+
+bool CSVParserPolicy::Validate(std::shared_ptr<std::vector<std::vector<std::string> > > & result)
+{
+ int num = -1;
+ FOREACH(r, *result)
+ {
+ int size = r->size();
+ if(num != -1 && num != size)
+ {
+ VcoreLogE("Columns not matches");
+ return false;
+ }
+ num = size;
+ }
+ return true;
+}
+
+}
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file value_separated_tokens.cpp
+ * @author Tomasz Iwanek (t.iwanek@samsung.com)
+ * @brief ...
+ */
+
+#include <dpl/test/value_separated_tokens.h>
+
+namespace VcoreDPL {
+
+VSToken::VSToken(const std::string & c) : m_newline(false), m_cell(c)
+{
+}
+
+VSToken::VSToken() : m_newline(true)
+{
+}
+
+const std::string & VSToken::cell() const
+{
+ return m_cell;
+}
+
+bool VSToken::isNewLine()
+{
+ return m_newline;
+}
+
+}
#include <dpl/log/log.h>
#include <dpl/scoped_free.h>
-#include "Base64.h"
+#include <vcore/Base64.h>
namespace ValidationCore {
Base64Encoder::Base64Encoder() :
}
if (bptr->length > 0) {
- return std::string(bptr->data, bptr->length - 1);
+ return std::string(bptr->data, bptr->length);
}
return std::string();
}
ThrowMsg(Exception::InternalError,
"Error during allocation memory in BIO");
}
+ BIO_set_flags(m_b64, BIO_FLAGS_BASE64_NO_NL);
m_b64 = BIO_push(m_b64, m_bmem);
}
BIO *b64, *bmem;
size_t len = m_input.size();
- DPL::ScopedFree<char> buffer(static_cast<char*>(malloc(len)));
+ VcoreDPL::ScopedFree<char> buffer(static_cast<char*>(malloc(len)));
if (!buffer) {
LogError("Error in malloc.");
ThrowMsg(Exception::InternalError, "Couldn't create BIO object.");
}
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
- DPL::ScopedFree<char> tmp(strdup(m_input.c_str()));
+ VcoreDPL::ScopedFree<char> tmp(strdup(m_input.c_str()));
m_input.clear();
bmem = BIO_new_mem_buf(tmp.Get(), len);
typedef bio_st BIO;
namespace ValidationCore {
-class Base64Encoder : public DPL::Noncopyable
+class Base64Encoder : public VcoreDPL::Noncopyable
{
public:
class Exception
{
public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
DECLARE_EXCEPTION_TYPE(Base, InternalError)
DECLARE_EXCEPTION_TYPE(Base, NotFinalized)
DECLARE_EXCEPTION_TYPE(Base, AlreadyFinalized)
bool m_finalized;
};
-class Base64Decoder : public DPL::Noncopyable
+class Base64Decoder : public VcoreDPL::Noncopyable
{
public:
class Exception
{
public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
DECLARE_EXCEPTION_TYPE(Base, InternalError)
DECLARE_EXCEPTION_TYPE(Base, NotFinalized)
DECLARE_EXCEPTION_TYPE(Base, AlreadyFinalized)
* limitations under the License.
*/
/*!
- * @author Piotr Marcinkiewicz(p.marcinkiew@samsung.com)
- * @version 0.1
- * @file CRL.h
+ * @author Bartlomiej Grzelewski(b.grzelewski@samsung.com)
+ * @version 0.2
+ * @file CRL.cpp
* @brief Routines for certificate validation over CRL
*/
-#include "CRL.h"
-
-#include <set>
-#include <algorithm>
-
-#include <openssl/err.h>
-#include <openssl/objects.h>
-#include <openssl/ocsp.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-
-#include <dpl/log/log.h>
-#include <dpl/assert.h>
-#include <dpl/exception.h>
-#include <dpl/scoped_ptr.h>
-#include <dpl/scoped_array.h>
-#include <dpl/db/orm.h>
-#include <dpl/foreach.h>
-
-#include "Base64.h"
-#include "Certificate.h"
-#include "SoupMessageSendSync.h"
-#include "CRLCacheInterface.h"
-
-namespace {
-const char *CRL_LOOKUP_DIR_1 = "/usr/share/cert-svc/ca-certs/code-signing/wac";
-const char *CRL_LOOKUP_DIR_2 = "/opt/share/cert-svc/certs/code-signing/wac";
-} //anonymous namespace
+#include <vcore/CRL.h>
+#include <vcore/CRLImpl.h>
namespace ValidationCore {
-CRL::StringList CRL::getCrlUris(const CertificatePtr &argCert)
-{
- StringList result = argCert->getCrlUris();
-
- if (!result.empty()) {
- return result;
- }
- LogInfo("No distribution points found. Getting from CA cert.");
- X509_STORE_CTX *ctx = createContext(argCert);
- X509_OBJECT obj;
-
- //Try to get distribution points from CA certificate
- int retVal = X509_STORE_get_by_subject(ctx, X509_LU_X509,
- X509_get_issuer_name(argCert->
- getX509()),
- &obj);
- X509_STORE_CTX_free(ctx);
- if (0 >= retVal) {
- LogError("No dedicated CA certificate available");
- return result;
- }
- CertificatePtr caCert(new Certificate(obj.data.x509));
- X509_OBJECT_free_contents(&obj);
- return caCert->getCrlUris();
-}
-
CRL::CRL(CRLCacheInterface *ptr)
- : m_crlCache(ptr)
-{
- Assert(m_crlCache != NULL);
-
- LogInfo("CRL storage initialization.");
- m_store = X509_STORE_new();
- if (!m_store) {
- LogError("Failed to create new store.");
- ThrowMsg(CRLException::StorageError,
- "Not possible to create new store.");
- }
- m_lookup = X509_STORE_add_lookup(m_store, X509_LOOKUP_hash_dir());
- if (!m_lookup) {
- cleanup();
- LogError("Failed to add hash dir lookup");
- ThrowMsg(CRLException::StorageError,
- "Not possible to add hash dir lookup.");
- }
- // Add hash dir pathname for CRL checks
- bool retVal = X509_LOOKUP_add_dir(m_lookup,
- CRL_LOOKUP_DIR_1, X509_FILETYPE_PEM) == 1;
- retVal &= retVal && (X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR_1,
- X509_FILETYPE_ASN1) == 1);
- retVal &= retVal && (X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR_2,
- X509_FILETYPE_PEM) == 1);
- retVal &= retVal && (X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR_2,
- X509_FILETYPE_ASN1) == 1);
- if (!retVal) {
- LogError("Failed to add lookup dir for PEM files.");
- cleanup();
- ThrowMsg(CRLException::StorageError,
- "Failed to add lookup dir for PEM files.");
- }
- LogInfo("CRL storage initialization complete.");
-}
-
-CRL::~CRL()
-{
- cleanup();
- delete m_crlCache;
-}
-
-void CRL::cleanup()
-{
- LogInfo("Free CRL storage");
- // STORE is responsible for LOOKUP release
- // X509_LOOKUP_free(m_lookup);
- X509_STORE_free(m_store);
-}
-
-CRL::RevocationStatus CRL::checkCertificate(const CertificatePtr &argCert)
-{
- RevocationStatus retStatus = {false, false};
- int retVal = 0;
- StringList crlUris = getCrlUris(argCert);
- FOREACH(it, crlUris) {
- CRLDataPtr crl = getCRL(*it);
- if (!crl) {
- LogDebug("CRL not found for URI: " << *it);
- continue;
- }
- X509_CRL *crlInternal = convertToInternal(crl);
-
- //Check date
- if (X509_CRL_get_nextUpdate(crlInternal)) {
- retVal = X509_cmp_current_time(
- X509_CRL_get_nextUpdate(crlInternal));
- retStatus.isCRLValid = retVal > 0;
- } else {
- // If nextUpdate is not set assume it is actual.
- retStatus.isCRLValid = true;
- }
- LogInfo("CRL valid: " << retStatus.isCRLValid);
- X509_REVOKED rev;
- rev.serialNumber = X509_get_serialNumber(argCert->getX509());
- // sk_X509_REVOKED_find returns index if serial number is found on list
- retVal = sk_X509_REVOKED_find(crlInternal->crl->revoked, &rev);
- X509_CRL_free(crlInternal);
- retStatus.isRevoked = retVal != -1;
- LogInfo("CRL revoked: " << retStatus.isRevoked);
-
- if (!retStatus.isRevoked && isOutOfDate(crl)) {
- LogDebug("Certificate is not Revoked, but CRL is outOfDate.");
- continue;
- }
+ : m_impl(new CRLImpl(ptr))
+{}
- return retStatus;
- }
- // If there is no CRL for any of URIs it means it's not possible to
- // tell anything about revocation status but it's is not an error.
- return retStatus;
+CRL::~CRL() {
+ delete m_impl;
}
-CRL::RevocationStatus CRL::checkCertificateChain(CertificateCollection
- certChain)
-{
- if (!certChain.sort()) {
- LogError("Certificate list doesn't create chain.");
- ThrowMsg(CRLException::InvalidParameter,
- "Certificate list doesn't create chain.");
- }
-
- RevocationStatus ret;
- ret.isCRLValid = true;
- ret.isRevoked = false;
- const CertificateList &certList = certChain.getChain();
- FOREACH(it, certList) {
- if (!(*it)->isRootCert()) {
- LogInfo("Certificate common name: " << *((*it)->getCommonName()));
- RevocationStatus certResult = checkCertificate(*it);
- ret.isCRLValid &= certResult.isCRLValid;
- ret.isRevoked |= certResult.isRevoked;
- if (ret.isCRLValid && !ret.isRevoked) {
- addToStore(*it);
- }
- if (ret.isRevoked) {
- return ret;
- }
- }
- }
- return ret;
+CRL::RevocationStatus CRL::checkCertificate(const CertificatePtr &argCert) {
+ return m_impl->checkCertificate(argCert);
}
-VerificationStatus CRL::checkEndEntity(CertificateCollection &chain)
+CRL::RevocationStatus CRL::checkCertificateChain(
+ CertificateCollection certChain)
{
- if (!chain.sort() && !chain.empty()) {
- LogInfo("Could not find End Entity certificate. "
- "Collection does not form chain.");
- return VERIFICATION_STATUS_ERROR;
- }
- CertificateList::const_iterator iter = chain.begin();
- RevocationStatus stat = checkCertificate(*iter);
- if (stat.isRevoked) {
- return VERIFICATION_STATUS_REVOKED;
- }
- if (stat.isCRLValid) {
- return VERIFICATION_STATUS_GOOD;
- }
- return VERIFICATION_STATUS_ERROR;
+ return m_impl->checkCertificateChain(certChain);
}
-void CRL::addToStore(const CertificatePtr &argCert)
-{
- X509_STORE_add_cert(m_store, argCert->getX509());
+VerificationStatus CRL::checkEndEntity(CertificateCollection &chain) {
+ return m_impl->checkEndEntity(chain);
}
-bool CRL::isOutOfDate(const CRLDataPtr &crl) const {
- X509_CRL *crlInternal = convertToInternal(crl);
-
- bool result = false;
- if (X509_CRL_get_nextUpdate(crlInternal)) {
- if (0 > X509_cmp_current_time(X509_CRL_get_nextUpdate(crlInternal))) {
- result = true;
- } else {
- result = false;
- }
- } else {
- result = true;
- }
- X509_CRL_free(crlInternal);
- return result;
+void CRL::addToStore(const CertificatePtr &argCert) {
+ m_impl->addToStore(argCert);
}
bool CRL::updateList(const CertificatePtr &argCert,
const UpdatePolicy updatePolicy)
{
- LogInfo("Update CRL for certificate");
-
- // Retrieve distribution points
- StringList crlUris = getCrlUris(argCert);
- FOREACH(it, crlUris) {
- // Try to get CRL from database
- LogInfo("Getting CRL for URI: " << *it);
-
- bool downloaded = false;
-
- CRLDataPtr crl;
-
- // If updatePolicy == UPDATE_ON_DEMAND we dont care
- // about data in cache. New crl must be downloaded.
- if (updatePolicy == UPDATE_ON_EXPIRED) {
- crl = getCRL(*it);
- }
-
- if (!!crl && isOutOfDate(crl)) {
- LogDebug("Crl out of date - downloading.");
- crl = downloadCRL(*it);
- downloaded = true;
- }
-
- if (!crl) {
- LogDebug("Crl not found in cache - downloading.");
- crl = downloadCRL(*it);
- downloaded = true;
- }
-
- if (!crl) {
- LogDebug("Failed to obtain CRL. URL: " << *it);
- continue;
- }
-
- if (!!crl && isOutOfDate(crl)) {
- LogError("CRL out of date. Broken URL: " << *it);
- }
-
- // Make X509 internal structure
- X509_CRL *crlInternal = convertToInternal(crl);
-
- //Check if CRL is signed
- if (!verifyCRL(crlInternal, argCert)) {
- LogError("Failed to verify CRL. URI: " << crl->uri);
- X509_CRL_free(crlInternal);
- return false;
- }
- X509_CRL_free(crlInternal);
-
- if (downloaded) {
- updateCRL(crl);
- }
- return true;
- }
-
- return false;
+ return m_impl->updateList(argCert, updatePolicy);
}
-void CRL::addToStore(const CertificateCollection &collection)
-{
- FOREACH(it, collection){
- addToStore(*it);
- }
+void CRL::addToStore(const CertificateCollection &collection) {
+ m_impl->addToStore(collection);
}
bool CRL::updateList(const CertificateCollection &collection,
UpdatePolicy updatePolicy)
{
- bool failed = false;
-
- FOREACH(it, collection){
- failed |= !updateList(*it, updatePolicy);
- }
-
- return !failed;
-}
-
-bool CRL::verifyCRL(X509_CRL *crl,
- const CertificatePtr &cert)
-{
- X509_OBJECT obj;
- X509_STORE_CTX *ctx = createContext(cert);
-
- /* get issuer certificate */
- int retVal = X509_STORE_get_by_subject(ctx, X509_LU_X509,
- X509_CRL_get_issuer(crl), &obj);
- X509_STORE_CTX_free(ctx);
- if (0 >= retVal) {
- LogError("Unknown CRL issuer certificate!");
- return false;
- }
-
- /* extract public key and verify signature */
- EVP_PKEY *pkey = X509_get_pubkey(obj.data.x509);
- X509_OBJECT_free_contents(&obj);
- if (!pkey) {
- LogError("Failed to get issuer's public key.");
- return false;
- }
- retVal = X509_CRL_verify(crl, pkey);
- EVP_PKEY_free(pkey);
- if (0 > retVal) {
- LogError("Failed to verify CRL.");
- return false;
- } else if (0 == retVal) {
- LogError("CRL is invalid");
- return false;
- }
- LogInfo("CRL is valid.");
- return true;
-}
-
-bool CRL::isPEMFormat(const CRLDataPtr &crl) const
-{
- const char *pattern = "-----BEGIN X509 CRL-----";
- std::string content(crl->buffer, crl->length);
- if (content.find(pattern) != std::string::npos) {
- LogInfo("CRL is in PEM format.");
- return true;
- }
- LogInfo("CRL is in DER format.");
- return false;
+ return m_impl->updateList(collection, updatePolicy);
}
-X509_CRL *CRL::convertToInternal(const CRLDataPtr &crl) const
-{
- //At this point it's not clear does crl have DER or PEM format
- X509_CRL *ret = NULL;
- if (isPEMFormat(crl)) {
- BIO *bmem = BIO_new_mem_buf(crl->buffer, crl->length);
- if (!bmem) {
- LogError("Failed to allocate memory in BIO");
- ThrowMsg(CRLException::InternalError,
- "Failed to allocate memory in BIO");
- }
- ret = PEM_read_bio_X509_CRL(bmem, NULL, NULL, NULL);
- BIO_free_all(bmem);
- } else {
- //If it's not PEM it must be DER format
- std::string content(crl->buffer, crl->length);
- const unsigned char *buffer =
- reinterpret_cast<unsigned char*>(crl->buffer);
- ret = d2i_X509_CRL(NULL, &buffer, crl->length);
- }
- if (!ret) {
- LogError("Failed to convert to internal structure");
- ThrowMsg(CRLException::InternalError,
- "Failed to convert to internal structure");
- }
- return ret;
-}
-
-X509_STORE_CTX *CRL::createContext(const CertificatePtr &argCert)
-{
- X509_STORE_CTX *ctx;
- ctx = X509_STORE_CTX_new();
- if (!ctx) {
- ThrowMsg(CRLException::StorageError, "Failed to create new context.");
- }
- X509_STORE_CTX_init(ctx, m_store, argCert->getX509(), NULL);
- return ctx;
-}
-
-CRL::CRLDataPtr CRL::downloadCRL(const std::string &uri)
-{
- using namespace SoupWrapper;
-
- char *cport = 0, *chost = 0,*cpath = 0;
- int use_ssl = 0;
-
- if (!OCSP_parse_url(const_cast<char*>(uri.c_str()),
- &chost,
- &cport,
- &cpath,
- &use_ssl))
- {
- LogWarning("Error in OCSP_parse_url");
- return CRLDataPtr();
- }
-
- std::string host = chost;
- if (cport) {
- host += ":";
- host += cport;
- }
-
- free(cport);
- free(chost);
- free(cpath);
-
- SoupMessageSendSync message;
- message.setHost(uri);
- message.setHeader("Host", host);
-
- if (SoupMessageSendSync::REQUEST_STATUS_OK != message.sendSync()) {
- LogWarning("Error in sending network request.");
- return CRLDataPtr();
- }
-
- SoupMessageSendBase::MessageBuffer mBuffer = message.getResponse();
- return CRLDataPtr(new CRLData(mBuffer,uri));
-}
-
-CRL::CRLDataPtr CRL::getCRL(const std::string &uri) const
-{
- CRLCachedData cachedCrl;
- cachedCrl.distribution_point = uri;
- if (!(m_crlCache->getCRLResponse(&cachedCrl))) {
- LogInfo("CRL not present in database. URI: " << uri);
- return CRLDataPtr();
- }
-
- std::string body = cachedCrl.crl_body;
-
- LogInfo("CRL found in database.");
- //TODO: remove when ORM::blob available
- //Encode buffer to base64 format to store in database
-
- Base64Decoder decoder;
- decoder.append(body);
- if (!decoder.finalize()) {
- LogError("Failed to decode base64 format.");
- ThrowMsg(CRLException::StorageError, "Failed to decode base64 format.");
- }
- std::string crlBody = decoder.get();
-
- DPL::ScopedArray<char> bodyBuffer(new char[crlBody.length()]);
- crlBody.copy(bodyBuffer.Get(), crlBody.length());
- return CRLDataPtr(new CRLData(bodyBuffer.Release(), crlBody.length(),
- uri));
-}
-
-void CRL::updateCRL(const CRLDataPtr &crl)
-{
- //TODO: remove when ORM::blob available
- //Encode buffer to base64 format to store in database
- Base64Encoder encoder;
- if (!crl || !crl->buffer) {
- ThrowMsg(CRLException::InternalError, "CRL buffer is empty");
- }
- encoder.append(std::string(crl->buffer, crl->length));
- encoder.finalize();
- std::string b64CRLBody = encoder.get();
-
- time_t nextUpdateTime = 0;
- X509_CRL *crlInternal = convertToInternal(crl);
-
- if (X509_CRL_get_nextUpdate(crlInternal)) {
- asn1TimeToTimeT(X509_CRL_get_nextUpdate(crlInternal),
- &nextUpdateTime);
- }
-
- X509_CRL_free(crlInternal);
- //Update/insert crl body
- CRLCachedData data;
- data.distribution_point = crl->uri;
- data.crl_body = b64CRLBody;
- data.next_update_time = nextUpdateTime;
-
- m_crlCache->setCRLResponse(&data);
-}
-} // ValidationCore
+} // namespace ValidationCore
* limitations under the License.
*/
/*!
- * @author Piotr Marcinkiewicz(p.marcinkiew@samsung.com)
- * @version 0.4
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 0.5
* @file CRL.h
* @brief Routines for certificate validation over CRL
*/
-#ifndef WRT_ENGINE_SRC_VALIDATION_CORE_ENGINE_CRL_H_
-#define WRT_ENGINE_SRC_VALIDATION_CORE_ENGINE_CRL_H_
+#ifndef _VALIDATION_CORE_ENGINE_CRL_H_
+#define _VALIDATION_CORE_ENGINE_CRL_H_
-#include <dpl/exception.h>
-#include <dpl/shared_ptr.h>
-#include <dpl/noncopyable.h>
-#include <dpl/log/log.h>
+#include <list>
+#include <string>
-#include "Certificate.h"
-#include "CertificateCollection.h"
-#include "SoupMessageSendBase.h"
-#include "VerificationStatus.h"
-#include "CRLCacheInterface.h"
+#include <vcore/Certificate.h>
+#include <vcore/CertificateCollection.h>
+#include <vcore/VerificationStatus.h>
+#include <vcore/CRLCacheInterface.h>
+#include <vcore/exception.h>
namespace ValidationCore {
namespace CRLException {
-DECLARE_EXCEPTION_TYPE(DPL::Exception, CRLException)
-DECLARE_EXCEPTION_TYPE(CRLException, StorageError)
-DECLARE_EXCEPTION_TYPE(CRLException, DownloadFailed)
-DECLARE_EXCEPTION_TYPE(CRLException, InternalError)
-DECLARE_EXCEPTION_TYPE(CRLException, InvalidParameter)
-}
-
-class CRL : DPL::Noncopyable
-{
- protected:
- X509_STORE *m_store;
- X509_LOOKUP *m_lookup;
- CRLCacheInterface *m_crlCache;
-
- class CRLData : DPL::Noncopyable
- {
- public:
- //TODO: change to SharedArray when available
- char *buffer;
- size_t length;
- std::string uri;
-
- CRLData(char* _buffer,
- size_t _length,
- const std::string &_uri) :
- buffer(_buffer),
- length(_length),
- uri(_uri)
- {
- }
-
- CRLData(const SoupWrapper::SoupMessageSendBase::MessageBuffer &mBuff,
- const std::string &mUri)
- : uri(mUri)
- {
- buffer = new char[mBuff.size()];
- length = mBuff.size();
- memcpy(buffer, &mBuff[0], mBuff.size());
- }
-
- ~CRLData()
- {
- LogInfo("Delete buffer");
- delete[] buffer;
- }
- };
- typedef DPL::SharedPtr<CRLData> CRLDataPtr;
- typedef std::list<std::string> StringList;
+VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base)
+VCORE_DECLARE_EXCEPTION_TYPE(Base, StorageError)
+VCORE_DECLARE_EXCEPTION_TYPE(Base, InternalError)
+VCORE_DECLARE_EXCEPTION_TYPE(Base, InvalidParameter)
- CRLDataPtr getCRL(const std::string &uri) const;
- CRLDataPtr downloadCRL(const std::string &uri);
- X509_STORE_CTX *createContext(const CertificatePtr &argCert);
- void updateCRL(const CRLDataPtr &crl);
- X509_CRL *convertToInternal(const CRLDataPtr &crl) const;
- StringList getCrlUris(const CertificatePtr &argCert);
- bool isPEMFormat(const CRLDataPtr &crl) const;
- bool verifyCRL(X509_CRL *crl,
- const CertificatePtr &cert);
- void cleanup();
- bool isOutOfDate(const CRLDataPtr &crl) const;
+} // namespace CRLException
+
+class CRLImpl;
+
+class CRL {
+public:
+ typedef std::list<std::string> StringList;
- friend class CachedCRL;
- public:
enum UpdatePolicy
{
UPDATE_ON_EXPIRED, /**< Download and update CRL only when next update
bool isRevoked; /**< True when certificate is revoked */
};
+ CRL() = delete;
CRL(CRLCacheInterface *ptr);
- ~CRL();
+ virtual ~CRL();
/**
* @brief Checks if given certificate is revoked.
* added to known certificate store.
*/
void addToStore(const CertificatePtr &argCert);
+private:
+ friend class CachedCRL;
+ CRLImpl *m_impl;
+
+ CRL(const CRL &);
+ const CRL &operator=(const CRL &);
};
-} // ValidationCore
-#endif //ifndef WRT_ENGINE_SRC_VALIDATION_CORE_ENGINE_CRL_H_
+} // namespace ValidationCore
+
+#endif // _VALIDATION_CORE_ENGINE_CRL_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @author Piotr Marcinkiewicz(p.marcinkiew@samsung.com)
+ * @version 0.2
+ * @file CRLImpl.cpp
+ * @brief Routines for certificate validation over CRL
+ */
+
+#include <vcore/CRL.h>
+#include <vcore/CRLImpl.h>
+
+#include <set>
+#include <algorithm>
+
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/ocsp.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+
+#include <dpl/log/log.h>
+#include <dpl/assert.h>
+#include <dpl/db/orm.h>
+#include <dpl/foreach.h>
+
+#include <vcore/Base64.h>
+#include <vcore/Certificate.h>
+#include <vcore/SoupMessageSendSync.h>
+#include <vcore/CRLCacheInterface.h>
+
+namespace {
+const char *CRL_LOOKUP_DIR_1 = "/usr/share/cert-svc/ca-certs/code-signing/wac";
+const char *CRL_LOOKUP_DIR_2 = "/usr/share/cert-svc/certs/code-signing/wac";
+} //anonymous namespace
+
+namespace ValidationCore {
+
+CRL::StringList CRLImpl::getCrlUris(const CertificatePtr &argCert)
+{
+ CRL::StringList result = argCert->getCrlUris();
+
+ if (!result.empty()) {
+ return result;
+ }
+ LogInfo("No distribution points found. Getting from CA cert.");
+ X509_STORE_CTX *ctx = createContext(argCert);
+ X509_OBJECT obj;
+
+ //Try to get distribution points from CA certificate
+ int retVal = X509_STORE_get_by_subject(ctx, X509_LU_X509,
+ X509_get_issuer_name(argCert->
+ getX509()),
+ &obj);
+ X509_STORE_CTX_free(ctx);
+ if (0 >= retVal) {
+ LogError("No dedicated CA certificate available");
+ return result;
+ }
+ CertificatePtr caCert(new Certificate(obj.data.x509));
+ X509_OBJECT_free_contents(&obj);
+ return caCert->getCrlUris();
+}
+
+CRLImpl::CRLImpl(CRLCacheInterface *ptr)
+ : m_crlCache(ptr)
+{
+ Assert(m_crlCache != NULL);
+
+ LogInfo("CRL storage initialization.");
+ m_store = X509_STORE_new();
+ if (!m_store)
+ VcoreThrowMsg(CRLException::StorageError,
+ "impossible to create new store");
+
+ m_lookup = X509_STORE_add_lookup(m_store, X509_LOOKUP_hash_dir());
+ if (!m_lookup) {
+ cleanup();
+ VcoreThrowMsg(CRLException::StorageError,
+ "impossible to add hash dir lookup");
+ }
+ // Add hash dir pathname for CRL checks
+ bool retVal = X509_LOOKUP_add_dir(m_lookup,
+ CRL_LOOKUP_DIR_1, X509_FILETYPE_PEM) == 1;
+ retVal &= retVal && (X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR_1,
+ X509_FILETYPE_ASN1) == 1);
+ retVal &= retVal && (X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR_2,
+ X509_FILETYPE_PEM) == 1);
+ retVal &= retVal && (X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR_2,
+ X509_FILETYPE_ASN1) == 1);
+ if (!retVal) {
+ cleanup();
+ VcoreThrowMsg(CRLException::StorageError,
+ "Failed to add lookup dir for PEM files");
+ }
+
+ LogInfo("CRL storage initialization complete.");
+}
+
+CRLImpl::~CRLImpl()
+{
+ cleanup();
+ delete m_crlCache;
+}
+
+void CRLImpl::cleanup()
+{
+ LogInfo("Free CRL storage");
+ // STORE is responsible for LOOKUP release
+ // X509_LOOKUP_free(m_lookup);
+ X509_STORE_free(m_store);
+}
+
+CRL::RevocationStatus CRLImpl::checkCertificate(const CertificatePtr &argCert)
+{
+ CRL::RevocationStatus retStatus = {false, false};
+ int retVal = 0;
+ CRL::StringList crlUris = getCrlUris(argCert);
+ FOREACH(it, crlUris) {
+ CRLDataPtr crl = getCRL(*it);
+ if (!crl) {
+ LogDebug("CRL not found for URI: " << *it);
+ continue;
+ }
+ X509_CRL *crlInternal = convertToInternal(crl);
+
+ //Check date
+ if (X509_CRL_get_nextUpdate(crlInternal)) {
+ retVal = X509_cmp_current_time(
+ X509_CRL_get_nextUpdate(crlInternal));
+ retStatus.isCRLValid = retVal > 0;
+ } else {
+ // If nextUpdate is not set assume it is actual.
+ retStatus.isCRLValid = true;
+ }
+ LogInfo("CRL valid: " << retStatus.isCRLValid);
+ X509_REVOKED rev;
+ rev.serialNumber = X509_get_serialNumber(argCert->getX509());
+ // sk_X509_REVOKED_find returns index if serial number is found on list
+ retVal = sk_X509_REVOKED_find(crlInternal->crl->revoked, &rev);
+ X509_CRL_free(crlInternal);
+ retStatus.isRevoked = retVal != -1;
+ LogInfo("CRL revoked: " << retStatus.isRevoked);
+
+ if (!retStatus.isRevoked && isOutOfDate(crl)) {
+ LogDebug("Certificate is not Revoked, but CRL is outOfDate.");
+ continue;
+ }
+
+ return retStatus;
+ }
+ // If there is no CRL for any of URIs it means it's not possible to
+ // tell anything about revocation status but it's is not an error.
+ return retStatus;
+}
+
+CRL::RevocationStatus CRLImpl::checkCertificateChain(CertificateCollection certChain)
+{
+ if (!certChain.sort())
+ VcoreThrowMsg(CRLException::InvalidParameter,
+ "Certificate list doesn't create chain.");
+
+ CRL::RevocationStatus ret;
+ ret.isCRLValid = true;
+ ret.isRevoked = false;
+ const CertificateList &certList = certChain.getChain();
+ FOREACH(it, certList) {
+ if (!(*it)->isRootCert()) {
+ LogInfo("Certificate common name: " << (*it)->getCommonName());
+ CRL::RevocationStatus certResult = checkCertificate(*it);
+ ret.isCRLValid &= certResult.isCRLValid;
+ ret.isRevoked |= certResult.isRevoked;
+ if (ret.isCRLValid && !ret.isRevoked) {
+ addToStore(*it);
+ }
+
+ if (ret.isRevoked) {
+ return ret;
+ }
+ }
+ }
+
+ return ret;
+}
+
+VerificationStatus CRLImpl::checkEndEntity(CertificateCollection &chain)
+{
+ if (!chain.sort() && !chain.empty()) {
+ LogInfo("Could not find End Entity certificate. "
+ "Collection does not form chain.");
+ return VERIFICATION_STATUS_ERROR;
+ }
+ CertificateList::const_iterator iter = chain.begin();
+ CRL::RevocationStatus stat = checkCertificate(*iter);
+ if (stat.isRevoked) {
+ return VERIFICATION_STATUS_REVOKED;
+ }
+ if (stat.isCRLValid) {
+ return VERIFICATION_STATUS_GOOD;
+ }
+ return VERIFICATION_STATUS_ERROR;
+}
+
+void CRLImpl::addToStore(const CertificatePtr &argCert)
+{
+ X509_STORE_add_cert(m_store, argCert->getX509());
+}
+
+bool CRLImpl::isOutOfDate(const CRLDataPtr &crl) const {
+ X509_CRL *crlInternal = convertToInternal(crl);
+
+ bool result = false;
+ if (X509_CRL_get_nextUpdate(crlInternal)) {
+ if (0 > X509_cmp_current_time(X509_CRL_get_nextUpdate(crlInternal))) {
+ result = true;
+ } else {
+ result = false;
+ }
+ } else {
+ result = true;
+ }
+ X509_CRL_free(crlInternal);
+ return result;
+}
+
+bool CRLImpl::updateList(const CertificatePtr &argCert,
+ const CRL::UpdatePolicy updatePolicy)
+{
+ LogInfo("Update CRL for certificate");
+
+ // Retrieve distribution points
+ CRL::StringList crlUris = getCrlUris(argCert);
+ FOREACH(it, crlUris) {
+ // Try to get CRL from database
+ LogInfo("Getting CRL for URI: " << *it);
+
+ bool downloaded = false;
+
+ CRLDataPtr crl;
+
+ // If updatePolicy == UPDATE_ON_DEMAND we dont care
+ // about data in cache. New crl must be downloaded.
+ if (updatePolicy == CRL::UPDATE_ON_EXPIRED) {
+ crl = getCRL(*it);
+ }
+
+ if (!!crl && isOutOfDate(crl)) {
+ LogDebug("Crl out of date - downloading.");
+ crl = downloadCRL(*it);
+ downloaded = true;
+ }
+
+ if (!crl) {
+ LogDebug("Crl not found in cache - downloading.");
+ crl = downloadCRL(*it);
+ downloaded = true;
+ }
+
+ if (!crl) {
+ LogDebug("Failed to obtain CRL. URL: " << *it);
+ continue;
+ }
+
+ if (!!crl && isOutOfDate(crl)) {
+ LogError("CRL out of date. Broken URL: " << *it);
+ }
+
+ // Make X509 internal structure
+ X509_CRL *crlInternal = convertToInternal(crl);
+
+ //Check if CRL is signed
+ if (!verifyCRL(crlInternal, argCert)) {
+ LogError("Failed to verify CRL. URI: " << crl->uri);
+ X509_CRL_free(crlInternal);
+ return false;
+ }
+ X509_CRL_free(crlInternal);
+
+ if (downloaded) {
+ updateCRL(crl);
+ }
+ return true;
+ }
+
+ return false;
+}
+
+void CRLImpl::addToStore(const CertificateCollection &collection)
+{
+ FOREACH(it, collection){
+ addToStore(*it);
+ }
+}
+
+bool CRLImpl::updateList(const CertificateCollection &collection,
+ CRL::UpdatePolicy updatePolicy)
+{
+ bool failed = false;
+
+ FOREACH(it, collection){
+ failed |= !updateList(*it, updatePolicy);
+ }
+
+ return !failed;
+}
+
+bool CRLImpl::verifyCRL(X509_CRL *crl,
+ const CertificatePtr &cert)
+{
+ X509_OBJECT obj;
+ X509_STORE_CTX *ctx = createContext(cert);
+
+ /* get issuer certificate */
+ int retVal = X509_STORE_get_by_subject(ctx, X509_LU_X509,
+ X509_CRL_get_issuer(crl), &obj);
+ X509_STORE_CTX_free(ctx);
+ if (0 >= retVal) {
+ LogError("Unknown CRL issuer certificate!");
+ return false;
+ }
+
+ /* extract public key and verify signature */
+ EVP_PKEY *pkey = X509_get_pubkey(obj.data.x509);
+ X509_OBJECT_free_contents(&obj);
+ if (!pkey) {
+ LogError("Failed to get issuer's public key.");
+ return false;
+ }
+ retVal = X509_CRL_verify(crl, pkey);
+ EVP_PKEY_free(pkey);
+ if (0 > retVal) {
+ LogError("Failed to verify CRL.");
+ return false;
+ } else if (0 == retVal) {
+ LogError("CRL is invalid");
+ return false;
+ }
+ LogInfo("CRL is valid.");
+ return true;
+}
+
+bool CRLImpl::isPEMFormat(const CRLDataPtr &crl) const
+{
+ const char *pattern = "-----BEGIN X509 CRL-----";
+ std::string content(crl->buffer, crl->length);
+ if (content.find(pattern) != std::string::npos) {
+ LogInfo("CRL is in PEM format.");
+ return true;
+ }
+ LogInfo("CRL is in DER format.");
+ return false;
+}
+
+X509_CRL *CRLImpl::convertToInternal(const CRLDataPtr &crl) const
+{
+ //At this point it's not clear does crl have DER or PEM format
+ X509_CRL *ret = NULL;
+ if (isPEMFormat(crl)) {
+ BIO *bmem = BIO_new_mem_buf(crl->buffer, crl->length);
+ if (!bmem)
+ VcoreThrowMsg(CRLException::InternalError,
+ "Failed to allocate memory in BIO");
+
+ ret = PEM_read_bio_X509_CRL(bmem, NULL, NULL, NULL);
+ BIO_free_all(bmem);
+ } else {
+ //If it's not PEM it must be DER format
+ std::string content(crl->buffer, crl->length);
+ const unsigned char *buffer =
+ reinterpret_cast<unsigned char*>(crl->buffer);
+ ret = d2i_X509_CRL(NULL, &buffer, crl->length);
+ }
+
+ if (!ret)
+ VcoreThrowMsg(CRLException::InternalError,
+ "Failed to convert to internal structure");
+ return ret;
+}
+
+X509_STORE_CTX *CRLImpl::createContext(const CertificatePtr &argCert)
+{
+ X509_STORE_CTX *ctx;
+ ctx = X509_STORE_CTX_new();
+ if (!ctx)
+ VcoreThrowMsg(CRLException::StorageError, "Failed to create new ctx");
+
+ X509_STORE_CTX_init(ctx, m_store, argCert->getX509(), NULL);
+ return ctx;
+}
+
+CRLImpl::CRLDataPtr CRLImpl::downloadCRL(const std::string &uri)
+{
+ using namespace SoupWrapper;
+
+ char *cport = 0, *chost = 0,*cpath = 0;
+ int use_ssl = 0;
+
+ if (!OCSP_parse_url(const_cast<char*>(uri.c_str()),
+ &chost,
+ &cport,
+ &cpath,
+ &use_ssl))
+ {
+ LogWarning("Error in OCSP_parse_url");
+ return CRLDataPtr();
+ }
+
+ std::string host = chost;
+ if (cport) {
+ host += ":";
+ host += cport;
+ }
+
+ free(cport);
+ free(chost);
+ free(cpath);
+
+ SoupMessageSendSync message;
+ message.setHost(uri);
+ message.setHeader("Host", host);
+
+ if (SoupMessageSendSync::REQUEST_STATUS_OK != message.sendSync()) {
+ LogWarning("Error in sending network request.");
+ return CRLDataPtr();
+ }
+
+ SoupMessageSendBase::MessageBuffer mBuffer = message.getResponse();
+ return CRLDataPtr(new CRLData(mBuffer,uri));
+}
+
+CRLImpl::CRLDataPtr CRLImpl::getCRL(const std::string &uri) const
+{
+ CRLCachedData cachedCrl;
+ cachedCrl.distribution_point = uri;
+ if (!(m_crlCache->getCRLResponse(&cachedCrl))) {
+ LogInfo("CRL not present in database. URI: " << uri);
+ return CRLDataPtr();
+ }
+
+ std::string body = cachedCrl.crl_body;
+
+ LogInfo("CRL found in database.");
+ //TODO: remove when ORM::blob available
+ //Encode buffer to base64 format to store in database
+
+ Base64Decoder decoder;
+ decoder.append(body);
+ if (!decoder.finalize())
+ VcoreThrowMsg(CRLException::StorageError,
+ "Failed to decode base64 format.");
+ std::string crlBody = decoder.get();
+
+ std::unique_ptr<char[]> bodyBuffer(new char[crlBody.length()]);
+ crlBody.copy(bodyBuffer.get(), crlBody.length());
+ return CRLDataPtr(new CRLData(bodyBuffer.release(), crlBody.length(),
+ uri));
+}
+
+void CRLImpl::updateCRL(const CRLDataPtr &crl)
+{
+ //TODO: remove when ORM::blob available
+ //Encode buffer to base64 format to store in database
+ Base64Encoder encoder;
+ if (!crl || !crl->buffer)
+ VcoreThrowMsg(CRLException::InternalError, "CRL buffer is empty");
+
+ encoder.append(std::string(crl->buffer, crl->length));
+ encoder.finalize();
+ std::string b64CRLBody = encoder.get();
+
+ time_t nextUpdateTime = 0;
+ X509_CRL *crlInternal = convertToInternal(crl);
+
+ if (X509_CRL_get_nextUpdate(crlInternal)) {
+ asn1TimeToTimeT(X509_CRL_get_nextUpdate(crlInternal),
+ &nextUpdateTime);
+ }
+
+ X509_CRL_free(crlInternal);
+ //Update/insert crl body
+ CRLCachedData data;
+ data.distribution_point = crl->uri;
+ data.crl_body = b64CRLBody;
+ data.next_update_time = nextUpdateTime;
+
+ m_crlCache->setCRLResponse(&data);
+}
+
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @author Piotr Marcinkiewicz(p.marcinkiew@samsung.com)
+ * @version 0.4
+ * @file CRLImpl.h
+ * @brief Routines for certificate validation over CRL
+ */
+
+#ifndef _VALIDATION_CORE_ENGINE_CRLIMPL_H_
+#define _VALIDATION_CORE_ENGINE_CRLIMPL_H_
+
+#include <string.h>
+#include <memory>
+#include <openssl/x509.h>
+
+#include <dpl/noncopyable.h>
+
+#include <vcore/Certificate.h>
+#include <vcore/CertificateCollection.h>
+#include <vcore/SoupMessageSendBase.h>
+#include <vcore/VerificationStatus.h>
+#include <vcore/CRLCacheInterface.h>
+#include <vcore/TimeConversion.h>
+
+#include <vcore/CRL.h>
+
+namespace ValidationCore {
+
+class CRLImpl : VcoreDPL::Noncopyable {
+protected:
+ X509_STORE *m_store;
+ X509_LOOKUP *m_lookup;
+ CRLCacheInterface *m_crlCache;
+
+ class CRLData : VcoreDPL::Noncopyable {
+ public:
+ //TODO: change to SharedArray when available
+ char *buffer;
+ size_t length;
+ std::string uri;
+
+ CRLData(char* _buffer,
+ size_t _length,
+ const std::string &_uri) :
+ buffer(_buffer),
+ length(_length),
+ uri(_uri)
+ {
+ }
+
+ CRLData(const SoupWrapper::SoupMessageSendBase::MessageBuffer &mBuff,
+ const std::string &mUri)
+ : uri(mUri)
+ {
+ buffer = new char[mBuff.size()];
+ length = mBuff.size();
+ memcpy(buffer, &mBuff[0], mBuff.size());
+ }
+
+ ~CRLData()
+ {
+ delete[] buffer;
+ }
+ };
+ typedef std::shared_ptr<CRLData> CRLDataPtr;
+
+ CRLDataPtr getCRL(const std::string &uri) const;
+ CRLDataPtr downloadCRL(const std::string &uri);
+ X509_STORE_CTX *createContext(const CertificatePtr &argCert);
+ void updateCRL(const CRLDataPtr &crl);
+ X509_CRL *convertToInternal(const CRLDataPtr &crl) const;
+ CRL::StringList getCrlUris(const CertificatePtr &argCert);
+ bool isPEMFormat(const CRLDataPtr &crl) const;
+ bool verifyCRL(X509_CRL *crl,
+ const CertificatePtr &cert);
+ void cleanup();
+ bool isOutOfDate(const CRLDataPtr &crl) const;
+
+ friend class CachedCRL;
+
+public:
+ CRLImpl(CRLCacheInterface *ptr);
+ ~CRLImpl();
+
+ /**
+ * @brief Checks if given certificate is revoked.
+ *
+ * @details This function doesn't update CRL list. If related CRL
+ * is out of date the #isCRLValid return parameter is set to false.
+ *
+ * @param[in] argCert The certificate to check against revocation.
+ * @return RevocationStatus.isRevoked True when certificate is revoked,
+ * false otherwise.
+ * RevocationStatus.isCRLValid True if related CRL has not expired,
+ * false otherwise.
+ */
+ CRL::RevocationStatus checkCertificate(const CertificatePtr &argCert);
+
+ /**
+ * @brief Checks if any certificate from certificate chain is revoked.
+ *
+ * @details This function doesn't update CRL lists. If any of related
+ * CRL is out of date the #isCRLValid parameter is set to true.
+ * This function adds valid certificates from the chain to internal storage
+ * map so they'll be available in further check operations for current
+ * CRL object.
+ *
+ * @param[in] argCert The certificate chain to check against revocation.
+ * @return RevocationStatus.isRevoked True when any from certificate chain
+ * is revoked, false otherwise.
+ * RevocationStatus.isCRLValid True if all of related CRLs has
+ * not expired, false otherwise.
+ */
+ CRL::RevocationStatus checkCertificateChain(CertificateCollection certChain);
+
+ VerificationStatus checkEndEntity(CertificateCollection &chain);
+
+ /**
+ * @brief Updates CRL related with given certificate.
+ *
+ * @details This function updates CRL list related with given certificate.
+ * If CRL related with given certificate is not stored in database
+ * then this function will download CRL and store it in database.
+ *
+ * @param[in] argCert The certificate for which the CRL will be updated
+ * @param[in] updatePolicy Determine when CRL will be downloaded and updated
+ * @return True when CRL for given certificate was updated successfully,
+ * false otherwise.
+ */
+ bool updateList(const CertificatePtr &argCert,
+ const CRL::UpdatePolicy updatePolicy);
+
+ /**
+ * @brief Updates CRL related with given certificates.
+ *
+ * @details This function updates CRL lists related with given certificates.
+ * If CRL related with given certificate is not stored in database
+ * then this function will download CRL and store it in database.
+ *
+ * @param[in] collection The certificate collection for which the CRL will
+ * be updated
+ * @param[in] updatePolicy Determine when CRL will be downloaded and updated
+ * @return True when CRL for given certificate was updated successfully,
+ * false otherwise.
+ */
+ bool updateList(const CertificateCollection &collection,
+ const CRL::UpdatePolicy updatePolisy);
+
+ /**
+ * @brief Add certificates to trusted certificates store.
+ *
+ * @param[in] collection The certificate collection which will be
+ * added to known certificate store.
+ */
+ void addToStore(const CertificateCollection &collection);
+
+ /**
+ * @brief Add one certificate to trusted certificates store.
+ *
+ * @param[in] collection The certificate collection which will be
+ * added to known certificate store.
+ */
+ void addToStore(const CertificatePtr &argCert);
+};
+
+} // ValidationCore
+
+#endif // _VALIDATION_CORE_ENGINE_CRLIMPL_H_
*
* @file CachedCRL.cpp
* @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 0.1
+ * @version 0.2
* @brief Cached CRL class implementation
*/
-
-#include <string>
-#include <time.h>
+#include <vcore/CachedCRL.h>
#include <dpl/foreach.h>
#include <dpl/log/log.h>
#include <dpl/foreach.h>
-#include "CRL.h"
-#include "CachedCRL.h"
-#include "Certificate.h"
-#include "CertificateCacheDAO.h"
-#include "CRLCacheDAO.h"
+#include <vcore/CRLImpl.h>
+#include <vcore/CertificateCacheDAO.h>
+#include <vcore/CRLCacheDAO.h>
+
+namespace {
+
+const time_t CRL_minTimeValid = 3600; // one hour in seconds
+
+const time_t CRL_maxTimeValid = 3600 * 24 * 7; // one week in seconds
+
+const time_t CRL_refreshBefore = 3600; // one hour in seconds
+
+time_t getNextUpdateTime(time_t now, time_t response_validity)
+{
+ time_t min = now + CRL_minTimeValid;
+ time_t max = now + CRL_maxTimeValid;
+ if (response_validity < min) {
+ return min;
+ }
+ if (response_validity > max) {
+ return max;
+ }
+ return response_validity;
+}
+
+} // namespace anonymous
namespace ValidationCore {
-const time_t CachedCRL::CRL_minTimeValid = 3600; // one hour in seconds
+time_t CachedCRL::getCRLMinTimeValid() {
+ return CRL_minTimeValid;
+}
-const time_t CachedCRL::CRL_maxTimeValid = 3600 * 24 * 7; // one week in seconds
+time_t CachedCRL::getCRLMaxTimeValid() {
+ return CRL_maxTimeValid;
+}
+
+time_t CachedCRL::getCRLRefreshBefore() {
+ return CRL_refreshBefore;
+}
-const time_t CachedCRL::CRL_refreshBefore = 3600; // one hour in seconds
+CachedCRL::CachedCRL(){}
+CachedCRL::~CachedCRL(){}
VerificationStatus CachedCRL::check(const CertificateCollection &certs)
{
- CRL crl(new CRLCacheDAO);
+ CRLImpl crl(new CRLCacheDAO);
bool allValid = true;
// we dont check CRL validity since
// we may use crl for longer time
LogDebug("Status ERROR");
return VERIFICATION_STATUS_ERROR;
}
- CRL crl(new CRLCacheDAO);
+ CRLImpl crl(new CRLCacheDAO);
bool allValid = true;
// we dont check CRL validity since
// we may use crl for longer time
}
}
-bool CachedCRL::updateCRLForUri(const std::string & uri, bool useExpiredShift)
+bool CachedCRL::updateCRLForUri(const std::string &uri, bool useExpiredShift)
{
+ using namespace ValidationCore;
CRLCachedData cachedCRL;
cachedCRL.distribution_point = uri;
time_t now;
}
}
// need to download new CRL
- CRL crl(new CRLCacheDAO);
- CRL::CRLDataPtr list = crl.downloadCRL(uri);
+ CRLImpl crl(new CRLCacheDAO);
+ CRLImpl::CRLDataPtr list = crl.downloadCRL(uri);
if (!list) {
LogWarning("Could not retreive CRL from " << uri);
return false;
return true;
}
-time_t CachedCRL::getNextUpdateTime(time_t now, time_t response_validity)
-{
- time_t min = now + CRL_minTimeValid;
- time_t max = now + CRL_maxTimeValid;
- if (response_validity < min) {
- return min;
- }
- if (response_validity > max) {
- return max;
- }
- return response_validity;
-}
-
} // namespace ValidationCore
*
* @file CachedCRL.h
* @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 0.1
+ * @version 0.2
* @brief Header file for smart cached CRL class
*/
-#ifndef _SRC_VALIDATION_CORE_CACHED_CRL_
-#define _SRC_VALIDATION_CORE_CACHED_CRL_
+#ifndef _VALIDATION_CORE_CACHED_CRL_H_
+#define _VALIDATION_CORE_CACHED_CRL_H_
-#include "CRL.h"
-#include "IAbstractResponseCache.h"
+#include <ctime>
+#include <string>
+
+#include <vcore/Certificate.h>
+#include <vcore/CertificateCollection.h>
+#include <vcore/VerificationStatus.h>
+#include <vcore/IAbstractResponseCache.h>
namespace ValidationCore {
class CachedCRL : public IAbstractResponseCache {
- public:
+public:
// cache can't be refreshed more frequently than CRL_minTimeValid
- static const time_t CRL_minTimeValid;
+ static time_t getCRLMinTimeValid();
// to be even more secure, cache will be refreshed for certificate at least
// after CRL_maxTimeValid from last response
- static const time_t CRL_maxTimeValid;
+ static time_t getCRLMaxTimeValid();
// upon cache refresh, responses that will be invalid in CRL_refreshBefore
// seconds will be refreshed
- static const time_t CRL_refreshBefore;
+ static time_t getCRLRefreshBefore();
VerificationStatus check(const CertificateCollection &certs);
VerificationStatus checkEndEntity(CertificateCollection &certs);
void updateCache();
- CachedCRL()
- {
- }
- virtual ~CachedCRL()
- {
- }
+ CachedCRL();
+
+ virtual ~CachedCRL();
- private:
+private:
// updates CRL cache for distributor URI
// useExpiredShift ==true should be used in cron/global cache update
// since it updates all CRLs that will be out of date in next
// CRL_refreshBefore seconds
- bool updateCRLForUri(const std::string & uri,
- bool useExpiredShift);
- time_t getNextUpdateTime(time_t now, time_t response_validity);
+ bool updateCRLForUri(const std::string & uri, bool useExpiredShift);
};
} // namespace ValidationCore
-#endif /* _SRC_VALIDATION_CORE_CACHED_CRL_ */
+#endif /* _VALIDATION_CORE_CACHED_CRL_ */
#include <dpl/log/log.h>
#include <dpl/foreach.h>
-#include "OCSP.h"
-#include "CachedOCSP.h"
-#include "Certificate.h"
-#include "CertificateCacheDAO.h"
+#include <vcore/OCSP.h>
+#include <vcore/OCSPImpl.h>
+#include <vcore/CachedOCSP.h>
+#include <vcore/Certificate.h>
+#include <vcore/CertificateCacheDAO.h>
+
+namespace {
+
+// one hour in seconds
+const time_t OCSP_minTimeValid = 3600; // one hour in seconds
+
+// one week in seconds
+const time_t OCSP_maxTimeValid = 3600 * 24 * 7;
+
+// one hour in seconds
+const time_t OCSP_refreshBefore = 3600;
+
+} // anonymous namespace
namespace ValidationCore {
-const time_t CachedOCSP::OCSP_minTimeValid = 3600; // one hour in seconds
+time_t CachedOCSP::getOCSPMinTimeValid() {
+ return OCSP_minTimeValid;
+}
-const time_t CachedOCSP::OCSP_maxTimeValid =
- 3600 * 24 * 7; // one week in seconds
+time_t CachedOCSP::getOCSPMaxTimeValid() {
+ return OCSP_maxTimeValid;
+}
-const time_t CachedOCSP::OCSP_refreshBefore = 3600; // one hour in seconds
+time_t CachedOCSP::getOCSPRefreshBefore() {
+ return OCSP_refreshBefore;
+}
+
+CachedOCSP::CachedOCSP(){}
+
+CachedOCSP::~CachedOCSP(){}
VerificationStatus CachedOCSP::check(const CertificateCollection &certs)
{
OCSP ocsp;
ocsp.setTrustedStore(certs.getCertificateList());
- const char *defResponderURI = getenv(OCSP::DEFAULT_RESPONDER_URI_ENV);
-
- if (defResponderURI) {
- ocsp.setUseDefaultResponder(true);
- ocsp.setDefaultResponder(defResponderURI);
- }
-
VerificationStatusSet statusSet = ocsp.validateCertificateList(clst);
db_status.ocsp_status = statusSet.convertToStatus();
db_status.next_update_time = ocsp.getResponseValidity();
#ifndef _SRC_VALIDATION_CORE_CACHED_OCSP_
#define _SRC_VALIDATION_CORE_CACHED_OCSP_
-#include "OCSP.h"
-#include "IAbstractResponseCache.h"
+#include <vcore/OCSP.h>
+#include <vcore/IAbstractResponseCache.h>
namespace ValidationCore {
class CachedOCSP : public IAbstractResponseCache {
public:
// cache can't be refreshed more frequently than OCSP_minTimeValid
- static const time_t OCSP_minTimeValid;
-
+ static time_t getOCSPMinTimeValid();
// to be even more secure, cache will be refreshed for certificate at least
// after OCSP_minTimeValid from last response
- static const time_t OCSP_maxTimeValid;
+ static time_t getOCSPMaxTimeValid();
// upon cache refresh, responses that will be invalid in OCSP_refreshBefore
// seconds will be refreshed
- static const time_t OCSP_refreshBefore;
+ static time_t getOCSPRefreshBefore();
VerificationStatus check(const CertificateCollection &certs);
VerificationStatus checkEndEntity(CertificateCollection &certs);
void updateCache();
- CachedOCSP()
- {
- }
- virtual ~CachedOCSP()
- {
- }
+ CachedOCSP();
+
+ virtual ~CachedOCSP();
private:
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @file CertStoreType.cpp
+ * @version 1.0
+ * @brief Identification of certificate domain. Certificate domains
+ * were defined in WAC 1.0 documentation. This is a part
+ * should be implemented in wrt-installer.
+ */
+#include <vcore/CertStoreType.h>
+
+#include <string.h>
+
+namespace ValidationCore {
+namespace CertStoreId {
+
+Set::Set()
+ : m_certificateStorage(0)
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ , m_ocspUrl(NULL)
+#endif
+{}
+
+Set::~Set()
+{
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ delete[] m_ocspUrl;
+#endif
+}
+
+void Set::add(Type second)
+{
+ m_certificateStorage |= second;
+}
+
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+void Set::add(std::string ocspUrl)
+{
+
+ if (ocspUrl.length() == 0)
+ return;
+
+ m_ocspUrl = new char[ocspUrl.length() + 1];
+ if (m_ocspUrl)
+ strncpy(m_ocspUrl, ocspUrl.c_str(), ocspUrl.length() + 1);
+}
+#endif
+
+bool Set::contains(Type second) const
+{
+ return static_cast<bool>(m_certificateStorage & second);
+}
+
+bool Set::isEmpty() const
+{
+ return m_certificateStorage == 0;
+}
+
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+char* Set::getOcspUrl()
+{
+ return m_ocspUrl;
+}
+#endif
+
+} // namespace CertStoreId
+} // namespace ValidationCore
* limitations under the License.
*/
/*
- * @file
* @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @file CertStoreType.h
* @version 1.0
- * @brief
+ * @brief Identification of certificate domain. Certificate domains
+ * were defined in WAC 1.0 documentation. This is a part
+ * should be implemented in wrt-installer.
*/
-#ifndef _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTSTORETYPE_H_
-#define _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTSTORETYPE_H_
+#ifndef _VALIDATION_CORE_CERTSTORETYPE_H_
+#define _VALIDATION_CORE_CERTSTORETYPE_H_
+
+#include <string>
namespace ValidationCore {
namespace CertStoreId {
typedef unsigned int Type;
// RootCA certificates for developer mode.
-const Type DEVELOPER = 1;
+const Type TIZEN_DEVELOPER = 1;
// RootCA certificates for author signatures.
-const Type WAC_PUBLISHER = 1 << 1;
-// RootCA certificates for wac-signed widgets.
-const Type WAC_ROOT = 1 << 2;
-// RootCA certificates for wac-members ie. operators, manufacturers.
-const Type WAC_MEMBER = 1 << 3;
+const Type TIZEN_TEST = 1 << 1;
+const Type TIZEN_VERIFY = 1 << 2;
+// RootCA's visibility level : public
+const Type VIS_PUBLIC = 1 << 6;
+// RootCA's visibility level : partner
+const Type VIS_PARTNER = 1 << 7;
+// RootCA's visibility level : partner-operator
+const Type VIS_PARTNER_OPERATOR = 1 << 8;
+// RootCA's visibility level : partner-manufacturer
+const Type VIS_PARTNER_MANUFACTURER = 1 << 9;
+// RootCA's visibility level : platform
+const Type VIS_PLATFORM = 1 << 10;
-class Set
-{
- public:
- Set() :
- m_certificateStorage(0)
- {
- }
+class Set {
+public:
+ Set();
+ virtual ~Set();
- void add(Type second)
- {
- m_certificateStorage |= second;
- }
+ void add(Type second);
- bool contains(Type second) const
- {
- return static_cast<bool>(m_certificateStorage & second);
- }
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ void add(std::string ocspUrl);
+ char* getOcspUrl();
+#endif
- bool isEmpty() const
- {
- return m_certificateStorage == 0;
- }
+ bool contains(Type second) const;
+ bool isEmpty() const;
private:
Type m_certificateStorage;
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ char* m_ocspUrl;
+#endif
};
+
} // namespace CertStoreId
} // namespace ValidationCore
-#endif // _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTSTORETYPE_H_
+#endif // _VALIDATION_CORE_CERTSTORETYPE_H_
* @version 1.0
* @brief
*/
-#include "Certificate.h"
+#include <vcore/Certificate.h>
#include <memory>
#include <sstream>
#include <dpl/assert.h>
#include <dpl/log/log.h>
-#include <Base64.h>
+#include <vcore/Base64.h>
+#include <vcore/TimeConversion.h>
namespace ValidationCore {
-int asn1TimeToTimeT(ASN1_TIME *t,
- time_t *res)
-{
- struct tm tm;
- int offset;
-
- (*res) = 0;
- if (!ASN1_TIME_check(t)) {
- return -1;
- }
-
- memset(&tm, 0, sizeof(tm));
-
-#define g2(p) (((p)[0] - '0') * 10 + (p)[1] - '0')
- if (t->type == V_ASN1_UTCTIME) {
- Assert(t->length > 12);
-
- /* this code is copied from OpenSSL asn1/a_utctm.c file */
- tm.tm_year = g2(t->data);
- if (tm.tm_year < 50) {
- tm.tm_year += 100;
- }
- tm.tm_mon = g2(t->data + 2) - 1;
- tm.tm_mday = g2(t->data + 4);
- tm.tm_hour = g2(t->data + 6);
- tm.tm_min = g2(t->data + 8);
- tm.tm_sec = g2(t->data + 10);
- if (t->data[12] == 'Z') {
- offset = 0;
- } else {
- Assert(t->length > 16);
-
- offset = g2(t->data + 13) * 60 + g2(t->data + 15);
- if (t->data[12] == '-') {
- offset = -offset;
- }
- }
- tm.tm_isdst = -1;
- } else {
- Assert(t->length > 14);
-
- tm.tm_year = g2(t->data) * 100 + g2(t->data + 2);
- tm.tm_mon = g2(t->data + 4) - 1;
- tm.tm_mday = g2(t->data + 6);
- tm.tm_hour = g2(t->data + 8);
- tm.tm_min = g2(t->data + 10);
- tm.tm_sec = g2(t->data + 12);
- if (t->data[14] == 'Z') {
- offset = 0;
- } else {
- Assert(t->length > 18);
-
- offset = g2(t->data + 15) * 60 + g2(t->data + 17);
- if (t->data[14] == '-') {
- offset = -offset;
- }
- }
- tm.tm_isdst = -1;
- }
-#undef g2
- (*res) = timegm(&tm) - offset * 60;
- return 0;
-}
-
-int asn1GeneralizedTimeToTimeT(ASN1_GENERALIZEDTIME *tm,
- time_t *res)
-{
- /*
- * This code is based on following assumption:
- * from openssl/a_gentm.c:
- * GENERALIZEDTIME is similar to UTCTIME except the year is
- * represented as YYYY. This stuff treats everything as a two digit
- * field so make first two fields 00 to 99
- */
- const int DATE_BUFFER_LENGTH = 15; // YYYYMMDDHHMMSSZ
-
- if (NULL == res || NULL == tm) {
- LogError("NULL pointer");
- return -1;
- }
-
- if (DATE_BUFFER_LENGTH != tm->length || NULL == tm->data) {
- LogError("Invalid ASN1_GENERALIZEDTIME");
- return -1;
- }
-
- struct tm time_s;
- if (sscanf ((char*)tm->data,
- "%4d%2d%2d%2d%2d%2d",
- &time_s.tm_year,
- &time_s.tm_mon,
- &time_s.tm_mday,
- &time_s.tm_hour,
- &time_s.tm_min,
- &time_s.tm_sec) < 6)
- {
- LogError("Could not extract time data from ASN1_GENERALIZEDTIME");
- return -1;
- }
-
- time_s.tm_year -= 1900;
- time_s.tm_mon -= 1;
- time_s.tm_isdst = 0; // UTC
- time_s.tm_gmtoff = 0; // UTC
- time_s.tm_zone = NULL; // UTC
-
- *res = mktime(&time_s);
-
- return 0;
-}
-
Certificate::Certificate(X509 *cert)
{
Assert(cert);
m_x509 = X509_dup(cert);
- if (!m_x509) {
- LogWarning("Internal Openssl error in d2i_X509 function.");
- ThrowMsg(Exception::OpensslInternalError,
- "Internal Openssl error in d2i_X509 function.");
- }
+ if (!m_x509)
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "Internal Openssl error in d2i_X509 function.");
}
Certificate::Certificate(cert_svc_mem_buff &buffer)
Assert(buffer.data);
const unsigned char *ptr = buffer.data;
m_x509 = d2i_X509(NULL, &ptr, buffer.size);
- if (!m_x509) {
- LogWarning("Internal Openssl error in d2i_X509 function.");
- ThrowMsg(Exception::OpensslInternalError,
- "Internal Openssl error in d2i_X509 function.");
- }
+ if (!m_x509)
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "Internal Openssl error in d2i_X509 function.");
}
Certificate::Certificate(const std::string &der,
Base64Decoder base64;
base64.reset();
base64.append(der);
- base64.finalize();
+ if (!base64.finalize()) {
+ LogWarning("Error during decoding");
+ }
tmp = base64.get();
ptr = reinterpret_cast<const unsigned char*>(tmp.c_str());
size = static_cast<int>(tmp.size());
}
m_x509 = d2i_X509(NULL, &ptr, size);
- if (!m_x509) {
- LogError("Internal Openssl error in d2i_X509 function.");
- ThrowMsg(Exception::OpensslInternalError,
- "Internal Openssl error in d2i_X509 function.");
- }
+ if (!m_x509)
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "Internal Openssl error in d2i_X509 function.");
}
Certificate::~Certificate()
{
unsigned char *rawDer = NULL;
int size = i2d_X509(m_x509, &rawDer);
- if (!rawDer || size <= 0) {
- LogError("i2d_X509 failed");
- ThrowMsg(Exception::OpensslInternalError,
- "i2d_X509 failed");
- }
+ if (!rawDer || size <= 0)
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "i2d_X509 failed");
std::string output(reinterpret_cast<char*>(rawDer), size);
OPENSSL_free(rawDer);
Fingerprint raw;
if (type == FINGERPRINT_MD5) {
- if (!X509_digest(m_x509, EVP_md5(), fingerprint, &fingerprintlength)) {
- LogError("MD5 digest counting failed!");
- ThrowMsg(Exception::OpensslInternalError,
- "MD5 digest counting failed!");
- }
+ if (!X509_digest(m_x509, EVP_md5(), fingerprint, &fingerprintlength))
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "MD5 digest counting failed!");
}
if (type == FINGERPRINT_SHA1) {
- if (!X509_digest(m_x509, EVP_sha1(), fingerprint,
- &fingerprintlength))
- {
- LogError("SHA1 digest counting failed");
- ThrowMsg(Exception::OpensslInternalError,
- "SHA1 digest counting failed!");
- }
+ if (!X509_digest(m_x509, EVP_sha1(), fingerprint, &fingerprintlength))
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "SHA1 digest counting failed");
}
raw.resize(fingerprintlength); // improve performance
Assert("Invalid field type.");
}
- if (!name) {
- LogError("Error during x509 name extraction.");
- ThrowMsg(Exception::OpensslInternalError,
- "Error during x509 name extraction.");
- }
+ if (!name)
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "Error during x509 name extraction.");
return name;
}
-DPL::String Certificate::getOneLine(FieldType type) const
+std::string Certificate::getOneLine(FieldType type) const
{
X509_NAME *name = getX509Name(type);
static const int MAXB = 1024;
- char buffer[MAXB];
+ char buffer[MAXB] = {0, };
X509_NAME_oneline(name, buffer, MAXB);
- return DPL::FromUTF8String(buffer);
+
+ return std::string(buffer);
}
-DPL::OptionalString Certificate::getField(FieldType type,
- int fieldNid) const
+std::string Certificate::getField(FieldType type, int fieldNid) const
{
X509_NAME *subjectName = getX509Name(type);
X509_NAME_ENTRY *subjectEntry = NULL;
- DPL::Optional < DPL::String > output;
+ std::string output;
int entryCount = X509_NAME_entry_count(subjectName);
for (int i = 0; i < entryCount; ++i) {
int nLength = ASN1_STRING_to_UTF8(&pData,
pASN1Str);
- if (nLength < 0) {
- LogError("Reading field error.");
- ThrowMsg(Exception::OpensslInternalError,
- "Reading field error.");
- }
+ if (nLength < 0)
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "Reading field error.");
- std::string strEntry(reinterpret_cast<char*>(pData),
- nLength);
- output = DPL::FromUTF8String(strEntry);
- OPENSSL_free(pData);
+ if (!pData) {
+ output = std::string();
+ }
+ else {
+ output = std::string(reinterpret_cast<char*>(pData), nLength);
+ OPENSSL_free(pData);
+ }
}
+
return output;
}
-DPL::OptionalString Certificate::getCommonName(FieldType type) const
+std::string Certificate::getCommonName(FieldType type) const
{
return getField(type, NID_commonName);
}
-DPL::OptionalString Certificate::getCountryName(FieldType type) const
+std::string Certificate::getCountryName(FieldType type) const
{
return getField(type, NID_countryName);
}
-DPL::OptionalString Certificate::getStateOrProvinceName(FieldType type) const
+std::string Certificate::getStateOrProvinceName(FieldType type) const
{
return getField(type, NID_stateOrProvinceName);
}
-DPL::OptionalString Certificate::getLocalityName(FieldType type) const
+std::string Certificate::getLocalityName(FieldType type) const
{
return getField(type, NID_localityName);
}
-DPL::OptionalString Certificate::getOrganizationName(FieldType type) const
+std::string Certificate::getOrganizationName(FieldType type) const
{
return getField(type, NID_organizationName);
}
-DPL::OptionalString Certificate::getOrganizationalUnitName(FieldType type) const
+std::string Certificate::getOrganizationalUnitName(FieldType type) const
{
return getField(type, NID_organizationalUnitName);
}
-DPL::OptionalString Certificate::getOCSPURL() const
+std::string Certificate::getEmailAddres(FieldType type) const
+{
+ return getField(type, NID_pkcs9_emailAddress);
+}
+
+std::string Certificate::getOCSPURL() const
{
// TODO verify this code
- DPL::OptionalString retValue;
+ std::string retValue;
AUTHORITY_INFO_ACCESS *aia = static_cast<AUTHORITY_INFO_ACCESS*>(
X509_get_ext_d2i(m_x509,
NID_info_access,
if (OBJ_obj2nid(ad->method) == NID_ad_OCSP &&
ad->location->type == GEN_URI)
{
- void* data = ASN1_STRING_data(ad->location->d.ia5);
- retValue = DPL::OptionalString(DPL::FromUTF8String(
- static_cast<char*>(data)));
-
+ void *data = ASN1_STRING_data(ad->location->d.ia5);
+ if (!data)
+ retValue = std::string();
+ else
+ retValue = std::string(static_cast<char *>(data));
break;
}
}
while (sk_GENERAL_NAME_num(san) > 0) {
namePart = sk_GENERAL_NAME_pop(san);
if (GEN_DNS == namePart->type) {
- std::string temp =
- reinterpret_cast<char*>(ASN1_STRING_data(namePart->d.dNSName));
- DPL::String altDNSName = DPL::FromASCIIString(temp);
- set.insert(altDNSName);
- LogDebug("FOUND GEN_DNS: " << temp);
+ char *temp = reinterpret_cast<char *>(ASN1_STRING_data(namePart->d.dNSName));
+ if (!temp) {
+ set.insert(std::string());
+ }
+ else {
+ set.insert(std::string(temp));
+ LogDebug("FOUND GEN_DNS: " << temp);
+ }
} else {
LogDebug("FOUND GEN TYPE ID: " << namePart->type);
}
time_t Certificate::getNotAfter() const
{
ASN1_TIME *time = X509_get_notAfter(m_x509);
- if (!time) {
- LogError("Reading Not After error.");
- ThrowMsg(Exception::OpensslInternalError, "Reading Not After error.");
- }
+ if (!time)
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "Reading Not After error.");
+
time_t output;
- if (asn1TimeToTimeT(time, &output)) {
- LogError("Converting ASN1_time to time_t error.");
- ThrowMsg(Exception::OpensslInternalError,
- "Converting ASN1_time to time_t error.");
- }
+ if (asn1TimeToTimeT(time, &output))
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "Converting ASN1_time to time_t error.");
+
return output;
}
time_t Certificate::getNotBefore() const
{
ASN1_TIME *time = X509_get_notBefore(m_x509);
- if (!time) {
- LogError("Reading Not Before error.");
- ThrowMsg(Exception::OpensslInternalError, "Reading Not Before error.");
- }
+ if (!time)
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "Reading Not Before error.");
+
time_t output;
- if (asn1TimeToTimeT(time, &output)) {
- LogError("Converting ASN1_time to time_t error.");
- ThrowMsg(Exception::OpensslInternalError,
- "Converting ASN1_time to time_t error.");
- }
+ if (asn1TimeToTimeT(time, &output))
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "Converting ASN1_time to time_t error.");
+
return output;
}
+ASN1_TIME* Certificate::getNotAfterTime() const
+{
+ ASN1_TIME *timeafter = X509_get_notAfter(m_x509);
+ if (!timeafter)
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "Reading Not After error.");
+
+ return timeafter;
+}
+
+ASN1_TIME* Certificate::getNotBeforeTime() const
+{
+ ASN1_TIME *timebefore = X509_get_notBefore(m_x509);
+ if (!timebefore)
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "Reading Not Before error.");
+
+ return timebefore;
+}
+
bool Certificate::isRootCert()
{
// based on that root certificate has the same subject as issuer name
- return isSignedBy(this->SharedFromThis());
+ return isSignedBy(this->shared_from_this());
}
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
std::list<std::string>
Certificate::getCrlUris() const
{
sk_DIST_POINT_pop_free(distPoints, DIST_POINT_free);
return result;
}
+#endif
long Certificate::getVersion() const
{
return X509_get_version(m_x509);
}
-DPL::String Certificate::getSerialNumberString() const
+std::string Certificate::getSerialNumberString() const
{
ASN1_INTEGER *ai = X509_get_serialNumber(m_x509);
- if (NULL == ai) {
- LogError("Error in X509_get_serialNumber");
- ThrowMsg(Exception::OpensslInternalError,
- "Error in X509_get_serialNumber");
- }
+ if (!ai)
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "Error in X509_get_serialNumber");
+
std::stringstream stream;
stream << std::hex << std::setfill('0');
if (ai->type == V_ASN1_NEG_INTEGER) {
if (!data.empty()) {
data.erase(--data.end());
}
- return DPL::FromUTF8String(data);
+
+ return data;
}
-DPL::String Certificate::getKeyUsageString() const
+std::string Certificate::getKeyUsageString() const
{
// Extensions were defined in RFC 3280
const char *usage[] = {
if (!result.empty()) {
result.erase(--result.end());
}
- return DPL::FromUTF8String(result);
+
+ return result;
}
-DPL::String Certificate::getSignatureAlgorithmString() const
+std::string Certificate::getSignatureAlgorithmString() const
{
std::unique_ptr<BIO, std::function<int(BIO*)>>
b(BIO_new(BIO_s_mem()),BIO_free);
- if (b.get() == NULL) {
- LogError("Error in BIO_new");
- ThrowMsg(Exception::OpensslInternalError,
- "Error in BIO_new");
- }
- if (i2a_ASN1_OBJECT(b.get(), m_x509->cert_info->signature->algorithm) < 0) {
- LogError("Error in i2a_ASN1_OBJECT");
- ThrowMsg(Exception::OpensslInternalError,
- "Error in i2a_ASN1_OBJECT");
- }
+ if (!b.get())
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "Error in BIO_new");
+
+ if (i2a_ASN1_OBJECT(b.get(), m_x509->cert_info->signature->algorithm) < 0)
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "Error in i2a_ASN1_OBJECT");
+
BUF_MEM *bptr = 0;
BIO_get_mem_ptr(b.get(), &bptr);
- if (bptr == 0) {
- LogError("Error in BIO_get_mem_ptr");
- ThrowMsg(Exception::OpensslInternalError,
- "Error in BIO_get_mem_ptr");
- }
+ if (bptr == 0)
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "Error in BIO_get_mem_ptr");
+
std::string result(bptr->data, bptr->length);
- return DPL::FromUTF8String(result);
+
+ return result;
}
-DPL::String Certificate::getPublicKeyString() const
+std::string Certificate::getPublicKeyString() const
{
std::unique_ptr<BIO, std::function<int(BIO*)>>
b(BIO_new(BIO_s_mem()),BIO_free);
- if (b.get() == NULL) {
- LogError("Error in BIO_new");
- ThrowMsg(Exception::OpensslInternalError,
- "Error in BIO_new");
- }
+ if (!b.get())
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "Error in BIO_new");
+
EVP_PKEY *pkey = X509_get_pubkey(m_x509);
- if (pkey == NULL) {
- LogError("Error in X509_get_pubkey");
- ThrowMsg(Exception::OpensslInternalError,
- "Error in X509_get_pubkey");
- }
+ if (!pkey)
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "Error in X509_get_pubkey");
+
EVP_PKEY_print_public(b.get(), pkey, 16, NULL);
EVP_PKEY_free(pkey);
BUF_MEM *bptr = 0;
BIO_get_mem_ptr(b.get(), &bptr);
- if (bptr == 0) {
- LogError("Error in BIO_get_mem_ptr");
- ThrowMsg(Exception::OpensslInternalError,
- "Error in BIO_get_mem_ptr");
- }
+ if (bptr == 0)
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
+ "Error in BIO_get_mem_ptr");
+
std::string result(bptr->data, bptr->length);
- return DPL::FromUTF8String(result);
+
+ return result;
+}
+
+int Certificate::isCA() const
+{
+ return X509_check_ca(m_x509);
+}
+
+std::string Certificate::FingerprintToColonHex(
+ const Certificate::Fingerprint &fingerprint)
+{
+ std::string outString;
+ char buff[8];
+
+ for (size_t i = 0; i < fingerprint.size(); ++i) {
+ snprintf(buff,
+ sizeof(buff),
+ "%02X:",
+ static_cast<unsigned int>(fingerprint[i]));
+ outString += buff;
+ }
+
+ // remove trailing ":"
+ outString.erase(outString.end() - 1);
+ return outString;
}
} // namespace ValidationCore
* @version 1.1
* @brief
*/
-#ifndef _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTIFICATE_H_
-#define _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTIFICATE_H_
+#ifndef _VALIDATION_CORE_CERTIFICATE_H_
+#define _VALIDATION_CORE_CERTIFICATE_H_
#include <list>
#include <set>
#include <string>
#include <vector>
#include <ctime>
+#include <memory>
#include <openssl/x509.h>
-#include <dpl/exception.h>
-#include <dpl/noncopyable.h>
-#include <dpl/shared_ptr.h>
-#include <dpl/enable_shared_from_this.h>
-#include <dpl/optional.h>
-#include <dpl/optional_typedefs.h>
-#include <dpl/string.h>
+#include <vcore/exception.h>
#include <cert-service.h>
-namespace ValidationCore {
-
-// from OpenSSL asn1/a_utctm.c code
-int asn1TimeToTimeT(ASN1_TIME *t,
- time_t *res);
+extern "C" {
+struct x509_st;
+typedef struct x509_st X509;
+struct X509_name_st;
+typedef struct X509_name_st X509_NAME;
+}
-
-int asn1GeneralizedTimeToTimeT(ASN1_GENERALIZEDTIME *tm,
- time_t *res);
+namespace ValidationCore {
class Certificate;
-typedef DPL::SharedPtr<Certificate> CertificatePtr;
+typedef std::shared_ptr<Certificate> CertificatePtr;
typedef std::list<CertificatePtr> CertificateList;
-class Certificate : public DPL::EnableSharedFromThis<Certificate>
-{
- public:
+class Certificate : public std::enable_shared_from_this<Certificate> {
+public:
+ class Exception {
+ public:
+ VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, OpensslInternalError);
+ };
+
typedef std::vector<unsigned char> Fingerprint;
- typedef DPL::String AltName;
+
+ // ascii string
+ typedef std::string AltName;
typedef std::set<AltName> AltNameSet;
enum FingerprintType
FORM_BASE64
};
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, OpensslInternalError)
- };
-
explicit Certificate(X509 *cert);
explicit Certificate(cert_svc_mem_buff &buffer);
Fingerprint getFingerprint(FingerprintType type) const;
// getName uses deprecated functions. Usage is strongly discouraged.
- DPL::String getOneLine(FieldType type = FIELD_SUBJECT) const;
- DPL::OptionalString getCommonName(FieldType type = FIELD_SUBJECT) const;
- DPL::OptionalString getCountryName(FieldType type = FIELD_SUBJECT) const;
- DPL::OptionalString getStateOrProvinceName(
- FieldType type = FIELD_SUBJECT) const;
- DPL::OptionalString getLocalityName(FieldType type = FIELD_SUBJECT) const;
- DPL::OptionalString getOrganizationName(
- FieldType type = FIELD_SUBJECT) const;
- DPL::OptionalString getOrganizationalUnitName(
- FieldType type = FIELD_SUBJECT) const;
- DPL::OptionalString getOCSPURL() const;
+ // utf8 string
+ std::string getOneLine(FieldType type = FIELD_SUBJECT) const;
+ std::string getCommonName(FieldType type = FIELD_SUBJECT) const;
+ std::string getCountryName(FieldType type = FIELD_SUBJECT) const;
+ std::string getStateOrProvinceName(FieldType type = FIELD_SUBJECT) const;
+ std::string getLocalityName(FieldType type = FIELD_SUBJECT) const;
+ std::string getOrganizationName(FieldType type = FIELD_SUBJECT) const;
+ std::string getOrganizationalUnitName(FieldType type = FIELD_SUBJECT) const;
+ std::string getEmailAddres(FieldType type = FIELD_SUBJECT) const;
+ std::string getOCSPURL() const;
+
// Openssl supports 9 types of alternative name filed.
// 4 of them are "string similar" types so it is possible
time_t getNotBefore() const;
+ ASN1_TIME* getNotAfterTime() const;
+
+ ASN1_TIME* getNotBeforeTime() const;
+
/**
* @brief This is convenient function.
*
long getVersion() const;
- DPL::String getSerialNumberString() const;
-
- DPL::String getKeyUsageString() const;
-
- DPL::String getSignatureAlgorithmString() const;
+ // utf8 string
+ std::string getSerialNumberString() const;
+ std::string getKeyUsageString() const;
+ std::string getSignatureAlgorithmString() const;
+ std::string getPublicKeyString() const;
+
+ /*
+ * 0 - not CA
+ * 1 - CA
+ * 2 - deprecated and not used
+ * 3 - older version of CA
+ * 4 - older version of CA
+ * 5 - netscape CA
+ */
+ int isCA() const;
- DPL::String getPublicKeyString() const;
+ static std::string FingerprintToColonHex(
+ const Fingerprint &fingerprint);
- protected:
+protected:
X509_NAME *getX509Name(FieldType type) const;
- DPL::OptionalString getField(FieldType type,
- int fieldNid) const;
+ // utf8 string
+ std::string getField(FieldType type, int fieldNid) const;
X509 *m_x509;
};
} // namespace ValidationCore
-#endif
+#endif // _VALIDATION_CORE_CERTIFICATE_H_
* @brief CertificateCacheDAO implementation
*/
-#include "CertificateCacheDAO.h"
-#include "VCorePrivate.h"
+#include <vcore/CertificateCacheDAO.h>
+#include <vcore/VCorePrivate.h>
#include <dpl/foreach.h>
#include <dpl/log/log.h>
#include <orm_generator_vcore.h>
#include <vcore/Database.h>
-using namespace DPL::DB::ORM;
-using namespace DPL::DB::ORM::vcore;
+using namespace VcoreDPL::DB::ORM;
+using namespace VcoreDPL::DB::ORM::vcore;
namespace ValidationCore {
if (getOCSPStatus(&status)) {
// only need to update data in DB
Equals<OCSPResponseStorage::cert_chain> e1(
- DPL::FromUTF8String(cert_chain));
+ VcoreDPL::FromUTF8String(cert_chain));
Equals<OCSPResponseStorage::end_entity_check> e2(
end_entity_check ? 1 : 0);
// need to insert data
OCSPResponseStorage::Row row;
- row.Set_cert_chain(DPL::FromUTF8String(cert_chain));
+ row.Set_cert_chain(VcoreDPL::FromUTF8String(cert_chain));
row.Set_ocsp_status(ocsp_status);
row.Set_next_update_time(next_update_time);
row.Set_end_entity_check(end_entity_check ? 1 : 0);
insert->Execute();
}
transaction.Commit();
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
+ } Catch(VcoreDPL::DB::SqlConnection::Exception::Base) {
ReThrowMsg(Exception::DatabaseError, "Failed to setOCSPStatus");
}
}
}
Try {
Equals<OCSPResponseStorage::cert_chain> e1(
- DPL::FromUTF8String(cached_status->cert_chain));
+ VcoreDPL::FromUTF8String(cached_status->cert_chain));
Equals<OCSPResponseStorage::end_entity_check> e2(
cached_status->end_entity_check ? 1 : 0);
LogDebug("Cached OCSP status not found");
return false;
}
- Catch(DPL::DB::SqlConnection::Exception::Base) {
+ Catch(VcoreDPL::DB::SqlConnection::Exception::Base) {
ReThrowMsg(Exception::DatabaseError, "Failed to getOCSPStatus");
}
}
FOREACH(i, list) {
OCSPCachedStatus status;
- status.cert_chain = DPL::ToUTF8String(i->Get_cert_chain());
+ status.cert_chain = VcoreDPL::ToUTF8String(i->Get_cert_chain());
status.ocsp_status = intToVerificationStatus(
*(i->Get_ocsp_status()));
status.end_entity_check =
}
}
- Catch(DPL::DB::SqlConnection::Exception::Base) {
+ Catch(VcoreDPL::DB::SqlConnection::Exception::Base) {
ReThrowMsg(Exception::DatabaseError, "Failed to getOCSPStatusList");
}
}
// only need to update data in DB
VCORE_DB_UPDATE(update, CRLResponseStorage, &ThreadInterface())
Equals<CRLResponseStorage::distribution_point> e1(
- DPL::FromUTF8String(distribution_point));
+ VcoreDPL::FromUTF8String(distribution_point));
CRLResponseStorage::Row row;
update->Where(e1);
- row.Set_crl_body(DPL::FromUTF8String(crl_body));
+ row.Set_crl_body(VcoreDPL::FromUTF8String(crl_body));
row.Set_next_update_time(next_update_time);
update->Values(row);
update->Execute();
VCORE_DB_INSERT(insert, CRLResponseStorage, &ThreadInterface())
CRLResponseStorage::Row row;
- row.Set_distribution_point(DPL::FromUTF8String(distribution_point));
- row.Set_crl_body(DPL::FromUTF8String(crl_body));
+ row.Set_distribution_point(VcoreDPL::FromUTF8String(distribution_point));
+ row.Set_crl_body(VcoreDPL::FromUTF8String(crl_body));
row.Set_next_update_time(next_update_time);
insert->Values(row);
insert->Execute();
}
transaction.Commit();
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
+ } Catch(VcoreDPL::DB::SqlConnection::Exception::Base) {
ReThrowMsg(Exception::DatabaseError, "Failed to setOCSPStatus");
}
}
Try {
VCORE_DB_SELECT(select, CRLResponseStorage, &ThreadInterface())
Equals<CRLResponseStorage::distribution_point> e1(
- DPL::FromUTF8String(cached_data->distribution_point));
+ VcoreDPL::FromUTF8String(cached_data->distribution_point));
select->Where(e1);
std::list<CRLResponseStorage::Row> rows = select->GetRowList();
if (1 == rows.size()) {
CRLResponseStorage::Row row = rows.front();
- cached_data->crl_body = DPL::ToUTF8String(row.Get_crl_body());
+ cached_data->crl_body = VcoreDPL::ToUTF8String(row.Get_crl_body());
cached_data->next_update_time = *(row.Get_next_update_time());
return true;
}
LogDebug("Cached CRL not found");
return false;
}
- Catch(DPL::DB::SqlConnection::Exception::Base) {
+ Catch(VcoreDPL::DB::SqlConnection::Exception::Base) {
ReThrowMsg(Exception::DatabaseError, "Failed to getCRLResponse");
}
}
FOREACH(i, list) {
CRLCachedData response;
- response.distribution_point = DPL::ToUTF8String(
+ response.distribution_point = VcoreDPL::ToUTF8String(
i->Get_distribution_point());
- response.crl_body = DPL::ToUTF8String(i->Get_crl_body());
+ response.crl_body = VcoreDPL::ToUTF8String(i->Get_crl_body());
response.next_update_time = *(i->Get_next_update_time());
cached_data_list->push_back(response);
}
}
- Catch(DPL::DB::SqlConnection::Exception::Base) {
+ Catch(VcoreDPL::DB::SqlConnection::Exception::Base) {
ReThrowMsg(Exception::DatabaseError, "Failed to getCRLResponses");
}
}
del2->Execute();
transaction.Commit();
}
- Catch(DPL::DB::SqlConnection::Exception::Base) {
+ Catch(VcoreDPL::DB::SqlConnection::Exception::Base) {
ReThrowMsg(Exception::DatabaseError, "Failed to clearUserSettings");
}
}
#include <dpl/exception.h>
-#include "VerificationStatus.h"
-#include "CRLCacheInterface.h"
+#include <vcore/VerificationStatus.h>
+#include <vcore/CRLCacheInterface.h>
namespace ValidationCore {
class Exception
{
public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
DECLARE_EXCEPTION_TYPE(Base, DatabaseError)
};
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+/*
+ * @file CertificateCollection.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 0.1
+ * @brief
+ */
#include <vcore/CertificateCollection.h>
-#include <algorithm>
-
+#include <vcore/Base64.h>
#include <dpl/binary_queue.h>
#include <dpl/foreach.h>
#include <dpl/log/log.h>
-#include <vcore/Base64.h>
+#include <algorithm>
namespace {
+
using namespace ValidationCore;
inline std::string toBinaryString(int data)
{
char buffer[sizeof(int)];
memcpy(buffer, &data, sizeof(int));
- return std::string(buffer, buffer + sizeof(int));
+ return std::string(buffer, sizeof(int));
}
+
} // namespace
namespace ValidationCore {
-CertificateCollection::CertificateCollection() :
- m_collectionStatus(COLLECTION_UNSORTED)
-{
-}
+
+CertificateCollection::CertificateCollection()
+ : m_collectionStatus(COLLECTION_UNSORTED)
+{}
void CertificateCollection::clear(void)
{
}
std::string binaryData = base64.get();
- DPL::BinaryQueue queue;
+ VcoreDPL::BinaryQueue queue;
queue.AppendCopy(binaryData.c_str(), binaryData.size());
int certNum;
queue.FlattenConsume(&certNum, sizeof(int));
CertificateList list;
+ CertificatePtr certPtr;
for (int i = 0; i < certNum; ++i) {
int certSize;
std::vector<char> rawDERCert;
rawDERCert.resize(certSize);
queue.FlattenConsume(&rawDERCert[0], certSize);
- Try {
- list.push_back(CertificatePtr(
- new Certificate(std::string(rawDERCert.begin(),
- rawDERCert.end()))));
- } Catch(Certificate::Exception::Base) {
+ VcoreTry {
+ list.push_back(CertificatePtr(new Certificate(std::string(
+ rawDERCert.begin(),
+ rawDERCert.end()))));
+ } VcoreCatch (Certificate::Exception::Base) {
LogWarning("Error during certificate creation.");
return false;
}
+
LogDebug("Loading certificate. Certificate common name: " <<
list.back()->getCommonName());
}
bool CertificateCollection::isChain() const
{
- if (COLLECTION_SORTED != m_collectionStatus) {
- LogError("You must sort certificates first");
- ThrowMsg(Exception::WrongUsage,
- "You must sort certificates first");
- }
+ if (COLLECTION_SORTED != m_collectionStatus)
+ VcoreThrowMsg(CertificateCollection::Exception::WrongUsage,
+ "You must sort certificate first");
+
return (COLLECTION_SORTED == m_collectionStatus) ? true : false;
}
CertificateList CertificateCollection::getChain() const
{
- if (COLLECTION_SORTED != m_collectionStatus) {
- LogError("You must sort certificates first");
- ThrowMsg(Exception::WrongUsage,
- "You must sort certificates first");
- }
+ if (COLLECTION_SORTED != m_collectionStatus)
+ VcoreThrowMsg(CertificateCollection::Exception::WrongUsage,
+ "You must sort certificates first");
return m_certList;
}
// Sort all certificate by subject
for (auto it = m_certList.begin(); it != m_certList.end(); ++it) {
- subTransl.insert(std::make_pair(DPL::ToUTF8String((*it)->getOneLine()),(*it)));
+ subTransl.insert(std::make_pair((*it)->getOneLine(), (*it)));
}
// We need one start certificate
sorted.push_back(subTransl.begin()->second);
// Get the issuer from front certificate and find certificate with this subject in subTransl.
// Add this certificate to the front.
while (!subTransl.empty()) {
- std::string issuer = DPL::ToUTF8String(sorted.back()->getOneLine(Certificate::FIELD_ISSUER));
+ std::string issuer = sorted.back()->getOneLine(Certificate::FIELD_ISSUER);
auto it = subTransl.find(issuer);
if (it == subTransl.end()) {
break;
// Sort all certificates by issuer
for (auto it = subTransl.begin(); it != subTransl.end(); ++it) {
- issTransl.insert(std::make_pair(DPL::ToUTF8String((it->second->getOneLine(Certificate::FIELD_ISSUER))),it->second));
+ issTransl.insert(std::make_pair(it->second->getOneLine(Certificate::FIELD_ISSUER), it->second));
}
// Get the subject from last certificate and find certificate with such issuer in issTransl.
// Add this certificate at end.
while (!issTransl.empty()) {
- std::string sub = DPL::ToUTF8String(sorted.front()->getOneLine());
+ std::string sub = sorted.front()->getOneLine();
auto it = issTransl.find(sub);
if (it == issTransl.end()) {
break;
m_certList = sorted;
}
+size_t CertificateCollection::size() const {
+ return m_certList.size();
+}
+
+bool CertificateCollection::empty() const {
+ return m_certList.empty();
+}
+
+CertificateCollection::const_iterator CertificateCollection::begin() const {
+ return m_certList.begin();
+}
+
+CertificateCollection::const_iterator CertificateCollection::end() const {
+ return m_certList.end();
+}
+
+CertificatePtr CertificateCollection::back() const {
+ return m_certList.back();
+}
+
} // namespace ValidationCore
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-#ifndef _WRT_ENGINE_SRC_VALIDATION_CORE_CERTIFICATECOLLECTION_H_
-#define _WRT_ENGINE_SRC_VALIDATION_CORE_CERTIFICATECOLLECTION_H_
+/*
+ * @file CertificateCollection.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+#ifndef _VALIDATION_CORE_CERTIFICATECOLLECTION_H_
+#define _VALIDATION_CORE_CERTIFICATECOLLECTION_H_
#include <list>
#include <string>
-#include <dpl/exception.h>
+#include <vcore/exception.h>
#include <vcore/Certificate.h>
* It could check if collection creates certificate chain.
*/
-class CertificateCollection
-{
- public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, WrongUsage)
+class CertificateCollection {
+public:
+ class Exception {
+ public:
+ VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, WrongUsage);
};
CertificateCollection();
/*
* It returns size of certificate collection.
*/
- inline size_t size() const
- {
- return m_certList.size();
- }
+ size_t size() const;
/*
* Return true if collection is empty.
*/
- inline bool empty() const
- {
- return m_certList.empty();
- }
+ bool empty() const;
/*
* This will return end iterator to internal collection.
* Note: this iterator will lose validity if you call non const
* method on CertificateCollection class.
*/
- inline const_iterator begin() const
- {
- return m_certList.begin();
- }
+ const_iterator begin() const;
/*
* This will return end iterator to internal collection.
* Note: this iterator will lose validity if you call non const
* method on CertificateCollection class.
*/
- inline const_iterator end() const
- {
- return m_certList.end();
- }
+ const_iterator end() const;
/*
* This function will return the last certificate from collection.
* Note: There is no point to call this function if certificate
* collection is not sorted!
*/
- inline CertificatePtr back() const
- {
- return m_certList.back();
- }
+ CertificatePtr back() const;
- protected:
+protected:
void sortCollection(void);
enum CollectionStatus
};
typedef std::list<CertificateCollection> CertificateCollectionList;
+
} // namespace ValidationCore
-#endif // _WRT_ENGINE_SRC_VALIDATION_CORE_CERTIFICATECHAIN_H_
+#endif // _VALIDATION_CORE_CERTIFICATECHAIN_H_
* @version 1.0
* @brief
*/
-#include "CertificateConfigReader.h"
-#include <cstdlib>
+#include <vcore/CertificateConfigReader.h>
#include <dpl/assert.h>
+#include <cstdlib>
+
namespace {
const std::string XML_EMPTY_NAMESPACE = "";
const std::string TOKEN_FINGERPRINT_SHA1 = "FingerprintSHA1";
const std::string TOKEN_ATTR_NAME = "name";
-const std::string TOKEN_VALUE_WAC_ROOT = "wacroot";
-const std::string TOKEN_VALUE_WAC_PUBLISHER = "wacpublisher";
-const std::string TOKEN_VALUE_WAC_MEMBER = "wacmember";
-const std::string TOKEN_VALUE_DEVELOPER = "developer";
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+const std::string TOKEN_ATTR_URL_NAME = "ocspUrl";
+#endif
+const std::string TOKEN_VALUE_TIZEN_DEVELOPER = "tizen-developer";
+const std::string TOKEN_VALUE_TIZEN_TEST = "tizen-test";
+const std::string TOKEN_VALUE_TIZEN_VERIFY = "tizen-verify";
+const std::string TOKEN_VALUE_VISIBILITY_PUBLIC = "tizen-public";
+const std::string TOKEN_VALUE_VISIBILITY_PARTNER = "tizen-partner";
+const std::string TOKEN_VALUE_VISIBILITY_PARTNER_OPERATOR = "tizen-partner-operator";
+const std::string TOKEN_VALUE_VISIBILITY_PARTNER_MANUFACTURER = "tizen-partner-manufacturer";
+const std::string TOKEN_VALUE_VISIBILITY_PLATFORM = "tizen-platform";
int hexCharToInt(char c)
{
} // anonymous namespace
namespace ValidationCore {
-CertificateConfigReader::CertificateConfigReader() :
- m_certificateDomain(0),
- m_parserSchema(this)
+CertificateConfigReader::CertificateConfigReader()
+ : m_certificateDomain(0)
+ , m_parserSchema(this)
{
m_parserSchema.addBeginTagCallback(
TOKEN_CERTIFICATE_SET,
&CertificateConfigReader::tokenEndFingerprintSHA1);
}
+void CertificateConfigReader::initialize(
+ const std::string &file,
+ const std::string &scheme)
+{
+ m_parserSchema.initialize(file, true, SaxReader::VALIDATION_XMLSCHEME, scheme);
+}
+
+void CertificateConfigReader::read(CertificateIdentifier &identificator)
+{
+ m_parserSchema.read(identificator);
+}
+
+void CertificateConfigReader::blankFunction(CertificateIdentifier &)
+{
+}
+
void CertificateConfigReader::tokenCertificateDomain(CertificateIdentifier &)
{
- std::string name = m_parserSchema.getReader().
- attribute(TOKEN_ATTR_NAME, SaxReader::THROW_DISABLE);
+ std::string name = m_parserSchema.getReader().attribute(TOKEN_ATTR_NAME);
if (name.empty()) {
- LogWarning("Invalid fingerprint file. Domain name is mandatory");
- ThrowMsg(Exception::InvalidFile,
- "Invalid fingerprint file. Domain name is mandatory");
- } else if (name == TOKEN_VALUE_DEVELOPER) {
- m_certificateDomain = CertStoreId::DEVELOPER;
- } else if (name == TOKEN_VALUE_WAC_ROOT) {
- m_certificateDomain = CertStoreId::WAC_ROOT;
- } else if (name == TOKEN_VALUE_WAC_PUBLISHER) {
- m_certificateDomain = CertStoreId::WAC_PUBLISHER;
- } else if (name == TOKEN_VALUE_WAC_MEMBER) {
- m_certificateDomain = CertStoreId::WAC_MEMBER;
+ VcoreThrowMsg(CertificateConfigReader::Exception::InvalidFile,
+ "Invalid fingerprint file. Domain name is mandatory");
+ } else if (name == TOKEN_VALUE_TIZEN_DEVELOPER) {
+ m_certificateDomain = CertStoreId::TIZEN_DEVELOPER;
+ } else if (name == TOKEN_VALUE_TIZEN_TEST) {
+ m_certificateDomain = CertStoreId::TIZEN_TEST;
+ } else if (name == TOKEN_VALUE_TIZEN_VERIFY) {
+ m_certificateDomain = CertStoreId::TIZEN_VERIFY;
+ } else if (name == TOKEN_VALUE_VISIBILITY_PUBLIC) {
+ m_certificateDomain = CertStoreId::VIS_PUBLIC;
+ } else if (name == TOKEN_VALUE_VISIBILITY_PARTNER) {
+ m_certificateDomain = CertStoreId::VIS_PARTNER;
+ } else if (name == TOKEN_VALUE_VISIBILITY_PARTNER_OPERATOR) {
+ m_certificateDomain = CertStoreId::VIS_PARTNER_OPERATOR;
+ } else if (name == TOKEN_VALUE_VISIBILITY_PARTNER_MANUFACTURER) {
+ m_certificateDomain = CertStoreId::VIS_PARTNER_MANUFACTURER;
+ } else if (name == TOKEN_VALUE_VISIBILITY_PLATFORM) {
+ m_certificateDomain = CertStoreId::VIS_PLATFORM;
+ } else {
+ m_certificateDomain = 0;
}
}
void CertificateConfigReader::tokenEndFingerprintSHA1(
CertificateIdentifier &identificator)
{
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ std::string url = m_parserSchema.getReader().attribute(TOKEN_ATTR_URL_NAME);
+#endif
+
std::string text = m_parserSchema.getText();
text += ":"; // add guard at the end of fingerprint
Certificate::Fingerprint fingerprint;
Assert(0 && "Unussported fingerprint format in xml file.");
}
}
+
identificator.add(fingerprint, m_certificateDomain);
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ identificator.add(fingerprint, url);
+#endif
}
} // namespace ValidationCore
* limitations under the License.
*/
/*
- * @file
+ * @file CertificateConfigReader.h
* @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
* @version 1.0
* @brief
*/
-#ifndef \
- _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTIFICATE_CONFIG_READER_H_
-#define \
- _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTIFICATE_CONFIG_READER_H_
+#ifndef _VALIDATION_CORE_CERTIFICATE_CONFIG_READER_H_
+#define _VALIDATION_CORE_CERTIFICATE_CONFIG_READER_H_
#include <string>
-#include <dpl/exception.h>
-#include "CertificateIdentifier.h"
-#include "CertStoreType.h"
-#include "ParserSchema.h"
+#include <vcore/CertificateIdentifier.h>
+#include <vcore/CertStoreType.h>
+#include <vcore/ParserSchema.h>
+#include <vcore/exception.h>
namespace ValidationCore {
-class CertificateConfigReader
-{
- public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, InvalidFile)
+class CertificateConfigReader {
+public:
+ class Exception {
+ public:
+ VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, InvalidFile);
};
- CertificateConfigReader();
- void initialize(const std::string &file,
- const std::string &scheme)
- {
- m_parserSchema.initialize(file, true, SaxReader::VALIDATION_XMLSCHEME,
- scheme);
- }
+ CertificateConfigReader();
- void read(CertificateIdentifier &identificator)
- {
- m_parserSchema.read(identificator);
- }
+ void initialize(const std::string &file, const std::string &scheme);
+ void read(CertificateIdentifier &identificator);
- private:
- void blankFunction(CertificateIdentifier &)
- {
- }
+private:
+ void blankFunction(CertificateIdentifier &);
void tokenCertificateDomain(CertificateIdentifier &identificator);
void tokenEndFingerprintSHA1(CertificateIdentifier &identificator);
CertStoreId::Type m_certificateDomain;
- ParserSchema<CertificateConfigReader, CertificateIdentifier>
- m_parserSchema;
+ ParserSchema<CertificateConfigReader, CertificateIdentifier> m_parserSchema;
};
} // namespace ValidationCore
-#endif // _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTIFICATE_CONFIG_READER_H_
+#endif // _VALIDATION_CORE_CERTIFICATE_CONFIG_READER_H_
_WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTIFICATEIDENTIFICATOR_H_
#include <map>
-
#include <dpl/noncopyable.h>
-#include "Certificate.h"
-#include "CertStoreType.h"
+#include <vcore/Certificate.h>
+#include <vcore/CertStoreType.h>
namespace ValidationCore {
-class CertificateIdentifier : public DPL::Noncopyable
-{
- public:
- typedef std::map<Certificate::Fingerprint, CertStoreId::Set> FingerPrintMap;
+class CertificateIdentifier : public VcoreDPL::Noncopyable {
+public:
+ typedef std::map<Certificate::Fingerprint, CertStoreId::Set> FingerPrintMap;
CertificateIdentifier()
{
fingerPrintMap[fingerprint].add(domain);
}
+ #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ void add(const Certificate::Fingerprint &fingerprint,
+ std::string ocspUrl)
+ {
+ fingerPrintMap[fingerprint].add(ocspUrl);
+ }
+ #endif
+
CertStoreId::Set find(const Certificate::Fingerprint &fingerprint) const
{
FingerPrintMap::const_iterator iter = fingerPrintMap.find(fingerprint);
find(certificate->getFingerprint(Certificate::FINGERPRINT_SHA1));
}
- private:
+private:
FingerPrintMap fingerPrintMap;
};
} // namespace ValidationCore
#include <openssl/ecdsa.h>
#include <openssl/evp.h>
-#include "Base64.h"
-#include "CertificateLoader.h"
-#include "SSLContainers.h"
+#include <vcore/Base64.h>
+#include <vcore/CertificateLoader.h>
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+#include <vcore/SSLContainers.h>
+#endif
namespace {
const int MIN_RSA_KEY_LENGTH = 1024;
namespace ValidationCore {
//// COMPARATOR CLASS START ////
-//class CertificateLoaderECDSA : public CertificateLoader::CertificateLoaderComparator, DPL::Noncopyable {
+//class CertificateLoaderECDSA : public CertificateLoader::CertificateLoaderComparator, VcoreDPL::Noncopyable {
//public:
// CertificateLoaderECDSA(const std::string &publicKey)
// : m_ecPublicKey(NULL)
//// COMPARATOR RSA CLASS START ////
-//class CertificateLoaderRSA : public CertificateLoader::CertificateLoaderComparator, DPL::Noncopyable {
+//class CertificateLoaderRSA : public CertificateLoader::CertificateLoaderComparator, VcoreDPL::Noncopyable {
//public:
// CertificateLoaderRSA(const std::string &m_modulus,const std::string &m_exponent )
// : m_rsaPublicKey(NULL)
// return result;
}
-CertificateLoader::CertificateLoaderResult CertificateLoader::
- loadCertificateFromRawData(const std::string &rawData)
+CertificateLoader::CertificateLoaderResult CertificateLoader::loadCertificateFromRawData(const std::string &rawData)
{
- Try {
- m_certificatePtr =
- CertificatePtr(new Certificate(rawData, Certificate::FORM_BASE64));
- } Catch(Certificate::Exception::Base) {
- LogWarning("Error reading certificate by openssl.");
+ m_certificatePtr = CertificatePtr(new Certificate(rawData, Certificate::FORM_BASE64));
+ if (!m_certificatePtr->getX509())
return UNKNOWN_ERROR;
- }
// Check the key length if sig algorithm is RSA
EVP_PKEY *pKey = X509_get_pubkey(m_certificatePtr->getX509());
- if (pKey->type == EVP_PKEY_RSA) {
- RSA* pRSA = pKey->pkey.rsa;
+ if (pKey != NULL) {
+ if (pKey->type == EVP_PKEY_RSA) {
+ RSA* pRSA = pKey->pkey.rsa;
- if (pRSA) {
- int keyLength = RSA_size(pRSA);
+ if (pRSA) {
+ int keyLength = RSA_size(pRSA);
- // key Length (modulus) is in bytes
- keyLength <<= 3;
- LogDebug("RSA key length: " << keyLength << " bits");
+ // key Length (modulus) is in bytes
+ keyLength <<= 3;
+ LogDebug("RSA key length: " << keyLength << " bits");
- if (keyLength < MIN_RSA_KEY_LENGTH) {
- LogError(
- "RSA key too short!" << "Has only " << keyLength << " bits");
- return CERTIFICATE_SECURITY_ERROR;
+ if (keyLength < MIN_RSA_KEY_LENGTH) {
+ LogError(
+ "RSA key too short!" << "Has only " << keyLength << " bits");
+ return CERTIFICATE_SECURITY_ERROR;
+ }
}
}
}
#include <cert-service.h>
-#include "Certificate.h"
+#include <vcore/Certificate.h>
namespace ValidationCore {
-class CertificateLoader : public DPL::Noncopyable
+class CertificateLoader : public VcoreDPL::Noncopyable
{
public:
class CertificateLoaderComparator
* @file CertificateVerifier.cpp
* @brief This class integrates OCSP and CRL.
*/
-#include "CertificateVerifier.h"
+#include <vcore/CertificateVerifier.h>
#include <dpl/assert.h>
#include <dpl/foreach.h>
* @file CertificateVerifier.h
* @brief This class integrates OCSP and CRL into one module.
*/
-#ifndef _SRC_VALIDATION_CORE_CERTIFICATE_VERIFIER_H_
-#define _SRC_VALIDATION_CORE_CERTIFICATE_VERIFIER_H_
+#ifndef _VALIDATION_CORE_CERTIFICATE_VERIFIER_H_
+#define _VALIDATION_CORE_CERTIFICATE_VERIFIER_H_
-#include "Certificate.h"
-#include "CertificateCollection.h"
-#include "CachedCRL.h"
-#include "CachedOCSP.h"
-#include "VerificationStatus.h"
+#include <vcore/Certificate.h>
+#include <vcore/CertificateCollection.h>
+#include <vcore/CachedCRL.h>
+#include <vcore/CachedOCSP.h>
+#include <vcore/VerificationStatus.h>
namespace ValidationCore {
} // namespace ValidationCore
-#endif // _SRC_VALIDATION_CORE_CERTIFICATE_VERIFIER_H_
+#endif // _VALIDATION_CORE_CERTIFICATE_VERIFIER_H_
* limitations under the License.
*/
-#include "Config.h"
+#include <vcore/Config.h>
#include <dpl/singleton_impl.h>
IMPLEMENT_SINGLETON(ValidationCore::Config)
std::string m_certificateXMLSchemaPath;
};
-typedef DPL::Singleton<Config> ConfigSingleton;
+typedef VcoreDPL::Singleton<Config> ConfigSingleton;
} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file wrt_crypto_hash.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of cryptographic hasing algorithms
+ */
+#include <vcore/CryptoHash.h>
+
+#include <openssl/bio.h>
+#include <openssl/ssl.h>
+#include <openssl/evp.h>
+#include <stdexcept>
+
+#include <vcore/Base64.h>
+
+namespace ValidationCore
+{
+namespace Crypto
+{
+namespace Hash
+{
+namespace // anonymous
+{
+const size_t HASH_DIGEST_STREAM_FEED_SIZE = 1024;
+} // namespace anonymous
+
+Base::Base()
+ : m_hasFinal(false)
+{
+}
+
+Base::~Base()
+{
+}
+
+void Base::Append(const char *buffer)
+{
+ if (m_hasFinal)
+ VcoreThrowMsg(Crypto::Hash::OutOfSequence,
+ "Cannot append hash after final update!");
+
+ HashUpdate(buffer, strlen(buffer));
+}
+
+void Base::Append(const char *buffer, size_t bufferSize)
+{
+ if (m_hasFinal)
+ VcoreThrowMsg(Crypto::Hash::OutOfSequence,
+ "Cannot append hash after final update!");
+
+ HashUpdate(buffer, bufferSize);
+}
+
+void Base::Append(const std::string &buffer)
+{
+ if (m_hasFinal)
+ VcoreThrowMsg(Crypto::Hash::OutOfSequence,
+ "Cannot append hash after final update!");
+
+ HashUpdate(buffer.c_str(), buffer.size());
+}
+
+void Base::Append(std::istream &stream)
+{
+ if (m_hasFinal)
+ VcoreThrowMsg(Crypto::Hash::OutOfSequence,
+ "Cannot append hash after final update!");
+
+ char buffer[HASH_DIGEST_STREAM_FEED_SIZE];
+
+ do
+ {
+ stream.read(buffer, HASH_DIGEST_STREAM_FEED_SIZE);
+
+ if (stream.gcount() > 0)
+ Append(static_cast<void *>(buffer), static_cast<size_t>(stream.gcount()));
+
+ } while (stream.gcount() > 0);
+}
+
+void Base::Append(const void *data, size_t dataSize)
+{
+ if (m_hasFinal)
+ VcoreThrowMsg(Crypto::Hash::OutOfSequence,
+ "Cannot append hash after final update!");
+
+ HashUpdate(data, dataSize);
+}
+
+void Base::Finish()
+{
+ if (m_hasFinal)
+ return;
+
+ // Finalize hashing algorithm
+ m_raw = HashFinal();
+
+ // Convert to base 64 string
+ Base64Encoder encoder;
+ encoder.reset();
+ encoder.append(std::string(m_raw.begin(), m_raw.end()));
+ encoder.finalize();
+ m_base64StringHash = encoder.get();
+
+ m_hasFinal = true;
+}
+
+std::string Base::ToBase64String() const
+{
+ return m_base64StringHash;
+}
+
+Raw Base::GetHash() const
+{
+ return m_raw;
+}
+
+OpenSSL::OpenSSL(const EVP_MD *evpMd)
+ : m_finalized(false)
+{
+ EVP_MD_CTX_init(&m_context);
+
+ if (EVP_DigestInit(&m_context, evpMd) != 1)
+ VcoreThrowMsg(Crypto::Hash::AppendFailed,
+ "EVP_DigestInit failed!");
+}
+
+OpenSSL::~OpenSSL()
+{
+ if (!m_finalized)
+ {
+ // Just clean context
+ EVP_MD_CTX_cleanup(&m_context);
+ m_finalized = true;
+ }
+}
+
+void OpenSSL::HashUpdate(const void *data, size_t dataSize)
+{
+ if (m_finalized)
+ VcoreThrowMsg(Crypto::Hash::AppendFailed,
+ "OpenSSLHash hash already finalized!");
+
+ if (EVP_DigestUpdate(&m_context, data, dataSize) != 1)
+ VcoreThrowMsg(Crypto::Hash::AppendFailed,
+ "EVP_DigestUpdate failed!");
+}
+
+Hash::Raw OpenSSL::HashFinal()
+{
+ if (m_finalized)
+ VcoreThrowMsg(Crypto::Hash::AppendFailed,
+ "OpenSSLHash hash already finalized!");
+
+ unsigned char hash[EVP_MAX_MD_SIZE] = {};
+ unsigned int hashLength;
+
+ // Also cleans context
+ if (EVP_DigestFinal(&m_context, hash, &hashLength) != 1)
+ VcoreThrowMsg(Crypto::Hash::AppendFailed,
+ "EVP_DigestFinal failed!");
+
+ m_finalized = true;
+ return Raw(hash, hash + hashLength);
+}
+
+} // namespace Hash
+} // namespace Crypto
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file crypto_hash.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of cryptographic hasing algorithms
+ */
+#ifndef _CRYPTO_HASH_H_
+#define _CRYPTO_HASH_H_
+
+#include <openssl/evp.h>
+#include <istream>
+#include <string>
+#include <vector>
+
+#include <vcore/exception.h>
+
+namespace ValidationCore
+{
+namespace Crypto
+{
+namespace Hash
+{
+typedef std::vector<unsigned char> Raw;
+
+VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, OutOfSequence)
+VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, AppendFailed)
+
+class Base
+{
+private:
+ Raw m_raw;
+ std::string m_base64StringHash;
+ bool m_hasFinal;
+
+protected:
+ virtual void HashUpdate(const void *data, size_t dataSize) = 0;
+ virtual Raw HashFinal() = 0;
+
+public:
+ Base();
+ virtual ~Base();
+
+ virtual void Append(const char *buffer);
+ virtual void Append(const char *buffer, size_t bufferSize);
+ virtual void Append(const std::string &buffer);
+ virtual void Append(std::istream &stream);
+ virtual void Append(const void *data, size_t dataSize);
+
+ virtual void Finish();
+
+ virtual std::string ToBase64String() const;
+ virtual Raw GetHash() const;
+};
+
+/**
+ * OpenSSL hashing algorithm base
+ */
+class OpenSSL
+ : public Base
+{
+private:
+ EVP_MD_CTX m_context;
+ bool m_finalized;
+
+protected:
+ virtual void HashUpdate(const void *data, size_t dataSize);
+ virtual Raw HashFinal();
+
+public:
+ OpenSSL(const EVP_MD *evpMd);
+ virtual ~OpenSSL();
+};
+
+#define DECLARE_OPENSSL_HASH_ALGORITHM(ClassName, EvpMd) \
+ class ClassName \
+ : public OpenSSL \
+ { \
+ public: \
+ ClassName() : OpenSSL(EvpMd()) {} \
+ virtual ~ClassName() {} \
+ };
+
+DECLARE_OPENSSL_HASH_ALGORITHM(MD2, EVP_md2)
+DECLARE_OPENSSL_HASH_ALGORITHM(MD4, EVP_md4)
+DECLARE_OPENSSL_HASH_ALGORITHM(MD5, EVP_md5)
+DECLARE_OPENSSL_HASH_ALGORITHM(SHA, EVP_sha)
+DECLARE_OPENSSL_HASH_ALGORITHM(SHA1, EVP_sha1)
+DECLARE_OPENSSL_HASH_ALGORITHM(DSS, EVP_dss)
+DECLARE_OPENSSL_HASH_ALGORITHM(DSS1, EVP_dss1)
+DECLARE_OPENSSL_HASH_ALGORITHM(ECDSA, EVP_ecdsa)
+DECLARE_OPENSSL_HASH_ALGORITHM(SHA224, EVP_sha224)
+DECLARE_OPENSSL_HASH_ALGORITHM(SHA256, EVP_sha256)
+DECLARE_OPENSSL_HASH_ALGORITHM(SHA384, EVP_sha384)
+DECLARE_OPENSSL_HASH_ALGORITHM(SHA512, EVP_sha512)
+
+#undef DECLARE_OPENSSL_HASH_ALGORITHM
+
+} // namespace Hash
+} // namespace Crypto
+} // namespace ValidationCore
+
+#endif // DPL_CRYPTO_HASH_H
* @version 1.0
* @brief This file contains the definition of webruntime database
*/
-#include "Database.h"
+#include <vcore/Database.h>
-DPL::Mutex g_vcoreDbQueriesMutex;
+VcoreDPL::Mutex g_vcoreDbQueriesMutex;
#include <dpl/mutex.h>
#include <dpl/thread.h>
-extern DPL::Mutex g_vcoreDbQueriesMutex;
+extern VcoreDPL::Mutex g_vcoreDbQueriesMutex;
#define VCORE_DB_INTERNAL(tlsCommand, InternalType, interface) \
- static DPL::ThreadLocalVariable<InternalType> *tlsCommand ## Ptr = NULL; \
+ static VcoreDPL::ThreadLocalVariable<InternalType> *tlsCommand ## Ptr = NULL; \
{ \
- DPL::Mutex::ScopedLock lock(&g_vcoreDbQueriesMutex); \
+ VcoreDPL::Mutex::ScopedLock lock(&g_vcoreDbQueriesMutex); \
if (!tlsCommand ## Ptr) { \
- static DPL::ThreadLocalVariable<InternalType> tmp; \
+ static VcoreDPL::ThreadLocalVariable<InternalType> tmp; \
tlsCommand ## Ptr = &tmp; \
} \
} \
- DPL::ThreadLocalVariable<InternalType> &tlsCommand = *tlsCommand ## Ptr; \
+ VcoreDPL::ThreadLocalVariable<InternalType> &tlsCommand = *tlsCommand ## Ptr; \
if (tlsCommand.IsNull()) { tlsCommand = InternalType(interface); }
#define VCORE_DB_SELECT(name, type, interface) \
* @brief DeveloperModeValidatorValidator - implementing WAC 2.0 spec, including TargetRestriction
*/
-#include "DeveloperModeValidator.h"
+#include <vcore/DeveloperModeValidator.h>
+
#include <algorithm>
#include <vconf.h>
#include <dpl/log/log.h>
if (!IMEIList.empty()) {
std::string phoneIMEIString = m_fakeIMEI;
- if (!m_complianceModeEnabled) {
- LogDebug("Compilance Mode is not enabled");
- DPL::ScopedFree<char> phoneIMEI(
- vconf_get_str(VCONFKEY_TELEPHONY_IMEI));
- if (!phoneIMEI.Get()) {
- ThrowMsg(Exception::NoTargetRestrictionSatisfied,
- "Unable to get phone IMEI from vconf.");
- }
- phoneIMEIString = phoneIMEI.Get();
- }
LogDebug("Phone IMEI: " << phoneIMEIString);
if (IMEIList.end() ==
* @version 1.0
* @brief DeveloperModeValidatorValidator - implementing WAC 2.0 spec, including TargetRestriction
*/
-
-#ifndef \
- WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_DEVELOPER_MODE_VALIDATOR_H
-#define \
- WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_DEVELOPER_MODE_VALIDATOR_H
+#ifndef _VALIDATION_CORE_DEVELOPER_MODE_VALIDATOR_H_
+#define _VALIDATION_CORE_DEVELOPER_MODE_VALIDATOR_H_
#include <string>
#include <dpl/exception.h>
-#include "SignatureData.h"
+#include <vcore/SignatureData.h>
namespace ValidationCore {
class Exception
{
public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
DECLARE_EXCEPTION_TYPE(Base, UnableToLoadTestCertificate)
DECLARE_EXCEPTION_TYPE(Base, NoTargetRestrictionSatisfied)
};
};
}
-#endif /* WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_DEVELOPER_MODE_VALIDATOR_H */
+#endif /* _VALIDATION_CORE_DEVELOPER_MODE_VALIDATOR_H_ */
* @brief Common interface for OCSP/CRL caches
*/
-#ifndef _SRC_VALIDATION_CORE_IABSTRACT_RESPONSE_CACHE_H_
-#define _SRC_VALIDATION_CORE_IABSTRACT_RESPONSE_CACHE_H_
+#ifndef _VALIDATION_CORE_IABSTRACT_RESPONSE_CACHE_H_
+#define _VALIDATION_CORE_IABSTRACT_RESPONSE_CACHE_H_
-#include "Certificate.h"
-#include "CertificateCollection.h"
-#include "VerificationStatus.h"
+#include <vcore/VerificationStatus.h>
namespace ValidationCore {
+class CertificateCollection;
+
class IAbstractResponseCache {
public:
virtual VerificationStatus check(const CertificateCollection &certs) = 0;
} // namespace ValidationCore
-#endif /* _SRC_VALIDATION_CORE_IABSTRACT_RESPONSE_CACHE_H_ */
+#endif /* _VALIDATION_CORE_IABSTRACT_RESPONSE_CACHE_H_ */
* limitations under the License.
*/
/*!
- * @author Tomasz Morawski(t.morawski@samsung.com)
- * @author Michal Ciepielski(m.ciepielski@samsung.com)
- * @author Piotr Marcinkiewicz(p.marcinkiew@samsung.com)
- * @version 0.4
+ * @author Bartlomiej Grzelewski(b.grzelewski@samsung.com)
+ * @version 0.5
* @file OCPS.cpp
- * @brief Routines for certificate validation over OCSP
+ * @brief This class is used for hide OCSP implementation.
*/
-#include "OCSP.h"
-
-#include <string.h>
-#include <algorithm>
-
-#include <openssl/ssl.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/x509v3.h>
-
-#include <dpl/log/log.h>
-#include <dpl/assert.h>
-#include <dpl/foreach.h>
-#include <dpl/scoped_array.h>
-#include <dpl/scoped_free.h>
-
-#include <libsoup/soup.h>
-
-#include "Certificate.h"
-#include "SoupMessageSendSync.h"
-
-extern "C" {
-// This function is needed to fix "Invalid conversion from void*
-// to unsigned char*" C++ compiler error during calling
-// i2d_OCSP_REQUEST_bio macro
- extern bool convertToBuffer(OCSP_REQUEST* req,
- char** buf,
- int* size);
-}
-
-namespace {
-const int ConnectionTimeoutInSeconds = 6;
-const int ConnectionRetryCount = 5;
-
-//! Maximum leeway in validity period in seconds: default 1 day
-//! (@see checkRevocationStatus function code)
-
-//! Maximum validity time for revocation status (1 day)
-const int MaxValidatyPeriodInSeconds = 24 * 60 * 60;
-
-//! Max age (@see checkRevocationStatus function code)
-const int MaxAge = -1;
-}
+#include <vcore/OCSPImpl.h>
namespace ValidationCore {
-const char* OCSP::DEFAULT_RESPONDER_URI_ENV = "OCSP_DEFAULT_RESPONDER_URI";
+OCSP::OCSP()
+ : m_impl(new OCSPImpl())
+{}
-OCSP::DigestAlgorithmMap createDigestAlgMap()
-{
- OCSP::DigestAlgorithmMap mDigestAlg = OCSP::DigestAlgorithmMap();
-
- mDigestAlg.insert(std::make_pair(OCSP::SHA1, EVP_sha1()));
- mDigestAlg.insert(std::make_pair(OCSP::SHA224, EVP_sha224()));
- mDigestAlg.insert(std::make_pair(OCSP::SHA256, EVP_sha256()));
- mDigestAlg.insert(std::make_pair(OCSP::SHA384, EVP_sha384()));
- mDigestAlg.insert(std::make_pair(OCSP::SHA512, EVP_sha512()));
-
- return mDigestAlg;
-}
-
-OCSP::DigestAlgorithmMap OCSP::m_sDigestAlgMap = createDigestAlgMap();
-
-OCSP::OCSP() :
- /* Upgrade of openssl is required to support sha256 */
- // m_pCertIdDigestAlg(EVP_sha256()),
- // m_pRequestDigestAlg(EVP_sha256()),
- m_pCertIdDigestAlg(EVP_sha1()),
- m_pRequestDigestAlg(EVP_sha1()),
- m_bUseNonce(false),
- m_bUseDefResponder(false),
- m_bSignRequest(false),
- m_pSignKey(0)
+OCSP::~OCSP()
{
-}
-
-SoupWrapper::SoupMessageSendBase::RequestStatus OCSP::sendOcspRequest(
- OCSP_REQUEST* argRequest,
- const DPL::OptionalString& argUri)
-{
- using namespace SoupWrapper;
- // convert OCSP_REQUEST to memory buffer
- std::string url = DPL::ToUTF8String(*argUri);
- char* requestBuffer;
- int requestSizeInt;
- if (!convertToBuffer(argRequest, &requestBuffer, &requestSizeInt)) {
- ThrowMsg(OCSP::Exception::VerificationError,
- "OCSP: failed to convert OCSP_REQUEST to mem buffer");
- }
-
- Assert(requestSizeInt >= 0);
-
- SoupMessageSendBase::MessageBuffer buffer;
- buffer.resize(requestSizeInt);
- memcpy(&buffer[0], requestBuffer, requestSizeInt);
- free(requestBuffer);
-
- char *cport = 0,*chost = 0,*cpath = 0;
- int use_ssl = 0;
-
- if (!OCSP_parse_url(const_cast<char*>(url.c_str()),
- &chost,
- &cport,
- &cpath,
- &use_ssl))
- {
- LogWarning("Error in OCSP_parse_url");
- return SoupMessageSendBase::REQUEST_STATUS_CONNECTION_ERROR;
- }
-
- std::string host = chost;
-
- if (cport) {
- host += ":";
- host += cport;
- }
-
- free(cport);
- free(chost);
- free(cpath);
-
- m_soupMessage.setHost(url);
- m_soupMessage.setHeader("Host", host);
- m_soupMessage.setRequest(std::string("application/ocsp-request"),
- buffer);
-
- return m_soupMessage.sendSync();
+ delete m_impl;
}
ValidationCore::VerificationStatusSet OCSP::validateCertificateList(
- const CertificateList &certs)
+ const CertificateList &certs)
{
- VerificationStatusSet statusSet;
-
- if (certs.size() < 2) {
- // no certificates to verify, just return a error
- LogWarning("No validation will be proceed. OCSP require at"
- " least 2 certificates in chain. Found only " <<
- certs.size());
- statusSet.add(VERIFICATION_STATUS_ERROR);
- return statusSet;
- }
-
- CertificateList::const_iterator iter = certs.begin();
- CertificateList::const_iterator parent = iter;
-
- time_t minValidity = 0;
- for (++parent; parent != certs.end(); ++iter, ++parent) {
- LogDebug("Certificate validation (CN:" <<
- (*iter)->getOneLine() << ")");
- LogDebug("Parent certificate (CN:" <<
- (*parent)->getOneLine() << ")");
- statusSet.add(validateCertificate(*iter, *parent));
- if ((0 == minValidity || minValidity > m_responseValidity) &&
- m_responseValidity > 0)
- {
- minValidity = m_responseValidity;
- }
- }
- m_responseValidity = minValidity;
-
- return statusSet;
+ return m_impl->validateCertificateList(certs);
}
VerificationStatus OCSP::checkEndEntity(
const CertificateCollection &chain)
{
- const char *defResponderURI = getenv(OCSP::DEFAULT_RESPONDER_URI_ENV);
-
- VerificationStatusSet verSet;
- if (defResponderURI) {
- setUseDefaultResponder(true);
- setDefaultResponder(defResponderURI);
- }
-
- // this is temporary fix. it must be rewriten
- CertificateList clst;
- if (chain.isChain() && chain.size() >= 2) {
- CertificateList::const_iterator icert = chain.begin();
- clst.push_back(*icert);
- ++icert;
- clst.push_back(*icert);
- }
- verSet += validateCertificateList(clst);
-
- return verSet.convertToStatus();
+ return m_impl->checkEndEntity(chain);
}
VerificationStatus OCSP::validateCertificate(CertificatePtr argCert,
CertificatePtr argIssuer)
{
- using namespace SoupWrapper;
-
- Assert(!!argCert);
- Assert(!!argIssuer);
-
- Try {
- DPL::OptionalString uri;
-
- if (!m_bUseDefResponder) {
- uri = argCert->getOCSPURL();
- if (!uri) {
- return VERIFICATION_STATUS_NOT_SUPPORT;
- }
- } else {
- if (m_strResponderURI.empty()) {
- ThrowMsg(Exception::VerificationError,
- "Default responder is not set");
- }
- LogWarning("Default responder will be used");
-
- uri = m_strResponderURI;
- }
-
- // creates a request
- CreateRequestResult newRequest = createRequest(argCert, argIssuer);
- if (!newRequest.success) {
- ThrowMsg(Exception::VerificationError, "Request creation failed");
- }
-
- // SSLSmartContainer <OCSP_CERTID> certIdCont(certId);
- // this smart ptr is commented out in purpose. request
- // manages certIdmemory (which was done in createRequest above)
- SSLSmartContainer <OCSP_REQUEST> requestCont(newRequest.ocspRequest);
-
- SoupMessageSendBase::RequestStatus requestStatus;
- requestStatus = sendOcspRequest(requestCont, uri);
-
- if (requestStatus != SoupMessageSendBase::REQUEST_STATUS_OK) {
- return VERIFICATION_STATUS_CONNECTION_FAILED;
- }
-
- // Response is m_soupMessage, convert it to OCSP_RESPONSE
- OcspResponse response = convertToResponse();
-
- if (!response.first) {
- ThrowMsg(OCSP::Exception::VerificationError,
- "OCSP: failed to convert mem buffer to OCSP_RESPONSE");
- }
-
- SSLSmartContainer <OCSP_RESPONSE> responseCont(response.second);
- // verify response eg. check response status,
- // validate responder certificate
- validateResponse(requestCont,
- responseCont,
- newRequest.ocspCertId);
- } Catch(Exception::ConnectionError) {
- LogWarning("OCSP: ConnectionError");
- return VERIFICATION_STATUS_CONNECTION_FAILED;
- } Catch(Exception::CertificateRevoked) {
- LogWarning("OCSP: Revoked");
- return VERIFICATION_STATUS_REVOKED;
- } Catch(Exception::CertificateUnknown) {
- LogWarning("OCSP: Unknown");
- return VERIFICATION_STATUS_UNKNOWN;
- } Catch(Exception::VerificationError) {
- LogWarning("OCSP: Verification error");
- return VERIFICATION_STATUS_VERIFICATION_ERROR;
- } Catch(Exception::Base) {
- LogWarning("OCSP: Error");
- return VERIFICATION_STATUS_ERROR;
- }
- LogWarning("OCSP: Good");
- return VERIFICATION_STATUS_GOOD;
-}
-
-OCSP::CreateRequestResult OCSP::createRequest(CertificatePtr argCert,
- CertificatePtr argIssuer)
-{
- OCSP_REQUEST* newRequest = OCSP_REQUEST_new();
-
- if (!newRequest) {
- LogWarning("OCSP: Failed to create a request");
- return CreateRequestResult();
- }
-
- SSLSmartContainer <OCSP_REQUEST> requestCont(newRequest);
-
- OCSP_CERTID* certId = addSerial(argCert, argIssuer);
-
- if (!certId) {
- LogWarning("OCSP: Unable to create a serial id");
- return CreateRequestResult();
- }
- SSLSmartContainer <OCSP_CERTID> certIdCont(certId);
-
- // Inserting certificate ID to request
- if (!OCSP_request_add0_id(requestCont, certIdCont)) {
- LogWarning("OCSP: Unable to create a certificate id");
- return CreateRequestResult();
- }
-
- if (m_bUseNonce) {
- OCSP_request_add1_nonce(requestCont, 0, -1);
- }
-
- if (m_bSignRequest) {
- if (!m_pSignCert || !m_pSignKey) {
- LogWarning("OCSP: Unable to sign request if "
- "SignCert or SignKey was not set");
- return CreateRequestResult();
- }
-
- if (!OCSP_request_sign(requestCont,
- m_pSignCert->getX509(),
- m_pSignKey,
- m_pRequestDigestAlg,
- 0,
- 0))
- {
- LogWarning("OCSP: Unable to sign request");
- return CreateRequestResult();
- }
- }
- return CreateRequestResult(true,
- requestCont.DetachPtr(),
- certIdCont.DetachPtr());
+ return m_impl->validateCertificate(argCert, argIssuer);
}
-OCSP_CERTID* OCSP::addSerial(CertificatePtr argCert,
- CertificatePtr argIssuer)
-{
- X509_NAME* iname = X509_get_subject_name(argIssuer->getX509());
- ASN1_BIT_STRING* ikey = X509_get0_pubkey_bitstr(argIssuer->getX509());
- ASN1_INTEGER* serial = X509_get_serialNumber(argCert->getX509());
-
- return OCSP_cert_id_new(m_pCertIdDigestAlg, iname, ikey, serial);
+void OCSP::setDigestAlgorithmForCertId(DigestAlgorithm alg) {
+ return m_impl->setDigestAlgorithmForCertId(alg);
}
-void OCSP::setDigestAlgorithmForCertId(DigestAlgorithm alg)
-{
- DigestAlgorithmMap::const_iterator cit = m_sDigestAlgMap.find(alg);
-
- if (cit != m_sDigestAlgMap.end()) {
- m_pCertIdDigestAlg = cit->second;
- } else {
- LogDebug("Request for unsupported CertId digest algorithm"
- "ignored!");
- }
+void OCSP::setDigestAlgorithmForRequest(DigestAlgorithm alg) {
+ return m_impl->setDigestAlgorithmForRequest(alg);
}
-void OCSP::setDigestAlgorithmForRequest(DigestAlgorithm alg)
-{
- DigestAlgorithmMap::const_iterator cit = m_sDigestAlgMap.find(alg);
-
- if (cit != m_sDigestAlgMap.end()) {
- m_pRequestDigestAlg = cit->second;
- } else {
- LogDebug("Request for unsupported OCSP request digest algorithm"
- "ignored!");
- }
+void OCSP::setTrustedStore(const CertificateList& certs) {
+ m_impl->setTrustedStore(certs);
}
-void OCSP::setTrustedStore(const CertificateList& certs)
-{
- X509_STORE *store = X509_STORE_new();
- m_pTrustedStore = store;
- // create a trusted store basing on certificate chain from a signature
- FOREACH(iter, certs) {
- X509_STORE_add_cert(store, (*iter)->getX509());
- }
+void OCSP::setDefaultResponder(const char *uri) {
+ m_impl->setDefaultResponder(uri);
}
-void OCSP::validateResponse(OCSP_REQUEST* argRequest,
- OCSP_RESPONSE* argResponse,
- OCSP_CERTID* argCertId)
-{
- int result = OCSP_response_status(argResponse);
-
- if (result != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
- handleInvalidResponse(result);
- ThrowMsg(Exception::VerificationError, "OCSP_response_status failed");
- }
-
- // get response object
- OCSP_BASICRESP* basic = OCSP_response_get1_basic(argResponse);
- if (!basic) {
- ThrowMsg(Exception::VerificationError,
- "OCSP: Unable to get a BASICRESP object.");
- }
-
- SSLSmartContainer <OCSP_BASICRESP> basicRespCont(basic);
- if (m_bUseNonce && OCSP_check_nonce(argRequest, basicRespCont) <= 0) {
- ThrowMsg(Exception::VerificationError, "OCSP: Invalid nonce");
- }
-
- if (!verifyResponse(basic)) {
- ThrowMsg(Exception::VerificationError,
- "Unable to verify the OCSP responder's certificate");
- }
-
- checkRevocationStatus(basicRespCont, argCertId);
-}
-
-bool OCSP::verifyResponse(OCSP_BASICRESP* basic)
-{
- Assert(m_pTrustedStore);
- // verify ocsp response
- int response = OCSP_basic_verify(basic, NULL, m_pTrustedStore, 0);
- if (response <= 0) {
- LogWarning("OCSP verification failed");
- }
-
- return response > 0;
+void OCSP::setUseDefaultResponder(bool value) {
+ m_impl->setUseDefaultResponder(value);
}
-void OCSP::checkRevocationStatus(OCSP_BASICRESP* basic,
- OCSP_CERTID* id)
-{
- ASN1_GENERALIZEDTIME* producedAt;
- ASN1_GENERALIZEDTIME* thisUpdate;
- ASN1_GENERALIZEDTIME* nextUpdate;
- int reason;
- int status;
-
- m_responseValidity = 0;
-
- if (!OCSP_resp_find_status(basic,
- id,
- &status,
- &reason,
- &producedAt,
- &thisUpdate,
- &nextUpdate))
- {
- ThrowMsg(Exception::VerificationError,
- "OCSP: Failed to find certificate status.");
- }
-
- if (!OCSP_check_validity(thisUpdate,
- nextUpdate,
- MaxValidatyPeriodInSeconds,
- MaxAge))
- {
- ThrowMsg(Exception::VerificationError,
- "OCSP: Failed to check certificate validate.");
- }
-
- if (nextUpdate) {
- asn1GeneralizedTimeToTimeT(nextUpdate,&m_responseValidity);
- time_t now;
- time(&now);
- LogDebug("Time of next OCSP update got from server: " <<
- m_responseValidity);
- LogDebug("Expires in: " << (m_responseValidity - now));
- LogDebug("Original: " << nextUpdate->data);
- }
-
- switch (status) {
- case V_OCSP_CERTSTATUS_GOOD:
- return;
- case V_OCSP_CERTSTATUS_REVOKED:
- ThrowMsg(Exception::CertificateRevoked, "Certificate is Revoked");
- case V_OCSP_CERTSTATUS_UNKNOWN:
- ThrowMsg(Exception::CertificateUnknown, "Certificate is Unknown");
- default:
- Assert(false && "Invalid status");
- }
+time_t OCSP::getResponseValidity() {
+ return m_impl->getResponseValidity();
}
-OCSP::OcspResponse OCSP::convertToResponse()
-{
- using namespace SoupWrapper;
-
- // convert memory buffer to ocsp response object
- BUF_MEM res_bmem;
- OCSP_RESPONSE* response;
-
- SoupMessageSendBase::MessageBuffer buffer = m_soupMessage.getResponse();
-
- res_bmem.length = buffer.size();
- res_bmem.data = &buffer[0];
- res_bmem.max = buffer.size();
-
- BIO* res_mem_bio = BIO_new(BIO_s_mem());
- BIO_set_mem_buf(res_mem_bio, &res_bmem, BIO_NOCLOSE);
-
- response = d2i_OCSP_RESPONSE_bio(res_mem_bio, NULL);
- BIO_free_all(res_mem_bio);
-
- if (!response) {
- LogWarning("OCSP: Failed to convert OCSP Response to DER format");
- return std::make_pair(false, static_cast<OCSP_RESPONSE*>(NULL));
- }
-
- return std::make_pair(true, response);
-}
-
-void OCSP::handleInvalidResponse(int result)
-{
- switch (result) {
- case OCSP_RESPONSE_STATUS_MALFORMEDREQUEST:
- LogWarning("OCSP: Server returns "
- "OCSP_RESPONSE_STATUS_MALFORMEDREQUEST status");
- break;
- case OCSP_RESPONSE_STATUS_INTERNALERROR:
- LogWarning("OCSP: Server returns "
- "OCSP_RESPONSE_STATUS_INTERNALERROR status");
- break;
- case OCSP_RESPONSE_STATUS_TRYLATER:
- LogWarning("OCSP: Server returns "
- "OCSP_RESPONSE_STATUS_TRYLATER status");
- break;
- case OCSP_RESPONSE_STATUS_SIGREQUIRED:
- LogWarning("OCSP: Server returns "
- "OCSP_RESPONSE_STATUS_SIGREQUIRED status");
- break;
- case OCSP_RESPONSE_STATUS_UNAUTHORIZED:
- LogWarning("OCSP: Server returns "
- "OCSP_RESPONSE_STATUS_UNAUTHORIZED status");
- break;
- default:
- Assert(false && "Invalid result value");
- }
-}
} // namespace ValidationCore
* limitations under the License.
*/
/*!
- * @author Tomasz Morawski(t.morawski@samsung.com)
- * @author Michal Ciepielski(m.ciepielski@samsung.com)
- * @author Piotr Marcinkiewicz(p.marcinkiew@samsung.com)
- * @version 0.4
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 0.5
* @file OCPS.h
- * @brief Routines for certificate validation over OCSP
+ * @brief This class is used to hide OCSP implementation.
*/
-#ifndef WRT_ENGINE_SRC_VALIDATION_CORE_ENGINE_OCSP_H_
-#define WRT_ENGINE_SRC_VALIDATION_CORE_ENGINE_OCSP_H_
+#ifndef _VALIDATION_CORE_OCSP_H_
+#define _VALIDATION_CORE_OCSP_H_
-#include <openssl/pem.h>
-#include <openssl/ocsp.h>
-#include <libsoup/soup.h>
+#include <ctime>
-#include <string>
-#include <vector>
-#include <list>
-#include <utility>
-#include <map>
+#include <vcore/Certificate.h>
+#include <vcore/CertificateCollection.h>
+#include <vcore/VerificationStatus.h>
-#include <dpl/assert.h>
-#include <dpl/exception.h>
-#include <dpl/optional_typedefs.h>
+namespace ValidationCore {
-#include <vcore/scoped_gpointer.h>
+class OCSPImpl;
-#include "OCSPCertMgrUtil.h"
-#include "CertificateCollection.h"
-#include "CertificateStorage.h"
-#include "VerificationStatus.h"
-#include "SSLContainers.h"
+class OCSP {
+public:
+ OCSP(const OCSP &) = delete;
+ const OCSP &operator=(const OCSP &) = delete;
-#include "SoupMessageSendBase.h"
-#include "SoupMessageSendSync.h"
-/*
- * The WRT MUST NOT allow installation of widgets with revoked signatures.
- *
- * The WRT MUST NOT allow use of widgets with revoked signatures.
- *
- * The WRT MUST support checking for revocation of widget signatures via
- * OCSP [RFC 2560] at widget installation time, according to the following:
- *
- * At widget installation time, the WRT shall make several attempts
- * (5 attempts at 6 seconds apart recommended) to establish contact with
- * the OCSP server.
- *
- * If connectivity is successful and the application is validated, the
- * installation process shall continue.
- *
- * If connectivity is successful and if the widget signature is
- * determined to be revoked, the WRT shall issue a suitable error message
- * and cancel installation.
- *
- * If connectivity is successful and revocation status is unknown or if
- * connectivity is unsuccessful, the user must be notified that the
- * widget was unable to be installed as trusted - the certification of
- * the widget signature has not been validated -, and prompt the user to allow
- * the user to install the widget as an untrusted application, or reject
- * the installation.
- *
- * The WRT MUST support checking for revocation of widget signatures via OCSP
- * [RFC 2560] at widget runtime.
- *
- * The WRT MUST support OCSP access policy.
- */
-
-namespace ValidationCore {
-
-class OCSP
-// : public RevocationCheckerBase
-{
- public:
- static const char* DEFAULT_RESPONDER_URI_ENV;
+ OCSP();
VerificationStatus checkEndEntity(const CertificateCollection &certList);
- OCSP();
enum DigestAlgorithm
{
SHA384,
SHA512
};
- typedef std::map <DigestAlgorithm, const EVP_MD*> DigestAlgorithmMap;
+
/**
* Sets digest algorithm for certid in ocsp request
*/
VerificationStatus validateCertificate(CertificatePtr argCert,
CertificatePtr argIssuer);
- void setDefaultResponder(const char* uri)
- {
- Assert(uri);
- m_strResponderURI = DPL::FromUTF8String(uri);
- }
+ void setDefaultResponder(const char* uri);
- void setUseDefaultResponder(bool value)
- {
- m_bUseDefResponder = value;
- }
+ void setUseDefaultResponder(bool value);
/**
* @return time when response will become invalid - for list of
* certificates, this is the minimum of all validities; value is
* valid only for not-revoked certificates (non error validation result)
*/
- time_t getResponseValidity()
- {
- return m_responseValidity;
- }
-
- private:
- typedef WRT::ScopedGPointer<SoupSession> ScopedSoupSession;
- typedef WRT::ScopedGPointer<SoupMessage> ScopedSoupMessage;
-
- void handleInvalidResponse(int result);
- void sendHTTPRequest(ScopedSoupSession& session,
- ScopedSoupMessage& msg,
- const char* host,
- const char* port,
- const char* path,
- char* requestBuffer,
- size_t reqestSize);
- void sendRequest(const std::string& uri,
- char* requestBuffer,
- size_t requestSize,
- char** responseBuffer,
- size_t* responseSize);
-
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, ConnectionError)
- DECLARE_EXCEPTION_TYPE(Base, CertificateRevoked)
- DECLARE_EXCEPTION_TYPE(Base, CertificateUnknown)
- DECLARE_EXCEPTION_TYPE(Base, VerificationError)
- DECLARE_EXCEPTION_TYPE(Base, RetrieveCertFromStoreError)
- DECLARE_EXCEPTION_TYPE(Base, VerificationNotSupport)
- };
-
- const EVP_MD* m_pCertIdDigestAlg;
- const EVP_MD* m_pRequestDigestAlg;
- static DigestAlgorithmMap m_sDigestAlgMap;
-
- typedef std::pair<char*, size_t> HttpResponseBuffer;
+ time_t getResponseValidity();
- SoupWrapper::SoupMessageSendBase::RequestStatus sendOcspRequest(
- OCSP_REQUEST* argRequest,
- const DPL::OptionalString& argUri);
-
- //! Validates a single certificate
- /*!
- * @param cert The certificate to check
- * @param issuer A certificate used to sign the certificate to check.
- */
-
- struct CreateRequestResult
- {
- bool success;
- OCSP_REQUEST* ocspRequest;
- OCSP_CERTID* ocspCertId;
- CreateRequestResult(bool argSuccess = false,
- OCSP_REQUEST* argOcspRequest = NULL,
- OCSP_CERTID* argOcspCertId = NULL) :
- success(argSuccess),
- ocspRequest(argOcspRequest),
- ocspCertId(argOcspCertId)
- {
- }
- };
+ virtual ~OCSP();
+private:
+ OCSPImpl *m_impl;
- //! Creates a OCSP request
- /*!
- * @param request Returns created OCSP_REQUEST
- * @param id Returns CertId that is used to find proper OCSP result in
- * the OCSP response (@see checkRevocationStatus for more details).
- *
- */
- CreateRequestResult createRequest(CertificatePtr argCert,
- CertificatePtr argIssuer);
-
- OCSP_CERTID* addSerial(CertificatePtr argCert,
- CertificatePtr argIssuer);
-
- void validateResponse(OCSP_REQUEST* argRequest,
- OCSP_RESPONSE* argResponse,
- OCSP_CERTID* argCertId);
-
- //! Create a X509 store
- bool verifyResponse(OCSP_BASICRESP* argResponse);
-
- void checkRevocationStatus(OCSP_BASICRESP* argBasicResponse,
- OCSP_CERTID* argCertId);
-
- typedef std::pair<bool, OCSP_RESPONSE*> OcspResponse;
-
- OcspResponse convertToResponse();
-
- time_t m_responseValidity;
- bool m_bUseNonce;
- bool m_bUseDefResponder;
- DPL::String m_strResponderURI;
- bool m_bSignRequest;
- EVP_PKEY* m_pSignKey;
- CertificatePtr m_pSignCert;
- SSLSmartContainer <X509_STORE> m_pTrustedStore;
- SoupWrapper::SoupMessageSendSync m_soupMessage;
};
-} // ValidationCore
-#endif //ifndef WRT_ENGINE_SRC_VALIDATION_CORE_ENGINE_OCSP_H_
+} // namespace ValidationCore
+
+#endif //ifndef _VALIDATION_CORE_OCSP_H_
* @brief
*/
-#include "OCSPCertMgrUtil.h"
-#include "SSLContainers.h"
+#include <vcore/OCSPCertMgrUtil.h>
+#include <vcore/SSLContainers.h>
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+#include <openssl/ocsp.h>
+#endif
#include <openssl/pem.h>
-#include <openssl/ocsp.h>
+#include <openssl/x509.h>
#include <dpl/log/log.h>
#include <dpl/scoped_resource.h>
#include <string.h>
return;
}
- typedef DPL::ScopedResource<ContextDeleter> ScopedContext;
+ typedef VcoreDPL::ScopedResource<ContextDeleter> ScopedContext;
int result;
char buffer[MAX_BUF];
CertificatePtr getParentFromStore(const CertificatePtr &certificate)
{
- Assert(certificate.Get());
+ Assert(certificate.get());
X509* rawPtr = certificate->getX509();
/* TODO Add getIssuerName function to Certificate.h */
if (rawTemp == NULL) {
return CertificatePtr();
}
-
SSLSmartContainer<X509> scope(rawTemp);
return CertificatePtr(new Certificate(rawTemp));
}
return result;
}
CertificatePtr parent = getParentFromStore(last);
- if (parent.Get()) {
+ if (parent.get()) {
result.push_back(parent);
}
return result;
* @brief
*/
-#ifndef _WRT_OCSP_CERT_MGR_UTIL_H_
-#define _WRT_OCSP_CERT_MGR_UTIL_H_
+#ifndef _OCSP_CERT_MGR_UTIL_H_
+#define _OCSP_CERT_MGR_UTIL_H_
-#include <openssl/x509.h>
-
-#include "Certificate.h"
+#include <vcore/Certificate.h>
namespace ValidationCore {
namespace OCSPCertMgrUtil {
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @author Tomasz Morawski(t.morawski@samsung.com)
+ * @author Michal Ciepielski(m.ciepielski@samsung.com)
+ * @author Piotr Marcinkiewicz(p.marcinkiew@samsung.com)
+ * @version 0.4
+ * @file OCSP.cpp
+ * @brief Routines for certificate validation over OCSP
+ */
+
+#include <vcore/OCSPImpl.h>
+
+#include <string.h>
+#include <algorithm>
+
+#include <openssl/ssl.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+#include <dpl/log/log.h>
+#include <dpl/assert.h>
+#include <dpl/foreach.h>
+#include <dpl/scoped_array.h>
+#include <dpl/scoped_free.h>
+
+#include <libsoup/soup.h>
+
+#include <vcore/Certificate.h>
+#include <vcore/SoupMessageSendSync.h>
+#include <vcore/ValidatorFactories.h>
+
+extern "C" {
+// This function is needed to fix "Invalid conversion from void*
+// to unsigned char*" C++ compiler error during calling
+// i2d_OCSP_REQUEST_bio macro
+extern bool convertToBuffer(OCSP_REQUEST* req,
+ char** buf,
+ int* size);
+}
+
+namespace {
+const int ConnectionTimeoutInSeconds = 6;
+const int ConnectionRetryCount = 3;
+
+//! Maximum leeway in validity period in seconds: default 1 day
+//! (@see checkRevocationStatus function code)
+
+//! Maximum validity time for revocation status (1 day)
+const int MaxValidatyPeriodInSeconds = 24 * 60 * 60;
+
+//! Max age (@see checkRevocationStatus function code)
+const int MaxAge = -1;
+} // anonymous namespace
+
+namespace ValidationCore {
+
+const char* OCSPImpl::DEFAULT_RESPONDER_URI_ENV = "OCSP_DEFAULT_RESPONDER_URI";
+
+static const EVP_MD* getDigestAlg(OCSP::DigestAlgorithm alg)
+{
+ switch (alg) {
+ case OCSP::SHA1:
+ return EVP_sha1();
+ case OCSP::SHA224:
+ return EVP_sha224();
+ case OCSP::SHA256:
+ return EVP_sha256();
+ case OCSP::SHA384:
+ return EVP_sha384();
+ case OCSP::SHA512:
+ return EVP_sha512();
+ default:
+ return NULL;
+ }
+}
+
+OCSPImpl::OCSPImpl() :
+ /* Upgrade of openssl is required to support sha256 */
+ // m_pCertIdDigestAlg(EVP_sha256()),
+ // m_pRequestDigestAlg(EVP_sha256()),
+ m_pCertIdDigestAlg(EVP_sha1()),
+ m_pRequestDigestAlg(EVP_sha1()),
+ m_bUseNonce(false),
+ m_bUseDefResponder(false),
+ m_bSignRequest(false),
+ m_pSignKey(0)
+{}
+
+SoupWrapper::SoupMessageSendBase::RequestStatus OCSPImpl::sendOcspRequest(
+ OCSP_REQUEST* argRequest,
+ const std::string& argUri)
+{
+ using namespace SoupWrapper;
+ // convert OCSP_REQUEST to memory buffer
+ char* requestBuffer;
+ int requestSizeInt;
+ if (!convertToBuffer(argRequest, &requestBuffer, &requestSizeInt)) {
+ ThrowMsg(Exception::VerificationError,
+ "OCSP: failed to convert OCSP_REQUEST to mem buffer");
+ }
+
+ Assert(requestSizeInt >= 0);
+
+ SoupMessageSendBase::MessageBuffer buffer;
+ buffer.resize(requestSizeInt);
+ memcpy(&buffer[0], requestBuffer, requestSizeInt);
+ free(requestBuffer);
+
+ char *cport = 0,*chost = 0,*cpath = 0;
+ int use_ssl = 0;
+
+ if (!OCSP_parse_url(const_cast<char*>(argUri.c_str()),
+ &chost,
+ &cport,
+ &cpath,
+ &use_ssl))
+ {
+ LogWarning("Error in OCSP_parse_url");
+ return SoupMessageSendBase::REQUEST_STATUS_CONNECTION_ERROR;
+ }
+
+ std::string host = chost;
+
+ if (cport) {
+ host += ":";
+ host += cport;
+ }
+
+ free(cport);
+ free(chost);
+ free(cpath);
+
+ m_soupMessage.setHost(argUri);
+ m_soupMessage.setHeader("Host", host);
+ m_soupMessage.setRequest(std::string("application/ocsp-request"),
+ buffer);
+
+ return m_soupMessage.sendSync();
+}
+
+ValidationCore::VerificationStatusSet OCSPImpl::validateCertificateList(
+ const CertificateList &certs)
+{
+ VerificationStatusSet statusSet;
+
+ if (certs.size() < 2) {
+ // no certificates to verify, just return a error
+ LogWarning("No validation will be proceed. OCSP require at"
+ " least 2 certificates in chain. Found only " <<
+ certs.size());
+ statusSet.add(VERIFICATION_STATUS_ERROR);
+ return statusSet;
+ }
+
+ CertificatePtr root = certs.back();
+ CertStoreId::Set storedSetId = createCertificateIdentifier().find(root);
+ char* ocspUrl = storedSetId.getOcspUrl();
+
+ if (ocspUrl != NULL)
+ {
+ setUseDefaultResponder(true);
+ setDefaultResponder(ocspUrl);
+ }
+
+ CertificateList::const_iterator iter = certs.begin();
+ CertificateList::const_iterator parent = iter;
+
+ time_t minValidity = 0;
+ for (++parent; parent != certs.end(); ++iter, ++parent) {
+ LogDebug("Certificate validation (CN:" <<
+ (*iter)->getOneLine() << ")");
+ LogDebug("Parent certificate (CN:" <<
+ (*parent)->getOneLine() << ")");
+ statusSet.add(validateCertificate(*iter, *parent));
+ if ((0 == minValidity || minValidity > m_responseValidity) &&
+ m_responseValidity > 0)
+ {
+ minValidity = m_responseValidity;
+ }
+ }
+ m_responseValidity = minValidity;
+
+ return statusSet;
+}
+
+VerificationStatus OCSPImpl::checkEndEntity(
+ const CertificateCollection &chain)
+{
+ // this is temporary fix. it must be rewriten
+ VerificationStatusSet verSet;
+
+ CertificateList clst;
+ if (chain.isChain() && chain.size() >= 2) {
+ CertificateList::const_iterator icert = chain.begin();
+ clst.push_back(*icert);
+ ++icert;
+ clst.push_back(*icert);
+ }
+ verSet += validateCertificateList(clst);
+
+ return verSet.convertToStatus();
+}
+
+VerificationStatus OCSPImpl::validateCertificate(CertificatePtr argCert,
+ CertificatePtr argIssuer)
+{
+ using namespace SoupWrapper;
+
+ Assert(!!argCert);
+ Assert(!!argIssuer);
+
+ Try {
+ std::string uri;
+
+ if (!m_bUseDefResponder) {
+ uri = argCert->getOCSPURL();
+ if (uri.empty()) {
+ return VERIFICATION_STATUS_NOT_SUPPORT;
+ }
+ } else {
+ if (m_strResponderURI.empty()) {
+ ThrowMsg(Exception::VerificationError,
+ "Default responder is not set");
+ }
+ LogWarning("Default responder will be used");
+
+ uri = m_strResponderURI;
+ }
+
+ // creates a request
+ CreateRequestResult newRequest = createRequest(argCert, argIssuer);
+ if (!newRequest.success) {
+ ThrowMsg(Exception::VerificationError, "Request creation failed");
+ }
+
+ // SSLSmartContainer <OCSP_CERTID> certIdCont(certId);
+ // this smart ptr is commented out in purpose. request
+ // manages certIdmemory (which was done in createRequest above)
+ SSLSmartContainer <OCSP_REQUEST> requestCont(newRequest.ocspRequest);
+
+ SoupMessageSendBase::RequestStatus requestStatus;
+ requestStatus = sendOcspRequest(requestCont, uri);
+
+ if (requestStatus != SoupMessageSendBase::REQUEST_STATUS_OK) {
+ return VERIFICATION_STATUS_CONNECTION_FAILED;
+ }
+
+ // Response is m_soupMessage, convert it to OCSP_RESPONSE
+ OcspResponse response = convertToResponse();
+
+ if (!response.first) {
+ ThrowMsg(OCSPImpl::Exception::VerificationError,
+ "OCSP: failed to convert mem buffer to OCSP_RESPONSE");
+ }
+
+ SSLSmartContainer <OCSP_RESPONSE> responseCont(response.second);
+ // verify response eg. check response status,
+ // validate responder certificate
+ validateResponse(requestCont,
+ responseCont,
+ newRequest.ocspCertId);
+ } Catch(Exception::ConnectionError) {
+ LogWarning("OCSP: ConnectionError");
+ return VERIFICATION_STATUS_CONNECTION_FAILED;
+ } Catch(Exception::CertificateRevoked) {
+ LogWarning("OCSP: Revoked");
+ return VERIFICATION_STATUS_REVOKED;
+ } Catch(Exception::CertificateUnknown) {
+ LogWarning("OCSP: Unknown");
+ return VERIFICATION_STATUS_UNKNOWN;
+ } Catch(Exception::VerificationError) {
+ LogWarning("OCSP: Verification error");
+ return VERIFICATION_STATUS_VERIFICATION_ERROR;
+ } Catch(Exception::Base) {
+ LogWarning("OCSP: Error");
+ return VERIFICATION_STATUS_ERROR;
+ }
+ LogWarning("OCSP: Good");
+ return VERIFICATION_STATUS_GOOD;
+}
+
+void OCSPImpl::setDefaultResponder(const char *uri)
+{
+ Assert(uri);
+ m_strResponderURI = std::string(uri);
+}
+
+void OCSPImpl::setUseDefaultResponder(bool value)
+{
+ m_bUseDefResponder = value;
+}
+
+time_t OCSPImpl::getResponseValidity()
+{
+ return m_responseValidity;
+}
+
+OCSPImpl::CreateRequestResult OCSPImpl::createRequest(CertificatePtr argCert,
+ CertificatePtr argIssuer)
+{
+ OCSP_REQUEST* newRequest = OCSP_REQUEST_new();
+
+ if (!newRequest) {
+ LogWarning("OCSP: Failed to create a request");
+ return CreateRequestResult();
+ }
+
+ SSLSmartContainer <OCSP_REQUEST> requestCont(newRequest);
+
+ OCSP_CERTID* certId = addSerial(argCert, argIssuer);
+
+ if (!certId) {
+ LogWarning("OCSP: Unable to create a serial id");
+ return CreateRequestResult();
+ }
+ SSLSmartContainer <OCSP_CERTID> certIdCont(certId);
+
+ // Inserting certificate ID to request
+ if (!OCSP_request_add0_id(requestCont, certIdCont)) {
+ LogWarning("OCSP: Unable to create a certificate id");
+ return CreateRequestResult();
+ }
+
+ if (m_bUseNonce) {
+ OCSP_request_add1_nonce(requestCont, 0, -1);
+ }
+
+ if (m_bSignRequest) {
+ if (!m_pSignCert || !m_pSignKey) {
+ LogWarning("OCSP: Unable to sign request if "
+ "SignCert or SignKey was not set");
+ return CreateRequestResult();
+ }
+
+ if (!OCSP_request_sign(requestCont,
+ m_pSignCert->getX509(),
+ m_pSignKey,
+ m_pRequestDigestAlg,
+ 0,
+ 0))
+ {
+ LogWarning("OCSP: Unable to sign request");
+ return CreateRequestResult();
+ }
+ }
+ return CreateRequestResult(true,
+ requestCont.DetachPtr(),
+ certIdCont.DetachPtr());
+}
+
+OCSP_CERTID* OCSPImpl::addSerial(CertificatePtr argCert,
+ CertificatePtr argIssuer)
+{
+ X509_NAME* iname = X509_get_subject_name(argIssuer->getX509());
+ ASN1_BIT_STRING* ikey = X509_get0_pubkey_bitstr(argIssuer->getX509());
+ ASN1_INTEGER* serial = X509_get_serialNumber(argCert->getX509());
+
+ return OCSP_cert_id_new(m_pCertIdDigestAlg, iname, ikey, serial);
+}
+
+void OCSPImpl::setDigestAlgorithmForCertId(OCSP::DigestAlgorithm alg)
+{
+ const EVP_MD* foundAlg = getDigestAlg(alg);
+
+ if (NULL != foundAlg) {
+ m_pCertIdDigestAlg = foundAlg;
+ } else {
+ LogDebug("Request for unsupported CertId digest algorithm"
+ "ignored!");
+ }
+}
+
+void OCSPImpl::setDigestAlgorithmForRequest(OCSP::DigestAlgorithm alg)
+{
+ const EVP_MD* foundAlg = getDigestAlg(alg);
+
+ if (NULL != foundAlg) {
+ m_pRequestDigestAlg = foundAlg;
+ } else {
+ LogDebug("Request for unsupported OCSP request digest algorithm"
+ "ignored!");
+ }
+}
+
+void OCSPImpl::setTrustedStore(const CertificateList& certs)
+{
+ X509_STORE *store = X509_STORE_new();
+ m_pTrustedStore = store;
+ // create a trusted store basing on certificate chain from a signature
+ FOREACH(iter, certs) {
+ X509_STORE_add_cert(store, (*iter)->getX509());
+ }
+}
+
+void OCSPImpl::validateResponse(OCSP_REQUEST* argRequest,
+ OCSP_RESPONSE* argResponse,
+ OCSP_CERTID* argCertId)
+{
+ int result = OCSP_response_status(argResponse);
+
+ if (result != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+ handleInvalidResponse(result);
+ ThrowMsg(Exception::VerificationError, "OCSP_response_status failed");
+ }
+
+ // get response object
+ OCSP_BASICRESP* basic = OCSP_response_get1_basic(argResponse);
+ if (!basic) {
+ ThrowMsg(Exception::VerificationError,
+ "OCSP: Unable to get a BASICRESP object.");
+ }
+
+ SSLSmartContainer <OCSP_BASICRESP> basicRespCont(basic);
+ if (m_bUseNonce && OCSP_check_nonce(argRequest, basicRespCont) <= 0) {
+ ThrowMsg(Exception::VerificationError, "OCSP: Invalid nonce");
+ }
+
+ if (!verifyResponse(basic)) {
+ ThrowMsg(Exception::VerificationError,
+ "Unable to verify the OCSP responder's certificate");
+ }
+
+ checkRevocationStatus(basicRespCont, argCertId);
+}
+
+bool OCSPImpl::verifyResponse(OCSP_BASICRESP* basic)
+{
+ Assert(m_pTrustedStore);
+ // verify ocsp response
+ int response = OCSP_basic_verify(basic, NULL, m_pTrustedStore, 0);
+ if (response <= 0) {
+ LogWarning("OCSP verification failed");
+ }
+
+ return response > 0;
+}
+
+void OCSPImpl::checkRevocationStatus(OCSP_BASICRESP* basic,
+ OCSP_CERTID* id)
+{
+ ASN1_GENERALIZEDTIME* producedAt;
+ ASN1_GENERALIZEDTIME* thisUpdate;
+ ASN1_GENERALIZEDTIME* nextUpdate;
+ int reason;
+ int status;
+
+ m_responseValidity = 0;
+
+ if (!OCSP_resp_find_status(basic,
+ id,
+ &status,
+ &reason,
+ &producedAt,
+ &thisUpdate,
+ &nextUpdate))
+ {
+ ThrowMsg(Exception::VerificationError,
+ "OCSP: Failed to find certificate status.");
+ }
+
+ if (!OCSP_check_validity(thisUpdate,
+ nextUpdate,
+ MaxValidatyPeriodInSeconds,
+ MaxAge))
+ {
+ ThrowMsg(Exception::VerificationError,
+ "OCSP: Failed to check certificate validate.");
+ }
+
+ if (nextUpdate) {
+ asn1GeneralizedTimeToTimeT(nextUpdate,&m_responseValidity);
+ time_t now;
+ time(&now);
+ LogDebug("Time of next OCSP update got from server: " <<
+ m_responseValidity);
+ LogDebug("Expires in: " << (m_responseValidity - now));
+ LogDebug("Original: " << nextUpdate->data);
+ }
+
+ switch (status) {
+ case V_OCSP_CERTSTATUS_GOOD:
+ return;
+ case V_OCSP_CERTSTATUS_REVOKED:
+ ThrowMsg(Exception::CertificateRevoked, "Certificate is Revoked");
+ case V_OCSP_CERTSTATUS_UNKNOWN:
+ ThrowMsg(Exception::CertificateUnknown, "Certificate is Unknown");
+ default:
+ Assert(false && "Invalid status");
+ }
+}
+
+OCSPImpl::OcspResponse OCSPImpl::convertToResponse()
+{
+ using namespace SoupWrapper;
+
+ // convert memory buffer to ocsp response object
+ BUF_MEM res_bmem;
+ OCSP_RESPONSE* response;
+
+ SoupMessageSendBase::MessageBuffer buffer = m_soupMessage.getResponse();
+
+ res_bmem.length = buffer.size();
+ res_bmem.data = &buffer[0];
+ res_bmem.max = buffer.size();
+
+ BIO* res_mem_bio = BIO_new(BIO_s_mem());
+ BIO_set_mem_buf(res_mem_bio, &res_bmem, BIO_NOCLOSE);
+
+ response = d2i_OCSP_RESPONSE_bio(res_mem_bio, NULL);
+ BIO_free_all(res_mem_bio);
+
+ if (!response) {
+ LogWarning("OCSP: Failed to convert OCSP Response to DER format");
+ return std::make_pair(false, static_cast<OCSP_RESPONSE*>(NULL));
+ }
+
+ return std::make_pair(true, response);
+}
+
+void OCSPImpl::handleInvalidResponse(int result)
+{
+ switch (result) {
+ case OCSP_RESPONSE_STATUS_MALFORMEDREQUEST:
+ LogWarning("OCSP: Server returns "
+ "OCSP_RESPONSE_STATUS_MALFORMEDREQUEST status");
+ break;
+ case OCSP_RESPONSE_STATUS_INTERNALERROR:
+ LogWarning("OCSP: Server returns "
+ "OCSP_RESPONSE_STATUS_INTERNALERROR status");
+ break;
+ case OCSP_RESPONSE_STATUS_TRYLATER:
+ LogWarning("OCSP: Server returns "
+ "OCSP_RESPONSE_STATUS_TRYLATER status");
+ break;
+ case OCSP_RESPONSE_STATUS_SIGREQUIRED:
+ LogWarning("OCSP: Server returns "
+ "OCSP_RESPONSE_STATUS_SIGREQUIRED status");
+ break;
+ case OCSP_RESPONSE_STATUS_UNAUTHORIZED:
+ LogWarning("OCSP: Server returns "
+ "OCSP_RESPONSE_STATUS_UNAUTHORIZED status");
+ break;
+ default:
+ Assert(false && "Invalid result value");
+ }
+}
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @author Tomasz Morawski(t.morawski@samsung.com)
+ * @author Michal Ciepielski(m.ciepielski@samsung.com)
+ * @author Piotr Marcinkiewicz(p.marcinkiew@samsung.com)
+ * @author Bartlomiej Grzelewski(b.grzelewski@samsung.com)
+ * @version 0.4
+ * @file OCPS.h
+ * @brief Routines for certificate validation over OCSP
+ */
+
+#ifndef _VALIDATION_CORE_OCSPIMPL_H_
+#define _VALIDATION_CORE_OCSPIMPL_H_
+
+#include <vcore/OCSP.h>
+
+#include <string>
+#include <vector>
+#include <list>
+
+#include <openssl/pem.h>
+#include <openssl/ocsp.h>
+#include <libsoup/soup.h>
+
+#include <dpl/exception.h>
+
+#include <vcore/scoped_gpointer.h>
+#include <vcore/OCSPCertMgrUtil.h>
+#include <vcore/CertificateCollection.h>
+#include <vcore/CertificateStorage.h>
+#include <vcore/VerificationStatus.h>
+#include <vcore/SSLContainers.h>
+#include <vcore/SoupMessageSendBase.h>
+#include <vcore/SoupMessageSendSync.h>
+#include <vcore/TimeConversion.h>
+/*
+ * The WRT MUST NOT allow installation of widgets with revoked signatures.
+ *
+ * The WRT MUST NOT allow use of widgets with revoked signatures.
+ *
+ * The WRT MUST support checking for revocation of widget signatures via
+ * OCSP [RFC 2560] at widget installation time, according to the following:
+ *
+ * At widget installation time, the WRT shall make several attempts
+ * (5 attempts at 6 seconds apart recommended) to establish contact with
+ * the OCSP server.
+ *
+ * If connectivity is successful and the application is validated, the
+ * installation process shall continue.
+ *
+ * If connectivity is successful and if the widget signature is
+ * determined to be revoked, the WRT shall issue a suitable error message
+ * and cancel installation.
+ *
+ * If connectivity is successful and revocation status is unknown or if
+ * connectivity is unsuccessful, the user must be notified that the
+ * widget was unable to be installed as trusted - the certification of
+ * the widget signature has not been validated -, and prompt the user to allow
+ * the user to install the widget as an untrusted application, or reject
+ * the installation.
+ *
+ * The WRT MUST support checking for revocation of widget signatures via OCSP
+ * [RFC 2560] at widget runtime.
+ *
+ * The WRT MUST support OCSP access policy.
+ */
+
+namespace ValidationCore {
+
+class OCSPImpl {
+public:
+ OCSPImpl();
+
+ static const char* DEFAULT_RESPONDER_URI_ENV;
+
+ VerificationStatus checkEndEntity(const CertificateCollection &certList);
+
+ /**
+ * Sets digest algorithm for certid in ocsp request
+ */
+ void setDigestAlgorithmForCertId(OCSP::DigestAlgorithm alg);
+
+ /**
+ * Sets digest algorithm for certid in ocsp request
+ */
+ void setDigestAlgorithmForRequest(OCSP::DigestAlgorithm alg);
+
+ void setTrustedStore(const CertificateList& certs);
+
+ VerificationStatusSet validateCertificateList(const CertificateList &certs);
+
+ VerificationStatus validateCertificate(CertificatePtr argCert,
+ CertificatePtr argIssuer);
+
+ void setDefaultResponder(const char* uri);
+
+ void setUseDefaultResponder(bool value);
+
+ /**
+ * @return time when response will become invalid - for list of
+ * certificates, this is the minimum of all validities; value is
+ * valid only for not-revoked certificates (non error validation result)
+ */
+ time_t getResponseValidity();
+
+private:
+ typedef WRT::ScopedGPointer<SoupSession> ScopedSoupSession;
+ typedef WRT::ScopedGPointer<SoupMessage> ScopedSoupMessage;
+
+ void handleInvalidResponse(int result);
+ void sendHTTPRequest(ScopedSoupSession& session,
+ ScopedSoupMessage& msg,
+ const char* host,
+ const char* port,
+ const char* path,
+ char* requestBuffer,
+ size_t reqestSize);
+ void sendRequest(const std::string& uri,
+ char* requestBuffer,
+ size_t requestSize,
+ char** responseBuffer,
+ size_t* responseSize);
+
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, ConnectionError)
+ DECLARE_EXCEPTION_TYPE(Base, CertificateRevoked)
+ DECLARE_EXCEPTION_TYPE(Base, CertificateUnknown)
+ DECLARE_EXCEPTION_TYPE(Base, VerificationError)
+ DECLARE_EXCEPTION_TYPE(Base, RetrieveCertFromStoreError)
+ DECLARE_EXCEPTION_TYPE(Base, VerificationNotSupport)
+ };
+
+ const EVP_MD* m_pCertIdDigestAlg;
+ const EVP_MD* m_pRequestDigestAlg;
+
+ typedef std::pair<char*, size_t> HttpResponseBuffer;
+
+ SoupWrapper::SoupMessageSendBase::RequestStatus sendOcspRequest(
+ OCSP_REQUEST* argRequest,
+ const std::string& argUri);
+
+
+
+ //! Validates a single certificate
+ /*!
+ * @param cert The certificate to check
+ * @param issuer A certificate used to sign the certificate to check.
+ */
+
+ struct CreateRequestResult
+ {
+ bool success;
+ OCSP_REQUEST* ocspRequest;
+ OCSP_CERTID* ocspCertId;
+ CreateRequestResult(bool argSuccess = false,
+ OCSP_REQUEST* argOcspRequest = NULL,
+ OCSP_CERTID* argOcspCertId = NULL) :
+ success(argSuccess),
+ ocspRequest(argOcspRequest),
+ ocspCertId(argOcspCertId)
+ {
+ }
+ };
+
+ //! Creates a OCSP request
+ /*!
+ * @param request Returns created OCSP_REQUEST
+ * @param id Returns CertId that is used to find proper OCSP result in
+ * the OCSP response (@see checkRevocationStatus for more details).
+ *
+ */
+ CreateRequestResult createRequest(CertificatePtr argCert,
+ CertificatePtr argIssuer);
+
+ OCSP_CERTID* addSerial(CertificatePtr argCert,
+ CertificatePtr argIssuer);
+
+ void validateResponse(OCSP_REQUEST* argRequest,
+ OCSP_RESPONSE* argResponse,
+ OCSP_CERTID* argCertId);
+
+ //! Create a X509 store
+ bool verifyResponse(OCSP_BASICRESP* argResponse);
+
+ void checkRevocationStatus(OCSP_BASICRESP* argBasicResponse,
+ OCSP_CERTID* argCertId);
+
+ typedef std::pair<bool, OCSP_RESPONSE*> OcspResponse;
+
+ OcspResponse convertToResponse();
+
+ time_t m_responseValidity;
+ bool m_bUseNonce;
+ bool m_bUseDefResponder;
+ std::string m_strResponderURI;
+ bool m_bSignRequest;
+ EVP_PKEY* m_pSignKey;
+ CertificatePtr m_pSignCert;
+ SSLSmartContainer <X509_STORE> m_pTrustedStore;
+ SoupWrapper::SoupMessageSendSync m_soupMessage;
+};
+
+} // ValidationCore
+
+#endif // _VALIDATION_CORE_OCSPIMPL_H_
* This function is needed to fix "Invalid conversion from void* to unsigned char*"
* C++ compiler error during calling i2d_OCSP_REQUEST_bio macro
*/
+int convertToBuffer(OCSP_REQUEST *req, char **buf, int *size);
+
int convertToBuffer(OCSP_REQUEST *req, char **buf, int *size) {
BIO *req_mem_bio;
BUF_MEM req_bmem;
#include <map>
#include <string>
-#include <dpl/log/log.h>
-
-#include "SaxReader.h"
+#include <vcore/SaxReader.h>
+#include <vcore/exception.h>
namespace ValidationCore {
namespace ParserSchemaException {
-DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
-DECLARE_EXCEPTION_TYPE(Base, XmlReaderError)
-DECLARE_EXCEPTION_TYPE(Base, CertificateLoaderError)
-DECLARE_EXCEPTION_TYPE(Base, UnsupportedAlgorithm)
-DECLARE_EXCEPTION_TYPE(Base, UnsupportedValue)
+ VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, XmlReaderError);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, CertificateLoaderError);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, UnsupportedAlgorithm);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, UnsupportedValue);
}
template<typename ParserType, typename DataType>
-class ParserSchema
-{
- public:
- struct TagDescription
- {
+class ParserSchema {
+public:
+
+ struct TagDescription {
TagDescription(const std::string &tag,
const std::string & xmlNamespace) :
tagName(tag),
}
};
- ParserSchema(ParserType * parser) :
- m_functions(parser)
- {
- }
- virtual ~ParserSchema()
- {
- }
+ ParserSchema(ParserType *parser)
+ : m_functions(parser) {}
+
+ virtual ~ParserSchema() {}
- void initialize(const std::string &filename,
+ void initialize(
+ const std::string &filename,
bool defaultArgs,
SaxReader::ValidationType valType,
const std::string &xmlschema)
{
- Try
+ VcoreTry
{
m_reader.initialize(filename, defaultArgs, valType, xmlschema);
}
- Catch(SaxReader::Exception::Base)
+ VcoreCatch (SaxReader::Exception::Base)
{
- ReThrowMsg(ParserSchemaException::XmlReaderError, "XmlReaderError");
+ VcoreReThrowMsg(ParserSchemaException::XmlReaderError, "XmlReaderError");
}
}
void read(DataType &dataContainer)
{
- Try {
+ VcoreTry
+ {
while (m_reader.next()) {
switch (m_reader.type()) {
case SaxReader::NODE_BEGIN:
textNode(dataContainer);
break;
default:
- // LogInfo("Unknown Type Node");
break;
}
}
}
- Catch(SaxReader::Exception::Base)
+ VcoreCatch (SaxReader::Exception::Base)
{
- ReThrowMsg(ParserSchemaException::XmlReaderError, "XmlReaderError");
+ VcoreReThrowMsg(ParserSchemaException::XmlReaderError, "XmlReaderError");
}
}
typedef void (ParserType::*FunctionPtr)(DataType &data);
typedef std::map<TagDescription, FunctionPtr> FunctionMap;
- void addBeginTagCallback(const std::string &tag,
+ void addBeginTagCallback(
+ const std::string &tag,
const std::string &namespaceUri,
FunctionPtr function)
{
m_beginFunctionMap[desc] = function;
}
- void addEndTagCallback(const std::string &tag,
+ void addEndTagCallback(
+ const std::string &tag,
const std::string &namespaceUri,
FunctionPtr function)
{
m_endFunctionMap[desc] = function;
}
- SaxReader& getReader(void)
+ SaxReader& getReader()
{
return m_reader;
}
- std::string& getText(void)
+ std::string& getText()
{
return m_textNode;
}
- protected:
+protected:
void beginNode(DataType &dataContainer)
{
TagDescription desc(m_reader.name(), m_reader.namespaceURI());
FunctionPtr fun = m_beginFunctionMap[desc];
if (fun == 0) {
- LogDebug("No function found for xml tag: " << m_reader.name());
return;
}
FunctionPtr fun = m_endFunctionMap[desc];
if (fun == 0) {
- LogDebug("No function found for xml tag: " << m_reader.name());
return;
}
}
ParserType *m_functions;
-
SaxReader m_reader;
FunctionMap m_beginFunctionMap;
FunctionMap m_endFunctionMap;
// temporary values require due parsing textNode
std::string m_textNode;
};
+
} // namespace ValidationCore
#endif
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+/*
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @file ReferenceValidator.cpp
+ * @version 1.0
+ * @brief Compare signature reference list and list of widget file.
+ */
+#include <vcore/ReferenceValidator.h>
+
#include <dirent.h>
#include <errno.h>
#include <fstream>
#include <memory>
+#include <pcrecpp.h>
+
#include <dpl/errno_string.h>
#include <dpl/log/log.h>
-#include "Base64.h"
-#include "ReferenceValidator.h"
-
namespace {
+
const char *SPECIAL_SYMBOL_CURRENT_DIR = ".";
const char *SPECIAL_SYMBOL_UPPER_DIR = "..";
const char *SPECIAL_SYMBOL_AUTHOR_SIGNATURE_FILE = "author-signature.xml";
const char *REGEXP_DISTRIBUTOR_SIGNATURE = "^signature[1-9][0-9]*\\.xml";
+
+const char MARK_ENCODED_CHAR = '%';
+
} // namespace anonymous
namespace ValidationCore {
-ReferenceValidator::ReferenceValidator(const std::string &dirpath) :
- m_dirpath(dirpath),
- m_signatureRegexp(REGEXP_DISTRIBUTOR_SIGNATURE)
+
+class ReferenceValidator::Impl
{
+ public:
+ Impl(const std::string &dirpath)
+ : m_dirpath(dirpath)
+ , m_signatureRegexp(REGEXP_DISTRIBUTOR_SIGNATURE)
+ {}
+
+ virtual ~Impl(){}
+
+ Result checkReferences(const SignatureData &signatureData){
+ const ReferenceSet &refSet = signatureData.getReferenceSet();
+ ReferenceSet refDecoded;
+
+ try {
+ for (auto it = refSet.begin(); it != refSet.end(); ++it) {
+ if (std::string::npos != it->find(MARK_ENCODED_CHAR))
+ refDecoded.insert(decodeProcent(*it));
+ else
+ refDecoded.insert(*it);
+ }
+ } catch (Result &) {
+ return ERROR_DECODING_URL;
+ }
+ return dfsCheckDirectories(
+ refDecoded,
+ std::string(),
+ signatureData.isAuthorSignature());
+ }
+
+ private:
+ int hexToInt(char hex);
+ std::string decodeProcent(const std::string &path);
+
+ Result dfsCheckDirectories(
+ const ReferenceSet &referenceSet,
+ const std::string &directory,
+ bool isAuthorSignature);
+
+ inline bool isDistributorSignature(const char *cstring) const
+ {
+ return m_signatureRegexp.FullMatch(cstring);
+ }
+
+ std::string m_dirpath;
+ std::string m_errorDescription;
+ pcrecpp::RE m_signatureRegexp;
+};
+
+int ReferenceValidator::Impl::hexToInt(char a) {
+ if (a >= '0' && a <= '9') return a-'0';
+ if (a >= 'A' && a <= 'F') return a-'A' + 10;
+ if (a >= 'a' && a <= 'f') return a-'a' + 10;
+ LogError("Symbol '" << a << "' is out of scope.");
+ throw ERROR_DECODING_URL;
}
-ReferenceValidator::Result ReferenceValidator::checkReferences(
- const SignatureData &signatureData)
-{
- return dfsCheckDirectories(signatureData, std::string());
+std::string ReferenceValidator::Impl::decodeProcent(const std::string &path) {
+ std::vector<int> input(path.begin(), path.end());
+ std::vector<char> output;
+ try {
+ size_t i = 0;
+ while(i<input.size()) {
+ if (MARK_ENCODED_CHAR == input[i]) {
+ if (i+2 >= input.size())
+ throw ERROR_DECODING_URL;
+
+ int result = hexToInt(input[i+1])*16 + hexToInt(input[i+2]);
+
+ // RFC 1738 - octets 80 to FF are not allowed
+ if (result >= 128)
+ throw ERROR_DECODING_URL;
+
+ output.push_back(static_cast<char>(result));
+ i+=3;
+ } else {
+ output.push_back(static_cast<char>(input[i]));
+ ++i;
+ }
+ }
+ } catch (Result &) {
+ LogError("Error while decoding url path: " << path);
+ throw ERROR_DECODING_URL;
+ }
+ return std::string(output.begin(), output.end());
}
-ReferenceValidator::Result ReferenceValidator::dfsCheckDirectories(
- const SignatureData &signatureData,
- const std::string &directory)
+ReferenceValidator::Result ReferenceValidator::Impl::dfsCheckDirectories(
+ const ReferenceSet &referenceSet,
+ const std::string &directory,
+ bool isAuthorSignature)
{
- DIR *dp;
- struct dirent *dirp;
std::string currentDir = m_dirpath + directory;
+ DIR *dp;
if ((dp = opendir(currentDir.c_str())) == NULL) {
LogError("Error opening directory: " << currentDir.c_str());
m_errorDescription = currentDir;
return ERROR_OPENING_DIR;
}
- for (errno = 0; (dirp = readdir(dp)) != NULL; errno = 0) {
+ struct dirent entry;
+ struct dirent *dirp;
+ while (readdir_r(dp, &entry, &dirp) == 0 && dirp) {
if (!strcmp(dirp->d_name, SPECIAL_SYMBOL_CURRENT_DIR)) {
continue;
}
}
if (currentDir == m_dirpath && dirp->d_type == DT_REG &&
- !strcmp(dirp->d_name,
- SPECIAL_SYMBOL_AUTHOR_SIGNATURE_FILE) &&
- signatureData.isAuthorSignature()) {
+ !strcmp(dirp->d_name, SPECIAL_SYMBOL_AUTHOR_SIGNATURE_FILE) &&
+ isAuthorSignature)
+ {
continue;
}
if (dirp->d_type == DT_DIR) {
LogDebug("Open directory: " << (directory + dirp->d_name));
std::string tmp_directory = directory + dirp->d_name + "/";
- Result result = dfsCheckDirectories(signatureData, tmp_directory);
+ Result result = dfsCheckDirectories(referenceSet,
+ tmp_directory,
+ isAuthorSignature);
if (result != NO_ERROR) {
closedir(dp);
return result;
}
} else if (dirp->d_type == DT_REG) {
- LogDebug("Found file: " << (directory + dirp->d_name));
- const ReferenceSet &referenceSet = signatureData.getReferenceSet();
if (referenceSet.end() ==
- referenceSet.find(directory + dirp->d_name)) {
+ referenceSet.find(directory + dirp->d_name))
+ {
+ LogDebug("Found file: " << (directory + dirp->d_name));
+ LogError("Unknown ERROR_REFERENCE_NOT_FOUND.");
closedir(dp);
m_errorDescription = directory + dirp->d_name;
return ERROR_REFERENCE_NOT_FOUND;
}
}
- if (errno != 0) {
- m_errorDescription = DPL::GetErrnoString();
- LogError("readdir failed. Errno code: " << errno <<
- " Description: " << m_errorDescription);
- closedir(dp);
- return ERROR_READING_DIR;
- }
-
closedir(dp);
return NO_ERROR;
}
+
+ReferenceValidator::ReferenceValidator(const std::string &dirpath)
+ : m_impl(new Impl(dirpath))
+{}
+
+ReferenceValidator::~ReferenceValidator(){
+ delete m_impl;
+}
+
+ReferenceValidator::Result ReferenceValidator::checkReferences(
+ const SignatureData &signatureData)
+{
+ return m_impl->checkReferences(signatureData);
}
+
+} // ValidationCore
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-#ifndef _REFERENCEVALIDATOR_H_
-#define _REFERENCEVALIDATOR_H_
+/*
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @file ReferenceValidator.h
+ * @version 1.0
+ * @brief Compare signature reference list with widget package.
+ */
+#ifndef _VALIDATION_CORE_REFERENCEVALIDATOR_H_
+#define _VALIDATION_CORE_REFERENCEVALIDATOR_H_
-#include <pcrecpp.h>
+#include <dpl/noncopyable.h>
-#include "SignatureData.h"
+#include <vcore/SignatureData.h>
namespace ValidationCore {
-class ReferenceValidator
+
+class ReferenceValidator : VcoreDPL::Noncopyable
{
public:
enum Result
ERROR_OPENING_DIR,
ERROR_READING_DIR,
ERROR_UNSUPPORTED_FILE_TYPE,
- ERROR_REFERENCE_NOT_FOUND
+ ERROR_REFERENCE_NOT_FOUND,
+ ERROR_DECODING_URL
};
ReferenceValidator(const std::string &dirpath);
- virtual ~ReferenceValidator()
- {
- }
+ virtual ~ReferenceValidator();
Result checkReferences(const SignatureData &signatureData);
private:
-
- Result dfsCheckDirectories(const SignatureData &signatureData,
- const std::string &directory);
-
- inline bool isDistributorSignature(const char *cstring) const
- {
- return m_signatureRegexp.FullMatch(cstring);
- }
-
- std::string m_dirpath;
- std::string m_errorDescription;
- pcrecpp::RE m_signatureRegexp;
+ class Impl;
+ Impl *m_impl;
};
}
-#endif // _REFERENCEVALIDATOR_H_
+#endif // _VALIDATION_CORE_REFERENCEVALIDATOR_H_
namespace ValidationCore {
CertificatePtr RevocationCheckerBase::loadPEMFile(const char* fileName)
{
- DPL::ScopedFClose fd(fopen(fileName, "rb"));
+ VcoreDPL::ScopedFClose fd(fopen(fileName, "rb"));
// no such file, return NULL
if (!fd.Get()) {
* @brief Simple c++ interface for libxml2.
*/
#include <dpl/assert.h>
-#include <dpl/exception.h>
#include <dpl/log/log.h>
-#include "SaxReader.h"
+#include <vcore/SaxReader.h>
namespace ValidationCore {
+
+
SaxReader::SaxReader() :
m_reader(0)
{
}
}
-void SaxReader::initialize(const std::string &filename,
- bool defaultArgs,
- ValidationType validate,
- const std::string &schema)
+void SaxReader::initialize(
+ const std::string &filename,
+ bool defaultArgs,
+ ValidationType validate,
+ const std::string &schema)
{
Assert(m_reader == 0 && "Double initialization of SaxReader");
LogDebug("SaxReader opening file: " << filename);
- /*
- * create a new xml text reader
- */
m_reader = xmlNewTextReaderFilename(filename.c_str());
- if (m_reader == NULL) {
- /*
- * no such file, return
- */
- LogWarning("Error during opening file " << filename);
- Throw(Exception::FileOpeningError);
+ if (!m_reader) {
+ VcoreThrowMsg(SaxReader::Exception::FileOpeningError,
+ "opening file " << filename << " error");
}
+
if (validate == VALIDATION_XMLSCHEME &&
xmlTextReaderSchemaValidate(m_reader, schema.c_str())) {
/*
* unable to turn on schema validation
*/
- LogError("Turn on Schema validation failed.");
- ThrowMsg(Exception::ParserInternalError,
- "Turn on Scheme validation failed!");
+ VcoreThrowMsg(SaxReader::Exception::ParserInternalError,
+ "Turn on Schema validation failed");
}
+
// Path to DTD schema is taken from xml file.
if (validate == VALIDATION_DTD &&
xmlTextReaderSetParserProp(m_reader, XML_PARSER_VALIDATE, 1)) {
/*
* unable to turn on DTD validation
*/
- LogError("Turn on DTD validation failed!");
- ThrowMsg(Exception::ParserInternalError,
- "Turn on DTD validation failed!");
+ VcoreThrowMsg(SaxReader::Exception::ParserInternalError,
+ "Turn on DTD validation failed!");
}
+
if (defaultArgs &&
xmlTextReaderSetParserProp(m_reader, XML_PARSER_DEFAULTATTRS, 1)) {
/*
* unable to turn on default arguments
*/
- LogError("Turn on default arguments failed");
- ThrowMsg(Exception::ParserInternalError,
- "Turn on Default Arguments failed!");
+ VcoreThrowMsg(SaxReader::Exception::ParserInternalError,
+ "Turn on default arguments failed");
}
}
{
int res = xmlTextReaderRead(m_reader);
- if (0 == xmlTextReaderIsValid(m_reader)) {
- LogWarning("Throw exception file not valid!");
- Throw(Exception::FileNotValid);
- }
+ if (res < 0)
+ VcoreThrowMsg(SaxReader::Exception::ParserInternalError,
+ "xmlTextReaderRead error");
- if (res == 1) {
- return true;
- }
+ if (!xmlTextReaderIsValid(m_reader))
+ VcoreThrowMsg(SaxReader::Exception::FileNotValid,
+ "xmlTextReader is invalid");
- if (res == 0) {
- return false;
- }
- LogError("ParserInternalError");
- Throw(Exception::ParserInternalError);
+ return res ? true : false;
}
void SaxReader::next(const std::string &token)
{
- xmlTextReaderRead(m_reader);
- if (0 == xmlTextReaderIsValid(m_reader)) {
- /*
- * invalid file
- */
- LogWarning("Throw exception file not valid!");
- Throw(Exception::FileNotValid);
- }
+ int res = xmlTextReaderRead(m_reader);
+
+ if (res < 0)
+ VcoreThrowMsg(SaxReader::Exception::ParserInternalError,
+ "xmlTextReaderRead error");
+
+ if (!xmlTextReaderIsValid(m_reader))
+ VcoreThrowMsg(SaxReader::Exception::FileNotValid,
+ "xmlTextReader is invalid");
xmlChar *name = xmlTextReaderName(m_reader);
- if (name == NULL) {
- /*
- * invalid file
- */
- LogWarning("File not Valid");
- Throw(Exception::FileNotValid);
- }
+ if (!name)
+ VcoreThrowMsg(SaxReader::Exception::ParserInternalError,
+ "xmlTextReaderName returns NULL");
- if (token == reinterpret_cast<const char*>(name)) {
- xmlFree(name);
- } else {
- /*
- * we encountered wrong token
- */
+ xmlChar *xmlToken = xmlCharStrdup(token.c_str());
+
+ if (xmlStrcmp(name, xmlToken)) {
xmlFree(name);
- LogWarning("Wrong Token");
- Throw(Exception::WrongToken);
+ xmlFree(xmlToken);
+
+ VcoreThrowMsg(SaxReader::Exception::WrongToken, "Wrong Token");
}
+
+ xmlFree(name);
+ xmlFree(xmlToken);
}
bool SaxReader::isEmpty(void)
{
int ret = xmlTextReaderIsEmptyElement(m_reader);
- if (-1 == ret) {
- LogError("Parser Internal Error");
- Throw(Exception::ParserInternalErrorInEmptyQuery);
- }
- return ret;
+ if (-1 == ret)
+ VcoreThrowMsg(SaxReader::Exception::ParserInternalError,
+ "xmlTextReaderIsEmptyElement error");
+
+ return ret ? true : false;
}
-std::string SaxReader::attribute(const std::string &token,
- ThrowType throwStatus)
+std::string SaxReader::attribute(const std::string &token, ThrowType throwStatus)
{
- std::string value;
xmlChar *attr = xmlTextReaderGetAttribute(m_reader, BAD_CAST(token.c_str()));
- if ((NULL == attr) && (throwStatus == THROW_DISABLE)) {
- /*
- * return empty string
- */
- //TODO why not DPL::Optional?
- return std::string();
- }
- if (NULL == attr) {
- /*
- * error during read attribute
- */
- LogError("Error in reading attribute.");
- Throw(Exception::ParserInternalErrorInReadingAttribute);
+ if (!attr) {
+ if (throwStatus == THROW_DISABLE) {
+ LogError("Error in reading attribute.");
+ return std::string();
+ }
+ else {
+ VcoreThrowMsg(SaxReader::Exception::ParserInternalError,
+ "xmlTextReaderGetAttribute error");
+ }
}
- /*
- * cast it to val and return it
- */
- value = reinterpret_cast<const char *>(attr);
+ std::string value = reinterpret_cast<const char *>(attr);
xmlFree(attr);
+
return value;
}
-// KW std::string SaxReader::fullName(){
-// KW std::string value;
-// KW xmlChar *name = xmlTextReaderName(m_reader);
-// KW if(NULL == name) {
-// KW LogError("Error in reading name.");
-// KW Throw(Exception::ErrorReadingName);
-// KW }
-// KW value = reinterpret_cast<const char *>(name);
-// KW xmlFree(name);
-// KW return value;
-// KW }
-
std::string SaxReader::name()
{
- std::string value;
xmlChar *name = xmlTextReaderName(m_reader);
- if (NULL == name) {
- LogError("Error in reading name.");
- Throw(Exception::ErrorReadingName);
- }
- value = reinterpret_cast<const char *>(name);
+ if (!name)
+ VcoreThrowMsg(SaxReader::Exception::ReadingNameError,
+ "reading name error");
+
+ std::string value = reinterpret_cast<const char *>(name);
xmlFree(name);
size_t pos = value.find_last_of(":");
if (pos != std::string::npos) {
value.erase(0, pos + 1);
}
+
return value;
}
std::string SaxReader::namespaceURI()
{
- std::string value;
xmlChar *name = xmlTextReaderNamespaceUri(m_reader);
- if (NULL != name) {
- value = reinterpret_cast<const char *>(name);
- xmlFree(name);
+ if (!name) {
+ LogError("Error in reading namespaceURI");
+ return std::string();
}
+
+ std::string value = reinterpret_cast<const char *>(name);
+ xmlFree(name);
+
return value;
}
std::string SaxReader::value()
{
- std::string value;
- /*
- * get value of node
- */
xmlChar *text = xmlTextReaderValue(m_reader);
- if (NULL == text) {
- LogError("Error in reading value");
- Throw(Exception::ErrorReadingValue);
- }
- value = reinterpret_cast<const char*>(text);
- /*
- * free text and return the val
- */
+ if (!text)
+ VcoreThrowMsg(SaxReader::Exception::ReadingValueError,
+ "reading value error");
+
+ std::string value = reinterpret_cast<const char*>(text);
xmlFree(text);
+
return value;
}
void SaxReader::dumpNode(std::string &buffer)
{
- /*
- * size of buffer
- */
- int size;
- /*
- * pointer to buffer
- */
xmlBufferPtr buff = xmlBufferCreate();
xmlNodePtr node = xmlTextReaderExpand(m_reader);
-
- if (node == NULL) {
- /*
- * internal parser error
- */
+ if (!node) {
xmlBufferFree(buff);
- LogError("Parser Internal Error");
- Throw(Exception::ParserInternalError);
+ VcoreThrowMsg(SaxReader::Exception::ParserInternalError,
+ "xmlTextReaderExpand error");
}
- /*
- * get a size and fill in a buffer
- */
- size = xmlNodeDump(buff, node->doc, node, 0, 0);
- buffer.insert(0, reinterpret_cast<char*>(buff->content), size);
+ int size = xmlNodeDump(buff, node->doc, node, 0, 0);
+ if (size > 0) {
+ buffer.insert(0, reinterpret_cast<char*>(buff->content), size);
+ }
xmlBufferFree(buff);
}
+
} // namespace ValidationCore
* @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
* @version 1.0
* @brief Simple c++ interface for libxml2.
+ * Its used in wrt-installer only and should be removed
+ * from cert-svc.
*/
#ifndef _SAXREADER_H_
#define _SAXREADER_H_
#include <string>
#include <libxml/xmlreader.h>
-#include <dpl/exception.h>
+
+#include <vcore/exception.h>
namespace ValidationCore {
-class SaxReader
-{
- public:
+class SaxReader {
+public:
SaxReader();
~SaxReader();
- /*
- * custom exceptions
- */
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, FileOpeningError)
- DECLARE_EXCEPTION_TYPE(Base, FileNotValid)
- DECLARE_EXCEPTION_TYPE(Base, ParserInternalError)
- DECLARE_EXCEPTION_TYPE(Base, WrongToken)
- DECLARE_EXCEPTION_TYPE(Base, ParserInternalErrorInReadingAttribute)
- DECLARE_EXCEPTION_TYPE(Base, ParserInternalErrorInEmptyQuery)
- DECLARE_EXCEPTION_TYPE(Base, ErrorReadingValue)
- DECLARE_EXCEPTION_TYPE(Base, ErrorReadingName)
- DECLARE_EXCEPTION_TYPE(Base, UnsupportedType)
+ class Exception {
+ public:
+ VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, FileOpeningError);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, FileNotValid);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, ParserInternalError);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, WrongToken);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, ReadingValueError);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, ReadingNameError);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, UnsupportedType);
};
enum NodeType
/*
* initializes parser
*/
- void initialize(const std::string &filename,
+ void initialize(
+ const std::string &filename,
bool defaultArgs = false,
ValidationType validation = VALIDATION_DISABLE,
const std::string &schema = std::string());
bool next();
/**
- * Move to next xml node. If next node name is differ from token the exception will
- * be thrown.
+ * Move to next xml node. If next node name is differ from token the exception wiil
+ * be thronw.
*/
void next(const std::string &token);
/**
* Read attribute tag.
*/
- std::string attribute(const std::string &token,
- ThrowType throwStatus = THROW_ENABLE);
-
- /**
- * Read xml tag name with namespace.
- */
- // KW std::string fullName();
+ std::string attribute(const std::string &token, ThrowType throwStatus = THROW_ENABLE);
/**
* Read xml tag name without namespace.
*/
void dumpNode(std::string &buffer);
- private:
+private:
/*
* internal libxml text reader
*/
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file SignatureData.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief SignatureData is used to storage data parsed from digsig file.
+ */
+#include <vcore/SignatureData.h>
+
+#include <dpl/log/log.h>
+
+namespace ValidationCore {
+
+SignatureData::SignatureData()
+ : m_signatureNumber(-1)
+ , m_certificateSorted(false)
+{}
+
+SignatureData::SignatureData(const std::string &fileName, int fileNumber)
+ : m_signatureNumber(fileNumber)
+ , m_fileName(fileName)
+ , m_certificateSorted(false)
+{}
+
+SignatureData::~SignatureData()
+{}
+
+const ReferenceSet& SignatureData::getReferenceSet() const
+{
+ return m_referenceSet;
+}
+
+void SignatureData::setReference(const ReferenceSet &referenceSet)
+{
+ m_referenceSet = referenceSet;
+}
+
+CertificateList SignatureData::getCertList() const
+{
+ return m_certList;
+}
+
+void SignatureData::setSortedCertificateList(const CertificateList &list)
+{
+ m_certList = list;
+ m_certificateSorted = true;
+}
+
+bool SignatureData::isAuthorSignature() const
+{
+ return m_signatureNumber == -1;
+}
+
+std::string SignatureData::getSignatureFileName() const
+{
+ return m_fileName;
+}
+
+int SignatureData::getSignatureNumber() const
+{
+ return m_signatureNumber;
+}
+
+std::string SignatureData::getRoleURI() const
+{
+ return m_roleURI;
+}
+
+std::string SignatureData::getProfileURI() const
+{
+ return m_profileURI;
+}
+
+bool SignatureData::containObjectReference(const std::string &ref) const
+{
+ std::string rName = "#";
+ rName += ref;
+ return m_referenceSet.end() != m_referenceSet.find(rName);
+}
+
+ObjectList SignatureData::getObjectList() const
+{
+ return m_objectList;
+}
+
+void SignatureData::setStorageType(const CertStoreId::Set &storeIdSet)
+{
+ m_storeIdSet = storeIdSet;
+}
+
+const CertStoreId::Set& SignatureData::getStorageType() const
+{
+ return m_storeIdSet;
+}
+
+const CertStoreId::Type SignatureData::getVisibilityLevel() const
+{
+ if (m_storeIdSet.contains(CertStoreId::VIS_PLATFORM) == true)
+ return CertStoreId::VIS_PLATFORM;
+ else if (m_storeIdSet.contains(CertStoreId::VIS_PARTNER_MANUFACTURER) == true)
+ return CertStoreId::VIS_PLATFORM;
+ else if (m_storeIdSet.contains(CertStoreId::VIS_PARTNER_OPERATOR) == true)
+ return CertStoreId::VIS_PLATFORM;
+ else if (m_storeIdSet.contains(CertStoreId::VIS_PARTNER) == true)
+ return CertStoreId::VIS_PARTNER;
+ else if (m_storeIdSet.contains(CertStoreId::VIS_PUBLIC) == true)
+ return CertStoreId::VIS_PUBLIC;
+ else {
+ LogWarning("Visibility level was broken.");
+ return 0;
+ }
+}
+
+const SignatureData::IMEIList& SignatureData::getIMEIList() const
+{
+ return m_imeiList;
+}
+
+const SignatureData::MEIDList& SignatureData::getMEIDList() const
+{
+ return m_meidList;
+}
+
+CertificatePtr SignatureData::getEndEntityCertificatePtr() const
+{
+ if (m_certificateSorted)
+ return m_certList.front();
+
+ return CertificatePtr();
+}
+
+CertificatePtr SignatureData::getRootCaCertificatePtr() const
+{
+ if (m_certificateSorted)
+ return m_certList.back();
+
+ return CertificatePtr();
+}
+
+} // ValidationCore
* limitations under the License.
*/
/*
- * @file SignatureData.cpp
+ * @file SignatureData.h
* @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
* @version 1.0
* @brief SignatureData is used to storage data parsed from digsig file.
#include <set>
#include <string>
-#include <dpl/log/log.h>
-#include <dpl/noncopyable.h>
-#include <dpl/string.h>
+#include <vcore/Certificate.h>
+#include <vcore/CertStoreType.h>
-#include "Certificate.h"
-#include "CertStoreType.h"
-#include "ValidatorCommon.h"
+namespace ValidationCore {
-/* TODO this class should not depend from OCSP headers */
-#include "OCSPCertMgrUtil.h"
+typedef std::set<std::string> ReferenceSet;
+typedef std::list<std::string> ObjectList;
+
+class SignatureData {
+public:
+ SignatureData();
+ SignatureData(const std::string &fileName, int fileNumber);
+
+ virtual ~SignatureData();
-namespace ValidationCore {
-class SignatureData
-{
- public:
-
- SignatureData() :
- m_signatureNumber(-1),
- m_certificateSorted(false)
- {
- }
-
- SignatureData(std::string fileName,
- int fileNumber) :
- m_signatureNumber(fileNumber),
- m_fileName(fileName),
- m_certificateSorted(false)
- {
- }
-
- virtual ~SignatureData()
- {
- }
typedef std::list<std::string> IMEIList;
typedef std::list<std::string> MEIDList;
- const ReferenceSet& getReferenceSet() const
- {
- return m_referenceSet;
- }
-
- void setReference(const ReferenceSet &referenceSet)
- {
- m_referenceSet = referenceSet;
- }
-
- CertificateList getCertList(void) const
- {
- return m_certList;
- }
-
- void setSortedCertificateList(const CertificateList &list)
- {
- m_certList = list;
- m_certificateSorted = true;
- }
-
- bool isAuthorSignature(void) const
- {
- return m_signatureNumber == -1;
- }
-
- std::string getSignatureFileName(void) const
- {
- return m_fileName;
- }
-
- int getSignatureNumber() const
- {
- return m_signatureNumber;
- }
-
- std::string getRoleURI() const
- {
- return m_roleURI;
- }
-
- std::string getProfileURI() const
- {
- return m_profileURI;
- }
-
- bool containObjectReference(const std::string &ref) const
- {
- std::string rName = "#";
- rName += ref;
- return m_referenceSet.end() != m_referenceSet.find(rName);
- }
-
- ObjectList getObjectList() const
- {
- return m_objectList;
- }
-
- void setStorageType(const CertStoreId::Set &storeIdSet)
- {
- m_storeIdSet = storeIdSet;
- }
-
- const CertStoreId::Set& getStorageType(void) const
- {
- return m_storeIdSet;
- }
-
- const IMEIList& getIMEIList() const
- {
- return m_imeiList;
- }
-
- const MEIDList& getMEIDList() const
- {
- return m_meidList;
- }
-
- CertificatePtr getEndEntityCertificatePtr() const
- {
- if (m_certificateSorted) {
- return m_certList.front();
- }
- return CertificatePtr();
- }
-
- CertificatePtr getRootCaCertificatePtr() const
- {
- if (m_certificateSorted) {
- return m_certList.back();
- }
- return CertificatePtr();
- }
+ void setReference(const ReferenceSet &referenceSet);
+ void setSortedCertificateList(const CertificateList &list);
+ void setStorageType(const CertStoreId::Set &storeIdSet);
+
+ const ReferenceSet& getReferenceSet() const;
+ CertificateList getCertList() const;
+ ObjectList getObjectList() const;
+ bool containObjectReference(const std::string &ref) const;
+ bool isAuthorSignature() const;
+ int getSignatureNumber() const;
+ std::string getSignatureFileName() const;
+ std::string getRoleURI() const;
+ std::string getProfileURI() const;
+ const CertStoreId::Set& getStorageType(void) const;
+ const CertStoreId::Type getVisibilityLevel(void) const;
+ const IMEIList& getIMEIList() const;
+ const MEIDList& getMEIDList() const;
+ CertificatePtr getEndEntityCertificatePtr() const;
+ CertificatePtr getRootCaCertificatePtr() const;
friend class SignatureReader;
- private:
+
+private:
ReferenceSet m_referenceSet;
CertificateList m_certList;
};
typedef std::set<SignatureData> SignatureDataSet;
-}
+
+} // ValidationCore
#endif
* @version 1.0
* @brief Search for author-signature.xml and signatureN.xml files.
*/
+#include <vcore/SignatureFinder.h>
+#include <dpl/log/log.h>
+
#include <dirent.h>
#include <errno.h>
#include <istream>
-#include <dpl/log/log.h>
-
-#include "SignatureFinder.h"
+#include <pcrecpp.h>
namespace ValidationCore {
static const char *SIGNATURE_AUTHOR = "author-signature.xml";
static const char *REGEXP_DISTRIBUTOR_SIGNATURE =
"^(signature)([1-9][0-9]*)(\\.xml)";
-SignatureFinder::SignatureFinder(const std::string& dir) :
- m_dir(dir),
- m_signatureRegexp(REGEXP_DISTRIBUTOR_SIGNATURE)
-{
-}
+class SignatureFinder::Impl {
+public:
+ Impl(const std::string& dir)
+ : m_dir(dir)
+ , m_signatureRegexp(REGEXP_DISTRIBUTOR_SIGNATURE)
+ {}
+
+ virtual ~Impl(){}
+
+ Result find(SignatureFileInfoSet &set);
+
+private:
+ std::string m_dir;
+ pcrecpp::RE m_signatureRegexp;
+};
-SignatureFinder::Result SignatureFinder::find(SignatureFileInfoSet &set)
+SignatureFinder::Result SignatureFinder::Impl::find(SignatureFileInfoSet &set)
{
DIR *dp;
- struct dirent *dirp;
/*
* find a dir
return ERROR_OPENING_DIR;
}
- for (errno = 0; (dirp = readdir(dp)) != NULL; errno = 0) {
+ struct dirent entry;
+ struct dirent *dirp = NULL;
+ while (readdir_r(dp, &entry, &dirp) == 0 && dirp) {
/**
* check if it's author signature
*/
}
}
- if (errno != 0) {
- LogError("Error in readdir");
- closedir(dp);
- return ERROR_READING_DIR;
- }
-
closedir(dp);
return NO_ERROR;
}
+
+SignatureFinder::SignatureFinder(const std::string& dir)
+ : m_impl(new Impl(dir))
+{}
+
+SignatureFinder::~SignatureFinder()
+{
+ delete m_impl;
+}
+
+SignatureFinder::Result SignatureFinder::find(SignatureFileInfoSet &set) {
+ return m_impl->find(set);
+}
+
} // namespace ValidationCore
* @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
* @version 1.0
* @brief Search for author-signature.xml and signatureN.xml files.
+ * This class is WAC 2.0 specific and shuld be moved to
+ * wrt-installer.
*/
-#ifndef _SIGNATUREFINDER_H_
-#define _SIGNATUREFINDER_H_
+#ifndef _VALIDATION_CORE_SIGNATUREFINDER_H_
+#define _VALIDATION_CORE_SIGNATUREFINDER_H_
#include <set>
#include <string>
-#include <pcrecpp.h>
-
-#include "SignatureData.h"
-
namespace ValidationCore {
-class SignatureFileInfo
-{
- public:
- SignatureFileInfo(const std::string &fileName,
- int num) :
- m_fileName(fileName),
- m_fileNumber(num)
- {
- }
+
+class SignatureFileInfo {
+public:
+ SignatureFileInfo(const std::string &fileName, int num)
+ : m_fileName(fileName)
+ , m_fileNumber(num)
+ {}
std::string getFileName() const
{
{
return m_fileNumber < second.m_fileNumber;
}
- private:
+
+private:
std::string m_fileName;
int m_fileNumber;
};
typedef std::set<SignatureFileInfo> SignatureFileInfoSet;
-class SignatureFinder
-{
- public:
+class SignatureFinder {
+public:
enum Result
{
NO_ERROR,
ERROR_ISTREAM
};
- SignatureFinder(const std::string& dir);
+ SignatureFinder() = delete;
+ explicit SignatureFinder(const std::string& dir);
+
+ virtual ~SignatureFinder();
Result find(SignatureFileInfoSet &set);
- private:
- std::string m_dir;
- pcrecpp::RE m_signatureRegexp;
+private:
+ class Impl;
+ Impl *m_impl;
+
+ SignatureFinder(const SignatureFinder &);
+ const SignatureFinder &operator=(const SignatureFinder &);
};
+
} // namespace ValidationCore
-#endif
+#endif // _VALIDATION_CORE_SIGNATUREFINDER_H_
* @version 1.0
* @brief SignatureReader is used to parse widget digital signature.
*/
-#include "SignatureReader.h"
+#include <vcore/SignatureReader.h>
-#include "CertificateLoader.h"
+#include <vcore/CertificateLoader.h>
+#include <dpl/log/log.h>
namespace ValidationCore {
static const std::string XML_NAMESPACE =
m_parserSchema.addBeginTagCallback(TOKEN_OBJECT,
XML_NAMESPACE,
&SignatureReader::tokenObject);
- m_parserSchema.addBeginTagCallback(
- TOKEN_SIGNATURE_PROPERTIES,
- XML_NAMESPACE,
- &SignatureReader::
- tokenSignatureProperties);
+ m_parserSchema.addBeginTagCallback(TOKEN_SIGNATURE_PROPERTIES,
+ XML_NAMESPACE,
+ &SignatureReader::tokenSignatureProperties);
m_parserSchema.addBeginTagCallback(TOKEN_SIGNATURE_PROPERTY,
XML_NAMESPACE,
&SignatureReader::blankFunction);
m_parserSchema.addEndTagCallback(TOKEN_DSA_SEED_COMPONENT,
XML_NAMESPACE,
&SignatureReader::tokenEndDSASeedComponent);
- m_parserSchema.addEndTagCallback(
- TOKEN_DSA_PGENCOUNTER_COMPONENT,
- XML_NAMESPACE,
- &SignatureReader::
- tokenEndDSAPGenCounterComponent);
+ m_parserSchema.addEndTagCallback(TOKEN_DSA_PGENCOUNTER_COMPONENT,
+ XML_NAMESPACE,
+ &SignatureReader::tokenEndDSAPGenCounterComponent);
m_parserSchema.addEndTagCallback(TOKEN_RSA_KEY_VALUE,
XML_NAMESPACE,
&SignatureReader::tokenEndRSAKeyValue);
&SignatureReader::blankFunction);
}
-void SignatureReader::tokenKeyInfo(SignatureData &signatureData)
+
+void SignatureReader::initialize(
+ SignatureData &signatureData,
+ const std::string &xmlscheme)
{
- (void)signatureData;
+ m_parserSchema.initialize(
+ signatureData.getSignatureFileName(),
+ true,
+ SaxReader::VALIDATION_XMLSCHEME,
+ xmlscheme);
}
-void SignatureReader::tokenX509Data(SignatureData &signatureData)
+
+void SignatureReader::read(SignatureData &signatureData)
{
- (void)signatureData;
+ m_parserSchema.read(signatureData);
}
-void SignatureReader::tokenX509Certificate(SignatureData &signatureData)
+
+void SignatureReader::blankFunction(SignatureData &)
{
- (void)signatureData;
}
-void SignatureReader::tokenPublicKey(SignatureData &signatureData)
+
+void SignatureReader::tokenKeyInfo(SignatureData &)
+{
+}
+
+void SignatureReader::tokenX509Data(SignatureData &)
{
- (void)signatureData;
}
-void SignatureReader::tokenNamedCurve(SignatureData &signatureData)
+void SignatureReader::tokenX509Certificate(SignatureData &)
+{
+}
+
+void SignatureReader::tokenPublicKey(SignatureData &)
+{
+}
+
+void SignatureReader::tokenNamedCurve(SignatureData &)
{
- (void)signatureData;
m_nameCurveURI = m_parserSchema.getReader().attribute(TOKEN_URI);
}
void SignatureReader::tokenTargetRestriction(SignatureData &signatureData)
{
- std::string IMEI = m_parserSchema.getReader().attribute(
- TOKEN_IMEI,
- SaxReader::
- THROW_DISABLE);
- std::string MEID = m_parserSchema.getReader().attribute(
- TOKEN_MEID,
- SaxReader::
- THROW_DISABLE);
+ std::string IMEI = m_parserSchema.getReader().attribute(TOKEN_IMEI);
+ std::string MEID = m_parserSchema.getReader().attribute(TOKEN_MEID);
//less verbose way to say (IMEI && MEID) || (!IMEI && !MEID)
if (IMEI.empty() == MEID.empty()) {
//WAC 2.0 WR-4650 point 4
- ThrowMsg(Exception::TargetRestrictionException,
- "TargetRestriction should contain exactly one attribute.");
- return;
+ VcoreThrowMsg(SignatureReader::Exception::TargetRestriction,
+ "TargetRestriction should contain exactly one attribute.");
}
if (!IMEI.empty()) {
}
}
-void SignatureReader::tokenEndKeyInfo(SignatureData &signatureData)
+void SignatureReader::tokenEndKeyInfo(SignatureData &)
{
- (void)signatureData;
}
-void SignatureReader::tokenEndX509Data(SignatureData &signatureData)
+void SignatureReader::tokenEndX509Data(SignatureData &)
{
- (void)signatureData;
}
void SignatureReader::tokenEndX509Certificate(SignatureData &signatureData)
CertificateLoader loader;
if (CertificateLoader::NO_ERROR !=
loader.loadCertificateFromRawData(m_parserSchema.getText())) {
- LogWarning("Certificate could not be loaded!");
- ThrowMsg(ParserSchemaException::CertificateLoaderError,
- "Certificate could not be loaded.");
+ fprintf(stderr, "## [validate error]: Certificate could not be loaded\n");
+ VcoreThrowMsg(ParserSchemaException::CertificateLoaderError,
+ "Certificate could not be loaded");
}
signatureData.m_certList.push_back(loader.getCertificatePtr());
}
if (CertificateLoader::NO_ERROR !=
loader.loadCertificateBasedOnExponentAndModulus(m_modulus,
m_exponent)) {
- LogWarning("Certificate could not be loaded!");
- ThrowMsg(ParserSchemaException::CertificateLoaderError,
- "Certificate could not be loaded.");
+ fprintf(stderr, "## [validate error]: Certificate could not be loaded\n");
+ VcoreThrowMsg(ParserSchemaException::CertificateLoaderError,
+ "Certificate could not be loaded");
}
signatureData.m_certList.push_back(loader.getCertificatePtr());
}
-void SignatureReader::tokenEndKeyModulus(SignatureData &signatureData)
+void SignatureReader::tokenEndKeyModulus(SignatureData &)
{
- (void)signatureData;
m_modulus = m_parserSchema.getText();
}
-void SignatureReader::tokenEndKeyExponent(SignatureData &signatureData)
+void SignatureReader::tokenEndKeyExponent(SignatureData &)
{
- (void)signatureData;
m_exponent = m_parserSchema.getText();
}
-void SignatureReader::tokenEndPublicKey(SignatureData &signatureData)
+void SignatureReader::tokenEndPublicKey(SignatureData &)
{
- (void)signatureData;
m_publicKey = m_parserSchema.getText();
}
CertificateLoader loader;
if (CertificateLoader::NO_ERROR !=
loader.loadCertificateWithECKEY(m_nameCurveURI, m_publicKey)) {
- ThrowMsg(ParserSchemaException::CertificateLoaderError,
- "Certificate could not be loaded.");
+ fprintf(stderr, "## [validate error]: Certificate could not be loaded\n");
+ VcoreThrowMsg(ParserSchemaException::CertificateLoaderError,
+ "Certificate could not be loaded");
}
signatureData.m_certList.push_back(loader.getCertificatePtr());
}
(!signatureData.m_meidList.empty())) &&
m_targetRestrictionObjectFound) {
//WAC 2.0 WR-4650 point 1
- ThrowMsg(
- Exception::TargetRestrictionException,
- "TargetRestriction should contain exactly one ds:Object containing zero or more wac:TargetRestriction children.");
- return;
+ VcoreThrowMsg(SignatureReader::Exception::TargetRestriction,
+ "TargetRestriction should contain exactly one ds:Object "
+ "containing zero or more wac:TargetRestriction children.");
}
+
if ((!signatureData.m_imeiList.empty()) ||
(!signatureData.m_meidList.empty())) {
m_targetRestrictionObjectFound = true;
}
+
}
-void SignatureReader::tokenEndDSAPComponent(SignatureData& signatureData)
+void SignatureReader::tokenEndDSAPComponent(SignatureData &)
{
- (void)signatureData;
m_dsaKeyPComponent = m_parserSchema.getText();
}
-void SignatureReader::tokenEndDSAQComponent(SignatureData& signatureData)
+void SignatureReader::tokenEndDSAQComponent(SignatureData &)
{
- (void)signatureData;
m_dsaKeyQComponent = m_parserSchema.getText();
}
-void SignatureReader::tokenEndDSAGComponent(SignatureData& signatureData)
+void SignatureReader::tokenEndDSAGComponent(SignatureData &)
{
- (void)signatureData;
m_dsaKeyGComponent = m_parserSchema.getText();
}
-void SignatureReader::tokenEndDSAYComponent(SignatureData& signatureData)
+void SignatureReader::tokenEndDSAYComponent(SignatureData &)
{
- (void)signatureData;
m_dsaKeyYComponent = m_parserSchema.getText();
}
-void SignatureReader::tokenEndDSAJComponent(SignatureData& signatureData)
+void SignatureReader::tokenEndDSAJComponent(SignatureData &)
{
- (void)signatureData;
m_dsaKeyJComponent = m_parserSchema.getText();
}
-void SignatureReader::tokenEndDSASeedComponent(SignatureData& signatureData)
+void SignatureReader::tokenEndDSASeedComponent(SignatureData &)
{
- (void)signatureData;
m_dsaKeySeedComponent = m_parserSchema.getText();
}
-void SignatureReader::tokenEndDSAPGenCounterComponent(
- SignatureData& signatureData)
+void SignatureReader::tokenEndDSAPGenCounterComponent(SignatureData &)
{
- (void)signatureData;
m_dsaKeyPGenCounter = m_parserSchema.getText();
}
-void SignatureReader::tokenEndDSAKeyValue(SignatureData& signatureData)
+void SignatureReader::tokenEndDSAKeyValue(SignatureData &signatureData)
{
CertificateLoader loader;
m_dsaKeyJComponent,
m_dsaKeySeedComponent,
m_dsaKeyPGenCounter)) {
- LogWarning("Certificate could not be loaded.");
- ThrowMsg(ParserSchemaException::CertificateLoaderError,
- "Certificate could not be loaded.");
+ fprintf(stderr, "## [validate error]: Certificate could not be loaded\n");
+ VcoreThrowMsg(ParserSchemaException::CertificateLoaderError,
+ "Certificate could not be loaded.");
}
signatureData.m_certList.push_back(loader.getCertificatePtr());
}
void SignatureReader::tokenRole(SignatureData &signatureData)
{
if (!signatureData.m_roleURI.empty()) {
- LogWarning("Multiple definition of Role is not allowed.");
- ThrowMsg(ParserSchemaException::UnsupportedValue,
- "Multiple definition of Role is not allowed.");
+ fprintf(stderr, "## [validate error]: Multiple definition of Role is not allowed\n");
+ VcoreThrowMsg(ParserSchemaException::UnsupportedValue,
+ "Multiple definition of Role is not allowed.");
}
signatureData.m_roleURI = m_parserSchema.getReader().attribute(TOKEN_URI);
}
void SignatureReader::tokenProfile(SignatureData &signatureData)
{
if (!signatureData.m_profileURI.empty()) {
- LogWarning("Multiple definition of Profile is not allowed.");
- ThrowMsg(ParserSchemaException::UnsupportedValue,
- "Multiple definition of Profile is not allowed.");
+ fprintf(stderr, "## [validate error]: Multiple definition of Profile is not allowed\n");
+ VcoreThrowMsg(ParserSchemaException::UnsupportedValue,
+ "Multiple definition of Profile is not allowed.");
}
signatureData.m_profileURI = m_parserSchema.getReader().attribute(TOKEN_URI);
}
void SignatureReader::tokenEndIdentifier(SignatureData &signatureData)
{
if (!signatureData.m_identifier.empty()) {
- LogWarning("Multiple definition of Identifier is not allowed.");
- ThrowMsg(ParserSchemaException::UnsupportedValue,
- "Multiple definition of Identifier is not allowed.");
+ fprintf(stderr, "## [validate error]: Multiple definition of Identifier is not allowed\n");
+ VcoreThrowMsg(ParserSchemaException::UnsupportedValue,
+ "Multiple definition of Identifier is not allowed.");
}
signatureData.m_identifier = m_parserSchema.getText();
}
std::string id = m_parserSchema.getReader().attribute(TOKEN_ID);
if (id.empty()) {
- LogWarning("Unsupported value of Attribute Id in Object tag.");
- ThrowMsg(ParserSchemaException::UnsupportedValue,
- "Unsupported value of Attribute Id in Object tag.");
+ fprintf(stderr, "## [validate error]: Unsupported value of Attribute Id in Object tag\n");
+ VcoreThrowMsg(ParserSchemaException::UnsupportedValue,
+ "Unsupported value of Attribute Id in Object tag.");
}
signatureData.m_objectList.push_back(id);
}
-void SignatureReader::tokenSignatureProperties(SignatureData &signatureData)
+void SignatureReader::tokenSignatureProperties(SignatureData &)
{
- (void)signatureData;
if (++m_signaturePropertiesCounter > 1) {
- LogWarning("Only one SignatureProperties tag is allowed in Object");
- ThrowMsg(ParserSchemaException::UnsupportedValue,
- "Only one SignatureProperties tag is allowed in Object");
+ fprintf(stderr, "## [validate error]: Only one SignatureProperties tag is allowed in Object\n");
+ VcoreThrowMsg(ParserSchemaException::UnsupportedValue,
+ "Only one SignatureProperties tag is allowed in Object");
}
}
} // namespace ValidationCore
* @version 1.0
* @brief SignatureReader is used to parse widget digital signature.
*/
-#ifndef _SIGNATUREREADER_H_
-#define _SIGNATUREREADER_H_
+#ifndef _VALIDATION_CORE_SIGNATUREREADER_H_
+#define _VALIDATION_CORE_SIGNATUREREADER_H_
-#include <map>
-#include <dpl/log/log.h>
+#include <vcore/SignatureData.h>
+#include <vcore/ParserSchema.h>
+#include <vcore/exception.h>
-#include "SignatureData.h"
-#include "ParserSchema.h"
+#include <map>
namespace ValidationCore {
-class SignatureReader
-{
- public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, TargetRestrictionException)
+
+class SignatureReader {
+public:
+ class Exception {
+ public:
+ VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, TargetRestriction);
};
SignatureReader();
- void initialize(SignatureData &data,
- const std::string &xmlscheme)
- {
- m_parserSchema.initialize(
- data.getSignatureFileName(), true, SaxReader::VALIDATION_XMLSCHEME,
- xmlscheme);
- }
+ void initialize(SignatureData &signatureData, const std::string &xmlscheme);
- void read(SignatureData &data)
- {
- m_parserSchema.read(data);
- }
+ void read(SignatureData &signatureData);
- private:
- void blankFunction(SignatureData &)
- {
- }
+private:
+ void blankFunction(SignatureData &signatureData);
void tokenKeyInfo(SignatureData &signatureData);
void tokenKeyModulus(SignatureData &signatureData);
void tokenProfile(SignatureData &signatureData);
void tokenObject(SignatureData &signatureData);
void tokenSignatureProperties(SignatureData &signatureData);
+
void tokenTargetRestriction(SignatureData &signatureData);
void tokenEndKeyInfo(SignatureData &signatureData);
// KW void tokenEndKeyName(SignatureData &signatureData);
+
void tokenEndRSAKeyValue(SignatureData &signatureData);
+
void tokenEndKeyModulus(SignatureData &signatureData);
void tokenEndKeyExponent(SignatureData &signatureData);
void tokenEndX509Data(SignatureData &signatureData);
+
void tokenEndX509Certificate(SignatureData &signatureData);
+
void tokenEndPublicKey(SignatureData &signatureData);
void tokenEndECKeyValue(SignatureData &signatureData);
void tokenEndIdentifier(SignatureData &signatureData);
};
}
-#endif
+#endif // _VALIDATION_CORE_SIGNATUREREADER_H_
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-#include <libxml/parser.h>
-#include <libxml/c14n.h>
-#include <openssl/asn1.h>
+/*
+ * @file SignatureValidator.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Implementatin of tizen signature validation protocol.
+ */
+#include <vcore/SignatureValidator.h>
+#include <vcore/CertificateCollection.h>
+#include <vcore/Certificate.h>
+#include <vcore/OCSPCertMgrUtil.h>
+#include <vcore/ReferenceValidator.h>
+#include <vcore/ValidatorFactories.h>
+#include <vcore/XmlsecAdapter.h>
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+#include <vcore/CertificateVerifier.h>
+#endif
#include <dpl/log/log.h>
-#include "CertificateVerifier.h"
-#include "OCSPCertMgrUtil.h"
-#include "Certificate.h"
-#include "ReferenceValidator.h"
-#include "SignatureValidator.h"
-#include "SSLContainers.h"
-#include "ValidatorCommon.h"
-#include "ValidatorFactories.h"
-#include "XmlsecAdapter.h"
-
namespace {
const time_t TIMET_DAY = 60 * 60 * 24;
"http://www.w3.org/ns/widgets-digsig#role-distributor";
const std::string TOKEN_PROFILE_URI =
"http://www.w3.org/ns/widgets-digsig#profile";
-} // namespace anonymouse
-namespace ValidationCore {
+//const char* TIZEN_STORE_CN = "Tizen Store"; //un-used variable
-SignatureValidator::SignatureValidator(bool ocspEnable,
- bool crlEnable,
- bool complianceMode) :
- m_ocspEnable(ocspEnable),
- m_crlEnable(crlEnable),
- m_complianceModeEnabled(complianceMode)
-{
-}
+} // namespace anonymouse
-SignatureValidator::~SignatureValidator()
-{
-}
-bool SignatureValidator::checkRoleURI(const SignatureData &data)
+static tm _ASN1_GetTimeT(ASN1_TIME* time)
{
- std::string roleURI = data.getRoleURI();
+ struct tm t;
+ const char* str = (const char*) time->data;
+ size_t i = 0;
- if (roleURI.empty()) {
- LogWarning("URI attribute in Role tag couldn't be empty.");
- return false;
- }
+ memset(&t, 0, sizeof(t));
- if (roleURI != TOKEN_ROLE_AUTHOR_URI && data.isAuthorSignature()) {
- LogWarning("URI attribute in Role tag does not "
- "match with signature filename.");
- return false;
+ if (time->type == V_ASN1_UTCTIME) /* two digit year */
+ {
+ t.tm_year = (str[i] - '0') * 10 + (str[i + 1] - '0');
+ i += 2;
+ if (t.tm_year < 70)
+ t.tm_year += 100;
}
-
- if (roleURI != TOKEN_ROLE_DISTRIBUTOR_URI && !data.isAuthorSignature()) {
- LogWarning("URI attribute in Role tag does not "
- "match with signature filename.");
- return false;
+ else if (time->type == V_ASN1_GENERALIZEDTIME) /* four digit year */
+ {
+ t.tm_year =
+ (str[i] - '0') * 1000
+ + (str[i + 1] - '0') * 100
+ + (str[i + 2] - '0') * 10
+ + (str[i + 3] - '0');
+ i += 4;
+ t.tm_year -= 1900;
}
- return true;
+ t.tm_mon = ((str[i] - '0') * 10 + (str[i + 1] - '0')) - 1; // -1 since January is 0 not 1.
+ t.tm_mday = (str[i + 2] - '0') * 10 + (str[i + 3] - '0');
+ t.tm_hour = (str[i + 4] - '0') * 10 + (str[i + 5] - '0');
+ t.tm_min = (str[i + 6] - '0') * 10 + (str[i + 7] - '0');
+ t.tm_sec = (str[i + 8] - '0') * 10 + (str[i + 9] - '0');
+
+ /* Note: we did not adjust the time based on time zone information */
+ return t;
}
-bool SignatureValidator::checkProfileURI(const SignatureData &data)
-{
- if (TOKEN_PROFILE_URI != data.getProfileURI()) {
- LogWarning(
- "Profile tag contains unsupported value in URI attribute(" <<
- data.getProfileURI() << ").");
- return false;
+
+namespace ValidationCore {
+
+class SignatureValidator::ImplSignatureValidator {
+public:
+ virtual SignatureValidator::Result check(
+ SignatureData &data,
+ const std::string &widgetContentPath) = 0;
+
+ virtual SignatureValidator::Result checkList(
+ SignatureData &data,
+ const std::string &widgetContentPath,
+ const std::list<std::string>& uriList) = 0;
+
+ explicit ImplSignatureValidator(bool ocspEnable,
+ bool crlEnable,
+ bool complianceMode)
+ : m_complianceModeEnabled(complianceMode)
+ #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ , m_ocspEnable(ocspEnable)
+ , m_crlEnable(crlEnable)
+ #endif
+ {}
+
+ virtual ~ImplSignatureValidator(){ }
+
+ bool checkRoleURI(const SignatureData &data) {
+ std::string roleURI = data.getRoleURI();
+
+ if (roleURI.empty()) {
+ LogWarning("URI attribute in Role tag couldn't be empty.");
+ return false;
+ }
+
+ if (roleURI != TOKEN_ROLE_AUTHOR_URI && data.isAuthorSignature()) {
+ LogWarning("URI attribute in Role tag does not "
+ "match with signature filename.");
+ return false;
+ }
+
+ if (roleURI != TOKEN_ROLE_DISTRIBUTOR_URI && !data.isAuthorSignature()) {
+ LogWarning("URI attribute in Role tag does not "
+ "match with signature filename.");
+ return false;
+ }
+ return true;
}
- return true;
-}
-bool SignatureValidator::checkObjectReferences(const SignatureData &data)
-{
- ObjectList objectList = data.getObjectList();
- ObjectList::const_iterator iter;
- for (iter = objectList.begin(); iter != objectList.end(); ++iter) {
- if (!data.containObjectReference(*iter)) {
- LogWarning("Signature does not contain reference for object " <<
- *iter);
+ bool checkProfileURI(const SignatureData &data) {
+ if (TOKEN_PROFILE_URI != data.getProfileURI()) {
+ LogWarning(
+ "Profile tag contains unsupported value in URI attribute(" <<
+ data.getProfileURI() << ").");
return false;
}
+ return true;
}
- return true;
-}
-SignatureValidator::Result SignatureValidator::check(
+ bool checkObjectReferences(const SignatureData &data) {
+ ObjectList objectList = data.getObjectList();
+ ObjectList::const_iterator iter;
+ for (iter = objectList.begin(); iter != objectList.end(); ++iter) {
+ if (!data.containObjectReference(*iter)) {
+ LogWarning("Signature does not contain reference for object " <<
+ *iter);
+ return false;
+ }
+ }
+ return true;
+ }
+protected:
+ bool m_complianceModeEnabled;
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ bool m_ocspEnable;
+ bool m_crlEnable;
+#endif
+};
+
+class ImplTizenSignatureValidator : public SignatureValidator::ImplSignatureValidator
+{
+ public:
+ SignatureValidator::Result check(SignatureData &data,
+ const std::string &widgetContentPath);
+
+ SignatureValidator::Result checkList(SignatureData &data,
+ const std::string &widgetContentPath,
+ const std::list<std::string>& uriList);
+ explicit ImplTizenSignatureValidator(bool ocspEnable,
+ bool crlEnable,
+ bool complianceMode)
+ : ImplSignatureValidator(ocspEnable, crlEnable, complianceMode)
+ {}
+
+ virtual ~ImplTizenSignatureValidator() {}
+};
+
+SignatureValidator::Result ImplTizenSignatureValidator::check(
SignatureData &data,
const std::string &widgetContentPath)
{
bool disregard = false;
+ VcoreDPL::Log::LogSystemSingleton::Instance().SetTag("CERT_SVC");
if (!checkRoleURI(data)) {
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
}
if (!checkProfileURI(data)) {
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
}
// CertificateList sortedCertificateList = data.getCertList();
// First step - sort certificate
if (!collection.sort()) {
LogWarning("Certificates do not form valid chain.");
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
}
// Check for error
if (collection.empty()) {
LogWarning("Certificate list in signature is empty.");
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
}
CertificateList sortedCertificateList = collection.getChain();
// Is Root CA certificate trusted?
CertStoreId::Set storeIdSet = createCertificateIdentifier().find(root);
- // WAC chapter 3.2.1 - verified definition
- if (data.isAuthorSignature()) {
- if (!storeIdSet.contains(CertStoreId::WAC_PUBLISHER)) {
- LogWarning("Author signature has got unrecognized Root CA "
+ LogDebug("Is root certificate from TIZEN_DEVELOPER domain: "
+ << storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER));
+ LogDebug("Is root certificate from TIZEN_TEST domain: "
+ << storeIdSet.contains(CertStoreId::TIZEN_TEST));
+ LogDebug("Is root certificate from TIZEN_VERIFY domain: "
+ << storeIdSet.contains(CertStoreId::TIZEN_VERIFY));
+ LogDebug("Is root certificate from TIZEN_PUBLIC domain: "
+ << storeIdSet.contains(CertStoreId::VIS_PUBLIC));
+ LogDebug("Is root certificate from TIZEN_PARTNER domain: "
+ << storeIdSet.contains(CertStoreId::VIS_PARTNER));
+ LogDebug("Is root certificate from TIZEN_PLATFORM domain: "
+ << storeIdSet.contains(CertStoreId::VIS_PLATFORM));
+
+ LogDebug("Visibility level is public : "
+ << storeIdSet.contains(CertStoreId::VIS_PUBLIC));
+ LogDebug("Visibility level is partner : "
+ << storeIdSet.contains(CertStoreId::VIS_PARTNER));
+ LogDebug("Visibility level is platform : "
+ << storeIdSet.contains(CertStoreId::VIS_PLATFORM));
+
+ if (data.isAuthorSignature())
+ {
+ if (!storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER))
+ {
+ LogWarning("author-signature.xml has got unrecognized Root CA "
"certificate. Signature will be disregarded.");
disregard = true;
- }
+ }
LogDebug("Root CA for author signature is correct.");
- } else {
- if (!storeIdSet.contains(CertStoreId::DEVELOPER) &&
- !storeIdSet.contains(CertStoreId::WAC_ROOT) &&
- !storeIdSet.contains(CertStoreId::WAC_MEMBER))
- {
- LogWarning("Distiributor signature has got unrecognized Root CA "
+ }
+ else
+ {
+LogDebug("signaturefile name = " << data.getSignatureFileName().c_str());
+ //Additional Check for certificate registration
+
+ if (data.getSignatureNumber() == 1)
+ {
+ if (storeIdSet.contains(CertStoreId::VIS_PUBLIC) || storeIdSet.contains(CertStoreId::VIS_PARTNER) || storeIdSet.contains(CertStoreId::VIS_PLATFORM))
+ {
+ LogDebug("Root CA for signature1.xml is correct.");
+ }
+ else
+ {
+ LogWarning("signature1.xml has got unrecognized Root CA "
"certificate. Signature will be disregarded.");
disregard = true;
+ }
+ }
+ }
+
+ data.setStorageType(storeIdSet);
+ data.setSortedCertificateList(sortedCertificateList);
+
+ // We add only Root CA certificate because WAC ensure that the rest
+ // of certificates are present in signature files ;-)
+ XmlSec::XmlSecContext context;
+ context.signatureFile = data.getSignatureFileName();
+ context.certificatePtr = root;
+
+ // Now we should have full certificate chain.
+ // If the end certificate is not ROOT CA we should disregard signature
+ // but still signature must be valid... Aaaaaa it's so stupid...
+ if (!(root->isSignedBy(root))) {
+ LogWarning("Root CA certificate not found. Chain is incomplete.");
+ // context.allowBrokenChain = true;
+ }
+
+ time_t nowTime = time(NULL);
+
+#define CHECK_TIME
+#ifdef CHECK_TIME
+
+ ASN1_TIME* notAfterTime = data.getEndEntityCertificatePtr()->getNotAfterTime();
+ ASN1_TIME* notBeforeTime = data.getEndEntityCertificatePtr()->getNotBeforeTime();
+
+ if (X509_cmp_time(notBeforeTime, &nowTime) > 0 || X509_cmp_time(notAfterTime, &nowTime) < 0)
+ {
+ struct tm *t;
+ struct tm ta, tb, tc;
+ char msg[1024];
+
+ t = localtime(&nowTime);
+ if (!t)
+ return SignatureValidator::SIGNATURE_INVALID; // internal error.
+
+ memset(&tc, 0, sizeof(tc));
+
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", t->tm_year + 1900, t->tm_mon + 1,t->tm_mday );
+ LogDebug("## System's currentTime : " << msg);
+ fprintf(stderr, "## System's currentTime : %s\n", msg);
+
+ tb = _ASN1_GetTimeT(notBeforeTime);
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tb.tm_year + 1900, tb.tm_mon + 1,tb.tm_mday );
+ LogDebug("## certificate's notBeforeTime : " << msg);
+ fprintf(stderr, "## certificate's notBeforeTime : %s\n", msg);
+
+ ta = _ASN1_GetTimeT(notAfterTime);
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", ta.tm_year + 1900, ta.tm_mon + 1,ta.tm_mday );
+ LogDebug("## certificate's notAfterTime : " << msg);
+ fprintf(stderr, "## certificate's notAfterTime : %s\n", msg);
+
+ if (storeIdSet.contains(CertStoreId::TIZEN_VERIFY))
+ {
+ LogDebug("## TIZEN_VERIFY : check certificate Time : FALSE");
+ fprintf(stderr, "## TIZEN_VERIFY : check certificate Time : FALSE\n");
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+
+ int year = (ta.tm_year - tb.tm_year) / 4;
+
+ if(year == 0)
+ {
+ tc.tm_year = tb.tm_year;
+ tc.tm_mon = tb.tm_mon + 1;
+ tc.tm_mday = tb.tm_mday;
+
+ if(tc.tm_mon == 12)
+ {
+ tc.tm_year = ta.tm_year;
+ tc.tm_mon = ta.tm_mon - 1;
+ tc.tm_mday = ta.tm_mday;
+
+ if(tc.tm_mon < 0)
+ {
+ tc.tm_year = ta.tm_year;
+ tc.tm_mon = ta.tm_mon;
+ tc.tm_mday = ta.tm_mday -1;
+
+ if(tc.tm_mday == 0)
+ {
+ tc.tm_year = tb.tm_year;
+ tc.tm_mon = tb.tm_mon;
+ tc.tm_mday = tb.tm_mday +1;
+ }
+ }
+ }
+ }
+ else{
+ tc.tm_year = tb.tm_year + year;
+ tc.tm_mon = (tb.tm_mon + ta.tm_mon )/2;
+ tc.tm_mday = (tb.tm_mday + ta.tm_mday)/2;
+ }
+
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tc.tm_year + 1900, tc.tm_mon + 1,tc.tm_mday );
+ LogDebug("## cmp cert with validation time : " << msg);
+ fprintf(stderr, "## cmp cert with validation time : %s\n", msg);
+
+ time_t outCurrent = mktime(&tc);
+ context.validationTime = outCurrent;
+ fprintf(stderr, "## cmp outCurrent time : %ld\n", outCurrent);
+ //return SignatureValidator::SIGNATURE_INVALID;
+ }
+
+#endif
+ // WAC 2.0 SP-2066 The wrt must not block widget installation
+ // due to expiration of the author certificate.
+#if 0
+ time_t notAfter = data.getEndEntityCertificatePtr()->getNotAfter();
+ time_t notBefore = data.getEndEntityCertificatePtr()->getNotBefore();
+
+ struct tm *t;
+
+ if (data.isAuthorSignature())
+ {
+ // time_t 2038 year bug exist. So, notAtter() cann't check...
+ /*
+ if (notAfter < nowTime)
+ {
+ context.validationTime = notAfter - TIMET_DAY;
+ LogWarning("Author certificate is expired. notAfter...");
+ }
+ */
+
+ if (notBefore > nowTime)
+ {
+ LogWarning("Author certificate is expired. notBefore time is greater than system-time.");
+
+ t = localtime(&nowTime);
+ LogDebug("System's current Year : " << t->tm_year + 1900);
+ LogDebug("System's current month : " << t->tm_mon + 1);
+ LogDebug("System's current day : " << t->tm_mday);
+
+ t = localtime(¬Before);
+ LogDebug("Author certificate's notBefore Year : " << t->tm_year + 1900);
+ LogDebug("Author certificate's notBefore month : " << t->tm_mon + 1);
+ LogDebug("Author certificate's notBefore day : " << t->tm_mday);
+
+ context.validationTime = notBefore + TIMET_DAY;
+
+ t = localtime(&context.validationTime);
+ LogDebug("Modified current Year : " << t->tm_year + 1900);
+ LogDebug("Modified current notBefore month : " << t->tm_mon + 1);
+ LogDebug("Modified current notBefore day : " << t->tm_mday);
+ }
+ }
+#endif
+ // WAC 2.0 SP-2066 The wrt must not block widget installation
+ //context.allowBrokenChain = true;
+
+ // end
+
+ if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validate(&context)) {
+ LogWarning("Installation break - invalid package! >> validate");
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+
+ data.setReference(context.referenceSet);
+ if (!checkObjectReferences(data)) {
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+
+ /*
+ ReferenceValidator fileValidator(widgetContentPath);
+ if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(data)) {
+ LogWarning("Invalid package - file references broken");
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+ */
+
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ // It is good time to do OCSP check
+ // ocspCheck will throw an exception on any error.
+ // TODO Probably we should catch this exception and add
+ // some information to SignatureData.
+ if (!m_complianceModeEnabled && !data.isAuthorSignature()) {
+ CertificateCollection coll;
+ coll.load(sortedCertificateList);
+
+ if (!coll.sort()) {
+ LogDebug("Collection does not contain chain!");
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+
+ CertificateVerifier verificator(m_ocspEnable, m_crlEnable);
+ VerificationStatus result = verificator.check(coll);
+
+ if (result == VERIFICATION_STATUS_REVOKED) {
+ return SignatureValidator::SIGNATURE_REVOKED;
+ }
+
+ if (result == VERIFICATION_STATUS_UNKNOWN ||
+ result == VERIFICATION_STATUS_ERROR)
+ {
+ #ifdef _OCSP_POLICY_DISREGARD_UNKNOWN_OR_ERROR_CERTS_
+ disregard = true;
+ #endif
}
- LogDebug("Root CA for distributor signature is correct.");
}
+#endif
+
+ if (disregard) {
+ LogWarning("Signature is disregard. RootCA is not a member of Tizen.");
+ return SignatureValidator::SIGNATURE_DISREGARD;
+ }
+ return SignatureValidator::SIGNATURE_VERIFIED;
+}
+
+SignatureValidator::Result ImplTizenSignatureValidator::checkList(SignatureData &data,
+ const std::string &widgetContentPath,
+ const std::list<std::string>& uriList)
+{
+ VcoreDPL::Log::LogSystemSingleton::Instance().SetTag("CERT_SVC");
+ if(uriList.size() == 0 )
+ LogWarning("checkList >> no hash");
+
+ bool disregard = false;
+ bool partialHash = false;
+
+ if (!checkRoleURI(data)) {
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+
+ if (!checkProfileURI(data)) {
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+
+ // CertificateList sortedCertificateList = data.getCertList();
+
+ CertificateCollection collection;
+ collection.load(data.getCertList());
+
+ // First step - sort certificate
+ if (!collection.sort()) {
+ LogWarning("Certificates do not form valid chain.");
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+
+ // Check for error
+ if (collection.empty()) {
+ LogWarning("Certificate list in signature is empty.");
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+
+ CertificateList sortedCertificateList = collection.getChain();
+
+ // TODO move it to CertificateCollection
+ // Add root CA and CA certificates (if chain is incomplete)
+ sortedCertificateList =
+ OCSPCertMgrUtil::completeCertificateChain(sortedCertificateList);
+
+ CertificatePtr root = sortedCertificateList.back();
+
+ // Is Root CA certificate trusted?
+ CertStoreId::Set storeIdSet = createCertificateIdentifier().find(root);
+
+ LogDebug("Is root certificate from TIZEN_DEVELOPER domain: "
+ << storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER));
+ LogDebug("Is root certificate from TIZEN_TEST domain: "
+ << storeIdSet.contains(CertStoreId::TIZEN_TEST));
+ LogDebug("Is root certificate from TIZEN_VERIFY domain: "
+ << storeIdSet.contains(CertStoreId::TIZEN_VERIFY));
+ LogDebug("Is root certificate from TIZEN_PUBLIC domain: "
+ << storeIdSet.contains(CertStoreId::VIS_PUBLIC));
+ LogDebug("Is root certificate from TIZEN_PARTNER domain: "
+ << storeIdSet.contains(CertStoreId::VIS_PARTNER));
+ LogDebug("Is root certificate from TIZEN_PLATFORM domain: "
+ << storeIdSet.contains(CertStoreId::VIS_PLATFORM));
+
+ LogDebug("Visibility level is public : "
+ << storeIdSet.contains(CertStoreId::VIS_PUBLIC));
+ LogDebug("Visibility level is partner : "
+ << storeIdSet.contains(CertStoreId::VIS_PARTNER));
+ LogDebug("Visibility level is platform : "
+ << storeIdSet.contains(CertStoreId::VIS_PLATFORM));
+
+ if (data.isAuthorSignature())
+ {
+ if (!storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER))
+ {
+ LogWarning("author-signature.xml has got unrecognized Root CA "
+ "certificate. Signature will be disregarded.");
+ disregard = true;
+ }
+ LogDebug("Root CA for author signature is correct.");
+ }
+ else
+ {
+ LogDebug("signaturefile name = " << data.getSignatureFileName().c_str());
+ //Additional Check for certificate registration
+
+ if (data.getSignatureNumber() == 1)
+ {
+ if (storeIdSet.contains(CertStoreId::VIS_PUBLIC) || storeIdSet.contains(CertStoreId::VIS_PARTNER) || storeIdSet.contains(CertStoreId::VIS_PLATFORM))
+ {
+ LogDebug("Root CA for signature1.xml is correct.");
+ }
+ else
+ {
+ LogWarning("signature1.xml has got unrecognized Root CA "
+ "certificate. Signature will be disregarded.");
+ disregard = true;
+ }
+ }
+ }
data.setStorageType(storeIdSet);
data.setSortedCertificateList(sortedCertificateList);
// but still signature must be valid... Aaaaaa it's so stupid...
if (!(root->isSignedBy(root))) {
LogWarning("Root CA certificate not found. Chain is incomplete.");
- context.allowBrokenChain = true;
+ // context.allowBrokenChain = true;
}
// WAC 2.0 SP-2066 The wrt must not block widget installation
// due to expiration of the author certificate.
+ time_t nowTime = time(NULL);
+
+#define CHECK_TIME
+#ifdef CHECK_TIME
+
+ ASN1_TIME* notAfterTime = data.getEndEntityCertificatePtr()->getNotAfterTime();
+ ASN1_TIME* notBeforeTime = data.getEndEntityCertificatePtr()->getNotBeforeTime();
+
+
+ if (X509_cmp_time(notBeforeTime, &nowTime) > 0 || X509_cmp_time(notAfterTime, &nowTime) < 0)
+ {
+ struct tm *t;
+ struct tm ta, tb, tc;
+ char msg[1024];
+
+ t = localtime(&nowTime);
+ if (!t)
+ return SignatureValidator::SIGNATURE_INVALID; // internal error.
+
+ memset(&tc, 0, sizeof(tc));
+
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", t->tm_year + 1900, t->tm_mon + 1,t->tm_mday );
+ LogDebug("## System's currentTime : " << msg);
+ fprintf(stderr, "## System's currentTime : %s\n", msg);
+
+ tb = _ASN1_GetTimeT(notBeforeTime);
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tb.tm_year + 1900, tb.tm_mon + 1,tb.tm_mday );
+ LogDebug("## certificate's notBeforeTime : " << msg);
+ fprintf(stderr, "## certificate's notBeforeTime : %s\n", msg);
+
+ ta = _ASN1_GetTimeT(notAfterTime);
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", ta.tm_year + 1900, ta.tm_mon + 1,ta.tm_mday );
+ LogDebug("## certificate's notAfterTime : " << msg);
+ fprintf(stderr, "## certificate's notAfterTime : %s\n", msg);
+
+ if (storeIdSet.contains(CertStoreId::TIZEN_VERIFY))
+ {
+ LogDebug("## TIZEN_VERIFY : check certificate Time : FALSE");
+ fprintf(stderr, "## TIZEN_VERIFY : check certificate Time : FALSE\n");
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+
+ int year = (ta.tm_year - tb.tm_year) / 4;
+ tc.tm_year = tb.tm_year + year;
+ tc.tm_mon = (tb.tm_mon + ta.tm_mon )/2;
+ tc.tm_mday = (tb.tm_mday + ta.tm_mday)/2;
+
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tc.tm_year + 1900, tc.tm_mon + 1,tc.tm_mday );
+ LogDebug("## cmp cert with validation time : " << msg);
+ fprintf(stderr, "## cmp cert with validation time : %s\n", msg);
+
+ time_t outCurrent = mktime(&tc);
+ context.validationTime = outCurrent;
+ //return SignatureValidator::SIGNATURE_INVALID;
+ }
+
+#endif
+
+#if 0
time_t notAfter = data.getEndEntityCertificatePtr()->getNotAfter();
- bool expired = notAfter < time(NULL);
- if (data.isAuthorSignature() && expired) {
- context.validationTime = notAfter - TIMET_DAY;
+ time_t notBefore = data.getEndEntityCertificatePtr()->getNotBefore();
+
+ struct tm *t;
+
+ if (data.isAuthorSignature())
+ {
+ // time_t 2038 year bug exist. So, notAtter() cann't check...
+ /*
+ if (notAfter < nowTime)
+ {
+ context.validationTime = notAfter - TIMET_DAY;
+ LogWarning("Author certificate is expired. notAfter...");
+ }
+ */
+
+ if (notBefore > nowTime)
+ {
+ LogWarning("Author certificate is expired. notBefore time is greater than system-time.");
+
+ t = localtime(&nowTime);
+ LogDebug("System's current Year : " << t->tm_year + 1900);
+ LogDebug("System's current month : " << t->tm_mon + 1);
+ LogDebug("System's current day : " << t->tm_mday);
+
+ t = localtime(¬Before);
+ LogDebug("Author certificate's notBefore Year : " << t->tm_year + 1900);
+ LogDebug("Author certificate's notBefore month : " << t->tm_mon + 1);
+ LogDebug("Author certificate's notBefore day : " << t->tm_mday);
+
+ context.validationTime = notBefore + TIMET_DAY;
+
+ t = localtime(&context.validationTime);
+ LogDebug("Modified current Year : " << t->tm_year + 1900);
+ LogDebug("Modified current notBefore month : " << t->tm_mon + 1);
+ LogDebug("Modified current notBefore day : " << t->tm_mday);
+ }
}
+#endif
+ // WAC 2.0 SP-2066 The wrt must not block widget installation
+ //context.allowBrokenChain = true;
+
// end
+ if(uriList.size() == 0)
+ {
+ if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validateNoHash(&context)) {
+ LogWarning("Installation break - invalid package! >> validateNoHash");
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+ }
+ else if(uriList.size() != 0)
+ {
+ partialHash = true;
+ XmlSecSingleton::Instance().setPartialHashList(uriList);
+ if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validatePartialHash(&context)) {
+ LogWarning("Installation break - invalid package! >> validatePartialHash");
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+ }
+
+ data.setReference(context.referenceSet);
+ //if (!checkObjectReferences(data)) {
+ // return SignatureValidator::SIGNATURE_INVALID;
+ // }
+
+ /*
+ ReferenceValidator fileValidator(widgetContentPath);
+ if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(data)) {
+ LogWarning("Invalid package - file references broken");
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+ */
+
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ // It is good time to do OCSP check
+ // ocspCheck will throw an exception on any error.
+ // TODO Probably we should catch this exception and add
+ // some information to SignatureData.
+ if (!m_complianceModeEnabled && !data.isAuthorSignature()) {
+ CertificateCollection coll;
+ coll.load(sortedCertificateList);
+
+ if (!coll.sort()) {
+ LogDebug("Collection does not contain chain!");
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+
+ CertificateVerifier verificator(m_ocspEnable, m_crlEnable);
+ VerificationStatus result = verificator.check(coll);
+
+ if (result == VERIFICATION_STATUS_REVOKED) {
+ return SignatureValidator::SIGNATURE_REVOKED;
+ }
+
+ if (result == VERIFICATION_STATUS_UNKNOWN ||
+ result == VERIFICATION_STATUS_ERROR)
+ {
+ #ifdef _OCSP_POLICY_DISREGARD_UNKNOWN_OR_ERROR_CERTS_
+ disregard = true;
+ #endif
+ }
+ }
+#endif
+
+ if (disregard) {
+ LogWarning("Signature is disregard. RootCA is not a member of Tizen.");
+ return SignatureValidator::SIGNATURE_DISREGARD;
+ }
+ return SignatureValidator::SIGNATURE_VERIFIED;
+}
+
+class ImplWacSignatureValidator : public SignatureValidator::ImplSignatureValidator
+{
+ public:
+ SignatureValidator::Result check(SignatureData &data,
+ const std::string &widgetContentPath);
+
+ SignatureValidator::Result checkList(SignatureData &data,
+ const std::string &widgetContentPath,
+ const std::list<std::string>& uriList);
+ explicit ImplWacSignatureValidator(bool ocspEnable,
+ bool crlEnable,
+ bool complianceMode)
+ : ImplSignatureValidator(ocspEnable, crlEnable, complianceMode)
+ {}
+
+ virtual ~ImplWacSignatureValidator() {}
+};
+
+
+SignatureValidator::Result ImplWacSignatureValidator::checkList(
+ SignatureData &data,
+ const std::string &widgetContentPath,
+ const std::list<std::string>& uriList)
+{
+ return SignatureValidator::SIGNATURE_INVALID;
+}
+
+
+SignatureValidator::Result ImplWacSignatureValidator::check(
+ SignatureData &data,
+ const std::string &widgetContentPath)
+{
+ bool disregard = false;
+
+ if (!checkRoleURI(data)) {
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+
+ if (!checkProfileURI(data)) {
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+
+ // CertificateList sortedCertificateList = data.getCertList();
+ CertificateCollection collection;
+ collection.load(data.getCertList());
+
+ // First step - sort certificate
+ if (!collection.sort()) {
+ LogWarning("Certificates do not form valid chain.");
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+
+ // Check for error
+ if (collection.empty()) {
+ LogWarning("Certificate list in signature is empty.");
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+
+ CertificateList sortedCertificateList = collection.getChain();
+
+ // TODO move it to CertificateCollection
+ // Add root CA and CA certificates (if chain is incomplete)
+ sortedCertificateList =
+ OCSPCertMgrUtil::completeCertificateChain(sortedCertificateList);
+
+ CertificatePtr root = sortedCertificateList.back();
+
+ // Is Root CA certificate trusted?
+ CertStoreId::Set storeIdSet = createCertificateIdentifier().find(root);
+
+ LogDebug("Is root certificate from TIZEN_DEVELOPER domain: "
+ << storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER));
+ LogDebug("Is root certificate from TIZEN_TEST domain: "
+ << storeIdSet.contains(CertStoreId::TIZEN_TEST));
+ LogDebug("Is root certificate from TIZEN_VERIFY domain: "
+ << storeIdSet.contains(CertStoreId::TIZEN_VERIFY));
+ LogDebug("Is root certificate from TIZEN_PUBLIC domain: "
+ << storeIdSet.contains(CertStoreId::VIS_PUBLIC));
+ LogDebug("Is root certificate from TIZEN_PARTNER domain: "
+ << storeIdSet.contains(CertStoreId::VIS_PARTNER));
+ LogDebug("Is root certificate from TIZEN_PLATFORM domain: "
+ << storeIdSet.contains(CertStoreId::VIS_PLATFORM));
+
+ LogDebug("Visibility level is public : "
+ << storeIdSet.contains(CertStoreId::VIS_PUBLIC));
+ LogDebug("Visibility level is partner : "
+ << storeIdSet.contains(CertStoreId::VIS_PARTNER));
+ LogDebug("Visibility level is platform : "
+ << storeIdSet.contains(CertStoreId::VIS_PLATFORM));
+
+ if (data.isAuthorSignature())
+ {
+ if (!storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER))
+ {
+ LogWarning("author-signature.xml has got unrecognized Root CA "
+ "certificate. Signature will be disregarded.");
+ disregard = true;
+ }
+ LogDebug("Root CA for author signature is correct.");
+ } else {
+ LogDebug("signaturefile name = " << data.getSignatureFileName().c_str());
+
+ //Additional Check for certificate registration
+
+ if (data.getSignatureNumber() == 1)
+ {
+ if (storeIdSet.contains(CertStoreId::VIS_PUBLIC) || storeIdSet.contains(CertStoreId::VIS_PARTNER) || storeIdSet.contains(CertStoreId::VIS_PLATFORM))
+ {
+ LogDebug("Root CA for signature1.xml is correct.");
+ }
+ else
+ {
+ LogWarning("signature1.xml has got unrecognized Root CA "
+ "certificate. Signature will be disregarded.");
+ disregard = true;
+ }
+ }
+ }
+
+ data.setStorageType(storeIdSet);
+ data.setSortedCertificateList(sortedCertificateList);
+
+ // We add only Root CA certificate because WAC ensure that the rest
+ // of certificates are present in signature files ;-)
+ XmlSec::XmlSecContext context;
+ context.signatureFile = data.getSignatureFileName();
+ context.certificatePtr = root;
+
+ // Now we should have full certificate chain.
+ // If the end certificate is not ROOT CA we should disregard signature
+ // but still signature must be valid... Aaaaaa it's so stupid...
+ if (!(root->isSignedBy(root))) {
+ LogWarning("Root CA certificate not found. Chain is incomplete.");
+// context.allowBrokenChain = true;
+ }
+
+ time_t nowTime = time(NULL);
+ // WAC 2.0 SP-2066 The wrt must not block widget installation
+ // due to expiration of the author certificate.
+#define CHECK_TIME
+#ifdef CHECK_TIME
+
+ ASN1_TIME* notAfterTime = data.getEndEntityCertificatePtr()->getNotAfterTime();
+ ASN1_TIME* notBeforeTime = data.getEndEntityCertificatePtr()->getNotBeforeTime();
+
+ if (X509_cmp_time(notBeforeTime, &nowTime) > 0 || X509_cmp_time(notAfterTime, &nowTime) < 0)
+ {
+ struct tm *t;
+ struct tm ta, tb, tc;
+ char msg[1024];
+
+ t = localtime(&nowTime);
+ if (!t)
+ return SignatureValidator::SIGNATURE_INVALID; // internal error.
+
+ memset(&tc, 0, sizeof(tc));
+
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", t->tm_year + 1900, t->tm_mon + 1,t->tm_mday );
+ LogDebug("## System's currentTime : " << msg);
+ fprintf(stderr, "## System's currentTime : %s\n", msg);
+
+ tb = _ASN1_GetTimeT(notBeforeTime);
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tb.tm_year + 1900, tb.tm_mon + 1,tb.tm_mday );
+ LogDebug("## certificate's notBeforeTime : " << msg);
+ fprintf(stderr, "## certificate's notBeforeTime : %s\n", msg);
+
+ ta = _ASN1_GetTimeT(notAfterTime);
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", ta.tm_year + 1900, ta.tm_mon + 1,ta.tm_mday );
+ LogDebug("## certificate's notAfterTime : " << msg);
+ fprintf(stderr, "## certificate's notAfterTime : %s\n", msg);
+
+ if (storeIdSet.contains(CertStoreId::TIZEN_VERIFY))
+ {
+ LogDebug("## TIZEN_VERIFY : check certificate Time : FALSE");
+ fprintf(stderr, "## TIZEN_VERIFY : check certificate Time : FALSE\n");
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+
+ int year = (ta.tm_year - tb.tm_year) / 4;
+ tc.tm_year = tb.tm_year + year;
+ tc.tm_mon = (tb.tm_mon + ta.tm_mon )/2;
+ tc.tm_mday = (tb.tm_mday + ta.tm_mday)/2;
+
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tc.tm_year + 1900, tc.tm_mon + 1,tc.tm_mday );
+ LogDebug("## cmp cert with validation time : " << msg);
+ fprintf(stderr, "## cmp cert with validation time : %s\n", msg);
+
+ time_t outCurrent = mktime(&tc);
+ context.validationTime = outCurrent;
+ //return SignatureValidator::SIGNATURE_INVALID;
+ }
+
+#endif
+
+#if 0
+ time_t notAfter = data.getEndEntityCertificatePtr()->getNotAfter();
+ time_t notBefore = data.getEndEntityCertificatePtr()->getNotBefore();
+
+ struct tm *t;
+
+ if (data.isAuthorSignature())
+ {
+ // time_t 2038 year bug exist. So, notAtter() cann't check...
+ /*
+ if (notAfter < nowTime)
+ {
+ context.validationTime = notAfter - TIMET_DAY;
+ LogWarning("Author certificate is expired. notAfter...");
+ }
+ */
+
+ if (notBefore > nowTime)
+ {
+ LogWarning("Author certificate is expired. notBefore time is greater than system-time.");
+
+ t = localtime(&nowTime);
+ LogDebug("System's current Year : " << t->tm_year + 1900);
+ LogDebug("System's current month : " << t->tm_mon + 1);
+ LogDebug("System's current day : " << t->tm_mday);
+
+ t = localtime(¬Before);
+ LogDebug("Author certificate's notBefore Year : " << t->tm_year + 1900);
+ LogDebug("Author certificate's notBefore month : " << t->tm_mon + 1);
+ LogDebug("Author certificate's notBefore day : " << t->tm_mday);
+
+ context.validationTime = notBefore + TIMET_DAY;
+
+ t = localtime(&context.validationTime);
+ LogDebug("Modified current Year : " << t->tm_year + 1900);
+ LogDebug("Modified current notBefore month : " << t->tm_mon + 1);
+ LogDebug("Modified current notBefore day : " << t->tm_mday);
+ }
+ }
+#endif
if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validate(&context)) {
LogWarning("Installation break - invalid package!");
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
}
data.setReference(context.referenceSet);
if (!checkObjectReferences(data)) {
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
}
ReferenceValidator fileValidator(widgetContentPath);
if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(data)) {
LogWarning("Invalid package - file references broken");
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
}
+ #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
// It is good time to do OCSP check
// ocspCheck will throw an exception on any error.
// TODO Probably we should catch this exception and add
if (!coll.sort()) {
LogDebug("Collection does not contain chain!");
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
}
CertificateVerifier verificator(m_ocspEnable, m_crlEnable);
VerificationStatus result = verificator.check(coll);
if (result == VERIFICATION_STATUS_REVOKED) {
- return SIGNATURE_REVOKED;
+ return SignatureValidator::SIGNATURE_REVOKED;
}
if (result == VERIFICATION_STATUS_UNKNOWN ||
result == VERIFICATION_STATUS_ERROR)
{
+ #ifdef _OCSP_POLICY_DISREGARD_UNKNOWN_OR_ERROR_CERTS_
disregard = true;
+ #endif
}
}
+#endif
if (disregard) {
- LogWarning("Signature is disregard.");
- return SIGNATURE_DISREGARD;
+ LogWarning("Signature is disregard. RootCA is not a member of Tizen.");
+ return SignatureValidator::SIGNATURE_DISREGARD;
}
- return SIGNATURE_VERIFIED;
+ return SignatureValidator::SIGNATURE_VERIFIED;
}
-std::string SignatureValidator::FingerprintToColonHex(
- const Certificate::Fingerprint &fingerprint)
-{
- std::string outString;
+// Implementation of SignatureValidator
- char buff[8];
+SignatureValidator::SignatureValidator(
+ AppType appType,
+ bool ocspEnable,
+ bool crlEnable,
+ bool complianceMode)
+ : m_impl(0)
+{
+ LogDebug( "appType :" << appType );
- for (size_t i = 0; i < fingerprint.size(); ++i) {
- snprintf(buff,
- sizeof(buff),
- "%02X:",
- static_cast<unsigned int>(fingerprint[i]));
- outString += buff;
+ if(appType == TIZEN)
+ {
+ m_impl = new ImplTizenSignatureValidator(ocspEnable,crlEnable,complianceMode);
+ }
+ else if(appType == WAC20)
+ {
+ m_impl = new ImplWacSignatureValidator(ocspEnable,crlEnable,complianceMode);
}
+}
+
+SignatureValidator::~SignatureValidator() {
+ delete m_impl;
+}
+
+SignatureValidator::Result SignatureValidator::check(
+ SignatureData &data,
+ const std::string &widgetContentPath)
+{
+ return m_impl->check(data, widgetContentPath);
+}
- // remove trailing ":"
- outString.erase(outString.end() - 1);
- return outString;
+SignatureValidator::Result SignatureValidator::checkList(
+ SignatureData &data,
+ const std::string &widgetContentPath,
+ const std::list<std::string>& uriList)
+{
+ return m_impl->checkList(data, widgetContentPath, uriList);
}
+
} // namespace ValidationCore
+
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-#ifndef _SIGNATUREVALIDATOR_H_
-#define _SIGNATUREVALIDATOR_H_
-
-#include <dpl/singleton.h>
+/*
+ * @file SignatureValidator.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Implementatin of tizen signature validation protocol.
+ */
+#ifndef _VALIDATION_CORE_SIGNATUREVALIDATOR_H_
+#define _VALIDATION_CORE_SIGNATUREVALIDATOR_H_
-#include "Certificate.h"
-#include "OCSPCertMgrUtil.h"
-#include "SignatureData.h"
+#include <string>
-#include "ValidatorCommon.h"
-#include "VerificationStatus.h"
+#include <vcore/SignatureData.h>
namespace ValidationCore {
-// Todo nocopyable
-class SignatureValidator
-{
- public:
+
+class SignatureValidator {
+public:
+ class ImplSignatureValidator;
+
+ enum AppType
+ {
+ TIZEN,
+ WAC20
+ };
+
enum Result
{
SIGNATURE_VALID,
SIGNATURE_REVOKED
};
- /**
- * Validation of the signature.
- * If falidation succeed SignatureData will contains:
- * list of validated references
- * set selfSigned value
- * root ca certificate
- * end entity certificate
- */
- Result check(SignatureData &data,
- const std::string &widgetContentPath);
+ SignatureValidator() = delete;
+ SignatureValidator(const SignatureValidator &) = delete;
+ const SignatureValidator &operator=(const SignatureValidator &) = delete;
- static std::string FingerprintToColonHex(
- const Certificate::Fingerprint &fingerprint);
+ explicit SignatureValidator(
+ AppType appType,
+ bool ocspEnable,
+ bool crlEnable,
+ bool complianceMode);
- explicit SignatureValidator(bool ocspEnable,
- bool crlEnable,
- bool complianceMode);
virtual ~SignatureValidator();
- private:
- bool checkRoleURI(const SignatureData &data);
- bool checkProfileURI(const SignatureData &data);
- bool checkObjectReferences(const SignatureData &data);
+ Result check(
+ SignatureData &data,
+ const std::string &widgetContentPath);
- bool m_ocspEnable;
- bool m_crlEnable;
- bool m_complianceModeEnabled;
+ Result checkList(
+ SignatureData &data,
+ const std::string &widgetContentPath,
+ const std::list<std::string>& uriList);
+
+private:
+ ImplSignatureValidator *m_impl;
};
} // namespace ValidationCore
-#endif // _SIGNATUREVALIDATOR_H_
+#endif // _VALIDATION_CORE_TIZENSIGNATUREVALIDATOR_H_
+
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*!
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 0.1
- * @file SoupMessageSendAsync.h
- * @brief Routines for certificate validation over OCSP
- */
-#ifndef _SRC_VALIDATION_CORE_SOUP_MESSAGE_SEND_ASYNC_H_
-#define _SRC_VALIDATION_CORE_SOUP_MESSAGE_SEND_ASYNC_H_
-
-#include <map>
-#include <vector>
-
-#include <dpl/assert.h>
-
-#include <dpl/event/inter_context_delegate.h>
-
-#include "SoupMessageSendBase.h"
-
-namespace SoupWrapper {
-
-class SoupMessageSendAsync
- : public SoupMessageSendBase
- , public DPL::Event::ICDelegateSupport<SoupMessageSendAsync>
-{
- typedef DPL::Event::ICDelegate<SoupSession*, SoupMessage*, void*> SoupDelegate;
- public:
- void sendAsync() {
- Assert(m_status == STATUS_IDLE);
- Assert(!m_soupSession);
- Assert(!m_soupMessage);
-
- m_status = STATUS_SEND_ASYNC;
- m_tryLeft = m_tryCount;
- m_mainContext = g_main_context_new();
-
- if (!m_mainContext){
- m_status = STATUS_IDLE;
-
- // call the delegate to outside with error!
- return;
- }
-
- m_soupSession = soup_session_async_new_with_options(
- SOUP_SESSION_ASYNC_CONTEXT,
- m_mainContext,
- SOUP_SESSION_TIMEOUT,
- m_timeout,
- NULL);
-
- if (!m_soupSession){
- m_status = STATUS_IDLE;
- g_object_unref(m_mainContext);
- m_mainContext = 0;
-
- // call the deletage to outside with error!
- return;
- }
-
- m_soupMessage = createRequest();
-
- if (!m_soupMessage){
- m_status = STATUS_IDLE;
- g_object_unref(m_soupSession);
- m_soupSession = 0;
- g_object_unref(m_mainContext);
- m_mainContext = 0;
-
- // call the delegate to outsize with error!
- return;
- }
-
- sendAsyncIterationStart();
- }
-
- protected:
-
- struct SoupDelegateOpaque {
- SoupDelegate dlg;
- };
-
- void sendAsyncIterationStart(){
- // ICDelegate could be called only once.
- // We can set user data only once.
- // We need nasty hack because we will call ICDelegate m_tryCount times.
- SoupDelegateOpaque *opaq = new SoupDelegateOpaque;
- opaq->dlg = makeICDelegate(&SoupMessageSendAsync::requestReceiver);
-
- soup_session_queue_message(m_soupSession,
- m_soupMessage,
- soupSessionCallback,
- reinterpret_cast<gpointer>(opaq));
- }
-
- void sendAsyncIteration(SoupDelegateOpaque *opaq){
- // Replace used ICDelegate with new one without changing
- // userdata ;-)
- opaq->dlg = makeICDelegate(&SoupMessageSendAsync::requestReceiver);
- soup_session_requeue_message(m_soupSession,
- m_soupMessage);
- }
-
- void requestReceiver(SoupSession *session, SoupMessage *msg, void *opaque){
- // We are in thread which called sendAsync function.
- Assert(session == m_soupSession);
- Assert(msg == m_soupMessage);
- Assert(opaque != 0);
- Assert(m_status == STATUS_SEND_ASYNC);
-
- m_tryLeft--;
-
- if (msg->status_code == SOUP_STATUS_OK) {
- m_responseBuffer.resize(msg->response_body->length);
- memcpy(&m_responseBuffer[0],
- msg->response_body->data,
- msg->response_body->length);
- // We are done.
- m_status = STATUS_IDLE;
- delete static_cast<SoupDelegateOpaque*>(opaque);
-
- // call the delegate to outside!
- return;
- }
-
- // Error protocol //
- if (m_tryLeft <= 0) {
- m_status = STATUS_IDLE;
- delete static_cast<SoupDelegateOpaque*>(opaque);
-
- // call the delegate to outside with error!
- return;
- }
-
- // create delegate and send the request once again.
- sendAsyncIteration(reinterpret_cast<SoupDelegateOpaque*>(opaque));
- }
-
- static void soupSessionCallback(SoupSession *session,
- SoupMessage *msg,
- gpointer userdata)
- {
- // We are in main thread. We need to switch context.
- // This delegate can switch context to dpl thread or main thread.
- SoupDelegateOpaque *opaque;
- opaque = reinterpret_cast<SoupDelegateOpaque*>(userdata);
- opaque->dlg(session, msg, userdata);
- }
-
- int m_tryLeft;
-
- GMainContext *m_mainContext;
- SoupSession *m_soupSession;
- SoupMessage *m_soupMessage;
-};
-
-} // namespace ValidationCore
-
-#endif
* @file SoupMessageSendBase.cpp
* @brief Simple wrapper for soup.
*/
-#include "SoupMessageSendBase.h"
+#include <vcore/SoupMessageSendBase.h>
#include <dpl/assert.h>
#include <dpl/foreach.h>
* @file SoupMessageSendSync.cpp
* @brief Implementation of soup synchronous interface.
*/
-#include "SoupMessageSendSync.h"
+#include <vcore/SoupMessageSendSync.h>
#include <memory>
#include <functional>
* @file SoupMessageSendSync.h
* @brief Wrapper for soup synchronous interface.
*/
-#ifndef _SRC_VALIDATION_CORE_SOUP_MESSAGE_SEND_SYNC_H_
-#define _SRC_VALIDATION_CORE_SOUP_MESSAGE_SEND_SYNC_H_
+#ifndef _VALIDATION_CORE_SOUP_MESSAGE_SEND_SYNC_H_
+#define _VALIDATION_CORE_SOUP_MESSAGE_SEND_SYNC_H_
-#include "SoupMessageSendBase.h"
+#include <vcore/SoupMessageSendBase.h>
#include <vcore/scoped_gpointer.h>
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <vcore/TimeConversion.h>
+
+#include <string.h>
+
+#include <dpl/log/log.h>
+#include <dpl/assert.h>
+
+namespace ValidationCore {
+
+int asn1TimeToTimeT(ASN1_TIME *t, time_t *res)
+{
+ struct tm tm;
+ int offset;
+
+ (*res) = 0;
+ if (!ASN1_TIME_check(t)) {
+ return -1;
+ }
+
+ memset(&tm, 0, sizeof(tm));
+
+#define g2(p) (((p)[0] - '0') * 10 + (p)[1] - '0')
+ if (t->type == V_ASN1_UTCTIME) {
+ Assert(t->length > 12);
+
+ /* this code is copied from OpenSSL asn1/a_utctm.c file */
+ tm.tm_year = g2(t->data);
+ if (tm.tm_year < 50) {
+ tm.tm_year += 100;
+ }
+ tm.tm_mon = g2(t->data + 2) - 1;
+ tm.tm_mday = g2(t->data + 4);
+ tm.tm_hour = g2(t->data + 6);
+ tm.tm_min = g2(t->data + 8);
+ tm.tm_sec = g2(t->data + 10);
+ if (t->data[12] == 'Z') {
+ offset = 0;
+ } else {
+ Assert(t->length > 16);
+
+ offset = g2(t->data + 13) * 60 + g2(t->data + 15);
+ if (t->data[12] == '-') {
+ offset = -offset;
+ }
+ }
+ tm.tm_isdst = -1;
+ } else {
+ Assert(t->length > 14);
+
+ tm.tm_year = g2(t->data) * 100 + g2(t->data + 2);
+ tm.tm_mon = g2(t->data + 4) - 1;
+ tm.tm_mday = g2(t->data + 6);
+ tm.tm_hour = g2(t->data + 8);
+ tm.tm_min = g2(t->data + 10);
+ tm.tm_sec = g2(t->data + 12);
+ if (t->data[14] == 'Z') {
+ offset = 0;
+ } else {
+ Assert(t->length > 18);
+
+ offset = g2(t->data + 15) * 60 + g2(t->data + 17);
+ if (t->data[14] == '-') {
+ offset = -offset;
+ }
+ }
+ tm.tm_isdst = -1;
+ }
+#undef g2
+ (*res) = timegm(&tm) - offset * 60;
+ return 0;
+}
+
+int asn1GeneralizedTimeToTimeT(ASN1_GENERALIZEDTIME *tm, time_t *res)
+{
+ /*
+ * This code is based on following assumption:
+ * from openssl/a_gentm.c:
+ * GENERALIZEDTIME is similar to UTCTIME except the year is
+ * represented as YYYY. This stuff treats everything as a two digit
+ * field so make first two fields 00 to 99
+ */
+ const int DATE_BUFFER_LENGTH = 15; // YYYYMMDDHHMMSSZ
+
+ if (NULL == res || NULL == tm) {
+ LogError("NULL pointer");
+ return -1;
+ }
+
+ if (DATE_BUFFER_LENGTH != tm->length || NULL == tm->data) {
+ LogError("Invalid ASN1_GENERALIZEDTIME");
+ return -1;
+ }
+
+ struct tm time_s;
+ if (sscanf ((char*)tm->data,
+ "%4d%2d%2d%2d%2d%2d",
+ &time_s.tm_year,
+ &time_s.tm_mon,
+ &time_s.tm_mday,
+ &time_s.tm_hour,
+ &time_s.tm_min,
+ &time_s.tm_sec) < 6)
+ {
+ LogError("Could not extract time data from ASN1_GENERALIZEDTIME");
+ return -1;
+ }
+
+ time_s.tm_year -= 1900;
+ time_s.tm_mon -= 1;
+ time_s.tm_isdst = 0; // UTC
+ time_s.tm_gmtoff = 0; // UTC
+ time_s.tm_zone = NULL; // UTC
+
+ *res = mktime(&time_s);
+
+ return 0;
+}
+
+} // namespace ValidationCore
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file TimeConversion.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+#ifndef _VALIDATION_CORE_TIMECONVERSION_H_
+#define _VALIDATION_CORE_TIMECONVERSION_H_
+
+#include <ctime>
+
+#include <openssl/x509.h>
+
+namespace ValidationCore {
+// from OpenSSL asn1/a_utctm.c code
+int asn1TimeToTimeT(ASN1_TIME *t, time_t *res);
+
+int asn1GeneralizedTimeToTimeT(ASN1_GENERALIZEDTIME *tm,
+ time_t *res);
+} // namespace ValidationCore
+
+#endif // _VALIDATION_CORE_TIMECONVERSION_H_
+
#include <vcore/VCorePrivate.h>
#include <vcore/Config.h>
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
#include <vcore/Database.h>
-#include <openssl/ssl.h>
#include <database_checksum_vcore.h>
+#endif
+#include <openssl/ssl.h>
#include <glib.h>
#include <glib-object.h>
#include <dpl/assert.h>
#include <dpl/log/log.h>
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
namespace {
-DPL::DB::ThreadDatabaseSupport *threadInterface = NULL;
+VcoreDPL::DB::ThreadDatabaseSupport *threadInterface = NULL;
} // namespace anonymous
+#endif
namespace ValidationCore {
void AttachToThreadRO(void)
{
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
Assert(threadInterface);
static bool check = true;
threadInterface->AttachToThread(
- DPL::DB::SqlConnection::Flag::RO);
+ VcoreDPL::DB::SqlConnection::Flag::RO);
// We can have race condition here but CheckTableExist
// is thread safe and nothing bad will happend.
if (check) {
check = false;
Assert(ThreadInterface().CheckTableExist(DB_CHECKSUM_STR) &&
"Not a valid vcore database version");
- }
+ }
+#endif
}
void AttachToThreadRW(void)
{
- Assert(threadInterface);
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ Assert(threadInterface);
static bool check = true;
threadInterface->AttachToThread(
- DPL::DB::SqlConnection::Flag::RW);
+ VcoreDPL::DB::SqlConnection::Flag::RW);
// We can have race condition here but CheckTableExist
// is thread safe and nothing bad will happend.
if (check) {
Assert(ThreadInterface().CheckTableExist(DB_CHECKSUM_STR) &&
"Not a valid vcore database version");
}
+#endif
}
void DetachFromThread(void){
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
Assert(threadInterface);
threadInterface->DetachFromThread();
+#endif
}
-
-DPL::DB::ThreadDatabaseSupport& ThreadInterface(void) {
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+VcoreDPL::DB::ThreadDatabaseSupport& ThreadInterface(void) {
Assert(threadInterface);
return *threadInterface;
}
-
+#endif
bool VCoreInit(const std::string& configFilePath,
const std::string& configSchemaPath,
const std::string& databasePath)
{
- if(threadInterface) {
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ if(threadInterface) {
LogDebug("Already Initialized");
- return false;
+ return true;
}
- threadInterface = new DPL::DB::ThreadDatabaseSupport(
+ threadInterface = new VcoreDPL::DB::ThreadDatabaseSupport(
databasePath.c_str(),
- DPL::DB::SqlConnection::Flag::UseLucene);
-
+ VcoreDPL::DB::SqlConnection::Flag::UseLucene);
+#endif
SSL_library_init();
// g_thread_init(NULL);
g_type_init();
LogDebug("Initializing VCore");
Config &globalConfig = ConfigSingleton::Instance();
- bool returnValue = globalConfig.setXMLConfigPath(configFilePath) &&
+ globalConfig.setXMLConfigPath(configFilePath) &&
globalConfig.setXMLSchemaPath(configSchemaPath);
- return returnValue;
+ return true;
}
void VCoreDeinit()
{
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
Assert(threadInterface && "Not initialized or already deinitialized");
delete threadInterface;
threadInterface = NULL;
+#endif
}
} // namespace ValidationCore
#include <string>
#include <VCore.h>
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
#include <database_checksum_vcore.h>
#include <dpl/db/thread_database_support.h>
+#endif
namespace ValidationCore {
-DPL::DB::ThreadDatabaseSupport& ThreadInterface(void);
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+VcoreDPL::DB::ThreadDatabaseSupport& ThreadInterface(void);
+#endif
} // namespace ValidationCore
#endif // _VCORE_SRC_VCORE_VCORE_H_
#include <string>
namespace ValidationCore {
-typedef std::set< std::string > ReferenceSet;
-typedef std::list< std::string > ObjectList;
/*
* base deleter func
std::string schema =
ConfigSingleton::Instance().getXMLSchemaPath();
LogDebug("File with fingerprint list schema is: " << schema);
+
reader.initialize(file, schema);
reader.read(certificateIdentifier);
+
initialized = true;
}
return certificateIdentifier;
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-#include "VerificationStatus.h"
+/*!
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 0.2
+ * @file VerficationStatus.cpp
+ * @brief OCSP/CRL status.
+ */
+#include <vcore/VerificationStatus.h>
namespace ValidationCore {
+
+VerificationStatusSet::VerificationStatusSet()
+ : m_verdictMap(0)
+{}
+
+void VerificationStatusSet::add(VerificationStatus status) {
+ m_verdictMap |= status;
+}
+
+bool VerificationStatusSet::contains(VerificationStatus status) const {
+ return m_verdictMap & status;
+}
+
+bool VerificationStatusSet::isEmpty() const {
+ return 0 == m_verdictMap;
+}
+
+void VerificationStatusSet::operator+=(const VerificationStatusSet &second) {
+ m_verdictMap |= second.m_verdictMap;
+}
+
+void VerificationStatusSet::reset() {
+ m_verdictMap = 0;
+}
+
VerificationStatus VerificationStatusSet::convertToStatus() const
{
if (m_verdictMap & VERIFICATION_STATUS_REVOKED) {
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-#ifndef _SRC_VALIDATION_CORE_VERIFICATION_STATUS_H_
-#define _SRC_VALIDATION_CORE_VERIFICATION_STATUS_H_
+/*!
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 0.2
+ * @file VerificationStatus.h
+ * @brief OCSP/CRL status.
+ */
+#ifndef _VALIDATION_CORE_VERIFICATION_STATUS_H_
+#define _VALIDATION_CORE_VERIFICATION_STATUS_H_
namespace ValidationCore {
enum VerificationStatus
class VerificationStatusSet
{
public:
- VerificationStatusSet() : m_verdictMap(0)
- {
- }
-
- inline void add(VerificationStatus status)
- {
- m_verdictMap |= status;
- }
-
- inline bool contains(VerificationStatus status) const
- {
- return m_verdictMap & status;
- }
-
- inline bool isEmpty() const
- {
- return 0 == m_verdictMap;
- }
-
- inline void operator+=(const VerificationStatusSet &second)
- {
- m_verdictMap |= second.m_verdictMap;
- }
-
- inline void reset()
- {
- m_verdictMap = 0;
- }
+ VerificationStatusSet();
+
+ void add(VerificationStatus status);
+
+ bool contains(VerificationStatus status) const;
+
+ bool isEmpty() const;
+
+ void operator+=(const VerificationStatusSet &second);
+
+ void reset();
VerificationStatus convertToStatus() const;
// Some certificate has been revoked. Widget is not able to be installed.
WIDGET_VERIFICATION_STATUS_REVOKED,
};
+
} // namespace ValidationCore
-#endif // _SRC_VALIDATION_CORE_VERIFICATION_STATUS_H_
+#endif // _VALIDATION_CORE_VERIFICATION_STATUS_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file WrtSignatureValidator.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Implementatin of tizen signature validation protocol.
+ */
+#include <vcore/WrtSignatureValidator.h>
+
+#include <vcore/CertificateVerifier.h>
+#include <vcore/Certificate.h>
+#include <vcore/OCSPCertMgrUtil.h>
+#include <vcore/ReferenceValidator.h>
+#include <vcore/ValidatorFactories.h>
+#include <vcore/XmlsecAdapter.h>
+
+#include <dpl/log/log.h>
+
+namespace {
+const time_t TIMET_DAY = 60 * 60 * 24;
+
+const std::string TOKEN_ROLE_AUTHOR_URI =
+ "http://www.w3.org/ns/widgets-digsig#role-author";
+const std::string TOKEN_ROLE_DISTRIBUTOR_URI =
+ "http://www.w3.org/ns/widgets-digsig#role-distributor";
+const std::string TOKEN_PROFILE_URI =
+ "http://www.w3.org/ns/widgets-digsig#profile";
+} // namespace anonymouse
+
+static tm _ASN1_GetTimeT(ASN1_TIME* time)
+{
+ struct tm t;
+ const char* str = (const char*) time->data;
+ size_t i = 0;
+
+ memset(&t, 0, sizeof(t));
+
+ if (time->type == V_ASN1_UTCTIME) /* two digit year */
+ {
+ t.tm_year = (str[i] - '0') * 10 + (str[i + 1] - '0');
+ i += 2;
+ if (t.tm_year < 70)
+ t.tm_year += 100;
+ }
+ else if (time->type == V_ASN1_GENERALIZEDTIME) /* four digit year */
+ {
+ t.tm_year =
+ (str[i] - '0') * 1000
+ + (str[i + 1] - '0') * 100
+ + (str[i + 2] - '0') * 10
+ + (str[i + 3] - '0');
+ i += 4;
+ t.tm_year -= 1900;
+ }
+ t.tm_mon = ((str[i] - '0') * 10 + (str[i + 1] - '0')) - 1; // -1 since January is 0 not 1.
+ t.tm_mday = (str[i + 2] - '0') * 10 + (str[i + 3] - '0');
+ t.tm_hour = (str[i + 4] - '0') * 10 + (str[i + 5] - '0');
+ t.tm_min = (str[i + 6] - '0') * 10 + (str[i + 7] - '0');
+ t.tm_sec = (str[i + 8] - '0') * 10 + (str[i + 9] - '0');
+
+ /* Note: we did not adjust the time based on time zone information */
+ return t;
+}
+
+
+namespace ValidationCore {
+
+class WrtSignatureValidator::Impl {
+public:
+ virtual WrtSignatureValidator::Result check(
+ SignatureData &data,
+ const std::string &widgetContentPath) = 0;
+
+ explicit Impl(bool ocspEnable,
+ bool crlEnable,
+ bool complianceMode)
+ : m_complianceModeEnabled(complianceMode)
+ #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ , m_ocspEnable(ocspEnable)
+ , m_crlEnable(crlEnable)
+ #endif
+ {}
+
+ virtual ~Impl() {}
+
+ bool checkRoleURI(const SignatureData &data) {
+ std::string roleURI = data.getRoleURI();
+
+ if (roleURI.empty()) {
+ LogWarning("URI attribute in Role tag couldn't be empty.");
+ return false;
+ }
+
+ if (roleURI != TOKEN_ROLE_AUTHOR_URI && data.isAuthorSignature()) {
+ LogWarning("URI attribute in Role tag does not "
+ "match with signature filename.");
+ return false;
+ }
+
+ if (roleURI != TOKEN_ROLE_DISTRIBUTOR_URI && !data.isAuthorSignature()) {
+ LogWarning("URI attribute in Role tag does not "
+ "match with signature filename.");
+ return false;
+ }
+ return true;
+ }
+
+ bool checkProfileURI(const SignatureData &data) {
+ if (TOKEN_PROFILE_URI != data.getProfileURI()) {
+ LogWarning(
+ "Profile tag contains unsupported value in URI attribute(" <<
+ data.getProfileURI() << ").");
+ return false;
+ }
+ return true;
+ }
+
+ bool checkObjectReferences(const SignatureData &data) {
+ ObjectList objectList = data.getObjectList();
+ ObjectList::const_iterator iter;
+ for (iter = objectList.begin(); iter != objectList.end(); ++iter) {
+ if (!data.containObjectReference(*iter)) {
+ LogWarning("Signature does not contain reference for object " <<
+ *iter);
+ return false;
+ }
+ }
+ return true;
+ }
+protected:
+ bool m_complianceModeEnabled;
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ bool m_ocspEnable;
+ bool m_crlEnable;
+#endif
+
+};
+
+class ImplTizen : public WrtSignatureValidator::Impl {
+public:
+ WrtSignatureValidator::Result check(SignatureData &data,
+ const std::string &widgetContentPath);
+
+ explicit ImplTizen(bool ocspEnable,
+ bool crlEnable,
+ bool complianceMode)
+ : Impl(ocspEnable, crlEnable, complianceMode)
+ {}
+
+ virtual ~ImplTizen() {}
+};
+
+WrtSignatureValidator::Result ImplTizen::check(
+ SignatureData &data,
+ const std::string &widgetContentPath)
+{
+ bool disregard = false;
+
+ if (!checkRoleURI(data)) {
+ return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+ if (!checkProfileURI(data)) {
+ return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+ // CertificateList sortedCertificateList = data.getCertList();
+
+ CertificateCollection collection;
+ collection.load(data.getCertList());
+
+ // First step - sort certificate
+ if (!collection.sort()) {
+ LogWarning("Certificates do not form valid chain.");
+ return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+ // Check for error
+ if (collection.empty()) {
+ LogWarning("Certificate list in signature is empty.");
+ return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+ CertificateList sortedCertificateList = collection.getChain();
+
+ // TODO move it to CertificateCollection
+ // Add root CA and CA certificates (if chain is incomplete)
+ sortedCertificateList =
+ OCSPCertMgrUtil::completeCertificateChain(sortedCertificateList);
+
+ CertificatePtr root = sortedCertificateList.back();
+
+ // Is Root CA certificate trusted?
+ CertStoreId::Set storeIdSet = createCertificateIdentifier().find(root);
+
+ LogDebug("Is root certificate from TIZEN_DEVELOPER domain: "
+ << storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER));
+ LogDebug("Is root certificate from TIZEN_TEST domain: "
+ << storeIdSet.contains(CertStoreId::TIZEN_TEST));
+ LogDebug("Is root certificate from TIZEN_VERIFY domain: "
+ << storeIdSet.contains(CertStoreId::TIZEN_VERIFY));
+ LogDebug("Is root certificate from TIZEN_PUBLIC domain: "
+ << storeIdSet.contains(CertStoreId::VIS_PUBLIC));
+ LogDebug("Is root certificate from TIZEN_PARTNER domain: "
+ << storeIdSet.contains(CertStoreId::VIS_PARTNER));
+ LogDebug("Is root certificate from TIZEN_PLATFORM domain: "
+ << storeIdSet.contains(CertStoreId::VIS_PLATFORM));
+ LogDebug("Visibility level is public : "
+ << storeIdSet.contains(CertStoreId::VIS_PUBLIC));
+ LogDebug("Visibility level is partner : "
+ << storeIdSet.contains(CertStoreId::VIS_PARTNER));
+ LogDebug("Visibility level is platform : "
+ << storeIdSet.contains(CertStoreId::VIS_PLATFORM));
+
+ if (data.isAuthorSignature())
+ {
+ if (!storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER))
+ {
+ LogWarning("author-signature.xml has got unrecognized Root CA "
+ "certificate. Signature will be disregarded.");
+ disregard = true;
+ }
+ LogDebug("Root CA for author signature is correct.");
+ }
+ else
+ {
+ LogDebug("signaturefile name = " << data.getSignatureFileName().c_str());
+
+ if (data.getSignatureNumber() == 1)
+ {
+ if (storeIdSet.contains(CertStoreId::VIS_PUBLIC) || storeIdSet.contains(CertStoreId::VIS_PARTNER) || storeIdSet.contains(CertStoreId::VIS_PLATFORM))
+ {
+ LogDebug("Root CA for signature1.xml is correct.");
+ }
+ else
+ {
+ LogWarning("signature1.xml has got unrecognized Root CA "
+ "certificate. Signature will be disregarded.");
+ disregard = true;
+ }
+ }
+ }
+
+ data.setStorageType(storeIdSet);
+ data.setSortedCertificateList(sortedCertificateList);
+
+ // We add only Root CA certificate because WAC ensure that the rest
+ // of certificates are present in signature files ;-)
+ XmlSec::XmlSecContext context;
+ context.signatureFile = data.getSignatureFileName();
+ context.certificatePtr = root;
+
+ // Now we should have full certificate chain.
+ // If the end certificate is not ROOT CA we should disregard signature
+ // but still signature must be valid... Aaaaaa it's so stupid...
+ if (!(root->isSignedBy(root))) {
+ LogWarning("Root CA certificate not found. Chain is incomplete.");
+ //context.allowBrokenChain = true;
+ }
+
+ // WAC 2.0 SP-2066 The wrt must not block widget installation
+ // due to expiration of the author certificate.
+ time_t nowTime = time(NULL);
+#define CHECK_TIME
+#ifdef CHECK_TIME
+
+ ASN1_TIME* notAfterTime = data.getEndEntityCertificatePtr()->getNotAfterTime();
+ ASN1_TIME* notBeforeTime = data.getEndEntityCertificatePtr()->getNotBeforeTime();
+
+ if (X509_cmp_time(notBeforeTime, &nowTime) > 0 || X509_cmp_time(notAfterTime, &nowTime) < 0)
+ {
+ struct tm *t;
+ struct tm ta, tb, tc;
+ char msg[1024];
+
+ t = localtime(&nowTime);
+ if (!t)
+ return WrtSignatureValidator::SIGNATURE_INVALID; // internal error.
+
+ memset(&tc, 0, sizeof(tc));
+
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", t->tm_year + 1900, t->tm_mon + 1,t->tm_mday );
+ LogDebug("## System's currentTime : " << msg);
+ fprintf(stderr, "## System's currentTime : %s\n", msg);
+
+ tb = _ASN1_GetTimeT(notBeforeTime);
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tb.tm_year + 1900, tb.tm_mon + 1,tb.tm_mday );
+ LogDebug("## certificate's notBeforeTime : " << msg);
+ fprintf(stderr, "## certificate's notBeforeTime : %s\n", msg);
+
+ ta = _ASN1_GetTimeT(notAfterTime);
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", ta.tm_year + 1900, ta.tm_mon + 1,ta.tm_mday );
+ LogDebug("## certificate's notAfterTime : " << msg);
+ fprintf(stderr, "## certificate's notAfterTime : %s\n", msg);
+
+ if (storeIdSet.contains(CertStoreId::TIZEN_VERIFY))
+ {
+ LogDebug("## TIZEN_VERIFY : check certificate Time : FALSE");
+ fprintf(stderr, "## TIZEN_VERIFY : check certificate Time : FALSE\n");
+ return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+ int year = (ta.tm_year - tb.tm_year) / 4;
+
+ if(year == 0)
+ {
+ tc.tm_year = tb.tm_year;
+ tc.tm_mon = tb.tm_mon + 1;
+ tc.tm_mday = tb.tm_mday;
+
+ if(tc.tm_mon == 12)
+ {
+ tc.tm_year = ta.tm_year;
+ tc.tm_mon = ta.tm_mon - 1;
+ tc.tm_mday = ta.tm_mday;
+
+ if(tc.tm_mon < 0)
+ {
+ tc.tm_year = ta.tm_year;
+ tc.tm_mon = ta.tm_mon;
+ tc.tm_mday = ta.tm_mday -1;
+
+ if(tc.tm_mday == 0)
+ {
+ tc.tm_year = tb.tm_year;
+ tc.tm_mon = tb.tm_mon;
+ tc.tm_mday = tb.tm_mday +1;
+ }
+ }
+ }
+ }
+ else{
+ tc.tm_year = tb.tm_year + year;
+ tc.tm_mon = (tb.tm_mon + ta.tm_mon )/2;
+ tc.tm_mday = (tb.tm_mday + ta.tm_mday)/2;
+ }
+
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tc.tm_year + 1900, tc.tm_mon + 1,tc.tm_mday );
+ LogDebug("## cmp cert with validation time : " << msg);
+ fprintf(stderr, "## cmp cert with validation time : %s\n", msg);
+
+ time_t outCurrent = mktime(&tc);
+ context.validationTime = outCurrent;
+
+ fprintf(stderr, "## cmp outCurrent time : %ld\n", outCurrent);
+
+ //return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+#endif
+
+#if 0
+ time_t notAfter = data.getEndEntityCertificatePtr()->getNotAfter();
+ time_t notBefore = data.getEndEntityCertificatePtr()->getNotBefore();
+
+ struct tm *t;
+
+ if (data.isAuthorSignature())
+ {
+ // time_t 2038 year bug exist. So, notAtter() cann't check...
+ /*
+ if (notAfter < nowTime)
+ {
+ context.validationTime = notAfter - TIMET_DAY;
+ LogWarning("Author certificate is expired. notAfter...");
+ }
+ */
+
+ if (notBefore > nowTime)
+ {
+ LogWarning("Author certificate is expired. notBefore time is greater than system-time.");
+
+ t = localtime(&nowTime);
+ LogDebug("System's current Year : " << t->tm_year + 1900);
+ LogDebug("System's current month : " << t->tm_mon + 1);
+ LogDebug("System's current day : " << t->tm_mday);
+
+ t = localtime(¬Before);
+ LogDebug("Author certificate's notBefore Year : " << t->tm_year + 1900);
+ LogDebug("Author certificate's notBefore month : " << t->tm_mon + 1);
+ LogDebug("Author certificate's notBefore day : " << t->tm_mday);
+
+ context.validationTime = notBefore + TIMET_DAY;
+
+ t = localtime(&context.validationTime);
+ LogDebug("Modified current Year : " << t->tm_year + 1900);
+ LogDebug("Modified current notBefore month : " << t->tm_mon + 1);
+ LogDebug("Modified current notBefore day : " << t->tm_mday);
+ }
+ }
+#endif
+ // WAC 2.0 SP-2066 The wrt must not block widget installation
+ //context.allowBrokenChain = true;
+
+ // end
+ if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validate(&context)) {
+ LogWarning("Installation break - invalid package!");
+ return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+ data.setReference(context.referenceSet);
+
+ if (!checkObjectReferences(data)) {
+ return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+ ReferenceValidator fileValidator(widgetContentPath);
+ if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(data)) {
+ LogWarning("Invalid package - file references broken");
+ return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ // It is good time to do OCSP check
+ // ocspCheck will throw an exception on any error.
+ // TODO Probably we should catch this exception and add
+ // some information to SignatureData.
+ if (!m_complianceModeEnabled && !data.isAuthorSignature()) {
+ CertificateCollection coll;
+ coll.load(sortedCertificateList);
+
+ if (!coll.sort()) {
+ LogDebug("Collection does not contain chain!");
+ return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+ CertificateVerifier verificator(m_ocspEnable, m_crlEnable);
+ VerificationStatus result = verificator.check(coll);
+
+ if (result == VERIFICATION_STATUS_REVOKED) {
+ return WrtSignatureValidator::SIGNATURE_REVOKED;
+ }
+
+ if (result == VERIFICATION_STATUS_UNKNOWN ||
+ result == VERIFICATION_STATUS_ERROR)
+ {
+ #ifdef _OCSP_POLICY_DISREGARD_UNKNOWN_OR_ERROR_CERTS_
+ disregard = true;
+ #endif
+ }
+ }
+#endif
+
+ if (disregard) {
+ LogWarning("Signature is disregard. RootCA is not a member of Tizen");
+ return WrtSignatureValidator::SIGNATURE_DISREGARD;
+ }
+ return WrtSignatureValidator::SIGNATURE_VERIFIED;
+}
+
+class ImplWac : public WrtSignatureValidator::Impl
+{
+public:
+ WrtSignatureValidator::Result check(SignatureData &data,
+ const std::string &widgetContentPath);
+
+ explicit ImplWac(bool ocspEnable,
+ bool crlEnable,
+ bool complianceMode)
+ : Impl(ocspEnable, crlEnable, complianceMode)
+ {}
+
+ virtual ~ImplWac() {}
+};
+
+WrtSignatureValidator::Result ImplWac::check(
+ SignatureData &data,
+ const std::string &widgetContentPath)
+{
+ bool disregard = false;
+
+ if (!checkRoleURI(data)) {
+ return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+ if (!checkProfileURI(data)) {
+ return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+ // CertificateList sortedCertificateList = data.getCertList();
+
+ CertificateCollection collection;
+ collection.load(data.getCertList());
+
+ // First step - sort certificate
+ if (!collection.sort()) {
+ LogWarning("Certificates do not form valid chain.");
+ return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+ // Check for error
+ if (collection.empty()) {
+ LogWarning("Certificate list in signature is empty.");
+ return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+ CertificateList sortedCertificateList = collection.getChain();
+
+ // TODO move it to CertificateCollection
+ // Add root CA and CA certificates (if chain is incomplete)
+ sortedCertificateList =
+ OCSPCertMgrUtil::completeCertificateChain(sortedCertificateList);
+
+ CertificatePtr root = sortedCertificateList.back();
+
+ // Is Root CA certificate trusted?
+ CertStoreId::Set storeIdSet = createCertificateIdentifier().find(root);
+
+ LogDebug("Is root certificate from TIZEN_DEVELOPER domain: "
+ << storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER));
+ LogDebug("Is root certificate from TIZEN_TEST domain: "
+ << storeIdSet.contains(CertStoreId::TIZEN_TEST));
+ LogDebug("Is root certificate from TIZEN_VERIFY domain: "
+ << storeIdSet.contains(CertStoreId::TIZEN_VERIFY));
+ LogDebug("Is root certificate from TIZEN_PUBLIC domain: "
+ << storeIdSet.contains(CertStoreId::VIS_PUBLIC));
+ LogDebug("Is root certificate from TIZEN_PARTNER domain: "
+ << storeIdSet.contains(CertStoreId::VIS_PARTNER));
+ LogDebug("Is root certificate from TIZEN_PLATFORM domain: "
+ << storeIdSet.contains(CertStoreId::VIS_PLATFORM));
+
+ LogDebug("Visibility level is public : "
+ << storeIdSet.contains(CertStoreId::VIS_PUBLIC));
+ LogDebug("Visibility level is partner : "
+ << storeIdSet.contains(CertStoreId::VIS_PARTNER));
+ LogDebug("Visibility level is platform : "
+ << storeIdSet.contains(CertStoreId::VIS_PLATFORM));
+
+ if (data.isAuthorSignature())
+ {
+ if (!storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER))
+ {
+ LogWarning("author-signature.xml has got unrecognized Root CA "
+ "certificate. Signature will be disregarded.");
+ disregard = true;
+ }
+ LogDebug("Root CA for author signature is correct.");
+ }
+ else
+ {
+ LogDebug("signaturefile name = " << data.getSignatureFileName().c_str());
+ //Additional Check for certificate registration
+
+ if (data.getSignatureNumber() == 1)
+ {
+ if (storeIdSet.contains(CertStoreId::VIS_PUBLIC) || storeIdSet.contains(CertStoreId::VIS_PARTNER) || storeIdSet.contains(CertStoreId::VIS_PLATFORM))
+ {
+ LogDebug("Root CA for signature1.xml is correct.");
+ }
+ else
+ {
+ LogWarning("signature1.xml has got unrecognized Root CA "
+ "certificate. Signature will be disregarded.");
+ disregard = true;
+ }
+ }
+ }
+
+ data.setStorageType(storeIdSet);
+ data.setSortedCertificateList(sortedCertificateList);
+
+ // We add only Root CA certificate because WAC ensure that the rest
+ // of certificates are present in signature files ;-)
+ XmlSec::XmlSecContext context;
+ context.signatureFile = data.getSignatureFileName();
+ context.certificatePtr = root;
+
+ // Now we should have full certificate chain.
+ // If the end certificate is not ROOT CA we should disregard signature
+ // but still signature must be valid... Aaaaaa it's so stupid...
+ if (!(root->isSignedBy(root))) {
+ LogWarning("Root CA certificate not found. Chain is incomplete.");
+// context.allowBrokenChain = true;
+ }
+
+ time_t nowTime = time(NULL);
+ // WAC 2.0 SP-2066 The wrt must not block widget installation
+ // due to expiration of the author certificate.
+#define CHECK_TIME
+#ifdef CHECK_TIME
+
+ ASN1_TIME* notAfterTime = data.getEndEntityCertificatePtr()->getNotAfterTime();
+ ASN1_TIME* notBeforeTime = data.getEndEntityCertificatePtr()->getNotBeforeTime();
+
+ if (X509_cmp_time(notBeforeTime, &nowTime) > 0 || X509_cmp_time(notAfterTime, &nowTime) < 0)
+ {
+ struct tm *t;
+ struct tm ta, tb, tc;
+ char msg[1024];
+
+ t = localtime(&nowTime);
+ if (!t)
+ return WrtSignatureValidator::SIGNATURE_INVALID; // internal error.
+
+ memset(&tc, 0, sizeof(tc));
+
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", t->tm_year + 1900, t->tm_mon + 1,t->tm_mday );
+ LogDebug("## System's currentTime : " << msg);
+ fprintf(stderr, "## System's currentTime : %s\n", msg);
+
+ tb = _ASN1_GetTimeT(notBeforeTime);
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tb.tm_year + 1900, tb.tm_mon + 1,tb.tm_mday );
+ LogDebug("## certificate's notBeforeTime : " << msg);
+ fprintf(stderr, "## certificate's notBeforeTime : %s\n", msg);
+
+ ta = _ASN1_GetTimeT(notAfterTime);
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", ta.tm_year + 1900, ta.tm_mon + 1,ta.tm_mday );
+ LogDebug("## certificate's notAfterTime : " << msg);
+ fprintf(stderr, "## certificate's notAfterTime : %s\n", msg);
+
+ if (storeIdSet.contains(CertStoreId::TIZEN_VERIFY))
+ {
+ LogDebug("## TIZEN_VERIFY : check certificate Time : FALSE");
+ fprintf(stderr, "## TIZEN_VERIFY : check certificate Time : FALSE\n");
+ return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+ int year = (ta.tm_year - tb.tm_year) / 4;
+
+ if(year == 0)
+ {
+ tc.tm_year = tb.tm_year;
+ tc.tm_mon = tb.tm_mon + 1;
+ tc.tm_mday = tb.tm_mday;
+
+ if(tc.tm_mon == 12)
+ {
+ tc.tm_year = ta.tm_year;
+ tc.tm_mon = ta.tm_mon - 1;
+ tc.tm_mday = ta.tm_mday;
+
+ if(tc.tm_mon < 0)
+ {
+ tc.tm_year = ta.tm_year;
+ tc.tm_mon = ta.tm_mon;
+ tc.tm_mday = ta.tm_mday -1;
+
+ if(tc.tm_mday == 0)
+ {
+ tc.tm_year = tb.tm_year;
+ tc.tm_mon = tb.tm_mon;
+ tc.tm_mday = tb.tm_mday +1;
+ }
+ }
+ }
+ }
+ else{
+ tc.tm_year = tb.tm_year + year;
+ tc.tm_mon = (tb.tm_mon + ta.tm_mon )/2;
+ tc.tm_mday = (tb.tm_mday + ta.tm_mday)/2;
+ }
+
+ snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tc.tm_year + 1900, tc.tm_mon + 1,tc.tm_mday );
+ LogDebug("## cmp cert with validation time : " << msg);
+ fprintf(stderr, "## cmp cert with validation time : %s\n", msg);
+
+ time_t outCurrent = mktime(&tc);
+
+ fprintf(stderr, "## cmp outCurrent time : %ld\n", outCurrent);
+
+ context.validationTime = outCurrent;
+ //return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+#endif
+
+#if 0
+ time_t notAfter = data.getEndEntityCertificatePtr()->getNotAfter();
+ time_t notBefore = data.getEndEntityCertificatePtr()->getNotBefore();
+
+ struct tm *t;
+
+ if (data.isAuthorSignature())
+ {
+ // time_t 2038 year bug exist. So, notAtter() cann't check...
+ /*
+ if (notAfter < nowTime)
+ {
+ context.validationTime = notAfter - TIMET_DAY;
+ LogWarning("Author certificate is expired. notAfter...");
+ }
+ */
+
+ if (notBefore > nowTime)
+ {
+ LogWarning("Author certificate is expired. notBefore time is greater than system-time.");
+
+ t = localtime(&nowTime);
+ LogDebug("System's current Year : " << t->tm_year + 1900);
+ LogDebug("System's current month : " << t->tm_mon + 1);
+ LogDebug("System's current day : " << t->tm_mday);
+
+ t = localtime(¬Before);
+ LogDebug("Author certificate's notBefore Year : " << t->tm_year + 1900);
+ LogDebug("Author certificate's notBefore month : " << t->tm_mon + 1);
+ LogDebug("Author certificate's notBefore day : " << t->tm_mday);
+
+ context.validationTime = notBefore + TIMET_DAY;
+
+ t = localtime(&context.validationTime);
+ LogDebug("Modified current Year : " << t->tm_year + 1900);
+ LogDebug("Modified current notBefore month : " << t->tm_mon + 1);
+ LogDebug("Modified current notBefore day : " << t->tm_mday);
+ }
+ }
+#endif
+ if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validate(&context)) {
+ LogWarning("Installation break - invalid package!");
+ return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+ data.setReference(context.referenceSet);
+
+ if (!checkObjectReferences(data)) {
+ return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+ ReferenceValidator fileValidator(widgetContentPath);
+ if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(data)) {
+ LogWarning("Invalid package - file references broken");
+ return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+ // It is good time to do OCSP check
+ // ocspCheck will throw an exception on any error.
+ // TODO Probably we should catch this exception and add
+ // some information to SignatureData.
+ if (!m_complianceModeEnabled && !data.isAuthorSignature()) {
+ CertificateCollection coll;
+ coll.load(sortedCertificateList);
+
+ if (!coll.sort()) {
+ LogDebug("Collection does not contain chain!");
+ return WrtSignatureValidator::SIGNATURE_INVALID;
+ }
+
+ CertificateVerifier verificator(m_ocspEnable, m_crlEnable);
+ VerificationStatus result = verificator.check(coll);
+
+ if (result == VERIFICATION_STATUS_REVOKED) {
+ return WrtSignatureValidator::SIGNATURE_REVOKED;
+ }
+
+ if (result == VERIFICATION_STATUS_UNKNOWN ||
+ result == VERIFICATION_STATUS_ERROR)
+ {
+#ifdef _OCSP_POLICY_DISREGARD_UNKNOWN_OR_ERROR_CERTS_
+ disregard = true;
+#endif //_OCSP_POLICY_DISREGARD_UNKNOWN_OR_ERROR_CERTS_
+ }
+ }
+#endif
+
+ if (disregard) {
+ LogWarning("Signature is disregard. RootCA is not a member of Tizen.");
+ return WrtSignatureValidator::SIGNATURE_DISREGARD;
+ }
+ return WrtSignatureValidator::SIGNATURE_VERIFIED;
+}
+
+// Implementation of WrtSignatureValidator
+
+WrtSignatureValidator::WrtSignatureValidator(
+ AppType appType,
+ bool ocspEnable,
+ bool crlEnable,
+ bool complianceMode)
+ : m_impl(0)
+{
+ if (appType == TIZEN)
+ m_impl = new ImplTizen(ocspEnable,crlEnable,complianceMode);
+ else
+ m_impl = new ImplWac(ocspEnable,crlEnable,complianceMode);
+}
+
+WrtSignatureValidator::~WrtSignatureValidator()
+{
+ delete m_impl;
+}
+
+WrtSignatureValidator::Result WrtSignatureValidator::check(
+ SignatureData &data,
+ const std::string &widgetContentPath)
+{
+ return m_impl->check(data, widgetContentPath);
+}
+
+} // namespace ValidationCore
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file WrtSignatureValidator.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Implementatin of tizen signature validation protocol.
+ */
+#ifndef _VALIDATION_CORE_TIZENSIGNATUREVALIDATOR_H_
+#define _VALIDATION_CORE_TIZENSIGNATUREVALIDATOR_H_
+
+#include <string>
+
+#include <vcore/SignatureData.h>
+
+namespace ValidationCore {
+
+class WrtSignatureValidator {
+public:
+
+ class Impl;
+
+ enum AppType
+ {
+ TIZEN,
+ WAC20
+ };
+
+ enum Result
+ {
+ SIGNATURE_VALID,
+ SIGNATURE_INVALID,
+ SIGNATURE_VERIFIED,
+ SIGNATURE_DISREGARD, // no ocsp response or ocsp return unknown status
+ SIGNATURE_REVOKED
+ };
+
+ WrtSignatureValidator() = delete;
+ WrtSignatureValidator(const WrtSignatureValidator &) = delete;
+ const WrtSignatureValidator &operator=(const WrtSignatureValidator &) = delete;
+
+ explicit WrtSignatureValidator(
+ AppType appType,
+ bool ocspEnable,
+ bool crlEnable,
+ bool complianceMode);
+
+ virtual ~WrtSignatureValidator();
+
+ Result check(
+ SignatureData &data,
+ const std::string &widgetContentPath);
+
+private:
+ Impl *m_impl;
+
+};
+
+} // namespace ValidationCore
+
+#endif // _VALIDATION_CORE_TIZENSIGNATUREVALIDATOR_H_
+
* @version 1.0
* @brief
*/
-
-/*
- * Copyright (C) 2002-2003 Aleksey Sanin. All Rights Reserved.
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use,
- * copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
-
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
-
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
- * OTHER DEALINGS IN THE SOFTWARE.
- */
-
-
#include <cstdlib>
#include <cstring>
#include <xmlsec/crypto.h>
#include <xmlsec/io.h>
#include <xmlsec/keyinfo.h>
+#include <xmlsec/errors.h>
#include <dpl/assert.h>
#include <dpl/log/log.h>
-#include "XmlsecAdapter.h"
+#include <vcore/XmlsecAdapter.h>
+
+#include <vcore/ValidatorCommon.h>
+
#include <dpl/singleton_impl.h>
IMPLEMENT_SINGLETON(ValidationCore::XmlSec)
void* XmlSec::fileOpenCallback(const char *filename)
{
std::string path = s_prefixPath + filename;
- LogDebug("Xmlsec opening: " << path);
+
+ // LogDebug("Xmlsec opening: " << path);
return new FileWrapper(xmlFileOpen(path.c_str()),false);
}
int XmlSec::fileCloseCallback(void *context)
{
+ //LogDebug("Xmlsec closing: ");
FileWrapper *fw = static_cast<FileWrapper*>(context);
int output = 0;
if (!(fw->released)) {
}
}
+void LogDebugPrint(const char* file, int line, const char* func,
+ const char* errorObject, const char* errorSubject,
+ int reason, const char* msg)
+{
+ char total[1024];
+ snprintf(total, sizeof(total), "[%s(%d)] : [%s] : [%s] : [%s]", func, line, errorObject, errorSubject, msg);
+
+ if(reason != 256)
+ {
+ fprintf(stderr, "## [validate error]: %s\n", total);
+ LogError(" " << total);
+ }
+ else
+ {
+ LogDebug(" " << total);
+ }
+}
+
XmlSec::XmlSec() :
- m_initialized(false)
+ m_initialized(false),
+ m_noHash(false),
+ m_partialHash(false),
+ m_pList(NULL)
{
LIBXML_TEST_VERSION
xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
XmlSec::~XmlSec()
{
+ m_noHash= false;
+ m_partialHash = false;
if (m_initialized) {
deinitialize();
}
dsigCtx->keyInfoReadCtx.certsVerificationTime = context->validationTime;
}
- /* Verify signature */
- if (xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
- LogWarning("Signature verify error.");
+ if( m_noHash == true || m_partialHash == true ) {
+ LogDebug("SignatureEx start >> ");
+ if( m_pList == NULL ) {
+ LogWarning("## [validate]: uriList does not exist" );
+ fprintf(stderr, "## [validate]: uriList does not exist\n");
+ res = xmlSecDSigCtxVerifyEx(dsigCtx, node, 1, NULL);
+ } else {
+ if (!m_pList) {
+ LogWarning("## [validate]: uriList does not exist" );
+ fprintf(stderr, "## [validate]: uriList does not exist\n");
+ res = -1;
+ goto done;
+ }
+
+ size_t n = m_pList->size();
+
+ char *pList[n + 1];
+ std::list<std::string>::const_iterator itr = m_pList->begin();
+ std::string tmpString;
+ char *uri = NULL;
+ size_t len;
+
+ size_t i = 0;
+ for(; itr != m_pList->end(); ++itr) {
+ tmpString = (*itr);
+ uri = (char*)tmpString.c_str();
+ len = strlen(uri);
+ pList[i] = (char *)malloc(len + 1);
+ memcpy(pList[i], uri, len);
+ pList[i][len] = '\0';
+ fprintf(stderr, "## [validate]: uriList[%d] = %s\n", i, pList[i]);
+ ++i;
+ }
+ pList[n] = '\0';
+
+ res = xmlSecDSigCtxVerifyEx(dsigCtx, node, 0, (void*)pList);
+ i = 0;
+
+ while (pList[i]) {
+ free(pList[i]);
+ ++i;
+ }
+ }
+
+ if(res < 0) {
+ LogError("SignatureEx verify error.");
+ fprintf(stderr, "## [validate error]: SignatureEx verify error\n");
+ res = -1;
goto done;
+ }
+ } else {
+ LogDebug("Signature start >> ");
+
+ /* Verify signature */
+ if (xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
+ LogError("Signature verify error.");
+ fprintf(stderr, "## [validate error]: Signature verify error\n");
+ res = -1;
+ goto done;
+ }
}
if (dsigCtx->keyInfoReadCtx.flags2 &
- XMLSEC_KEYINFO_ERROR_FLAGS_BROKEN_CHAIN) {
+ XMLSEC_KEYINFO_ERROR_FLAGS_BROKEN_CHAIN) {
LogWarning("XMLSEC_KEYINFO_FLAGS_ALLOW_BROKEN_CHAIN was set to true!");
LogWarning("Signature contains broken chain!");
context->errorBrokenChain = true;
res = 0;
} else {
LogDebug("Signature is INVALID");
+ res = -1;
goto done;
}
if (dsigCtx->c14nMethod && dsigCtx->c14nMethod->id &&
dsigCtx->c14nMethod->id->name) {
- LogInfo("Canonicalization method: " <<
- reinterpret_cast<const char *>(dsigCtx->c14nMethod->id->name));
+ // LogInfo("Canonicalization method: " <<
+ // reinterpret_cast<const char *>(dsigCtx->c14nMethod->id->name));
}
size = xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences));
reinterpret_cast<const char *>(dsigRefCtx->digestMethod->id
->name);
std::string strDigest(pDigest);
- LogInfo("reference digest method: " <<
- reinterpret_cast<const char *>(dsigRefCtx->digestMethod
+ /*LogInfo("reference digest method: " <<
+ reinterpret_cast<const char *>(dsigRefCtx->digestMethod
->id
- ->name));
+ ->name));*/
if (strDigest == DIGEST_MD5) {
LogWarning("MD5 digest method used! Please use sha");
res = -1;
}
done:
+ m_pList = NULL;
+ m_noHash = false;
+ m_partialHash = false;
+
/* cleanup */
if (dsigCtx != NULL) {
xmlSecDSigCtxDestroy(dsigCtx);
{
Assert(context);
Assert(!(context->signatureFile.empty()));
- Assert(context->certificatePtr.Get() || !(context->certificatePath.empty()));
+ Assert(context->certificatePtr.get() || !(context->certificatePath.empty()));
+
+ xmlSecErrorsSetCallback(LogDebugPrint);
if (!m_initialized) {
LogError("XmlSec is not initialized.");
}
context->referenceSet.clear();
- if (context->certificatePtr.Get()) {
+ if (context->certificatePtr.get()) {
loadDERCertificateMemory(context, mngr.get());
}
return validateFile(context, mngr.get());
}
+
+XmlSec::Result XmlSec::validateNoHash(XmlSecContext *context)
+{
+ xmlSecErrorsSetCallback(LogDebugPrint);
+
+ m_noHash = true;
+ return validate(context);
+}
+
+XmlSec::Result XmlSec::validatePartialHash(XmlSecContext *context)
+{
+ xmlSecErrorsSetCallback(LogDebugPrint);
+
+ m_partialHash = true;
+ return validate(context);
+}
+
+XmlSec::Result XmlSec::setPartialHashList(const std::list<std::string>& targetUri)
+{
+ xmlSecErrorsSetCallback(LogDebugPrint);
+
+ m_pList = (std::list<std::string>*)&targetUri;
+ return NO_ERROR;
+}
} // namespace ValidationCore
* @version 1.0
* @brief
*/
-#ifndef _XMLSECADAPTER_H_
-#define _XMLSECADAPTER_H_
+#ifndef _VALIDATION_CORE_XMLSECADAPTER_H_
+#define _VALIDATION_CORE_XMLSECADAPTER_H_
#include <xmlsec/keysmngr.h>
#include <dpl/noncopyable.h>
#include <dpl/singleton.h>
-#include "Certificate.h"
-#include "ValidatorCommon.h"
+#include <vcore/Certificate.h>
+#include <vcore/SignatureData.h>
namespace ValidationCore {
-class XmlSec : public DPL::Noncopyable
+class XmlSec : public VcoreDPL::Noncopyable
{
public:
class Exception
{
public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
DECLARE_EXCEPTION_TYPE(Base, InternalError)
};
* Context - input/output param.
*/
Result validate(XmlSecContext *context);
- protected:
+ Result validateNoHash(XmlSecContext *context);
+ Result validatePartialHash(XmlSecContext *context);
+ Result setPartialHashList(const std::list<std::string>& targetUri);
+
+ protected:
XmlSec();
~XmlSec();
private:
xmlSecKeysMngrPtr mngr);
bool m_initialized;
+ bool m_noHash;
+ bool m_partialHash;
+ std::list<std::string>* m_pList;
static std::string s_prefixPath;
static int fileMatchCallback(const char *filename);
static void fileExtractPrefix(XmlSecContext *context);
};
-typedef DPL::Singleton<XmlSec> XmlSecSingleton;
+typedef VcoreDPL::Singleton<XmlSec> XmlSecSingleton;
+
} // namespace ValidationCore
-#endif // _XMLSECVERIFICATOR_H_
+
+#endif // _VALIDATION_CORE_XMLSECVERIFICATOR_H_
#include <string>
#include <vector>
+#include <glib-object.h>
+
#include <openssl/pem.h>
#include <openssl/ssl.h>
-#include <openssl/x509.h>
+#include <openssl/x509v3.h>
#include <openssl/pkcs12.h>
#include <openssl/err.h>
#include <openssl/sha.h>
-
-#include <dlog.h>
+#include <openssl/evp.h>
+#include <openssl/bio.h>
#include <dpl/foreach.h>
#include <dpl/log/log.h>
+#include <cert-service-debug.h>
+
#include <cert-svc/cinstance.h>
#include <cert-svc/ccert.h>
-#include <cert-svc/cocsp.h>
-#include <cert-svc/cpkcs12.h>
-#include <cert-svc/ccrl.h>
#include <cert-svc/cpkcs12.h>
#include <cert-svc/cprimitives.h>
#include <vcore/Base64.h>
#include <vcore/Certificate.h>
#include <vcore/CertificateCollection.h>
+#include <vcore/pkcs12.h>
+
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
+#include <cert-svc/ccrl.h>
+#include <cert-svc/cocsp.h>
#include <vcore/OCSP.h>
#include <vcore/CRL.h>
#include <vcore/CRLCacheInterface.h>
-#include <vcore/pkcs12.h>
+#endif
+
+#include <libxml/parser.h>
+#include <libxml/tree.h>
+
+#ifndef LOG_TAG
+#define LOG_TAG "CERT_SVC"
+#endif
using namespace ValidationCore;
typedef std::unique_ptr<CERT_CONTEXT, std::function<int(CERT_CONTEXT*)> > ScopedCertCtx;
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
class CRLCacheCAPI : public CRLCacheInterface {
public:
CRLCacheCAPI(
CertSvcCrlFree m_crlFree;
void *m_userParam;
};
+#endif
class CertSvcInstanceImpl {
public:
: m_certificateCounter(0)
, m_idListCounter(0)
, m_stringListCounter(0)
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
, m_crlWrite(NULL)
, m_crlRead(NULL)
, m_crlFree(NULL)
+#endif
{}
~CertSvcInstanceImpl(){
}
auto certPtr = iter->second;
- DPL::OptionalString result;
- switch(field) {
+
+ std::string result;
+ switch (field) {
case CERTSVC_SUBJECT:
- result = DPL::OptionalString(certPtr->getOneLine());
+ result = certPtr->getOneLine();
break;
case CERTSVC_ISSUER:
- result = DPL::OptionalString(certPtr->getOneLine(Certificate::FIELD_ISSUER));
- break;
+ result = certPtr->getOneLine(Certificate::FIELD_ISSUER);
+ break;
case CERTSVC_SUBJECT_COMMON_NAME:
result = certPtr->getCommonName();
break;
case CERTSVC_SUBJECT_ORGANIZATION_UNIT_NAME:
result = certPtr->getOrganizationalUnitName();
break;
+ case CERTSVC_SUBJECT_EMAIL_ADDRESS:
+ result = certPtr->getEmailAddres();
+ break;
case CERTSVC_ISSUER_COMMON_NAME:
result = certPtr->getCommonName(Certificate::FIELD_ISSUER);
break;
case CERTSVC_ISSUER_ORGANIZATION_UNIT_NAME:
result = certPtr->getOrganizationalUnitName(Certificate::FIELD_ISSUER);
break;
+
case CERTSVC_VERSION:
- {
- std::stringstream stream;
- stream << (certPtr->getVersion()+1);
- result = DPL::OptionalString(DPL::FromUTF8String(stream.str()));
- break;
- }
+ {
+ std::stringstream stream;
+ stream << (certPtr->getVersion()+1);
+ result = stream.str();
+ break;
+ }
case CERTSVC_SERIAL_NUMBER:
- result = DPL::OptionalString(certPtr->getSerialNumberString());
+ result = certPtr->getSerialNumberString();
break;
case CERTSVC_KEY_USAGE:
- result = DPL::OptionalString(certPtr->getKeyUsageString());
+ result = certPtr->getKeyUsageString();
break;
case CERTSVC_KEY:
- result = DPL::OptionalString(certPtr->getPublicKeyString());
+ result = certPtr->getPublicKeyString();
break;
case CERTSVC_SIGNATURE_ALGORITHM:
- result = DPL::OptionalString(certPtr->getSignatureAlgorithmString());
+ result = certPtr->getSignatureAlgorithmString();
break;
default:
break;
}
- if (result.IsNull()) {
+ if (result.empty()) {
buffer->privateHandler = NULL;
buffer->privateLength = 0;
buffer->privateInstance = cert.privateInstance;
return CERTSVC_SUCCESS;
}
- std::string output = DPL::ToUTF8String(*result);
- char *cstring = new char[output.size()+1];
- strncpy(cstring, output.c_str(), output.size()+1);
+ char *cstring = new char[result.size()+1];
+ if (cstring == NULL) {
+ buffer->privateHandler = NULL;
+ buffer->privateLength = 0;
+ buffer->privateInstance = cert.privateInstance;
+ return CERTSVC_BAD_ALLOC;
+ }
+
+ strncpy(cstring, result.c_str(), result.size()+1);
buffer->privateHandler = cstring;
- buffer->privateLength = output.size();
+ buffer->privateLength = result.size();
buffer->privateInstance = cert.privateInstance;
m_allocatedStringSet.insert(cstring);
return CERTSVC_SUCCESS;
}
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
inline int getCrl(const CertSvcCertificate &cert, CertSvcStringList *handler){
auto iter = m_certificateMap.find(cert.privateHandler);
if (iter == m_certificateMap.end()) {
return CERTSVC_SUCCESS;
}
+#endif
inline int getStringFromList(
const CertSvcStringList &handler,
if (cert == m_certificateMap.end()) {
return CERTSVC_WRONG_ARGUMENT;
}
- translator[cert->second.Get()] = pos;
+ translator[cert->second.get()] = pos;
certList.push_back(cert->second);
}
int i=0;
for (auto iter = chain.begin(); iter != chain.end() && i<size; ++iter, ++i) {
- certificate_array[i].privateHandler = translator[iter->Get()];
+ certificate_array[i].privateHandler = translator[iter->get()];
}
return CERTSVC_SUCCESS;
return CERTSVC_SUCCESS;
}
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
inline int ocspCheck(const CertSvcCertificate *chain,
int chain_size,
const CertSvcCertificate *trusted,
if (statusSet.contains(VERIFICATION_STATUS_NOT_SUPPORT)) {
ret |= CERTSVC_OCSP_NO_SUPPORT;
}
+ if (statusSet.contains(VERIFICATION_STATUS_CONNECTION_FAILED)) {
+ ret |= CERTSVC_OCSP_CONNECTION_FAILED;
+ }
if (statusSet.contains(VERIFICATION_STATUS_ERROR)) {
ret |= CERTSVC_OCSP_ERROR;
}
*status = ret;
return CERTSVC_SUCCESS;
}
+#endif
inline int verify(
CertSvcCertificate certificate,
base.finalize();
info = base.get();
char *ptr = new char[info.size()+1];
+ if(ptr == NULL) {
+ return CERTSVC_BAD_ALLOC;
+ }
memcpy(ptr, info.c_str(), info.size()+1);
m_allocatedStringSet.insert(ptr);
base64->privateHandler = ptr;
}
info = base.get();
char *ptr = new char[info.size()+1];
+ if(ptr == NULL) {
+ return CERTSVC_BAD_ALLOC;
+ }
memcpy(ptr, info.c_str(), info.size()+1);
m_allocatedStringSet.insert(ptr);
message->privateHandler = ptr;
int size,
CertSvcString *output)
{
- if (!output) {
+ if (!output || size < 0) {
return CERTSVC_WRONG_ARGUMENT;
}
int allocSize = size;
- if (str[allocSize-1] != 0)
+ if (allocSize == 0 || str[allocSize-1] != 0)
allocSize++;
char *ptr = new char[allocSize];
+ if(ptr == NULL) {
+ return CERTSVC_BAD_ALLOC;
+ }
memcpy(ptr, str, size);
ptr[allocSize-1] = 0;
output->privateHandler = ptr;
output->privateLength = size;
output->privateInstance = instance;
+
+ m_allocatedStringSet.insert(ptr);
+
return CERTSVC_SUCCESS;
}
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
inline void setCRLFunction(
CertSvcCrlCacheWrite writePtr,
CertSvcCrlCacheRead readPtr,
return CERTSVC_SUCCESS;
}
+#endif
inline int certificateVerify(
CertSvcCertificate certificate,
int trustedSize,
CertSvcCertificate *untrusted,
int untrustedSize,
+ int checkCaFlag,
int *status)
{
if (!trusted || !status) {
sk_X509_free(ustore);
return CERTSVC_WRONG_ARGUMENT;
}
- sk_X509_push(ustore, iter->second->getX509());
+ if (sk_X509_push(ustore, iter->second->getX509()) == 0)
+ {
+ break;
+ }
}
X509_STORE_CTX context;
X509_STORE_CTX_init(&context, store, cert, ustore);
int result = X509_verify_cert(&context);
+
+ if(result == 1 && checkCaFlag) { // check strictly
+ STACK_OF(X509) *resultChain = X509_STORE_CTX_get1_chain(&context);
+ X509* tmpCert = NULL;
+ int caFlagValidity;
+ while((tmpCert = sk_X509_pop(resultChain))) {
+ caFlagValidity = X509_check_ca(tmpCert);
+ if(caFlagValidity != 1 && (tmpCert = sk_X509_pop(resultChain)) != NULL) { // the last one is not a CA.
+ result = 0;
+ break;
+ }
+ }
+ }
+
X509_STORE_CTX_cleanup(&context);
X509_STORE_free(store);
sk_X509_free(ustore);
return CERTSVC_SUCCESS;
}
+ int getVisibility(CertSvcCertificate certificate, int* visibility)
+ {
+ int ret = CERTSVC_FAIL;
+ xmlChar *xmlPathCertificateSet = (xmlChar*) "CertificateSet";
+ xmlChar *xmlPathCertificateDomain = (xmlChar*) "CertificateDomain";// name=\"tizen-platform\"";
+ xmlChar *xmlPathDomainPlatform = (xmlChar*) "tizen-platform";
+ xmlChar *xmlPathDomainPublic = (xmlChar*) "tizen-public";
+ xmlChar *xmlPathDomainPartner = (xmlChar*) "tizen-partner";
+ xmlChar *xmlPathDomainDeveloper = (xmlChar*) "tizen-developer";
+ xmlChar *xmlPathFingerPrintSHA1 = (xmlChar*) "FingerprintSHA1";
+
+ CertificatePtr certPtr = m_certificateMap[0];
+ if(certPtr == NULL)
+ {
+ SLOGE("Invalid Parameter. certificate is not initialized");
+ return CERTSVC_FAIL;
+ }
+ std::string fingerprint = Certificate::FingerprintToColonHex(certPtr->getFingerprint(Certificate::FINGERPRINT_SHA1));
+
+ /* load file */
+ xmlDocPtr doc = xmlParseFile("/usr/share/wrt-engine/fingerprint_list.xml");
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL))
+ {
+ SLOGE("Failed to prase fingerprint_list.xml\n");
+ return CERTSVC_IO_ERROR;
+ }
+
+ xmlNodePtr curPtr = xmlFirstElementChild(xmlDocGetRootElement(doc));
+ if(curPtr == NULL)
+ {
+ SLOGE("Can not find root");
+ ret = CERTSVC_IO_ERROR;
+ goto out;
+ }
+
+ while(curPtr != NULL)
+ {
+ xmlAttr* attr = curPtr->properties;
+ if(!attr->children || !attr->children->content)
+ {
+ SLOGE("Failed to get fingerprints from list");
+ ret = CERTSVC_FAIL;
+ goto out;
+ }
+
+ xmlChar* strLevel = attr->children->content;
+ xmlNodePtr FpPtr = xmlFirstElementChild(curPtr);
+ if(FpPtr == NULL)
+ {
+ SLOGE("Could not find fingerprint");
+ ret = CERTSVC_FAIL;
+ goto out;
+ }
+
+ SLOGD("Retrieve level : %s", strLevel);
+ while(FpPtr)
+ {
+ xmlChar *content = xmlNodeGetContent(FpPtr);
+ if(xmlStrcmp(content, (xmlChar*)fingerprint.c_str()) == 0)
+ {
+ SLOGD("fingerprint : %s are %s", content, strLevel);
+ if(!xmlStrcmp(strLevel, xmlPathDomainPlatform))
+ {
+ *visibility = CERTSVC_VISIBILITY_PLATFORM;
+ ret = CERTSVC_SUCCESS;
+ goto out;
+ }
+ else if(!xmlStrcmp(strLevel, xmlPathDomainPublic))
+ {
+ *visibility = CERTSVC_VISIBILITY_PUBLIC;
+ ret = CERTSVC_SUCCESS;
+ goto out;
+ }
+ else if(!xmlStrcmp(strLevel, xmlPathDomainPartner))
+ {
+ *visibility = CERTSVC_VISIBILITY_PARTNER;
+ ret = CERTSVC_SUCCESS;
+ goto out;
+ }
+ else if(!xmlStrcmp(strLevel, xmlPathDomainDeveloper))
+ {
+ *visibility = CERTSVC_VISIBILITY_DEVELOPER;
+ ret = CERTSVC_SUCCESS;
+ goto out;
+ }
+ }
+ FpPtr = xmlNextElementSibling(FpPtr);
+ }
+ curPtr = xmlNextElementSibling(curPtr);
+ }
+ xmlFreeDoc(doc);
+ return CERTSVC_FAIL;
+out:
+ xmlFreeDoc(doc);
+ return ret;
+ }
+
inline int pkcsNameIsUnique(
CertSvcString pfxIdString,
int *is_unique)
handler->privateHandler = position;
handler->privateInstance = instance;
+ return CERTSVC_SUCCESS;
}
inline int pkcsHasPassword(
inline int getPkcsPrivateKey(
CertSvcString pfxIdString,
char **buffer,
- int *size)
+ size_t *size)
{
- int result = c_certsvc_pkcs12_private_key_load(pfxIdString.privateHandler, buffer);
- if(result == CERTSVC_SUCCESS)
- *size = strlen(*buffer);
- return result;
+ return c_certsvc_pkcs12_private_key_load(pfxIdString.privateHandler, buffer, size);
}
inline int getPkcsCertificateList(
else
certPtrVector.push_back(CertificatePtr(new Certificate(*(context->certBuf))));
}
- c_certsvc_pkcs12_free_certificates(certs);
+ if(ncerts > 0)
+ c_certsvc_pkcs12_free_certificates(certs);
FOREACH(it, certPtrVector) {
listId.push_back(addCert(*it));
std::map<int, std::vector<std::string> > m_stringListMap;
std::set<char *> m_allocatedStringSet;
-
+
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
CertSvcCrlCacheWrite m_crlWrite;
CertSvcCrlCacheRead m_crlRead;
CertSvcCrlFree m_crlFree;
+#endif
};
inline CertSvcInstanceImpl *impl(CertSvcInstance instance) {
void certsvc_certificate_free(CertSvcCertificate certificate)
{
- impl(certificate.privateInstance)->removeCert(certificate);
+ if (certificate.privateHandler != 0)
+ impl(certificate.privateInstance)->removeCert(certificate);
}
int certsvc_certificate_save_file(
return impl(certificate.privateInstance)->isRootCA(certificate, status);
}
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
int certsvc_certificate_get_crl_distribution_points(
CertSvcCertificate certificate,
CertSvcStringList *handler)
} catch (...) {}
return CERTSVC_FAIL;
}
+#endif
int certsvc_string_list_get_one(
CertSvcStringList handler,
void certsvc_string_list_free(CertSvcStringList handler)
{
- impl(handler.privateInstance)->removeStringList(handler);
+ if (handler.privateHandler != 0)
+ {
+ impl(handler.privateInstance)->removeStringList(handler);
+ handler.privateHandler = 0;
+ }
}
void certsvc_string_free(CertSvcString string)
{
- impl(string.privateInstance)->removeString(string);
+ if (string.privateHandler)
+ impl(string.privateInstance)->removeString(string);
}
void certsvc_string_to_cstring(
void certsvc_certificate_free_x509(X509 *x509)
{
- X509_free(x509);
+ if (x509)
+ X509_free(x509);
+}
+
+int certsvc_pkcs12_dup_evp_pkey(
+ CertSvcInstance instance,
+ CertSvcString alias,
+ EVP_PKEY** pkey)
+{
+ char *buffer;
+ size_t size;
+
+ int result = certsvc_pkcs12_private_key_dup(
+ instance,
+ alias,
+ &buffer,
+ &size);
+
+ if (result != CERTSVC_SUCCESS) {
+ LogError("Error in certsvc_pkcs12_private_key_dup");
+ return result;
+ }
+
+ BIO *b = BIO_new(BIO_s_mem());
+
+ if ((int)size != BIO_write(b, buffer, size)) {
+ LogError("Error in BIO_write");
+ BIO_free_all(b);
+ certsvc_pkcs12_private_key_free(buffer);
+ return CERTSVC_FAIL;
+ }
+
+ certsvc_pkcs12_private_key_free(buffer);
+
+ *pkey = PEM_read_bio_PrivateKey(b, NULL, NULL, NULL);
+
+ BIO_free_all(b);
+
+ if (*pkey) {
+ return CERTSVC_SUCCESS;
+ }
+
+ LogError("Result is null. Openssl REASON code is: "
+ << ERR_GET_REASON(ERR_peek_last_error()));
+
+ return CERTSVC_FAIL;
}
+void certsvc_pkcs12_free_evp_pkey(EVP_PKEY* pkey)
+{
+ EVP_PKEY_free(pkey);
+}
+
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
int certsvc_ocsp_check(
CertSvcCertificate *chain,
int chain_size,
} catch (...) {}
return CERTSVC_FAIL;
}
+#endif
int certsvc_message_verify(
CertSvcCertificate certificate,
return CERTSVC_SUCCESS;
}
+#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
void certsvc_crl_cache_functions(
CertSvcInstance instance,
CertSvcCrlCacheWrite writePtr,
} catch (...) {}
return CERTSVC_FAIL;
}
+#endif
int certsvc_certificate_verify(
CertSvcCertificate certificate,
int *status)
{
try {
+ int check_caflag_false = 0;
return impl(certificate.privateInstance)->certificateVerify(
certificate,
trusted,
trustedSize,
untrusted,
untrustedSize,
+ check_caflag_false,
status);
} catch (...) {}
return CERTSVC_FAIL;
}
+int certsvc_certificate_verify_with_caflag(
+ CertSvcCertificate certificate,
+ CertSvcCertificate *trusted,
+ int trustedSize,
+ CertSvcCertificate *untrusted,
+ int untrustedSize,
+ int *status)
+{
+ try {
+ int check_caflag_true = 1;
+ return impl(certificate.privateInstance)->certificateVerify(
+ certificate,
+ trusted,
+ trustedSize,
+ untrusted,
+ untrustedSize,
+ check_caflag_true,
+ status);
+ } catch (...) {}
+ return CERTSVC_FAIL;
+}
+
+int certsvc_certificate_get_visibility(CertSvcCertificate certificate, int* visibility)
+{
+ try {
+ return impl(certificate.privateInstance)->getVisibility(certificate, visibility);
+ } catch (...)
+ {
+ SLOGE("exception occur");
+ }
+ return CERTSVC_FAIL;
+}
+
int certsvc_pkcs12_alias_exists(CertSvcInstance instance,
CertSvcString pfxIdString,
int *is_unique)
CertSvcInstance instance,
CertSvcString pfxIdString,
char **buffer,
- int *size)
+ size_t *size)
{
try {
return impl(instance)->getPkcsPrivateKey(pfxIdString, buffer, size);
void certsvc_pkcs12_private_key_free(
char *buffer)
{
- delete[] buffer;
+ free(buffer);
}
int certsvc_pkcs12_delete(
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file exception.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation of exception system
+ */
+#include <vcore/exception.h>
+
+#include <dpl/log/vcore_log.h>
+
+#include <stddef.h>
+
+namespace ValidationCore {
+Exception* Exception::m_lastException = NULL;
+unsigned int Exception::m_exceptionCount = 0;
+void (*Exception::m_terminateHandler)() = NULL;
+
+void LogUnhandledException(const std::string &str)
+{
+ VcoreLogD("%s", str.c_str());
+}
+
+void LogUnhandledException(const std::string &str,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ VcoreLogE("%s", str.c_str());
+}
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file exception.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief Header file for base exception
+ */
+#ifndef ValidationCore_EXCEPTION_H
+#define ValidationCore_EXCEPTION_H
+
+#include <string>
+#include <cstring>
+#include <cstdio>
+#include <exception>
+#include <cstdlib>
+#include <sstream>
+
+namespace ValidationCore {
+void LogUnhandledException(const std::string &str);
+void LogUnhandledException(const std::string &str,
+ const char *filename,
+ int line,
+ const char *function);
+}
+
+namespace ValidationCore {
+class Exception {
+private:
+ static unsigned int m_exceptionCount;
+ static Exception* m_lastException;
+ static void (*m_terminateHandler)();
+
+ static void AddRef(Exception* exception)
+ {
+ if (!m_exceptionCount) {
+ m_terminateHandler = std::set_terminate(&TerminateHandler);
+ }
+
+ ++m_exceptionCount;
+ m_lastException = exception;
+ }
+
+ static void UnRef(Exception* e)
+ {
+ if (m_lastException == e) {
+ m_lastException = NULL;
+ }
+
+ --m_exceptionCount;
+
+ if (!m_exceptionCount) {
+ std::set_terminate(m_terminateHandler);
+ m_terminateHandler = NULL;
+ }
+ }
+
+ static void TerminateHandler()
+ {
+ if (m_lastException != NULL) {
+ DisplayKnownException(*m_lastException);
+ abort();
+ } else {
+ DisplayUnknownException();
+ abort();
+ }
+ }
+
+ Exception *m_reason;
+ std::string m_path;
+ std::string m_function;
+ int m_line;
+
+protected:
+ std::string m_message;
+ std::string m_className;
+
+public:
+ static std::string KnownExceptionToString(const Exception &e)
+ {
+ std::ostringstream message;
+ message <<
+ "\033[1;5;31m\n=== Unhandled DPL exception occurred ===\033[m\n\n";
+ message << "\033[1;33mException trace:\033[m\n\n";
+ message << e.DumpToString();
+ message << "\033[1;31m\n=== Will now abort ===\033[m\n";
+
+ return message.str();
+ }
+
+ static std::string UnknownExceptionToString()
+ {
+ std::ostringstream message;
+ message <<
+ "\033[1;5;31m\n=== Unhandled non-DPL exception occurred ===\033[m\n\n";
+ message << "\033[1;31m\n=== Will now abort ===\033[m\n";
+
+ return message.str();
+ }
+
+ static void DisplayKnownException(const Exception& e)
+ {
+ LogUnhandledException(KnownExceptionToString(e).c_str());
+ }
+
+ static void DisplayUnknownException()
+ {
+ LogUnhandledException(UnknownExceptionToString().c_str());
+ }
+
+ Exception(const Exception &other)
+ {
+ // Deep copy
+ if (other.m_reason != NULL) {
+ m_reason = new Exception(*other.m_reason);
+ } else {
+ m_reason = NULL;
+ }
+
+ m_message = other.m_message;
+ m_path = other.m_path;
+ m_function = other.m_function;
+ m_line = other.m_line;
+
+ m_className = other.m_className;
+
+ AddRef(this);
+ }
+
+ const Exception &operator =(const Exception &other)
+ {
+ if (this == &other) {
+ return *this;
+ }
+
+ // Deep copy
+ if (other.m_reason != NULL) {
+ m_reason = new Exception(*other.m_reason);
+ } else {
+ m_reason = NULL;
+ }
+
+ m_message = other.m_message;
+ m_path = other.m_path;
+ m_function = other.m_function;
+ m_line = other.m_line;
+
+ m_className = other.m_className;
+
+ AddRef(this);
+
+ return *this;
+ }
+
+ Exception(const char *path,
+ const char *function,
+ int line,
+ const std::string &message) :
+ m_reason(NULL),
+ m_path(path),
+ m_function(function),
+ m_line(line),
+ m_message(message)
+ {
+ AddRef(this);
+ }
+
+ Exception(const char *path,
+ const char *function,
+ int line,
+ const Exception &reason,
+ const std::string &message) :
+ m_reason(new Exception(reason)),
+ m_path(path),
+ m_function(function),
+ m_line(line),
+ m_message(message)
+ {
+ AddRef(this);
+ }
+
+ virtual ~Exception() throw()
+ {
+ if (m_reason != NULL) {
+ delete m_reason;
+ m_reason = NULL;
+ }
+
+ UnRef(this);
+ }
+
+ void Dump() const
+ {
+ // Show reason first
+ if (m_reason != NULL) {
+ m_reason->Dump();
+ }
+
+ // Afterward, dump exception
+ const char *file = strchr(m_path.c_str(), '/');
+
+ if (file == NULL) {
+ file = m_path.c_str();
+ } else {
+ ++file;
+ }
+
+ printf("\033[0;36m[%s:%i]\033[m %s() \033[4;35m%s\033[m: %s\033[m\n",
+ file, m_line,
+ m_function.c_str(),
+ m_className.c_str(),
+ m_message.empty() ? "<EMPTY>" : m_message.c_str());
+ }
+
+ std::string DumpToString() const
+ {
+ std::string ret;
+ if (m_reason != NULL) {
+ ret = m_reason->DumpToString();
+ }
+
+ const char *file = strchr(m_path.c_str(), '/');
+
+ if (file == NULL) {
+ file = m_path.c_str();
+ } else {
+ ++file;
+ }
+
+ char buf[1024];
+ snprintf(buf,
+ sizeof(buf),
+ "\033[0;36m[%s:%i]\033[m %s() \033[4;35m%s\033[m: %s\033[m\n",
+ file,
+ m_line,
+ m_function.c_str(),
+ m_className.c_str(),
+ m_message.empty() ? "<EMPTY>" : m_message.c_str());
+
+ buf[sizeof(buf) - 1] = '\n';
+ ret += buf;
+
+ return ret;
+ }
+
+ Exception *GetReason() const
+ {
+ return m_reason;
+ }
+
+ std::string GetPath() const
+ {
+ return m_path;
+ }
+
+ std::string GetFunction() const
+ {
+ return m_function;
+ }
+
+ int GetLine() const
+ {
+ return m_line;
+ }
+
+ std::string GetMessage() const
+ {
+ return m_message;
+ }
+
+ std::string GetClassName() const
+ {
+ return m_className;
+ }
+};
+} // namespace ValidationCore
+
+#define VcoreTry try
+
+#define VcoreThrow(ClassName) \
+ throw ClassName(__FILE__, __FUNCTION__, __LINE__)
+
+#define VcoreThrowMsg(ClassName, Message) \
+ do \
+ { \
+ std::ostringstream dplLoggingStream; \
+ dplLoggingStream << Message; \
+ throw ClassName(__FILE__, __FUNCTION__, __LINE__, dplLoggingStream.str()); \
+ } while (0)
+
+#define VcoreReThrow(ClassName) \
+ throw ClassName(__FILE__, __FUNCTION__, __LINE__, _rethrown_exception)
+
+#define VcoreReThrowMsg(ClassName, Message) \
+ throw ClassName(__FILE__, \
+ __FUNCTION__, \
+ __LINE__, \
+ _rethrown_exception, \
+ Message)
+
+#define VcoreCatch(ClassName) \
+ catch (const ClassName &_rethrown_exception)
+
+#define VCORE_DECLARE_EXCEPTION_TYPE(BaseClass, Class) \
+ class Class : public BaseClass { \
+ public: \
+ Class(const char *path, \
+ const char *function, \
+ int line, \
+ const std::string & message = std::string()) \
+ : BaseClass(path, function, line, message) { \
+ \
+ BaseClass::m_className = #Class; \
+ } \
+ \
+ Class(const char *path, \
+ const char *function, \
+ int line, \
+ const ValidationCore::Exception & reason, \
+ const std::string & message = std::string()) \
+ : BaseClass(path, function, line, reason, message) { \
+ BaseClass::m_className = #Class; \
+ } \
+ };
+
+#define VCORE_UNHANDLED_EXCEPTION_HANDLER_BEGIN try
+
+#define VCORE_UNHANDLED_EXCEPTION_HANDLER_END \
+ catch (const ValidationCore::Exception &exception) \
+ { \
+ std::ostringstream msg; \
+ msg << ValidationCore::Exception::KnownExceptionToString(exception); \
+ ValidationCore::LogUnhandledException(msg.str(), \
+ __FILE__, \
+ __LINE__, \
+ __FUNCTION__); \
+ abort(); \
+ } \
+ catch (std::exception& e) \
+ { \
+ std::ostringstream msg; \
+ msg << e.what(); \
+ msg << "\n"; \
+ msg << ValidationCore::Exception::UnknownExceptionToString(); \
+ ValidationCore::LogUnhandledException(msg.str(), \
+ __FILE__, \
+ __LINE__, \
+ __FUNCTION__); \
+ abort(); \
+ } \
+ catch (...) \
+ { \
+ std::ostringstream msg; \
+ msg << ValidationCore::Exception::UnknownExceptionToString(); \
+ ValidationCore::LogUnhandledException(msg.str(), \
+ __FILE__, \
+ __LINE__, \
+ __FUNCTION__); \
+ abort(); \
+ }
+
+namespace ValidationCore {
+namespace CommonException {
+/**
+ * Internal exception definitions
+ *
+ * These should normally not happen.
+ * Usually, exception trace with internal error includes
+ * important messages.
+ */
+VCORE_DECLARE_EXCEPTION_TYPE(Exception, InternalError) ///< Unexpected error from
+ // underlying libraries or
+ // kernel
+}
+}
+
+#endif // ValidationCore_EXCEPTION_H
* @brief PKCS#12 container manipulation routines.
*/
#define _GNU_SOURCE
+#define _CERT_SVC_VERIFY_PKCS12
+#include <cert-service.h>
+#include "cert-service-util.h"
#include "pkcs12.h"
#include <cert-svc/cerror.h>
#include <unistd.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <ss_manager.h>
+#include <dlfcn.h>
+#include <cert-service-debug.h>
#define SYSCALL(call) while(((call) == -1) && (errno == EINTR))
#define CERTSVC_PKCS12_STORAGE_FILE "storage"
#define CERTSVC_PKCS12_STORAGE_PATH CERTSVC_PKCS12_STORAGE_DIR "/" CERTSVC_PKCS12_STORAGE_FILE
-static const char CERTSVC_PKCS12_STORAGE_KEY_PKEY[] = "pkey";
-static const char CERTSVC_PKCS12_STORAGE_KEY_CERTS[] = "certs";
+static const char CERTSVC_PKCS12_STORAGE_KEY_PKEY[] = "pkey";
+static const char CERTSVC_PKCS12_STORAGE_KEY_CERTS[] = "certs";
static const gchar CERTSVC_PKCS12_STORAGE_SEPARATOR = ';';
+static const char CERTSVC_PKCS12_UNIX_GROUP[] = "secure-storage::pkcs12";
static gboolean keyfile_check(const char *pathname) {
int result;
if(access(pathname, F_OK | R_OK | W_OK) == 0)
return TRUE;
SYSCALL(result = creat(pathname, S_IRUSR | S_IWUSR));
- return (result != -1) ? TRUE : FALSE;
+ if (result != -1) {
+ close(result);
+ return TRUE;
+ } else {
+ return FALSE;
+ }
}
static GKeyFile *keyfile_load(const char *pathname) {
const unsigned attempts = 0xFFU;
unsigned trial;
int result;
- ssm_file_info_t sfi;
gboolean exists;
+ char* data = NULL;
+ char* tempfilepath = NULL;
trial = 0U;
try_again:
++trial;
- result = generate_random_filepath(filepath);
+ result = generate_random_filepath(&tempfilepath);
if(result != CERTSVC_SUCCESS)
return result;
if(with_secure_storage)
- exists = (access(*filepath, F_OK) == 0 || ssm_getinfo(*filepath, &sfi, SSM_FLAG_DATA, NULL) == 0);
+ exists = (access(tempfilepath, F_OK) == 0 || ssa_get(tempfilepath, &data, CERTSVC_PKCS12_UNIX_GROUP, NULL) >= 0);
else
- exists = (access(*filepath, F_OK) == 0);
- if(exists) {
- free(*filepath);
+ exists = (access(tempfilepath, F_OK) == 0);
+
+ if(!exists) {
+ *filepath = tempfilepath;
+ }
+ else {
+ if(data){
+ free(data);
+ data = NULL;
+ }
+ free(tempfilepath);
if(trial + 1 > attempts)
return CERTSVC_FAIL;
else
goto try_again;
}
+
return CERTSVC_SUCCESS;
}
STACK_OF(X509) *certv;
int nicerts;
char *unique;
- int result;
+ int result = 0;
struct stat st;
int wr_res;
+ void* dlHandle = NULL;
GKeyFile *keyfile;
gchar *bare;
gchar *pkvalue;
gsize i, n;
gchar *data;
gsize length;
+ static int initFlag = 0;
+ const char appInfo[] = "certsvcp12";
+ int readLen = 0;
+ char fileBuffer[4096] = {0,};
certv = NULL;
+ pkvalue = NULL;
if(!alias || strlen(alias) < 1)
return CERTSVC_WRONG_ARGUMENT;
result = c_certsvc_pkcs12_alias_exists(alias, &exists);
result = CERTSVC_FAIL;
goto free_keyfile;
}
+
result = PKCS12_parse(container, password, &key, &cert, &certv);
PKCS12_free(container);
- if(result == 0) {
- result = CERTSVC_FAIL;
- goto free_keyfile;
- }
+ if (result == 0)
+ {
+ SLOGD("Failed to parse PKCS12");
+ result = CERTSVC_FAIL;
+ goto free_keyfile;
+ }
+
+#define _CERT_SVC_VERIFY_PKCS12
+#ifdef _CERT_SVC_VERIFY_PKCS12
+
+ if (certv == NULL)
+ {
+ char* pSubject = NULL;
+ char* pIssuerName = NULL;
+ //int isSelfSigned = 0;
+
+ pSubject = X509_NAME_oneline(cert->cert_info->subject, NULL, 0);
+ if (!pSubject)
+ {
+ SLOGE("Failed to get subject name");
+ result = CERTSVC_FAIL;
+ goto free_keyfile;
+ }
+
+ pIssuerName = X509_NAME_oneline(cert->cert_info->issuer, NULL, 0);
+ if (!pIssuerName)
+ {
+ SLOGE("Failed to get issuer name");
+ free(pSubject);
+ result = CERTSVC_FAIL;
+ goto free_keyfile;
+ }
+
+ if (strcmp((const char*)pSubject, (const char*)pIssuerName) == 0)
+ {
+ //self signed..
+ //isSelfSigned = 1;
+
+ EVP_PKEY* pKey = X509_get_pubkey(cert);
+ if (!pKey)
+ {
+ SLOGE("Failed to get public key");
+ result = CERTSVC_FAIL;
+ free(pSubject);
+ free(pIssuerName);
+ goto free_keyfile;
+ }
+
+ if (X509_verify(cert, pKey) <= 0)
+ {
+ result = CERTSVC_FAIL;
+ EVP_PKEY_free(pKey);
+ free(pSubject);
+ free(pIssuerName);
+ goto free_keyfile;
+ }
+ SLOGD("P12 verification Success");
+ EVP_PKEY_free(pKey);
+ }
+ else
+ {
+ //isSelfSigned = 0;
+ int res = 0;
+ X509_STORE_CTX *cert_ctx = NULL;
+ X509_STORE *cert_store = NULL;
+
+ cert_store = X509_STORE_new();
+ if (!cert_store)
+ {
+ SLOGE("Memory allocation failed");
+ free(pSubject);
+ free(pIssuerName);
+ result = CERTSVC_FAIL;
+ goto free_keyfile;
+ }
+
+ res = X509_STORE_load_locations(cert_store, NULL, "/opt/etc/ssl/certs/");
+ if (res != 1)
+ {
+ SLOGE("P12 load certificate store failed");
+ free(pSubject);
+ free(pIssuerName);
+ X509_STORE_free(cert_store);
+ result = CERTSVC_FAIL;
+ goto free_keyfile;
+ }
+
+ res = X509_STORE_set_default_paths(cert_store);
+ if (res != 1)
+ {
+ SLOGE("P12 load certificate store path failed");
+ free(pSubject);
+ free(pIssuerName);
+ X509_STORE_free(cert_store);
+ result = CERTSVC_FAIL;
+ goto free_keyfile;
+ }
+
+ // initialize store and store context
+ cert_ctx = X509_STORE_CTX_new();
+ if (cert_ctx == NULL)
+ {
+ SLOGE("Memory allocation failed");
+ free(pSubject);
+ free(pIssuerName);
+ X509_STORE_free(cert_store);
+ result = CERTSVC_FAIL;
+ goto free_keyfile;
+ }
+
+ // construct store context
+ if (!X509_STORE_CTX_init(cert_ctx, cert_store, cert, NULL))
+ {
+ SLOGD("Memory allocation failed");
+ free(pSubject);
+ free(pIssuerName);
+ X509_STORE_free(cert_store);
+ X509_STORE_CTX_free(cert_ctx);
+ result = CERTSVC_FAIL;
+ goto free_keyfile;
+ }
+
+ res = X509_verify_cert(cert_ctx);
+ if (res != 1)
+ {
+ SLOGE("P12 verification failed. error : %s",
+ X509_verify_cert_error_string(X509_STORE_CTX_get_error(cert_ctx)));
+ free(pSubject);
+ free(pIssuerName);
+ X509_STORE_free(cert_store);
+ X509_STORE_CTX_free(cert_ctx);
+ result = CERTSVC_FAIL;
+ goto free_keyfile;
+ }
+ X509_STORE_free(cert_store);
+ X509_STORE_CTX_free(cert_ctx);
+ SLOGD("P12 verification Success");
+ }
+ free(pSubject);
+ free(pIssuerName);
+ }
+ else
+ {
+ // Cert Chain
+ int res = 0;
+ X509_STORE_CTX *cert_ctx = NULL;
+ X509_STORE *cert_store = NULL;
+
+ cert_store = X509_STORE_new();
+ if (!cert_store)
+ {
+ SLOGE("Memory allocation failed");
+ result = CERTSVC_FAIL;
+ goto free_keyfile;
+ }
+
+ res = X509_STORE_load_locations(cert_store, NULL, "/opt/share/cert-svc/certs/ssl/");
+ if (res != 1)
+ {
+ SLOGE("P12 load certificate store failed");
+ result = CERTSVC_FAIL;
+ X509_STORE_free(cert_store);
+ goto free_keyfile;
+ }
+
+ res = X509_STORE_set_default_paths(cert_store);
+ if (res != 1)
+ {
+ SLOGE("P12 load certificate path failed");
+ result = CERTSVC_FAIL;
+ X509_STORE_free(cert_store);
+ goto free_keyfile;
+ }
+
+ // initialize store and store context
+ cert_ctx = X509_STORE_CTX_new();
+ if (cert_ctx == NULL)
+ {
+ SLOGE("Memory allocation failed");
+ result = CERTSVC_FAIL;
+ X509_STORE_free(cert_store);
+ goto free_keyfile;
+ }
+
+ // construct store context
+ if (!X509_STORE_CTX_init(cert_ctx, cert_store, cert, NULL))
+ {
+ SLOGE("Memory allocation failed");
+ result = CERTSVC_FAIL;
+ X509_STORE_free(cert_store);
+ X509_STORE_CTX_free(cert_ctx);
+ goto free_keyfile;
+ }
+
+ X509_STORE_CTX_trusted_stack(cert_ctx, certv);
+
+ res = X509_verify_cert(cert_ctx);
+ if (res != 1)
+ {
+ SLOGE("P12 verification failed. error : %s",
+ X509_verify_cert_error_string(X509_STORE_CTX_get_error(cert_ctx)));
+ result = CERTSVC_FAIL;
+ X509_STORE_free(cert_store);
+ X509_STORE_CTX_free(cert_ctx);
+ goto free_keyfile;
+ }
+
+ SLOGD("P12 verification Success");
+ X509_STORE_free(cert_store);
+ X509_STORE_CTX_free(cert_ctx);
+ }
+#endif //_CERT_SVC_VERIFY_PKCS12
nicerts = certv ? sk_X509_num(certv) : 0;
cvaluev = (gchar **)calloc(1 + nicerts, sizeof(gchar *));
n = 0;
result = unique_filename(&unique, TRUE);
if(result != CERTSVC_SUCCESS)
goto clean_cert_chain_and_pkey;
- if((stream = fopen(unique, "w")) == NULL) {
+ if((stream = fopen(unique, "w+")) == NULL) {
free(unique);
result = CERTSVC_IO_ERROR;
goto clean_cert_chain_and_pkey;
}
result = PEM_write_PrivateKey(stream, key, NULL, NULL, 0, NULL, NULL);
- fclose(stream);
if(result == 0) {
result = CERTSVC_FAIL;
+ fclose(stream);
+ free(unique);
goto clean_cert_chain_and_pkey;
}
- wr_res = ssm_write_file(unique, SSM_FLAG_DATA, NULL);
- if(wr_res != 0) {
+
+ fseek(stream, 0, SEEK_SET);
+
+ readLen = fread(fileBuffer, sizeof(char), 4096, stream);
+ fclose(stream);
+ if(readLen <= 0){
+ free(unique);
+ result = CERTSVC_FAIL;
+ SLOGE("failed to read key file");
+ goto clean_cert_chain_and_pkey;
+ }
+
+ wr_res = ssa_put(unique, fileBuffer, readLen, CERTSVC_PKCS12_UNIX_GROUP, NULL);
+ if(wr_res <= 0) {
free(unique);
result = CERTSVC_FAIL;
+ SLOGE("ssa_put failed : %d", wr_res);
goto clean_cert_chain_and_pkey;
}
+ unlink(unique);
+
bare = bare_filename(unique);
if(bare) {
pkvalue = g_strdup(bare);
result = CERTSVC_IO_ERROR;
goto clean_cert_chain_and_pkey;
}
- result = PEM_write_X509_AUX(stream, cert);
+ result = PEM_write_X509(stream, cert);
fclose(stream);
if(result == 0) {
result = CERTSVC_FAIL;
if(bare)
cvaluev[n++] = g_strdup(bare);
free(unique);
- for(i = 0; i < nicerts; i++) {
+ for(i = 0; i < (unsigned int)nicerts; i++) {
result = unique_filename(&unique, FALSE);
if(result != CERTSVC_SUCCESS)
goto clean_cert_chain_and_pkey;
free(unique);
}
g_key_file_set_list_separator(keyfile, CERTSVC_PKCS12_STORAGE_SEPARATOR);
- g_key_file_set_string_list(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_CERTS, (gchar *const *)cvaluev, n + 1);
+ g_key_file_set_string_list(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_CERTS, (const gchar * const *)cvaluev, n);
data = g_key_file_to_data(keyfile, &length, NULL);
if(data == NULL) {
result = CERTSVC_BAD_ALLOC;
goto free_data;
}
result = CERTSVC_SUCCESS;
+
+ SLOGD("( %s, %s)", path, password);
free_data:
g_free(data);
+
clean_cert_chain_and_pkey:
EVP_PKEY_free(key);
X509_free(cert);
return CERTSVC_IO_ERROR;
g_key_file_set_list_separator(keyfile, CERTSVC_PKCS12_STORAGE_SEPARATOR);
barev = g_key_file_get_string_list(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_CERTS, ncerts, NULL);
+ if(barev == NULL) {
+ *ncerts = 0;
+ goto free_keyfile;
+ }
*certs = g_malloc((*ncerts + 1) * sizeof(gchar *));
for(i = 0; i < *ncerts; i++)
- *certs[i] = g_strdup_printf("%s/%s", CERTSVC_PKCS12_STORAGE_DIR, barev[i]);
+ (*certs)[i] = g_strdup_printf("%s/%s", CERTSVC_PKCS12_STORAGE_DIR, barev[i]);
(*certs)[*ncerts] = NULL;
g_strfreev(barev);
+free_keyfile:
g_key_file_free(keyfile);
return CERTSVC_SUCCESS;
}
g_free(certs);
}
-int c_certsvc_pkcs12_private_key_load(const gchar *alias, char **buffer) {
+int c_certsvc_pkcs12_private_key_load(const gchar *alias, char **buffer, gsize *count) {
GKeyFile *keyfile;
gchar *pkey;
GError *error;
- ssm_file_info_t sfi;
- size_t readlen;
char *spkp;
int result;
if(!keyfile)
return CERTSVC_IO_ERROR;
error = NULL;
+
result = CERTSVC_SUCCESS;
+
pkey = g_key_file_get_string(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_PKEY, &error);
- if(error && error->code == G_KEY_FILE_ERROR_KEY_NOT_FOUND)
+ if(error && error->code == G_KEY_FILE_ERROR_KEY_NOT_FOUND) {
+ *count = 0;
result = CERTSVC_SUCCESS;
+ }
else if(error)
result = CERTSVC_FAIL;
else {
spkp = NULL;
result = CERTSVC_BAD_ALLOC;
}
- else if(ssm_getinfo(spkp, &sfi, SSM_FLAG_DATA, NULL) == 0) {
- if((*buffer = malloc(sfi.originSize))) {
- if(ssm_read(spkp, *buffer, sfi.originSize, &readlen, SSM_FLAG_DATA, NULL) != 0) {
- c_certsvc_pkcs12_private_key_free(buffer);
- result = CERTSVC_FAIL;
- }
- }
- else
- result = CERTSVC_BAD_ALLOC;
+ else if((*count = ssa_get(spkp, buffer, CERTSVC_PKCS12_UNIX_GROUP, NULL)) <= 0) {
+ result = CERTSVC_FAIL;
+ SLOGE("ssa_get failed : %s, %d", spkp, *count);
}
free(spkp);
g_free(pkey);
free(buffer);
}
+static void _delete_from_osp_cert_mgr(const char* path);
+
+static void
+_delete_from_osp_cert_mgr(const char* path)
+{
+
+ typedef int (*RemoveUserCertificatePointer)(unsigned char*, int);
+ typedef void (*InitAppInfoPointer)(const char*, const char*);
+
+ static int initFlag = 0;
+
+ unsigned char* pCertBuffer = NULL;
+ int certBufferLen = 0;
+ const char appInfo[] = "certsvcp12";
+
+ RemoveUserCertificatePointer pRemoveUserCertificatePointer = NULL;
+ InitAppInfoPointer pInit = NULL;
+ void *dlHandle = dlopen("/usr/lib/osp/libosp-appfw.so", RTLD_LAZY);
+ if (!dlHandle) {
+ SLOGD("Failed to open so with reason : %s", dlerror());
+ goto end_of_func;
+ }
+
+ pRemoveUserCertificatePointer = (RemoveUserCertificatePointer)dlsym(dlHandle, "RemoveUserCertificate");
+ if (!pRemoveUserCertificatePointer)
+ goto end_of_func;
+
+ if (initFlag == 0) {
+ pInit = (InitAppInfoPointer)dlsym(dlHandle, "InitWebAppInfo");
+ if (!pInit)
+ goto end_of_func;
+
+ pInit(appInfo, NULL);
+ initFlag = 1;
+ }
+
+ int result = certsvc_load_file_to_buffer(path, &pCertBuffer, &certBufferLen);
+ if (result != 0) {
+ SLOGD("certsvc_load_file_to_buffer Failed.");
+ goto end_of_func;
+ }
+
+ int errCode = pRemoveUserCertificatePointer(pCertBuffer, certBufferLen);
+ if (errCode != 0) {
+ SLOGD("dlHandle is not able to call function");
+ goto end_of_func;
+ }
+
+end_of_func:
+
+ free(pCertBuffer);
+
+ if (dlHandle)
+ dlclose(dlHandle);
+
+ return;
+}
+
+
+int certsvc_load_file_to_buffer(const char* filePath, unsigned char** certBuf, int* length)
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ FILE* fp_in = NULL;
+ unsigned long int fileSize = 0;
+
+ /* get file size */
+ if((ret = cert_svc_get_file_size(filePath, &fileSize)) != CERT_SVC_ERR_NO_ERROR) {
+ SLOGE("[ERR][%s] Fail to get file size, [%s]\n", __func__, filePath);
+ return CERT_SVC_ERR_FILE_IO;
+ }
+ /* open file and write to buffer */
+ if(!(fp_in = fopen(filePath, "rb"))) {
+ SLOGE("[ERR][%s] Fail to open file, [%s]\n", __func__, filePath);
+ return CERT_SVC_ERR_FILE_IO;
+ }
+
+ if(!(*certBuf = (unsigned char*)malloc(sizeof(unsigned char) * (unsigned int)(fileSize + 1)))) {
+ SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__);
+ ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
+ goto err;
+ }
+ memset(*certBuf, 0x00, (fileSize + 1));
+ if(fread(*certBuf, sizeof(unsigned char), fileSize, fp_in) != fileSize) {
+ SLOGE("[ERR][%s] Fail to read file, [%s]\n", __func__, filePath);
+ ret = CERT_SVC_ERR_FILE_IO;
+ goto err;
+ }
+
+ *length = fileSize;
+
+err:
+ if(fp_in != NULL)
+ fclose(fp_in);
+ return ret;
+}
+
int c_certsvc_pkcs12_delete(const gchar *alias) {
gchar **certs;
gsize ncerts;
char *pkey;
+ char *spkp;
int result;
GKeyFile *keyfile;
gchar *data;
gsize i, length;
+ data = NULL;
result = c_certsvc_pkcs12_load_certificates(alias, &certs, &ncerts);
if(result != CERTSVC_SUCCESS)
goto load_certificates_failed;
- result = c_certsvc_pkcs12_private_key_load(alias, &pkey);
- if(result != CERTSVC_SUCCESS)
- goto private_key_load_failed;
keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH);
if(!keyfile) {
result = CERTSVC_IO_ERROR;
goto keyfile_load_failed;
}
+ pkey = g_key_file_get_string(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_PKEY, NULL);
if(g_key_file_remove_group(keyfile, alias, NULL)) {
data = g_key_file_to_data(keyfile, &length, NULL);
if(data == NULL) {
goto data_free;
}
}
+
for(i = 0; i < ncerts; i++)
+ {
unlink(certs[i]);
- ssm_delete_file(pkey, SSM_FLAG_DATA, NULL);
+ }
+ if(pkey != NULL) {
+ if(asprintf(&spkp, "%s/%s", CERTSVC_PKCS12_STORAGE_DIR, pkey) == -1) {
+ result = CERTSVC_BAD_ALLOC;
+ goto data_free;
+ }
+ ssa_delete(spkp, CERTSVC_PKCS12_UNIX_GROUP);
+ free(spkp);
+ }
data_free:
g_free(data);
keyfile_free:
g_key_file_free(keyfile);
keyfile_load_failed:
- c_certsvc_pkcs12_private_key_free(pkey);
- private_key_load_failed:
- c_certsvc_pkcs12_free_certificates(certs);
+ if(ncerts != 0)
+ c_certsvc_pkcs12_free_certificates(certs);
load_certificates_failed:
return result;
}
+
+
+int cert_svc_get_file_size(const char* filepath, unsigned long int* length)
+{
+ int ret = CERT_SVC_ERR_NO_ERROR;
+ FILE* fp_in = NULL;
+
+ if(!(fp_in = fopen(filepath, "r"))) {
+ SLOGE("[ERR][%s] Fail to open file, [%s]\n", __func__, filepath);
+ ret = CERT_SVC_ERR_FILE_IO;
+ goto err;
+ }
+
+ fseek(fp_in, 0L, SEEK_END);
+ (*length) = ftell(fp_in);
+
+err:
+ if(fp_in != NULL)
+ fclose(fp_in);
+
+ return ret;
+}
int c_certsvc_pkcs12_has_password(const char *filepath, gboolean *passworded);
int c_certsvc_pkcs12_load_certificates(const gchar *alias, gchar ***certificates, gsize *ncertificates);
void c_certsvc_pkcs12_free_certificates(gchar **certs);
-int c_certsvc_pkcs12_private_key_load(const gchar *alias, char **pkey);
+int c_certsvc_pkcs12_private_key_load(const gchar *alias, char **pkey, gsize *count);
void c_certsvc_pkcs12_private_key_free(char *buffer);
-/*
-int c_certsvc_pkcs12_certificate_email_load(const gchar *alias, char **buffer, int *size);
-void c_certsvc_pkcs12_certificate_email_free(char *buffer);
-*/
int c_certsvc_pkcs12_delete(const gchar *alias);
+//static void _delete_from_osp_cert_mgr(const char* path);
+int certsvc_load_file_to_buffer(const char* filePath, unsigned char** certBuf, int* length);
+int cert_svc_get_file_size(const char* filepath, unsigned long int* length);
#ifdef __cplusplus
}
};
template <typename Class>
-class ScopedGPointer : public DPL::ScopedResource<ScopedGPointerPolicy>
+class ScopedGPointer : public VcoreDPL::ScopedResource<ScopedGPointerPolicy>
{
typedef ScopedGPointerPolicy Policy;
- typedef DPL::ScopedResource<Policy> BaseType;
+ typedef
VcoreDPL::ScopedResource<Policy> BaseType;
public:
explicit ScopedGPointer(typename Policy::Type pointer =
projects / framework / security / cert-svc.git / commitdiff